Hanco
-
Posts
135 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Hanco
-
-
On 6/17/2022 at 2:33 PM, gnarlymarley said:
I had been getting the spam increase with my reports a few years back. Then I managed to report faster and the s[cp]ammers backed off.
Absolutely. That’s my experience too.
-
I will say, Amazon AWS and the other EC2 group in the Amazon empire are both responsive and have been helpful to me. I wish they would accept the Spamcop reports but at least they help. Google though… ugh, a different story!
-
On 1/23/2022 at 11:17 AM, AmyLynn said:
…I kind of think they don't do it because of the replies they would be bombed with from namecheap.
Exactly. Especially the replies that are as frustrating as hell. The replies that there is nothing they can do as it is not blacklisted by any reliable blacklist so contacts the host instead.
-
Quote
I tell them I have a "Aboriginal" curse which is for your family and friends, keep away from them (often they panic and hang-up)!58 minutes ago, petzl said:Brilliant haha 😂
-
On 4/2/2022 at 5:03 PM, petzl said:
Just forward SMS to your email account then copy link then make a abuse report.
Android phone, just highlight SMS, right top of screen 3 dots, click share.
Send to your email to abuse
EXAMPLE
Criminal phishing fraud sent to my mobile phone as SMS message
link/URL is
http://company.thehospitalityconnect.com/yo-v/?PmG-3B7tTw7B9RQ21KX
Name: company.thehospitalityconnect.comDomain: thehospitalityconnect.comabuse[ AT]godaddy[ DOT]com
I use windows APP WIN32 WhoIs for URL
AND
IPNetinfo for IP address of the URLWas it from a US mobile number? Or other country? There is a good site for finding the carrier for US numbers. It has their abuse email addresses and they will typically investigate and suspend/terminate their customer.
https://scammerblaster.com/carrier-lookup/ -
On 10/26/2021 at 2:07 AM, LaserMoon said:
The vast majority of spam that I get uses domains registered by Namecheap to both send the spam (from @domain), and to link to content and tracking scripts.
Namecheap's policy, as far as I can tell, is to only remove a domain if it shows up in the Spamhaus blacklist.
So the spammers' policy is to keep registering new domains, and Namecheap won't bother them as long as the infrastructure used is external (typically Russian).Does this match your experience?
All of the above is accurate for me. It had been for several years now. I’ve found a couple of things out about the spammer behind the annoying emails.
1) Flex Marketing Group (New York) is likely a part of the problem
2) There is little more info but my email address is listed on a public web page at “to-email.com” - I would like to get my email address off this page but not sure about contacting the site owner or going to the hosting provider! https://to-email.com/find-email/dce79a24436e8368cf2ccd1b12ef9f9a
And when I checked the domain registration details for to-email.com, the mailing box address given has a large number of reports of scams related to it…
-
And I see the tracking links are no longer reporting from SpamCop
https:// storage.googleapis.com/…
/dev/null'ing report for nomaster@devnull.spamcop.net
so I’ll do like you guys and submit reports direct to Google and in SpamCop so the email sender is aware and the sc Blacklist gets built on.
-
49 minutes ago, gnarlymarley said:
I think the 550 error is a definite resend. For the 452 error, I only seem to get one auto-reply after I resend it. For me, copying the same exact email has failed up to two times. It will go through on the second or third time.
Awesomeness. Thanks
-
11 hours ago, gnarlymarley said:
Nope. I get those too at random. Seems to be intermittent. I tried different items on the form and the input didn't change anything.
Yeah, happening for probably about 4 weeks intermittently. As others are reporting here too.
It seems the general consensus is to resubmit the headers and report again. Agree?
I don’t like to report again but it appears the report is not sent based on the error, even though it also looks like it could have been because you can see the “reports already sent” too.
What to do?!? -
I’ve been seeing a few of these after clicking to send the report. Known issue? Something I am doing wrong?
