Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About knightshade

  • Rank

Recent Profile Visitors

980 profile views
  1. Many moons ago, one of the forum admins was kind enough to tell me about the section on the Spamcop Reporting Preferences page, that allows you to add additional recipients to spam reports beyond those automatically determined by the Spamcop parser - this can be useful to go after registrars & when the payload URL is hidden behind redirects. As per the topic title, can anyone describe the differences between Personal copies of outgoing reports & Public standard report recipients options? Is the same info sent for each, or are they different? Additionally, is there anyway to retrieve any additional user-added notes from the Spamcop system, after the report has been submitted? Clicking on the individual report number links under Past Reports, only shows the spam message, but doesn't include any user-entered notes (although I was able to verify that these do get added to reports, by adding my own email to the Personal Copies field).
  2. knightshade

    A page showing devnulled domains

    Apologies for old thread resurrection, but I'd also really like a feature along these lines to be added - having a list of known devnull email abuse report addresses comes in very useful when you report to additional addresses (like registrars, or additional hosts where a spam contains multiple payload URLs (spamcop will only report to the first found), or where the real payload URL is hidden behind redirects). It's slightly irritating to craft a targeted spam report, only to find the reporting address(es) get devnulled only after you hit submit - if you knew beforehand, you could skip the hopeless address targets /find alternative reporting addresses. I've taken to making my own list of known devnull addresses, but it's painful to maintain & cannot account for addresses that were only temporarily devnulled (or is it a permanent thing?). Whilst I have the begging bowl out, it'd also be nice to extend the undocumented 100 character limit on additional report copy addresses a little - when a spammer is using multiple payload URLs/multiple hosts with short TTL times, you can fill the current limit fairly quickly.
  3. knightshade

    reports to amazonaws

    Useful to know - thanks. Gotcha. Actually, I think I may have played with that in the past.
  4. knightshade

    reports to amazonaws

    Thanks! I did not realize that addresses added to this field would then be offered as optional (defaulted off) copy-to forwards - I thought they'd just automatically be always forwarded, or that I'd have to keep clicking them off when not required. This option effectively achieves the goal, though (note for interested parties reading in the future) it requires a comma separated email address list, not a space separated one. It shows up on the cut'n'paste reporting form, but not on the form you get when you click on 'Use links to finish spam reporting' in the email from SC. I always use the link in the SC emails, so I've never messed with 'Show Technical Details' - what exactly does this provide? (Just sating my curiousity now - turetzr's suggestion does what was required.)
  5. knightshade

    reports to amazonaws

    Is there a way to add a recipient to individual spam reports? I already use the report handling functions to automatically forward a copy of every spam to knujon, but not every spam I get is connected to amazonaws - it would be nice if specfic email addresses could be included for individual spam reports (and even better if SC could offer a drop-down menu of previously selected addresses). Does SC have a suggestion box?
  6. knightshade

    reports to amazonaws

    I was going by Don's comment in this thread, which indicated it was Amazon's choice: http://forum.spamcop.net/forums/topic/14731-ec2-abuse-amazoncomatdevnullspamcopnet-email-abuse-amazoncomatdevnullspamcopnet/#entry91712 But forwarding to the spammer remains a good reason. Well, part of the reason for posting that detail was as a possible suggestion aimed at any SC admin that may come across the thread. I already do much outside of SC - it's only 1 tool in the arsenal... However, reporting within SC is still preferable, because doing so eliminates both a manual forward & any need to repeat the obscuring of trackable stuff like email addresses, which SC already does a reasonable job of.
  7. knightshade

    reports to amazonaws

    I'm seeing that one of my pet spammers has adopted using a redirect via an amazonaws web page, presumably because it adds another level of obsfucation to hide/protect their target URL (https & the URL in the spam uses POST to pass a name & id string if the recipient is unwise enough to click through)... This raised a couple of questions/observations: Currently, SC reports to ec2-abuse#amazon.com[at]devnull.spamcop.net (apparently devnulls at amazon's request) & email-abuse[at]amazon.com. Looking at amazon's own reporting page at portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse , this references abuse[at]amazonaws.com - I'm wondering if the latter email address is equivalent to email-abuse[at]amazon.com, or ought to be used instead of/as well as? The reporting form on that same page indicates that, if used, amazon forward the complaint details to the EC2 customer (aka the spammer), which 'aint such a good idea - *sighs*... Is there a way to safely follow the redirect (in order to try to manually report the destination URL)? The usual techniques (urlquery etc) don't work as that target URL is protected by whatever scripting sits behind the amazonaws URL in the spam... Here's the SC tracking URL for any folks so inclined to have poke around: spamcop.net/sc?id=z6139877106z19ab51f56290487899361dbdef5efc87z
  8. knightshade


    Whilst I have had my issues with them, yeah, I'd have to say that I've found them to be reputable. BTW, check your PMs - I sent you a couple of possible things to try,
  9. knightshade


    I understand your point - there's plenty of places I won't submit direct complaints to because they appear too dodgy - that's where spamcop fits in - however, IMHO and going by my own experiences, namecheap doesn't fit in that category.
  10. knightshade


    If you've got a yahoo mail account, you can set up 'disposable' email addresses that can be handy for such situations - I've used one of these to make complaints directly to namecheap/enom & (so far) it's never been targeted for any additional abuse. The moment it does ever get targeted, I can blow it away & move on to a fresh disposable address,
  11. knightshade


    Interesting... the 2 subdomain URLs in those spams are both hosted at a namecheap IP, but the domain itself is hosted at softlayer. The registrar for the domain also appears to be namecheap (acting as a reseller for enom), according to enom.com/whois/default.aspx - it may be worth making a spam complaint outside of spamcop to the abuse emails for both enom & namecheap, noting in it that namecheap is acting both as hoster & registrar (and also noting the sheer volume of spam you're receiving related to that domain!).
  12. knightshade

    can't forward as attachment in yahoo

    I just submitted some some more spam, so it's still working for me. If you haven't already tried, shut down/restart the browser completely & try again - clearing the cache alone didn't work for me (FF 28.0) There's also the possibility that yahoo run multiple distributed servers, not all of which have been updated - not sure, but if they're anything like ebay, then which server you get can completely change the page config that you end up seeing.
  13. knightshade

    can't forward as attachment in yahoo

    Confirmed as now working again for me, also.
  14. Yup, something appears to be changing at Yahoo's end - shift-alt-f was working earlier today, but now I also get the regular fowarding window (which doesn't keep the spam intact).
  15. knightshade

    How to track actual hoster of IPs in suspect netblock

    Acknowledged, but I usually find the dealing with the origination points, to be a pretty fruitless exercise - the IPs either change on each spam-run or are on networks that simply do nothing about it. I usually let spamcop's reporting deal entirely with that side of things (which it did well, until Yahoo messed with the header parsing), but find it productive to go after the registration and hosting* - hence my query about tracking the hosting company. * (Spamcop's parsing of link URLs within the email body has actually been working pretty well on the examples I've been recently feeding it.)