Jump to content

Hanco

Members
  • Content Count

    35
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Hanco

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Has this happened before? Look at that green “spam submitted” line in the screenshot I attached. Normally spam submitted leads to a higher volume of reports. October though? We see a significant amount of spam reported with reports not sent. If my experience is anything to go by, there was a major increase from one group of spammers (phishing activity actually, but not the overt fake Apple sites, Amazon, Walmart, Netflix etc login pages) And it was mostly email coming from Amazon IP addressees, which I always see SpamCop track but not send reports. Instead, I send the reports directly myself. But is that what this month’s driver was? The group behind these daily deals of loan offers, warranty offers, cures for bizarre conditions etc.? They seemed to be quiet, then boom, daily 12-25 emails. Mostly sites with domain names from Namecheap (they said to someone in response to a domain abuse report, that they have a “huge volume” of support requests at the moment) It seems like volume is down now (or the jerks behind the flow do not work weekends) and Amazon are “caught up” on the backlog of reports. Maybe the green line will go back below the blue...
  2. That’s the problem 😔 Theres no way in iOS, either in the native Apple email app, nor in the iOS Outlook app, that I know of, to: 1) Forward an email as an attachment on a new email 2) To View the email headers/plain text To achieve the capability to report email to SpamCop from an iPhone or iPad, a third party email client is needed because Apple and Microsoft Outlook are not the answer, as far as I can see. Look at AltaMail for one possible solution. Not sure about the attach to email, but it allows viewing of the email headers and plain text. No longer free I think, but has interesting features. Please come back and let us know how you get on Michael. You won’t be the only one who has this question over time!
  3. Hanco

    hetzner.de spam source

    Yes, because.de is a country with very strict privacy rules. Hence they asked a couple of times what they could tell their criminally malicious “customer” about my complaint (before kicking them off their network anyway... and into a Lithuania outfit which seems to have a Russian based parent or at least very similar named company which is now host of most of the targets of the spam in the last 36 hours))
  4. Hanco

    (Notes)?

    I see what you mean. Thanks
  5. Hanco

    (Notes)?

    What do we do to report “as phishing”? I’m not sure how to make the report as phishing. I’ve been using SpamCop for a lot of years - only in forum for a few though.
  6. Hanco

    hetzner.de spam source

    There is that. Yes. Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)
  7. Hanco

    hetzner.de spam source

    They bounce reports asking for a form to be filled in. I have a standard reply: I’m sorry I don’t have time to fill in your form, but you have the information needed to follow this up* - I’m a European citizen and you’re allowing the processing of my email address in your network. That is not acceptable. Please do NOT share my details or any of my data with your “customer”. They have asked me by follow up if they can share the date and time of my reported received spam email. I apologize and say no and it should not be necessary to do that. This was repeated several times when “the criminal spammer” was using their services multiple times to host their redirect sites. It ends when I send another report and they simply reply with a curt, “I looked at the website we are hosting and it is a blank page” to which I tell them what PHP files they will see and that they are simply acceptors for parameters and then redirect. Then they reply with, “The website is not hosted by us. Please contact the host xxxxxxxxx” (and the host is a Lithuania based outfit... doesn’t Namecheap have Lithuania links too?) * footnote: If they want standard format reports, accept munged from SpamCop eh? Smacks of a dodgy ISP really
  8. Hanco

    AWS spam source

    Never knew that.
  9. Hanco

    AWS spam source

    This may be wrong to mention here but it closely links with the only source of spam I deal with (these jerks) - I noticed SURBL .org was offline a while today. It was in a quiet period for the spamming (at least to me) so maybe they were using their resources for other reasons than spamming? DDOS anyone? (Leaving to get some aluminum foil for a new hat now)
  10. Hanco

    AWS spam source

    I think the Amazon business divides the IPs. Sometimes EC2 responds, other times IP Management, and other times a more general address. I first noticed the split when SpamCop wanted to report rather than switch @ for #
  11. Hanco

    AWS spam source

    Oh absolutely. I try hard NOT to click the links. Ever. The Imgur team are good guys. They’ve got really quick at deleting. I send in my submissions in a very recognizable format they know will be a genuine report of ad images. Today, this jerk’s domain site hosted by Linode was pulled really quickly (within minutes of me getting their email. The images were also deleted very quickly. So quickly did this all happen in fact, that the dense idiot behind this process was sending out emails from the Amazon hosted mail service with “image not found” errors in the body and still linking to the non-existent site. Shame Namecheap and Amazon cannot get their acts together. Be more like Imgur and Linode.
  12. Hanco

    AWS spam source

    Hope that helps. I include the authorities on all my Amazon reporting. Not sure it has any impact here in this country. Canada may be different...
  13. Hanco

    AWS spam source

    You are dealing with a group of very well known spam/phishing jerks (at least, we’ll known to me) Namecheap are almost exclusively the domains they (1) Create, or (2) Takeover. The s.free.fr is a redirect site (short url) so the actual sites are not linked to in their malicious emails. Thus reducing risk of their actual redirect site being listed on SURBL or such. Their actual site is not the ultimate destination either, but a redirect dance site to wherever they fancy sending you. You'll also probably find they use other sites for image hosting (to deliver to their malicious emails when opened). Often they use “imgur.com” - and imgur will happily delete those as against their terms of service. Report here, if you want to help make the malicious emails look more odd than they do already 😏 https://help.imgur.com/hc/en-us/requests/new
  14. Hanco

    AWS spam source

    I’m sending mine to: abuse@amazonaws.com, abuse@amazon.com, ec2-abuse@amazon.com, ipmanagement@amazon.com That seems to be working. Were your target sites hosted by Lithuania outfit vpsnet? All mine were (australy.win, australy.bid, bulkoffers.win) The target site australy.bid went onto SURBL Phishing blacklist Sunday/yesterday. Not sure why/how, but the good news is that Nanecheap finally deleted the registration for the domain. That is something they refused to do several times (on February 6 and Feb 8 this year for example) despite emails for “number 1 milf site” etc!! My level of frustration with Amazon (and with Namecheap) reaches far too high a level at times LOL
  15. Hanco

    No Data Found

    I got that a few times too. I refreshed and sometimes it took as many as 4-6 attempts but it eventually worked. Something was wrong but it wasn’t my ability to copy/paste
×