Jump to content

Hanco

Members
  • Content Count

    74
  • Joined

  • Last visited

Posts posted by Hanco


  1. On 4/25/2020 at 9:27 PM, gnarlymarley said:

    That time can be damaging.  Amazon is four days and I think theirs is too long.   By the time a week goes by a spammer could have already moved on anyway, so the account could be abandoned by the time they shut it down.

    For me, I would make it no longer economically viable.  If I could speed up the disable process, then the captcha alone would deter them.  It may be they figured out who I was and dropped me off their list, but not likely.  Probably what is more likely is mine was different spammer.

    Yes it takes too long, and my spammer guy is organized just enough that the providers struggle to keep up. 

    Not sure if I mentioned but I got his name and address! I emailed him and got no response. It was read though.

    Since he ignores unsubscribe requests, I’ve taken to using BBB to formally complain to his spamvertized companies. The LLC/Inc groups usually respond, though not always. The genuine businesses with a brand of consumer value reply, while the others that are dubious morally or have a BBB rating in the gutter already are half hearted in their response efforts or don’t even write back. Reminds me, I have one detailed complaint to send to an attorney general.

    Two “affiliate programs” this year contacted back through BBB providing their contact details and we had very positive interactions.Neither seemed to like the spammer very much and they said they don’t work with him any longer. After agreeing in writing not to reveal these guys as the source, they gave me his name, address, and contact details.

    They advised they didn’t think he will care much about my request to get off his list. They were not wrong. Some reduction seen definitely, but every so often he’s active.

    Recently it’s been SendGrid.net as his mode of operation. Just one topic/spam email at a time, and using twitter for spam image content delivery.

    Of course SpamCop does not send reports to SendGrid (why not?) and does not report to Twitter.

    spam dates: 29 May, 3 Jun, 6 Jun, 11 Jun, 17 Jun (twice), 19 June
     

    Separately, noticed a significant uptick in 419 Scammer emails. They often have a US phone number on them so I report the number to the FTC. I also call it (my number withheld) and if it sounds like the guy was asleep I repeat every few minutes at my leisure, put on a voice, ask stupid questions, generally really waste their time. I might be a sadist in this respect...I don’t feel at all guilty about doing it 😂


  2. On 4/23/2020 at 9:49 AM, ArtmakersWorlds said:

    Not mine.  Not a bit.  Got ONE yesterday that was not from google.  NINE that were.  I don't think google even looks at spamcop complaints.

     

    But... I will keep reporting anyway.

    Did it stop?

    There is a spammer who uses Google Cloud Storage to spew out affiliate spam. Keto, loans, warranty, medical...

    It takes over a week, maybe ten days before they shutdown his account unfortunately.  Then he just switches mode of operation to another method.

    Here’s his last campaign links list. The html is a redirect of course. The image links were his departure from using a redirect or direct link to imgur.com content, a direct IP addressed machine (or other image hosting  provider)

    The man behind this is a complete (expletive)

     

    storage.googleapis.com/emarket111/Unsub.html

    storage.googleapis.com/emarket111/unsubscribe.html

    storage.googleapis.com/amlfk/unsubscribe.html

     

    storage.googleapis.com/emarket111/health.html

    storage.googleapis.com/emarket111/health1.png

    storage.googleapis.com/emarket111/health2.png

     

    storage.googleapis.com/amlfk/okwatt.html

    amlfk/okowatt.PNG

    storage.googleapis.com/amlfk/okowattunsub.PNG

     

    storage.googleapis.com/amlfk/getinstahard.html

    storage.googleapis.com/amlfk/insta.PNG

    storage.googleapis.com/amlfk/instaunsub.PNG

     

    storage.googleapis.com/emarket111/instahard.html

    storage.googleapis.com/emarket111/instahrdd.png

    storage.googleapis.com/emarket111/insahardunsub.PNG

     

    storage.googleapis.com/amlfk/refratequide.html

     

    storage.googleapis.com/emarket111/maxloan.html

    storage.googleapis.com/emarket111/rexmd1.png

    storage.googleapis.com/emarket111/rexmd2.png

     

    storage.googleapis.com/emarket111/rexmd.html

     

    storage.googleapis.com/emarket111/montezuma.html

    storage.googleapis.com/emarket111/montezuma1.png

    storage.googleapis.com/emarket111/montezuma2.png

     

    storage.googleapis.com/amlfk/fastcharging.html

    storage.googleapis.com/amlfk/fastchargring.jpg

    storage.googleapis.com/amlfk/fastunsub.PNG

     

    storage.googleapis.com/amlfk/healnsooth.html

    storage.googleapis.com/amlfk/healnsooth.PNG

    storage.googleapis.com/amlfk/healunsub.PNG

     