Can't send report: smtpEnvelope (7140149017.647c8b81@bounces.spamcop.net, report_spam@hotmail.com): smtpFrom: mail From 7140149017.647c8b81@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) )Can't send report: smtpEnvelope (7140149032.4eb15871@bounces.spamcop.net, abuse@att.net): smtpFrom: mail From 7140149032.4eb15871@bounces.spamcop.net: error (550 No expected reply from SMTP)Can't send report: smtpEnvelope (7140149033.dbb0b274@bounces.spamcop.net, rmedina@nettogo.net): smtpFrom: mail From 7140149033.dbb0b274@bounces.spamcop.net: error (550 No expected reply from SMTP) -
On 4/25/2020 at 9:27 PM, gnarlymarley said:
That time can be damaging. Amazon is four days and I think theirs is too long. By the time a week goes by a spammer could have already moved on anyway, so the account could be abandoned by the time they shut it down.
For me, I would make it no longer economically viable. If I could speed up the disable process, then the captcha alone would deter them. It may be they figured out who I was and dropped me off their list, but not likely. Probably what is more likely is mine was different spammer.
Yes it takes too long, and my spammer guy is organized just enough that the providers struggle to keep up.
Not sure if I mentioned but I got his name and address! I emailed him and got no response. It was read though.
Since he ignores unsubscribe requests, I’ve taken to using BBB to formally complain to his spamvertized companies. The LLC/Inc groups usually respond, though not always. The genuine businesses with a brand of consumer value reply, while the others that are dubious morally or have a BBB rating in the gutter already are half hearted in their response efforts or don’t even write back. Reminds me, I have one detailed complaint to send to an attorney general.
Two “affiliate programs” this year contacted back through BBB providing their contact details and we had very positive interactions.Neither seemed to like the spammer very much and they said they don’t work with him any longer. After agreeing in writing not to reveal these guys as the source, they gave me his name, address, and contact details.
They advised they didn’t think he will care much about my request to get off his list. They were not wrong. Some reduction seen definitely, but every so often he’s active.
Recently it’s been SendGrid.net as his mode of operation. Just one topic/spam email at a time, and using twitter for spam image content delivery.
Of course SpamCop does not send reports to SendGrid (why not?) and does not report to Twitter.
spam dates: 29 May, 3 Jun, 6 Jun, 11 Jun, 17 Jun (twice), 19 June
Separately, noticed a significant uptick in 419 Scammer emails. They often have a US phone number on them so I report the number to the FTC. I also call it (my number withheld) and if it sounds like the guy was asleep I repeat every few minutes at my leisure, put on a voice, ask stupid questions, generally really waste their time. I might be a sadist in this respect...I don’t feel at all guilty about doing it 😂
-
Sendgrid will follow up if you report to them. They are pretty good at dealing with spammers.
They do not want to be on blacklists because their whole business is enabling delivery of legitimate emails for groups who have large lists of subscribers.
That has been my experience anyway.
-
On 4/23/2020 at 9:49 AM, ArtmakersWorlds said:
Not mine. Not a bit. Got ONE yesterday that was not from google. NINE that were. I don't think google even looks at spamcop complaints.
But... I will keep reporting anyway.
Did it stop?
There is a spammer who uses Google Cloud Storage to spew out affiliate spam. Keto, loans, warranty, medical...
It takes over a week, maybe ten days before they shutdown his account unfortunately. Then he just switches mode of operation to another method.
