Jump to content

its8up

Members
  • Posts

    20
  • Joined

  • Last visited

Recent Profile Visitors

2,693 profile views

its8up's Achievements

Member

Member (2/6)

0

Reputation

  1. Good eye! Adding a .replace() statement in preparation for a rash of those. Thanks! Why does google allow invalid records through the pipe? Because they are too busy counting money to bother with syntax checks. This ain't the first issue Google caused for spamcop. Cannot rely on any standard formatting when the largest gorilla in the market chooses to march to the beating on its own chest. <insert angry gorilla noises here>
  2. I have a timer run google suite scri_pt that filters spam box contents with common keywords and emails headers to spamcop (as well as occasionally using common keywords to mail "dev/null" spam to the appropriate source). Of course, this means I must come by here every couple days or so to confirm and manually click the report link. Was reporting spam like normal, then ran into a strange issue. Clicked Unreported spam Saved: Report Now link and it went straight to this tracking URL: https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z Found the spam that apparently breaks the SPAMCOP page. It is below for your pleasure. Any idea what is going on with this thing? Delivered-To: *********@gmail.com Received: by 2002:a4a:3016:0:0:0:0:0 with SMTP id q22csp1931387oof; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsCZ6pBhPe36NuRKdT0EMsXknH3fFGbThN9KldAi0TfyxqmwPz2vcG0j2ERgp+jUmn/eTJ9 X-Received: by 2002:adf:aac6:: with SMTP id i6mr5448025wrc.353.1584289188462; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584289188; cv=none; d=google.com; s=arc-20160816; b=zJ9PHkIdDyTy2PsnMjDH8uzyhmB2Gp+3oal157sBSgfNJGa5BlJ/E6HNgi7cfo+nea BUGRvr+4fn0EZHLqT4V75TFoTQ6XWC5ZnrtZGbKXkppDE/0da3tUtA/suvSO2Z3wdo4a zw9F6/5KfiYyPavw/twFrPuETLtYnAe1dWeD9WmAybLRmpQnB41VM6rVHUyCezBd4BHP ozeMZo1HkjWLIdZ5iSEXYYtAOcI0lK8r3/yJ16sMEtOHxwfhyISGBo9SzZmMZV/A+j9o fRlia56QMGB0VT3DmmzanjnRQIPLbjSN+yVe4jbQu7ebATnI+UKqhnThpO8r4pztvXxE rf7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=reply-to:date:from:to:subject:content-description :content-transfer-encoding:mime-version:message-id; bh=C0GmZhwjZqrXpIa4xSA+O5u22Z8WgX/O1JShatnvvkI=; b=DtRgqzxrV2YoaVwR9Zb/sTCEw/TkYpM2gacBajNylF3BT3ghuiuK0mEIYI6qRmS2R5 zHjtQx6kBqWtn+dRXX4ysAmDXUux++Jd43fzijV1cAR7WJ7/4wbqkbTTZejMOlkmrORh //NmTycczPlM0M67oSuT+c2aVjMQmOisU23ttnFNskZ741XtV+pvJbH0FTggccVNOc5Y ugXp4DGBaKVBauzqzoWaiYjCT7y+ET5LVFJHRmOAJ5CcYMMwpJ56/3J9I8iNxCJzTbii EeGSUUnblU+jJK3TQTecEdNg7vC4gRdT9icM2Oq8+r23sKj7z3S470u5itzYgRedWboN AKfw== ARC-Authentication-Results: i=1; mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Return-Path: <boc@bank.cn> Received: from relay1.macrois.de (relay1.macrois.de. [81.209.169.71]) by mx.google.com with ESMTPS id e17si12912723wrp.559.2020.03.15.09.19.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2020 09:19:48 -0700 (PDT) Received-SPF: temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) client-ip=81.209.169.71; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655; Sun, 15 Mar 2020 17:19:41 +0100 Message-Id: <202003151619.02FGIUm2032655@relay1.macrois.de> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: KEEP IN TOUCH To: Recipients <boc@bank.cn> From: "'Wang Wei'" <boc@bank.cn> Date: Sun, 15 Mar 2020 17:19:34 +0100 Reply-To: errrwew.d.son@gmail.com Hello, I have a business proposal worth $4,000,000.00 I wish to initiate with= you and you will be compensated adequately upon agreement and conclusion. = Do send your response for more details. Regards, Mr.Wei
  3. You lucky dog! Mine always drops to nil after manual reporting, then comes right back. Several weeks back I had a chat with Amazon about Spamcop and they replied with genuine interest and whatnot. This may have led to better communication with spamcop and some overall Amazon spam activity reduction, though I cannot be certain. Unfortunately, as I'm sure you've noticed, spamcop still sends amazonaws reports to the trash which is a clear indicator that the amazonaws department is not active in this process. My reporting from gmail to spamcop is automated on 3 accounts. Automating direct mailings for amazonaws is not simple due to the vast number of small IP ranges they