    storage.googleapis.com/tetssdfff/index%20CBD%20GUMMIES%20COMCAST.html

     

    storage.googleapis.com/amlfk/ketoboost.html

    storage.googleapis.com/amlfk/ketoboost.PNG

    storage.googleapis.com/amlfk/ketoboostunsub.PNG

     

    storage.googleapis.com/amlfk/bluesky.html

     

    storage.googleapis.com/emarket111/engagedketo.html

    storage.googleapis.com/emarket111/engagedketounsub.PNG

     

    storage.googleapis.com/emarket111/HOMEWARANTYSERVICES.html

    storage.googleapis.com/emarket111/homeservicesunsub.PNG

     

    storage.googleapis.com/emarket111/cbdT.html

    storage.googleapis.com/emarket111/cbdT2.png

    storage.googleapis.com/emarket111/cbdT1.png

     

    storage.googleapis.com/amlfk/refi.html

    storage.googleapis.com/amlfk/REFIREFI.jpg

    storage.googleapis.com/amlfk/refubsub2.png

     

    storage.googleapis.com/amlfk/cbdgummies.html

    storage.googleapis.com/amlfk/CBDGUMM.jpg 

    storage.googleapis.com/amlfk/CBDUNSUB.png

     

    storage.googleapis.com/amlfk/smatfinancial.html

    storage.googleapis.com/amlfk/Smartfinancial.jpg

    storage.googleapis.com/amlfk/smartfinancialunsub.PNG

     

    storage.googleapis.com/amlfk/ketozin.html

    storage.googleapis.com/amlfk/ketozin.png

    storage.googleapis.com/amlfk/ketozinunsub.PNG

     

    storage.googleapis.com/emarket111/instahard.html

    storage.googleapis.com/emarket111/instahrdd.png

    storage.googleapis.com/emarket111/insahardunsub.PNG

     

    storage.googleapis.com/emarket111/safe1.png

    storage.googleapis.com/emarket111/safe.html

    storage.googleapis.com/emarket111/safe2.png

     

    https://storage.googleapis.com/emarket111/Life.html

    storage.googleapis.com/emarket111/Life1.png

    storage.googleapis.com/emarket111/Life2.png

     

    storage.googleapis.com/emarket111/HomePro.html

    storage.googleapis.com/emarket111/HomrPro2.png

    storage.googleapis.com/emarket111/HomePro1.png

     

    storage.googleapis.com/amlfk/scrores.html

    storage.googleapis.com/amlfk/scoresunssss.PNG

    https://storage.googleapis.com/amlfk/scroesbody.PNG

     

    storage.googleapis.com/emarket111/russian.html

    storage.googleapis.com/emarket111/russian1.png

    storage.googleapis.com/emarket111/russian2.png

     

    storage.googleapis.com/emarket111/conceal.html

    storage.googleapis.com/emarket111/conceal1.png

    storage.googleapis.com/emarket111/conceal2.png

     

    storage.googleapis.com/amlfk/automotive.PNG

    storage.googleapis.com/amlfk/automotive.html

    storage.googleapis.com/amlfk/automotiveunsbs.PNG

     

    storage.googleapis.com/emarket111/Aloehand.html

    storage.googleapis.com/emarket111/Aloehand1.png

    storage.googleapis.com/emarket111/2.png

     

    storage.googleapis.com/emarket111/instahrdd.png

     

    storage.googleapis.com/idrivec/shadowbox.html

    storage.googleapis.com/idrivec/shadowbox.png

    storage.googleapis.com/idrivec/unsubscribe.html

    storage.googleapis.com/idrivec/shadowboxunsub.png

     

    storage.googleapis.com/idrivec/engaged_keto.html

    storage.googleapis.com/idrivec/engagedketounsub.PNG

     

    storage.googleapis.com/idrivec/instahrd.png

    storage.googleapis.com/idrivec/instahard.html

    storage.googleapis.com/idrivec/inshardunsub.PNG

     

    storage.googleapis.com/idrivec/cbdgummies.PNG

    storage.googleapis.com/idrivec/cbdgummiesunsub.PNG

    storage.googleapis.com/idrivec/CBD_Gummies.html

     

    https://storage.googleapis.com/idrivec/conceledunsub.png

    storage.googleapis.com/idrivec/Conceled.html

    storage.googleapis.com/idrivec/conceled.png

     

    storage.googleapis.com/amlfk/ketozin.html

    storage.googleapis.com/idrivec/ketozinunsub.PNG

    storage.googleapis.com/idrivec/ketozin.png

     

    storage.googleapis.com/amlfk/scrores.html

    storage.googleapis.com/idrivec/cbdoil.jpg

    https://storage.googleapis.com/idrivec/cbdoiunsub.PNG

    storage.googleapis.com/idrivec/CBD_OIL.html


  3. I am continuing to deal with a spammer who uses multiple redirects for the spamvertized sites he makes affiliate commissions for. So I do like to report these links in the email body.

