Jump to content

btech

Memberp
  • Content Count

    448
  • Joined

  • Last visited

Community Reputation

0 Neutral

About btech

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Texas
  1. Well, an easy way to prevent listwashing is for people to report with their addresses munged; that way the ISP/datacenter knows X customer is a spammer and said spammer can't remove that specific email address to 'stop' the reports. Also, shouldn't these customers prove to you when the recipient allegedly subscribed? I've seen my address added and a fake IP, date and time used in the email when they claim I subscribed, so that's possible, but it's pretty easy to see when a sender fakes that info. FWIW, I run a mailing list and I keep all the registration emails, so I have a date, time and IP (of course, I use a 3rd party application, so I have that data too). I've reported to Fortressix and the spam I get from their customers are from people that bought my 'spam' address, which was harvested 2 years ago (I only use it for reporting spam, as a honeypot, so to speak).
  2. I thought as much, but figured I'd ask. Honestly, I don't trust most of the gmail and 'personal' email addresses as reporting addresses.
  3. For IP: 91.213.33.32 I show the following in the reporting DB: Notice the bolded part? I refreshed the cache and the addresses remain the same. Was this done on purpose or is it an issue with the cache? Tracking link, BTW: http://www.spamcop.net/sc?id=z3311836283z4...f86a4d5d5e1e88z
  4. Now I've seen everything... http://www.spamcop.net/sc?id=z3306000055z7...b1811a3a10bf47z Looks like a joe-job, but I wonder how they got their hands on a SC Report 'reply to' address? REPORTNUMBERHERE[at]reports.spamcop.net ... actually... maybe one of these is compromised? The report number is associated with this tracking link: http://www.spamcop.net/sc?id=z3241437513z0...fae6ae16de2d76z
  5. btech

    [Resolved] New Glitch

    I've noticed that. At first, 1 report would get hung up and then I'd only see reports hang up if I checked a 'user defined recipient', but now it's affecting random reports that I don't choose any addl recipients.
  6. That explains that. I forward 7 email addresses to by cesmail acct, so graylisting is just delaying those forwards. I turned on boxtrapper [at] my host for some of my most hit accounts, so that should take care of some of this.
  7. GRRR!!!!! Between this and spam that slips into my inbox, I'm havin all kinds of issues lately. Did you catch what they tried to do on the header spoof? Received: from [11.121.130.203] (helo=axbszbudxyzwp.xmkurqp.org) by kleczyk-azp6e8d with esmtpa (Exim 4.69) (envelope-from ) id 1MMSFS-0334gr-G2 for x; Thu, 13 Aug 2009 12:18:43 +0100 That'a DoD IP. lol
  8. For the life of me, I can't figure out why I keep getting the error that the message I'm submitting is too large on this one... it's small. (I removed all the personal IP/hostname info) Return-Path: <0.majestic40[at]kleczyk-azp6e8d> Delivered-To: x Received: (qmail 13613 invoked from network); 13 Aug 2009 12:29:10 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8 X-spam-Level: *** X-spam-Status: hits=3.6 tests=FORGED_MUA_OIMO,SPF_HELO_PASS version=3.2.4 Received: from unknown (192.168.1.107) by filter8.cesmail.net with QMQP; 13 Aug 2009 12:29:10 -0000 Received: from x (x) by mx70.cesmail.net with SMTP; 13 Aug 2009 12:29:10 -0000 Received: from d90-141-78-153.cust.tele2.pl ([90.141.78.153]:26723 helo=kleczyk-azp6e8d) by x with esmtp (Exim 4.69) (envelope-from <0.majestic40[at]kleczyk-azp6e8d>) id 1MbYKQ-0000eK-Ua for x; Thu, 13 Aug 2009 06:18:43 -0500 Received: from [11.121.130.203] (helo=axbszbudxyzwp.xmkurqp.org) by kleczyk-azp6e8d with esmtpa (Exim 4.69) (envelope-from ) id 1MMSFS-0334gr-G2 for x; Thu, 13 Aug 2009 12:18:43 +0100 From: "Terrell Couch" <0.majestic40[at]kleczyk-azp6e8d> To: <x> Subject: 6 more vacant positions. 2-5 hours per day Date: Thu, 13 Aug 2009 12:18:43 +0100 Message-ID: <1052448575.GJI9PMZS874968[at]xqeccq.hwiidcs.info> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2741.2600 Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - x X-AntiAbuse: Original Domain - x X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - kleczyk-azp6e8d X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=3 Greetings, Our Company is ready to offer full and part time work in your region. We are among top managing companies in North America and Europe. If you are interested in career growth and good salary, send your resume ONLY to the Company’s email address: career[at]dia-company.net Reply only via corporate email, so please just use this one for further contact and correspondence: career[at]dia-company.net With best regards, HD department DIAGROUP http://dia-company.net Any ideas why this message won't parse?
  9. Like I said, I have all the BLs checked and active, yet an obscene amount of spam is delivered to my inbox. Hell, I even brought the SA level down to 2 and I'm STILL getting the leakage. I honestly think there is an issue with the SA server(s), because certain words are hitting like they used to.
  10. Quick question on something I saw today: MY IP HERE SPOOFEDEMAIL[at]spam.COM 2009-07-15 15:44:00 2009-07-15 19:44:00 3 So I see where "MY IP HERE" is, that it's the IP of my host, where my email account is hosted. I don't see that IP on the "Rejected Entries", so it seems the graylisting is only holding the messages relayed from that IP, but inevitably delivering them to my inbox. Normal?
  11. Take it up with 1 Und 1.... they own the IP and are responsible for activity on it. SpamCop only compiles IPs through the reporting system and allows users to implement that list to prevent spam delivery to their inbox. YOU SHOULD BE COMPLAINING TO THE PEOPLE THAT DON'T RESOLVE THE SPAMMING ON THEIR IP. ... you're goin after the wrong people here, mate. *EDIT* I just realized that post was from 2007... you can delete this post if it's no longer relevant.
  12. btech