Here’s his last campaign links list. The html is a redirect of course. The image links were his departure from using a redirect or direct link to imgur.com content, a direct IP addressed machine (or other image hosting provider)
The man behind this is a complete (expletive)
storage.googleapis.com/emarket111/Unsub.html
storage.googleapis.com/emarket111/unsubscribe.html
storage.googleapis.com/amlfk/unsubscribe.html
storage.googleapis.com/emarket111/health.html
storage.googleapis.com/emarket111/health1.png
storage.googleapis.com/emarket111/health2.png
storage.googleapis.com/amlfk/okwatt.html
amlfk/okowatt.PNG
storage.googleapis.com/amlfk/okowattunsub.PNG
storage.googleapis.com/amlfk/getinstahard.html
storage.googleapis.com/amlfk/insta.PNG
storage.googleapis.com/amlfk/instaunsub.PNG
storage.googleapis.com/emarket111/instahard.html
storage.googleapis.com/emarket111/instahrdd.png
storage.googleapis.com/emarket111/insahardunsub.PNG
storage.googleapis.com/amlfk/refratequide.html
storage.googleapis.com/emarket111/maxloan.html
storage.googleapis.com/emarket111/rexmd1.png
storage.googleapis.com/emarket111/rexmd2.png
storage.googleapis.com/emarket111/rexmd.html
storage.googleapis.com/emarket111/montezuma.html
storage.googleapis.com/emarket111/montezuma1.png
storage.googleapis.com/emarket111/montezuma2.png
storage.googleapis.com/amlfk/fastcharging.html
storage.googleapis.com/amlfk/fastchargring.jpg
storage.googleapis.com/amlfk/fastunsub.PNG
storage.googleapis.com/amlfk/healnsooth.html
storage.googleapis.com/amlfk/healnsooth.PNG
storage.googleapis.com/amlfk/healunsub.PNG
storage.googleapis.com/tetssdfff/index%20CBD%20GUMMIES%20COMCAST.html
storage.googleapis.com/amlfk/ketoboost.html
storage.googleapis.com/amlfk/ketoboost.PNG
storage.googleapis.com/amlfk/ketoboostunsub.PNG
storage.googleapis.com/amlfk/bluesky.html
storage.googleapis.com/emarket111/engagedketo.html
storage.googleapis.com/emarket111/engagedketounsub.PNG
storage.googleapis.com/emarket111/HOMEWARANTYSERVICES.html
storage.googleapis.com/emarket111/homeservicesunsub.PNG
storage.googleapis.com/emarket111/cbdT.html
storage.googleapis.com/emarket111/cbdT2.png
storage.googleapis.com/emarket111/cbdT1.png
storage.googleapis.com/amlfk/refi.html
storage.googleapis.com/amlfk/REFIREFI.jpg
storage.googleapis.com/amlfk/refubsub2.png
storage.googleapis.com/amlfk/cbdgummies.html
storage.googleapis.com/amlfk/CBDGUMM.jpg
storage.googleapis.com/amlfk/CBDUNSUB.png
storage.googleapis.com/amlfk/smatfinancial.html
storage.googleapis.com/amlfk/Smartfinancial.jpg
storage.googleapis.com/amlfk/smartfinancialunsub.PNG
storage.googleapis.com/amlfk/ketozin.html
storage.googleapis.com/amlfk/ketozin.png
storage.googleapis.com/amlfk/ketozinunsub.PNG
storage.googleapis.com/emarket111/instahard.html
storage.googleapis.com/emarket111/instahrdd.png
storage.googleapis.com/emarket111/insahardunsub.PNG
storage.googleapis.com/emarket111/safe1.png
storage.googleapis.com/emarket111/safe.html
storage.googleapis.com/emarket111/safe2.png
https://storage.googleapis.com/emarket111/Life.html
storage.googleapis.com/emarket111/Life1.png
storage.googleapis.com/emarket111/Life2.png
storage.googleapis.com/emarket111/HomePro.html
storage.googleapis.com/emarket111/HomrPro2.png
storage.googleapis.com/emarket111/HomePro1.png
storage.googleapis.com/amlfk/scrores.html
storage.googleapis.com/amlfk/scoresunssss.PNG
https://storage.googleapis.com/amlfk/scroesbody.PNG
storage.googleapis.com/emarket111/russian.html
storage.googleapis.com/emarket111/russian1.png
storage.googleapis.com/emarket111/russian2.png
storage.googleapis.com/emarket111/conceal.html
storage.googleapis.com/emarket111/conceal1.png
storage.googleapis.com/emarket111/conceal2.png
storage.googleapis.com/amlfk/automotive.PNG
storage.googleapis.com/amlfk/automotive.html
storage.googleapis.com/amlfk/automotiveunsbs.PNG
storage.googleapis.com/emarket111/Aloehand.html
storage.googleapis.com/emarket111/Aloehand1.png
storage.googleapis.com/emarket111/2.png
storage.googleapis.com/emarket111/instahrdd.png
storage.googleapis.com/idrivec/shadowbox.html
storage.googleapis.com/idrivec/shadowbox.png