    The URLs in the email body plain text are almost always redirects, or they are image links. So I let SpamCop take the first for reporting and I separately run a redirect follower to capture the others (trying wherever possible not to visit the last hop with tracking parameters since I don’t want to encourage more spam). Some redirect followers which once worked no longer work. It’s like he found a way to block them.

    I open another SpamCop browser page and discover the host of each hop in the redirect dance I identified. Then add those to the notes of the report page and add the host abuse reporting addresses to the user notified list of recipients in my report.

    It is laborious and annoying at times, but I hope the nutter behind this gets bored eventually. It takes a few days but his redirects get shut down eventually. And in some cases his images for the spam emails he sends are deleted within hours, sometimes minutes.


  4. And finally!

    The source: strategiccompulytics.com

    I may never know how they got my email address to send me periodic newsletters for these products or services.:

    “We have the internet cornered in all categories, from solar power, to credit repair, to dating, financial services, to senior care, and even health, life and auto insurance – so there is no shortage of opportunities to get the latest savings and new products to the market. Our job is to serve you, so we will continue to find the best direct partners and match them to your needs.”

    If they are so keen on “serving” why do NONE of their “periodic newsletters” (sometimes sent up to 27 times in a day) mention Strategic Compulytics on them? 

    For anyone else getting the same junk, maybe these super friendly guys are the true source. 
     

    I hope this is useful to folks who might be dealing with never ending email arrival on the topics above and others that they don’t mention (tinnitus, erectile dysfunction, fungal nails, all of which have miracle cures doctors wish they understood and pharmaceutical companies want to hide from the public - allegedly!!)


    Note: Better Business Bureau says Strategic Compulytics they have not responded to their ask, to stop claiming BBB accreditation

    My current spam levels are now down to <0.5 per day average. The ones I get now are 419 Scam emails. They will stop one the sender isolates who is reporting their junk and gets their gmail/yahoo accounts closed.


  5. Well, I hope my spamming jerk of a friend is ok and did not get Coronavirus.... but today was pleasantly uninterrupted!

    Yesterday I had a mail from them and for the first time in a LONG time it did not show SPF fail in the headers. In fact it reportedly associated itself with a well respected marketing outfit called ActiveCampaign.

    Why do I rate AC so highly? Well they do at very least have an actually comprehensive guide on their long established site about how not to be classed as a spammer. All of which, I think I can truthfully say, my spammer friend(s) flaunt ignorance of!

    https://www.activecampaign.com/legal/anti-spam-policy

    Of course this may have been their last ditch attempt to list wash and maybe “Jason at ActiveCampaign d o t c o.m” was happy to give them my info to take me off their list. Who knows eh? At least it might be done with.

    So what now? One day of nil spam does not maketh tranquility... it could be Coronavirus or something less scary. They may be back tomorrow. If they are, I’ll do everything I can to make their marketing ineffective and and as fruitless as can be. Alternatively, if that is my lot, I’ll dance a jig, pour something cool and clear to drink, and store the folder of junk they’ve sent me away until they mess up and restart.

    Fingers and toes crossed. Good luck all you spam warriors!


  6. My spammer switched target sites again today. Cannot use the same domain/site in California (Google) for too many spams or it risks blacklist status and gets shut down. So it’s back to .RU or other Eastern Europe for a bit I guess.

    Today’s fun fascinating final target spamvertized sites are 

    rewardyoursurvey.com (I doubt the reward is enough for my time)

    Any of you guys been seeing this in the hops from spam link to target site?

    http://masscancel.site/r.php

    or

    mayattented.live site?

    both hosted by DigitalOcean and both were created by the spam guy via Namecheap, before being used on the same day for the emails he sends.


  7. 1 minute ago, gnarlymarley said:

    Yep, it did come from google.  I guess having one recipient is too much for them.  I submitted it to amazon using a different account and it went through.  Funny how the original email is not blocked, but attempts to report it are.

    Because the spam affiliate scam artist is income maybe. And AWS does like to get its income (funds its effort to dominate the online retail space?)


  8. On 2/11/2020 at 4:38 PM, gnarlymarley said:

    So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs?

    Dunno.

