Jump to content

KNERD

Members
  • Content Count

    51
  • Joined

  • Last visited

Posts posted by KNERD


  1. On 2/3/2021 at 8:01 AM, gnarlymarley said:

    One of the biggest issues of this problem is that people might stop relying on one blocking list to stop their spam.  People will move to a scoring system that uses more than one blocking list or else stop using black lists.

    I tried using the SORBES block list, but stopped after I noticed two things. When reporting spam,  Spamcop would show the IP address is on the SORBES list, but still allowed to be sent to my server. The second thing was the SORBES block was blocking legitimate email not on their block list, PayPal, for example.

     

     


  2. Yeah, since I been blocking all of their IP ranges, it been quiet here from Eonix, and Layerhost. I guess I need to update my reject message as it is not very informative on why the message is being rejected.

     

    It been a few months since I got something from Google, but when I did a report, it was sent to abuse@gmail, or something like that. When was the last time you sent a report to Goolag?

    For AWS, yeah, they never do anything about that, so you just have to block their entire IP range. Though on a note, it's been a couple of years since I moved my emails server to a dedicated physical machine with a hosting provider for super cheap. I did not add AWS on this newer email server, and have gotten no spam from AWS at all.

     


  3. 2 hours ago, bretmaverick999 said:

    Correction - On  http://eonix.net/ it lists that their brands are  http://infinitie.net/ and http://serverhub.com/ 

    As for Layerhost it appears to be an unrelated company, but just as spammer friendly. 

    Thanks for that corrected information. I guess Layerhost must of spammed me a lot and did nothing after a lot of spam reports  for me to block them.

     

    I do wonder why you are not getting any more spam from that Ip range. It does make me thing they did a list washing where they just make sure your email address (or server) is not getting spam anymore to stop your complaints. Meanwhile probably still continue to spam,.


  4. 8 hours ago, gnarlymarley said:

    I see different abused addresses on your list such as eonix, layerhost and heficed.

    104.140.0.0/16 net-admin@eonix.net
    104.140.84.0/23 net-admin@eonix.net
    104.148.28.0/24 abusenoc@layerhost.com
    104.206.117.32/27 net-admin@eonix.net
    104.206.96.0/22 net-admin@eonix.net
    104.223.153.0/24 abusenoc@layerhost.com
    170.130.0.0/16 net-admin@eonix.net
    191.101.128.0/21 abuse@heficed.com
    23.228.64.0/18 abusenoc@layerhost.com
    23.231.0.0/17 net-admin@eonix.net
    50.2.0.0/15 net-admin@eonix.net
    50.2.188.0/22 net-admin@eonix.net
    50.2.212.0/22 net-admin@eonix.net

    Layerhost is a brand of Eonix. I am not sure about heficed.com. I must of been getting a lot of spam from them to block. Seems to be from Brazil

     

     


  5. I think all these belong to Eonix. They are entries in my email server blacklist.

     

    104.140.0.0/16
    104.140.84.0/23
    104.148.28.0/24
    104.206.117.32/27
    104.206.96.0/22
    104.223.153.0/24
    170.130.0.0/16
    191.101.128.0/21
    23.228.64.0/18
    23.231.0.0/17
    50.2.0.0/15
    50.2.188.0/22
    50.2.212.0/22

     


  6. On 1/17/2021 at 7:13 PM, bretmaverick999 said:

    So here's the thing, http://eonix.net/ displays a webpage that says the domain has expired (there's a link to renew it http://enom.help/renew-faq) so you can't even view Acceptable Use Policy webpage.

     

    The odd thing is, whois is reporting the domain does not expire until 2022:

     

    Quote

    Updated Date: 2021-01-15T10:03:58Z
    Creation Date: 2011-01-14T17:47:29Z
     Registry Expiry Date: 2022-01-14T17:47:29Z

    Looks like it was renewed on the 15th of this month.  The fact that the domain is being redirected to enom site, tells me the registrar probably renewed on their behalf. It is my understanding that registrars can do domain registration/renewal and not get charged up to 30 days, thus can cancel the registration. I learned about that after accidentally running running into accusations about GoDaddy stealing domain names when using their domain search/registry tool. If you waited too long to click BUY, the domain would be gone, and registered through GoDaddy, and already up for sale for a much higher price.

     

    I guess we can check back in February to see what happens. If it is available, I will certainly snatch it up to try to put them out of business for a while.

     

    On 1/17/2021 at 8:45 PM, gnarlymarley said:

    f it is only an IP or two and you have the ability to block them, I would suggest you put a block on there for a few days.  One thing you can also do is to use a BGP looking glass and head to the upstream provider with your abuse logs.  The bigger ISPs are usually good at fixing the problem with the smaller customer ISPs.

    For enoix, it needs a perma ban. After blocking all of eonix IP ranges, just today, I finally got a new batch of spam. Not directly from eonix, but layerhost. I know it is the same spammer because they have some URLs being hosted on eonix IP addresses.

    Very few small businesses host their own email servers, and tend to reply on companies like Google and Microsoft for that.

    If anyone hosts their own email server, and is worried about blocking important email from coming in. There are guides online which show you how to block IP addresses and how you can put in a custom rejection message which will appear in their email client inbox.

     


  7. On 10/2/2020 at 11:48 AM, Outernaut said:

    I have no idea @gnarlymarley where the emails are going.Any mail with any of those addresses ends up in the byte bucket.

