Jump to content

btech

Memberp
  • Content Count

    448
  • Joined

  • Last visited

Everything posted by btech

  1. Well, an easy way to prevent listwashing is for people to report with their addresses munged; that way the ISP/datacenter knows X customer is a spammer and said spammer can't remove that specific email address to 'stop' the reports. Also, shouldn't these customers prove to you when the recipient allegedly subscribed? I've seen my address added and a fake IP, date and time used in the email when they claim I subscribed, so that's possible, but it's pretty easy to see when a sender fakes that info. FWIW, I run a mailing list and I keep all the registration emails, so I have a date, time and IP (of course, I use a 3rd party application, so I have that data too). I've reported to Fortressix and the spam I get from their customers are from people that bought my 'spam' address, which was harvested 2 years ago (I only use it for reporting spam, as a honeypot, so to speak).
  2. Now I've seen everything... http://www.spamcop.net/sc?id=z3306000055z7...b1811a3a10bf47z Looks like a joe-job, but I wonder how they got their hands on a SC Report 'reply to' address? REPORTNUMBERHERE[at]reports.spamcop.net ... actually... maybe one of these is compromised? The report number is associated with this tracking link: http://www.spamcop.net/sc?id=z3241437513z0...fae6ae16de2d76z
  3. For the life of me, I can't figure out why I keep getting the error that the message I'm submitting is too large on this one... it's small. (I removed all the personal IP/hostname info) Return-Path: <0.majestic40[at]kleczyk-azp6e8d> Delivered-To: x Received: (qmail 13613 invoked from network); 13 Aug 2009 12:29:10 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8 X-spam-Level: *** X-spam-Status: hits=3.6 tests=FORGED_MUA_OIMO,SPF_HELO_PASS version=3.2.4 Received: from unknown (192.168.1.107) by filter8.cesmail.net with QMQP; 13 Aug 2009 12:29:10 -0000 Received: from x (x) by mx70.cesmail.net with SMTP; 13 Aug 2009 12:29:10 -0000 Received: from d90-141-78-153.cust.tele2.pl ([90.141.78.153]:26723 helo=kleczyk-azp6e8d) by x with esmtp (Exim 4.69) (envelope-from <0.majestic40[at]kleczyk-azp6e8d>) id 1MbYKQ-0000eK-Ua for x; Thu, 13 Aug 2009 06:18:43 -0500 Received: from [11.121.130.203] (helo=axbszbudxyzwp.xmkurqp.org) by kleczyk-azp6e8d with esmtpa (Exim 4.69) (envelope-from ) id 1MMSFS-0334gr-G2 for x; Thu, 13 Aug 2009 12:18:43 +0100 From: "Terrell Couch" <0.majestic40[at]kleczyk-azp6e8d> To: <x> Subject: 6 more vacant positions. 2-5 hours per day Date: Thu, 13 Aug 2009 12:18:43 +0100 Message-ID: <1052448575.GJI9PMZS874968[at]xqeccq.hwiidcs.info> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2741.2600 Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - x X-AntiAbuse: Original Domain - x X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - kleczyk-azp6e8d X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=3 Greetings, Our Company is ready to offer full and part time work in your region. We are among top managing companies in North America and Europe. If you are interested in career growth and good salary, send your resume ONLY to the Company’s email address: career[at]dia-company.net Reply only via corporate email, so please just use this one for further contact and correspondence: career[at]dia-company.net With best regards, HD department DIAGROUP http://dia-company.net Any ideas why this message won't parse?
  4. I thought as much, but figured I'd ask. Honestly, I don't trust most of the gmail and 'personal' email addresses as reporting addresses.
  5. For IP: 91.213.33.32 I show the following in the reporting DB: Notice the bolded part? I refreshed the cache and the addresses remain the same. Was this done on purpose or is it an issue with the cache? Tracking link, BTW: http://www.spamcop.net/sc?id=z3311836283z4...f86a4d5d5e1e88z
  6. btech

    [Resolved] New Glitch

    I've noticed that. At first, 1 report would get hung up and then I'd only see reports hang up if I checked a 'user defined recipient', but now it's affecting random reports that I don't choose any addl recipients.
  7. That explains that. I forward 7 email addresses to by cesmail acct, so graylisting is just delaying those forwards. I turned on boxtrapper [at] my host for some of my most hit accounts, so that should take care of some of this.
  8. GRRR!!!!! Between this and spam that slips into my inbox, I'm havin all kinds of issues lately. Did you catch what they tried to do on the header spoof? Received: from [11.121.130.203] (helo=axbszbudxyzwp.xmkurqp.org) by kleczyk-azp6e8d with esmtpa (Exim 4.69) (envelope-from ) id 1MMSFS-0334gr-G2 for x; Thu, 13 Aug 2009 12:18:43 +0100 That'a DoD IP. lol
  9. Anyone else noticed an influx of spam being delivered to your inbox. Lat night alone, 20 of my 30 new messages were spam. On first glance, it doesn't appear SpamAssasain is hitting the usual words like 'pharmacy'. Examples: http://www.spamcop.net/sc?id=z3109831437z1...d4a66119fce08fz http://www.spamcop.net/sc?id=z3109833967za...319eb848be783fz
  10. Like I said, I have all the BLs checked and active, yet an obscene amount of spam is delivered to my inbox. Hell, I even brought the SA level down to 2 and I'm STILL getting the leakage. I honestly think there is an issue with the SA server(s), because certain words are hitting like they used to.
  11. Quick question on something I saw today: MY IP HERE SPOOFEDEMAIL[at]spam.COM 2009-07-15 15:44:00 2009-07-15 19:44:00 3 So I see where "MY IP HERE" is, that it's the IP of my host, where my email account is hosted. I don't see that IP on the "Rejected Entries", so it seems the graylisting is only holding the messages relayed from that IP, but inevitably delivering them to my inbox. Normal?
  12. Take it up with 1 Und 1.... they own the IP and are responsible for activity on it. SpamCop only compiles IPs through the reporting system and allows users to implement that list to prevent spam delivery to their inbox. YOU SHOULD BE COMPLAINING TO THE PEOPLE THAT DON'T RESOLVE THE SPAMMING ON THEIR IP. ... you're goin after the wrong people here, mate. *EDIT* I just realized that post was from 2007... you can delete this post if it's no longer relevant.
  13. btech