own. Going back through spam to locate amazonaws mail for manual reporting is a real hassle, and the nuances of spamcop's IPv6 fiasco certainly does not help identify which of the 3 reporting accounts is the source. Lacking any other automated choice, my fight against the amazonaws bad apples now includes mailings to their favorite URL shorteners, image hosts, and spoofed domain hosts. Hootsuite is the absolute best about quickly redirecting their ow.ly and owl.li links to nothing, and ddnsfree is pretty quick about dropping/resetting domains. Bit.ly and lnkd.in do OK too. Others, including amazonaws image and link hosting, not so much. Good luck in your spam battle!
  4. You could manually forward spam reports, but the people in the abuse@amazonaws department are USELESS. Try sending a copy of the full header/email to stop-spoofing@amazon dot com. Every time I've done that it all stops in a few days and can take as long as a week or more to return in the same numbers. Yo spamcop! Amazon owns amazonaws. Any chance you could start forwarding amazonaws spam to a better Amazon owned abuse address that will actually do something about it? Seriously -- I've had great results with stop-spoofing.
  5. With regard to ocn.ad.jp spam, my NTT contact just gave an update. This guy is a hero! So, I looked in my trash box and found a couple abuse_support mailings were indeed filtered through my spam box. I am uncertain whether this is due to an unregistered IP or due to gMail users reporting the useless abuse_support replies as spam. Though useless, these mailings ARE NOT spam. PLEASE avoid reporting any mailings that are not spam, especially when that mailing only occurs as the result of your having reported spam.
  6. Trolling? Ha! I have not said Spamcop is without fault, but it sure seems to work well enough for everyone but you. I apologize for having lost my composure earlier, but I am very accustomed to dealing with people who have the ability to grasp concepts more quickly. One concept you seem unable to grasp is that information in a forged header is fake. The Yahoo IP addresses you keep making boldface, as if that should give it merit, comes just before a bit of data that is obviously fake. This is my third attempt to help you grasp that the structure of the data in "...smtp.mailfrom=loyotech.com; hotmail.co.uk; dkim=none..." proves it to be fake data. That should be a single email address, not two domain names. Confirm that fact by looking at a legit email header, or go play Minecraft. Granted, I'm not saying Yahoo is not the source of these spam messages. However, it seems you cannot grasp the concept that nobody will be able to help you without more information. Complete headers are much more useful for diagnosis than bits and pieces. You provided enough bits to diagnose that the header is forged, but that's it. You can find a complete header (stripped of personal info) in Past Reports. Are you familiar with the gMail IPv6 reporting workaround? Perhaps there is a workaround for your forged headers. Provide a complete header, or go play Minecraft. A Spamcop Tracking URL would also be useful, but you seem to think a screenshot is useful. Do you really think any of us will type that entire jumble of letters and numbers in addition to the walls of text that you repeatedly ignore or otherwise fail to give adequate response? Highlight the link, copy it, paste it, and post it. .....or go play Minecraft.
  7. From @salfordian: ...smtp.mailfrom=kp.org; hotmail.com; dkim=none... FORGED HEADER From https://www.mailjet.com/blog/news/how-to-read-email-headers/ ...smtp.mailfrom = mail@interactive.smartphoto.be; dkim = pass... From https://www.agari.com/identity-intelligence-blog/understanding-email-header-information/ ...smtp.mailfrom=account-security-noreply@account.microsoft.com; dkim=none... From https://www.lifewire.com/see-full-email-headers-outlook-hotmail-1174272 ...smtp.mailfrom=delivery@bounce.about.com; dkim=pass... YOU DO NOT ANSWER QUESTIONS. YOU CANNOT BE HELPED.
  8. "I won't bother doing things that would actually help anyone diagnose my problem so it can be resolved, but this service that works for ALL of you will not work for me so I'll complain about it more." Some people just cannot be helped.