    As for my own domains' email send-outs disappearing, it seems only Google mail rejects them. Was probably something I said ;)

    I hate to say this, but I guess I'll have to set up a kmail account at Google, and check what's happening that way. I still think Pinemail was better.

    ~o~

    If Gmail is rejecting the emails, then there will be a notice in the rejection email as to why, and what you can do about it.


  8. On 9/27/2020 at 1:09 PM, Outernaut said:

    I'm confused, because my 'system' that has been sending invoices for years, using the same format, except edited a couple of times so as not to appear spamish are blacklisted. Recently, none get through, and I only find out after 2 months when no one has paid - they are not getting them. I get copies from same account that sends the invoices. Somewhere, a anti-spam decided to add my IP to their list based on what - invoice attached?  It's getting so that legal, honest emails are being beaten down while faked large corporate names abused in spam (Apple winner etcetera) get off. 

    Anti-spam may fade away, and lose it's battle. But only because the large corporate peons running Gmail, YahooMail, HotMail (still), Livemail and other privacy harvesters and ilk won't support anti-spam.  Most people have been conned into using webmail and are just commodity - innocent collateral Googies. 

    I now use SpamCop just to paste those entire message source so I can easily read the tracks and manually adding the first 3 octets of  the lazy ISP to cPanel > Email > Global Email Filters. I still submit the spam - but that is no longer why I use SpamCop.

    ~0~

    Are you running your own mail server?


  9. On 9/29/2020 at 3:50 PM, gnarlymarley said:

    I am curious if you are not getting bounces or if the invoice emails are going to their spam folders and they are not paying attention to it.  Google has made some changes to their spam folders a few years back and now I have to check the spam folder on a daily basis for non-spam email.

    The only way to know is to test. For Hotmail/Outlook, from my own email server, they messages go to spam. WHy? I do not know as other legit email even goes there. I even see Microsoft's own email going to spam. However, if there is a real problem with your email, it will outright reject the email with a notice as to why, and what to do.

    For Google, it never rejects email. During some testing, I have seem spammers emails goes to spam folder, but during my own initial testing with email server, the email just outright goes into a black hole. I finally got the emails through after some tweaks to my own server.

    If anyone is having issue with running their email server, then I suggest people use online tools available to test for potential problems which can get your email through.

     

     

     


  10. I believe spamcop is having less of an impact on spam these days than is did before for the following reasons:

    1. Less people reporting. Nearly 100% of the time I report spam, I am seeing the IP address not on the spamcop blocklist (and most others). So what is the point in using the spamcop blocklist if nothing is being blocked?
    2. Too many devulls to abuse email accounts.
    3. Very few ISPs bothering to take action. Probably  because of item #1 in combination with very few of their customers getting bounces about being blocked, so they cannot complain about something which never happens.

    Maybe it's time to lower the reporting threshold, and put an IP address on the block list longer?

    It's gotten so bad, I have just outright started blocking IP address ranges of service providers when I get spam from them 2-3 times in a row. This means they are not going to take action, thus need to be blocked


  11. On 9/22/2020 at 9:53 AM, gnarlymarley said:

    One question that I am not sure if you know, you can revisit any of your tracking URLs and from my experience they will get any mailhost changes you make.  You have about 48 hours from the time the email was received by your border server to report.

     

     

    I did go back and try, and it was then finding the IP address of the old message, but more than 48 hours had passed


  12. I have been using Thunderbird email client. I have since discovered it is using Spamassassin.. It never did stop any of those coming from Eonix.net. Though I do see it is stopping some spam, as noted with the spam in the Junk folder. None of which has ever been from Eonix.net IP blocks.

     

    On the other hand, I have seemed to of blocked all of Eonix.net as I have not gotten a single spam from them since my last posting.

     


  13. How about this guy?


     

    Quote

     

    Pete Wellborn, the Spammer Hammer, ...

    obtained a $25 million judgment against a Tennessee spammer engaged in massive identity theft and credit card fraud. More than three fourths of Wellborn's practice relates to the prosecution of civil cases against parties involved in spamming, spoofing, and/or Internet fraud. Wellborn has had a primary practice focus on Internet Law since 1996. He represented EarthLink against Howard Carmack, the "Buffalo Spammer," in a $16.4 million case and won. He has been suing spammers since 1998, and has never lost a spam case.

     

    On 5/14/2020 at 10:51 AM, ArtmakersWorlds said:

    Ok, NOT being a computer tech here, how would I use spamassassin with yahoo email on a mac computer.   If that's even possible? I think it's not. 

     

    The  Thunderbird client has it already included, and will sent it to your junk folder (if it detects the email as spam).

     


  14. It seems Spamcop no longer has the clout it had some years ago. I still report, but nothing usually gets done from most of those service providers. Also to get blocked, it has to be a few people reporting (not sure of the number of reports) the same spammer on the same IP address.

    I used to get 10+ spams a day from one provider. The fact the spams came from sequential  IP addresses tells me the provider is in cahoots with the spammer. I then tried some other block lists. After reporting, I would see the spammer IP addresses listed in various spam lists, and blocking services I was using on the email server, but for some unknown reason the spam/IP address was not being blocked. 

    I gave up on block lists and started just blocking that provider IP range. Then I got confirmation the provider is in cahoots with the spammer, when I started getting more batches of spam from another of their data centers in the same manner as before.

     

     

     

×