    How to report spam - they refuse reports

    Nothing, short of notifying their upstream provider. Some ISPs are black and others, like e-marketing firms don't care, because they assume all their customers legally obtained the email addresses. You can CC complaints/reports to their upstream, like GBLX or Telia, but many times, they don't respond to the average pissed off spam recipient.
  14. Yea, I think I'm going to have to turn graylisting on, because this is just asinine. Example of a CP spam that should CLEARLY have made some hits in SA, but was delivered to my inbox: http://www.spamcop.net/sc?id=z3121429075zb...7000b163e4066ez If nothing else, it's listed in SORBS... isn't that one of the blocklists?
  15. I have all lists enabled, greylisting is NOT enabled and the none of my personal addresses are on my white lists (I learned that lesson in the past with the TO/FROM spoofing). My SA level is 4, but the issue has never been the SA level... I see several words in these sample messages that should be hitting and raising the SA level, but they're all from 0-1.5, which I find very peculiar. I also find it peculiar that this issue started 3 or so days ago, when the the same type of messages would previously be caught by SA and placed in the 'held' folder. Exactly what raised some concern for me. I'm receiving a higher than usual volume of spam, but there are instances where identical messages are being delivered... 1 to the 'held' folder and 1 to the inbox. Prima facia, that looks like an issue with SA. Here's one that appears to have 1.7 hits, but words like 'replica' (used twice), 'watches' and 'luxury' didn't hit.. I thought they were all words that SA would catch in the past : http://www.spamcop.net/sc?id=z3118665302zf...26f401196684faz
  16. man... out of 70 messages in my inbox, 50 were spam. Shouldn't this one have been snagged? It has words that I normally see hitting: http://www.spamcop.net/sc?id=z3115129192z1...b7ddb94687143fz And this one... spam lever 0?! It says 'drugs' 'medications' and 'pharmacy' in the body. Certainly something must be awry: http://www.spamcop.net/sc?id=z3115134554zb...a9ad7a1d359e9ez ... but I wonder if I'm also being flooded... I had 260 messages, all seemingly about pharma, in 12 hours, which is about 2x what I'm used to in that period.
  17. I receive tons of spam with domains that are registered by nameservices.net, but abuse[at]nameservices.net bounces and if you look at the site, it's a log in page. So I did some digging and this is what I see: Parsing input: nameservices.net Host nameservices.net (checking ip) = 208.234.1.121 host 208.234.1.121 (getting name) no name Host nameservices.net (checking ip) = 208.234.1.121 host 208.234.1.121 (getting name) no name [report history] Routing details for 208.234.1.121 Report routing for 208.234.1.121: abuse[at]mci.com, abuse[at]uu.net abuse[at]mci.com redirects to abuse[at]uu.net Statistics: 208.234.1.121 not listed in bl.spamcop.net More Information.. 208.234.1.121 not listed in dnsbl.njabl.org 208.234.1.121 not listed in dnsbl.njabl.org 208.234.1.121 not listed in cbl.abuseat.org 208.234.1.121 not listed in dnsbl.sorbs.net 208.234.1.121 not listed in relays.ordb.org. Reporting addresses: abuse[at]uu.net ---- http://www.dnsstuff.com/tools/whois.ch?ip=...et&cache=on First off, 910 is a North Carolina area code, second is that cablejockey.com is a bunk address (which is registered by nameservices.net). So what should I do here? I want to report this guy for being a shady registrar and hosting his buddies' spam sites, but does that mean I should take it up to MCI?
  18. FWIW, I'm not seeing any goofy dates like that either.
  19. Through SCMail, I clicked 'Report spam' and am taken to mailsc.spamcop.net. When I click on 'Held Email' to queue up reports, I see the following error message: Anyone else encounter this error? I encountered this at 8 AM PDT.
  20. OOPS! I didn't look in that forum, because I thought it was a SCMail-specific issue. I've done some 'quick reporting' on items, but there's some I wanted to do 'the long way'... guess it can wait for now.
  21. btech

    Mail down?

    looks like it... I see it's back up.
  22. webmail.spamcop.net Has been down for about 20 minutes (2:36 PM PDT right now). Error:
  23. btech

    Nigerian scammer nailed

    Wow... Nigeria, busting their own people. Impressive change of events. 1 down, thousands to go.
  24. btech

    SCMail Reporting Down?

    Looks like it's back up now... that's weird. For about 3 hours, I couldn't get that reporting page to load, when I had no other connection issues with the remainder of the SC pages.
  25. Reporting via: http://mailsc.spamcop.net/ I receive the following error: Error 2 (net::ERR_FAILED): Unknown error. (in Chrome) I first noticed the issue [at] 2 PM PST (currently 5:26 PST) and I don't see any news on the SCMail log in page.
×