  9. Indeed common sense says "look at the whois for the IP address", but common sense also tells me that rather than keeping up with tons of regular expressions to represent the tons of IP ranges for every major company and even for the ever morphing interweb where every day companies are born or die, spamcop is searching for domain names. A shortcoming, but I don't pay for the service so I'm not complaining. To my untrained eye that will probably never get trained with regard to your email provider, your header looks forged. Here's a report for Yahoo to gMail spam that does not have a forged header: https://www.spamcop.net/mcgi?action=gettrack&amp;reportid=6857496981 Do you ever plan to come off a link for a full spam report of one of your Yahotmail SPAMs? Do you have a legit email from yahoo in that inbox? If so, does its header have "smtp.mailfrom=yahoo.com; hotmail.co.uk;"?? Do ANY of the emails in that inbox have a "smtp.mailfrom" with TWO mail providers listed after it? Are you using mail handling software, such as Outlook Express? <---- That one did it. There I go typing a question again because you were too inconsiderate to type a short answer. When people come on here with a complaint, there is no way for anybody to know the level of technical expertise the complaining person has. Questions must be asked AND ANSWERED in order to diagnose/solve the issue. Perhaps you think my questions are below you? Well, your refusal to acknowledge pertinent issues that are raised or to answer important questions, which has caused me to repeat myself on multiple occasions, has lowered your complaints to the realm of intelligible autistic screeching as far as I am concerned. Answer the questions so others can help, or go play Minecraft for all I care. You are spare parts. Abandoning thread.
  10. .....and, for the record, when I said "do you keep your antivirus subscriptions up to date" I was NOT talking about Windows Defender. https://i.imgur.com/EdzTDBR.mp4
  11. Nice partial header, spammer. How do you know it was sent from Yahoo? Did you send it to yourself? Was this sent to your account at outlook.com? ......are you using an infected outlook express or some other crappy emailing software that is also virus prone? If so, do you keep your antivirus subscriptions up to date as well as running extra measures for anti malware, such as malwarebytes? Anyone ever seen "smtp.mailfrom=yahoo.com; hotmail.co.uk;" in their headers? I know I haven't. Forgery?
  12. @salfordian Since you won't answer the other questions or address any of the other concerns, here's a couple guesses as to the root of your problem: 1) For each spam, you have been sending spam reports to multiple wrong email addresses, or to at least one wrong email address. The guess of sending to multiple wrong email addresses is based on your having said you tried sending two today, but the failed send list has 3 google-related contact email addresses -- that is, both of of the contact email addresses from whois and the abuse@ address which was not in the whois, for some reason. Why? DId you not learn that over reporting spam is bad? Did you think these people would fail to notice that you incessantly spam your spam reports to the wrong email addresses? 2) You've been auto replying to spam and Google damn well should be blocking that stupidity by default. Autoreplies introduce a few problems. First, it allows the spammer to report you for spam. Second, reply addresses can be spoofed so occasionally your autoreplies could be broadcasting that crap to the inboxes of many innocent people who can also report you for sending spam. There's certainly more issues than just that, but those are the ones pertaining to this issue. How long have you been doing this? Long enough to have gotten you labelled as a spammer because, by definition, you are a spammer. You're a cup of baby carrots, aren't ya bud? How does it feel to know you are the thing that you hate? NOBODY is on here typing walls of text at you because they like to hear the sound of their fingers whacking on a keyboard. If you are just here to vent your frustration, that's great. Go for it. Just don't act like you want help when you clearly have no intention of paying attention, answering pertinent questions, or taking advice. Good luck with your new email address. Once the spammers get it and the spam starts flooding in, feel free to come back to vent about it. All I ask is that you keep the same username so if I happen to be here I'll know better than to waste any time trying to help.