    How to report spam - they refuse reports

    Nothing, short of notifying their upstream provider. Some ISPs are black and others, like e-marketing firms don't care, because they assume all their customers legally obtained the email addresses. You can CC complaints/reports to their upstream, like GBLX or Telia, but many times, they don't respond to the average pissed off spam recipient.
  13. Yea, I think I'm going to have to turn graylisting on, because this is just asinine. Example of a CP spam that should CLEARLY have made some hits in SA, but was delivered to my inbox: http://www.spamcop.net/sc?id=z3121429075zb...7000b163e4066ez If nothing else, it's listed in SORBS... isn't that one of the blocklists?
  14. I have all lists enabled, greylisting is NOT enabled and the none of my personal addresses are on my white lists (I learned that lesson in the past with the TO/FROM spoofing). My SA level is 4, but the issue has never been the SA level... I see several words in these sample messages that should be hitting and raising the SA level, but they're all from 0-1.5, which I find very peculiar. I also find it peculiar that this issue started 3 or so days ago, when the the same type of messages would previously be caught by SA and placed in the 'held' folder. Exactly what raised some concern for me. I'm receiving a higher than usual volume of spam, but there are instances where identical messages are being delivered... 1 to the 'held' folder and 1 to the inbox. Prima facia, that looks like an issue with SA. Here's one that appears to have 1.7 hits, but words like 'replica' (used twice), 'watches' and 'luxury' didn't hit.. I thought they were all words that SA would catch in the past : http://www.spamcop.net/sc?id=z3118665302zf...26f401196684faz
  15. man... out of 70 messages in my inbox, 50 were spam. Shouldn't this one have been snagged? It has words that I normally see hitting: http://www.spamcop.net/sc?id=z3115129192z1...b7ddb94687143fz And this one... spam lever 0?! It says 'drugs' 'medications' and 'pharmacy' in the body. Certainly something must be awry: http://www.spamcop.net/sc?id=z3115134554zb...a9ad7a1d359e9ez ... but I wonder if I'm also being flooded... I had 260 messages, all seemingly about pharma, in 12 hours, which is about 2x what I'm used to in that period.
×