storage.googleapis.com/idrivec/unsubscribe.html
storage.googleapis.com/idrivec/shadowboxunsub.png
storage.googleapis.com/idrivec/engaged_keto.html
storage.googleapis.com/idrivec/engagedketounsub.PNG
storage.googleapis.com/idrivec/instahrd.png
storage.googleapis.com/idrivec/instahard.html
storage.googleapis.com/idrivec/inshardunsub.PNG
storage.googleapis.com/idrivec/cbdgummies.PNG
storage.googleapis.com/idrivec/cbdgummiesunsub.PNG
storage.googleapis.com/idrivec/CBD_Gummies.html
https://storage.googleapis.com/idrivec/conceledunsub.png
storage.googleapis.com/idrivec/Conceled.html
storage.googleapis.com/idrivec/conceled.png
storage.googleapis.com/amlfk/ketozin.html
storage.googleapis.com/idrivec/ketozinunsub.PNG
storage.googleapis.com/idrivec/ketozin.png
storage.googleapis.com/amlfk/scrores.html
storage.googleapis.com/idrivec/cbdoil.jpg
https://storage.googleapis.com/idrivec/cbdoiunsub.PNG
storage.googleapis.com/idrivec/CBD_OIL.html
-
I am continuing to deal with a spammer who uses multiple redirects for the spamvertized sites he makes affiliate commissions for. So I do like to report these links in the email body.
The URLs in the email body plain text are almost always redirects, or they are image links. So I let SpamCop take the first for reporting and I separately run a redirect follower to capture the others (trying wherever possible not to visit the last hop with tracking parameters since I don’t want to encourage more spam). Some redirect followers which once worked no longer work. It’s like he found a way to block them.
I open another SpamCop browser page and discover the host of each hop in the redirect dance I identified. Then add those to the notes of the report page and add the host abuse reporting addresses to the user notified list of recipients in my report.
It is laborious and annoying at times, but I hope the nutter behind this gets bored eventually. It takes a few days but his redirects get shut down eventually. And in some cases his images for the spam emails he sends are deleted within hours, sometimes minutes.
-
https://domainbigdata.com/nj/mZHpadbrnAFQT4F6G79g4w
Paul Goldstein strategiccompulytics.com
Registers a lot of random domains. We’ve seen that behavior a lot! And the topics in many are familiar spammy email ones.
-
And finally!
The source: strategiccompulytics.com
I may never know how they got my email address to send me periodic newsletters for these products or services.:
“We have the internet cornered in all categories, from solar power, to credit repair, to dating, financial services, to senior care, and even health, life and auto insurance – so there is no shortage of opportunities to get the latest savings and new products to the market. Our job is to serve you, so we will continue to find the best direct partners and match them to your needs.”
If they are so keen on “serving” why do NONE of their “periodic newsletters” (sometimes sent up to 27 times in a day) mention Strategic Compulytics on them?
For anyone else getting the same junk, maybe these super friendly guys are the true source.
I hope this is useful to folks who might be dealing with never ending email arrival on the topics above and others that they don’t mention (tinnitus, erectile dysfunction, fungal nails, all of which have miracle cures doctors wish they understood and pharmaceutical companies want to hide from the public - allegedly!!)
Note: Better Business Bureau says Strategic Compulytics they have not responded to their ask, to stop claiming BBB accreditationMy current spam levels are now down to <0.5 per day average. The ones I get now are 419 Scam emails. They will stop one the sender isolates who is reporting their junk and gets their gmail/yahoo accounts closed.
-
Well, I hope my spamming jerk of a friend is ok and did not get Coronavirus.... but today was pleasantly uninterrupted!
Yesterday I had a mail from them and for the first time in a LONG time it did not show SPF fail in the headers. In fact it reportedly associated itself with a well respected marketing outfit called ActiveCampaign.