    One thing I did find today, and it seems to list a lot of what I have seen in terms of spam email topics:

    https://www.maxbounty.com/campaigns.cfm?offer_id=14005&mbs=Mailer&mba=Click Link&mbo=Medicare Guide - CPL (US)&mbc=14005&mbx1=&mbx2=
     

    Thinking of contacting those folks and asking to be added to do not mail list... not sure yet 🤔 


  9. 14 hours ago, petzl said:

    I always forward my Amazon spam to abuse [AT] amazon [DOT] com
     

    I used to send to:

    abuse@amazonaws.com,

    ec2-abuse@amazon.com,

    ipmanagement@amazon.com,

    abuse@amazon.com

     

    I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work. I cannot say it reduced my spam in any way, but complaining directly to the “businesses”  might be working. I think, somehow, most of my spam is from an affiliate marketeer. One that follows many very bad practices in email marketing and is also terrible at managing opt outs.


  10. 2 minutes ago, Keats said:

    I got this response from Amazon on one of the reports I sent:

    "We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report"

    So, they've basically asked the spammer if he's spamming. I'm sure he'll give them a scrupulously honest answer...

     

     

     

    They’ve done that before. It didn’t stop their customer continuing to spew out endless repetitive emails multiple times a day with links to new Namecheap sold domain names for sites that have no purpose except to provide redirect mechanisms to the scam sites the “affiliate spammer” exists to drive traffic to (NerveRenew, Snow Teeth Whitener, Miracle Erectile Dysfunction Cures, Diet Wonder Pills etc.)

    I’m with you. This scumbag email abuser will say whatever they want and the flow of emails from Amazon IPs will continue (with links to Zupimages, Bit.ly, Imgur, etc.)

    And the unsubscribe links will continue to be to random (mostly Namecheap domains, and sometimes to actual “mailto” actual email addresses, with many being to domains that don’t even have an MX running at them)

    In short, useless of Amazon to claim they are doing anything. They are in bed with the Namecheap customer.


  11. If the parasite uses Imgur.com to host images, send a report at the link below, reporting the ad. They are responsive. You’ll get a confirmation of opened ticket first (almost instantaneously) and later a confirmation of deletion, sometimes within minutes and I find always under 12 hours.

    https://help.imgur.com/hc/en-us/requests/new

    Another host they commit theft of resources with against their terms of service is Zupimages.net

    Email the spam email image link(s) to the address below. They used to take time to reply but now they just delete, which is fine by me. They delete almost always very quickly.

    contact a-t zupimages.net

     


  12. thought I’d look back and see...
    One day old 9/25 spam promoted site: highmarket.club - still registered

    hiotoau.info was created via Namecheap the same day as the spam email was sent: 20 September. Still registered.

    arstoe.info was created via Namecheap the same day as the spam email was sent: 15 August. Still registered.

    iornfao.info was created via Namecheap the same day as the spam email was sent: 27 July (shows ClientHold, ServerHold, ClientTransferProhibited) - they took some action on this one

    camill.icu registered 9/23 and appears action taken: ServerHold, ClientTransferProhibited


  13. I’ve seen this before but I had inadvertently clicked the link “Select outlook/eudora workaround” on the submission form...Then I was only pasting the entire email headers/plain text into one box on the workaround form!! 🙄

    Sounds like not the same cause. But just in case it helps someone in the future, attached images show what my problem was... (well, my problem was me)

     

     

     

     


  14. This lady/guy is on point. Some of the sites they mention are the same as I have seen.

    The sweetsumner-dot-com domain mentioned is one of a rare appearance of a domain without Domains By Proxy or other privacy hiding layer.

    The address for VanillaMud is a UPS store.

    Does ICANN permit the use of mailbox providers for registration details for domain owners? I would like to get the details for the true owner, but is that possible in the United States? Does it require a lawyer involvement?

    Tech Contact Support Admin 
    VanillaMud 
    18766 John J Williams Hwy , #270, 
    Rehoboth Beach, DE, 19971, us 
    email.pgif?md5=a8c4fe2beb21517b7e74581923791a8f&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=Lato-Regular&size=10&color=5a5a5a&bgcolor=FFFFFF&format[]=transparent&format[]=transparent 
    (p)phone.pgif?hash=U175pr2jXlcSW75M9Uzc5gDw59BLlG29&face=Lato-Regular&size=10&color=5a5a5a&bgcolor=FFFFFF&format[]=transparent&face=Lato-Regular&size=10&color=5a5a5a&bgcolor=FFFFFF&format[]=transparent

  15. 31 minutes ago, goodnerd said:

    Have you received batches of Amazonaws spams that have the titles:
    "Your confirmation to join our "Adult site"
    "Your request to be unsubscribe !"
    "Request to be removed from our mailing list"

    Not this time around. Earlier in the year I did get a bunch of unsubscribe verbiage emails. Eventually the spam stopped. I did not reply to the spam emails. I just don’t, ever!!

     

×