  13. Salfordian: I want to help you, but there's a few things about your gMail related complaints that I need to understand and/or that you must address. After the first 'denied send' screenshot, I raised some concern about obvious spammer email addresses which imply some form of automated replying to spam. The next denied send screenshot also has obvious spammer email addresses in it, which suggests that you still had filters set to automatically reply to spam. PLEASE tell me you are not still automatically replying to spam. Your latest denied send screenshot had a failed send to abuse@outlook. How do your filters determine that abuse@outlook is the right place to send a complaint? Considering the time frame of your denied sends, this seems to be an automated process. How is it automated? gMail filters? Mail handling software? (what software?) A scri_pt or some other program of your own creation? (If a scri_pt, what language?) According to gMail policy, one spam report sent to five recipients equals 5 spam reports. Looking in your Sent folder, what is the number of spam reports that actually send in a 24 hour period? Including OCN, Aruba, and the lesser offenders, how many daily SPAMs are you getting? 25? 35? (My app sends them to the trash after reporting, so it is very easy to keep track.)
  14. ...you are 10 ply, aren't ya bud? For many years I've sent reports to abuse@ and have received that same canned response. It means nothing. Recently I started mailing NTT employees. After getting in contact with an employee, my mailings were reduced to abuse_support, jpcert, and the employee. Here's the email I opened TODAY: Hi, I’ve had feedback from a colleague in Japan, who has escalated this to NTT Com Security I have made them aware of the facts that you have posted to me, about the routine spam you are receiving and explained your frustrations. My contact, has asked that I ask you, in good faith, to remove your spam forwarding notification .. whilst we sort this problem out/reach a successful conclusion. As I’ve said before, I do not mind being on your spam notification list.. but could you remove the other addresses from now on, as that probably causes more likelihood that your own address could be identified as a spam generator !! as already your notification mails started arriving in my “Junk” folder.. for example.. I have updated my filters, to trust the mail from your notification message … so I don’t miss them… Regards X Again, I was ONLY mailing to abuse_support, jpcert, and this guy. I explained to the employee that SPAMCOP sends reports to abuse@, and abuse@ is where they can harvest millions of ocn spam reports. Perhaps they will also harvest the thousands that have been sent to abuse_support. I do not know. All I can say for certain is that NTT Japan asked that I stop forwarding spam reports at a time when abuse_support@ocn was the only NTT email address for them to be concerned about. So, by all means, continue doing what you do and getting your canned replies that we all know are useless and accomplish nothing.
  15. Please DO NOT report ocn.ad.jp spam to abuse_support. Doing such can get a fool marked as a spam generator. Honestly, when I said we were sending our complaints to the wrong place, I did not intend for anyone to report to abuse_support. I was talking about sending the ocn spam to internal NTT email addresses with a note explaining the grievance. The thought behind this was that after so many years, perhaps harassing the employees could lead to getting the attention of management. IT WORKED. My newly gained inside contact, who I believe is in the UK, expressed our concerns to NTT in Japan. His Japanese colleague has escalated this issue to NTT Com Security. He asked that I remove abuse_support from mailings to prevent my being identified as a source of spam, and I recommend all of you do the same. Just keep reporting via SPAMCOP as normal. Something WILL be done about this. It is only a matter of time.
×
×
  • Create New...