Why do I rate AC so highly? Well they do at very least have an actually comprehensive guide on their long established site about how not to be classed as a spammer. All of which, I think I can truthfully say, my spammer friend(s) flaunt ignorance of!
https://www.activecampaign.com/legal/anti-spam-policy
Of course this may have been their last ditch attempt to list wash and maybe “Jason at ActiveCampaign d o t c o.m” was happy to give them my info to take me off their list. Who knows eh? At least it might be done with.
So what now? One day of nil spam does not maketh tranquility... it could be Coronavirus or something less scary. They may be back tomorrow. If they are, I’ll do everything I can to make their marketing ineffective and and as fruitless as can be. Alternatively, if that is my lot, I’ll dance a jig, pour something cool and clear to drink, and store the folder of junk they’ve sent me away until they mess up and restart.
Fingers and toes crossed. Good luck all you spam warriors!
-
I use those sites that scan the url for the redirects and see where they end up (if I have the time)
-
Funny because all mine were either bit.ly or googleuser links (either way, it’s all about more redirects to hide behind)
-
My spammer switched target sites again today. Cannot use the same domain/site in California (Google) for too many spams or it risks blacklist status and gets shut down. So it’s back to .RU or other Eastern Europe for a bit I guess.
Today’s fun fascinating final target spamvertized sites are
rewardyoursurvey.com (I doubt the reward is enough for my time)
Any of you guys been seeing this in the hops from spam link to target site?
or
mayattented.live site?
both hosted by DigitalOcean and both were created by the spam guy via Namecheap, before being used on the same day for the emails he sends.
-
1 minute ago, gnarlymarley said:
Yep, it did come from google. I guess having one recipient is too much for them. I submitted it to amazon using a different account and it went through. Funny how the original email is not blocked, but attempts to report it are.
Because the spam affiliate scam artist is income maybe. And AWS does like to get its income (funds its effort to dominate the online retail space?)
-
On 2/11/2020 at 4:38 PM, gnarlymarley said:
So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs?
Dunno.
One thing I did find today, and it seems to list a lot of what I have seen in terms of spam email topics:
Thinking of contacting those folks and asking to be added to do not mail list... not sure yet 🤔
-
14 hours ago, petzl said:
I always forward my Amazon spam to abuse [AT] amazon [DOT] com
I used to send to:
abuse@amazonaws.com,
ec2-abuse@amazon.com,
ipmanagement@amazon.com,
abuse@amazon.com
I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work. I cannot say it reduced my spam in any way, but complaining directly to the “businesses” might be working. I think, somehow, most of my spam is from an affiliate marketeer. One that follows many very bad practices in email marketing and is also terrible at managing opt outs.
-
2 minutes ago, Keats said:
I got this response from Amazon on one of the reports I sent:
"We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report"
So, they've basically asked the spammer if he's spamming. I'm sure he'll give them a scrupulously honest answer...
They’ve done that before. It didn’t stop their customer continuing to spew out endless repetitive emails multiple times a day with links to new Namecheap sold domain names for sites that have no purpose except to provide redirect mechanisms to the scam sites the “affiliate spammer” exists to drive traffic to (NerveRenew, Snow Teeth Whitener, Miracle Erectile Dysfunction Cures, Diet Wonder Pills etc.)
I’m with you. This scumbag email abuser will say whatever they want and the flow of emails from Amazon IPs will continue (with links to Zupimages, Bit.ly, Imgur, etc.)
And the unsubscribe links will continue to be to random (mostly Namecheap domains, and sometimes to actual “mailto” actual email addresses, with many being to domains that don’t even have an MX running at them)
In short, useless of Amazon to claim they are doing anything. They are in bed with the Namecheap customer.
Email address lists made public
in SpamCop Lounge
Posted · Edited by Hanco
Typo
What do we make of this? Any insights?
I’d love to know more about the owner/source of this stuff. I think they are a source of the majority of spams I get. So much cloak and dagger. Though I see it *says* Flex Marketing Group, and I think they’ve been caught spamming before.
I notice “ec2” mentioned in one of the URLs (EC2 being the Amazon service perhaps)
https://to-email.com/find-email/from-mx/ip-172-31-40-64.ec2.internal
https://to-email.com/find-email/dce79a24436e8368cf2ccd1b12ef9f9a