Jump to content

iixii

Members
  • Content Count

    52
  • Joined

  • Last visited

Everything posted by iixii

  1. OK, so I sent this report: http://www.spamcop.net/sc?id=z4010208537z7...733fae6d5c6fbbz I got a reply that really got me baffled. I verified that it came from AT&T by submitting it as spam itself, see: http://www.spamcop.net/sc?id=z4013673296zb...421b4fd5ea94b7z First of all, I received it at the address that's mentioned in the From: header of above spam, not through the spamcop report reply system! Then, the subject was in other words, not one recognisable indication that this was actually from an abuse department, which almost made me report it as spam too. But what really knocked me off the chair was the contents, which you can see if you click on "View entire message" in the second link above. The gist: WTF?? All the information they ask for is in the spamcop report! If this was some tiny backyard provider, fine, but AT&T?
  2. Please see this spam report. The lookup of the message source IP 203.153.52.142 at whois.apnic.net is totally messed up. It says it's "Getting contact from whois.apnic.net mirror", so I suppose that the mirror is broken and needs to be fixed. The problem is that it returns the default contacts for the APNIC registry itself, abuse[at]apnic.net and spam[at]apnic.net, and then Spamcop (understandably) says "I refuse to bother xyz". A direct lookup at whois.apnic.net returns: inetnum: 203.153.52.0 - 203.153.55.255 netname: NOVANET-IN ... e-mail: noc[at]novanet.net Searching the forum, I found this thread: http://forum.spamcop.net/forums/index.php?showtopic=9962 where Don claims it has been fixed, but it doesn't seem to be... [changed spam report link to www. (so we can see it)]
  3. iixii

    .chat.ru

    OK, I see. No, it's not obvious at all...
  4. iixii

    .chat.ru

    I don't agree at all with the notion that not showing a failure message is something justifiable in any way. It's all nice and well that Spamcop puts its focus on identifying and larting relays, and that spamvertised page reporting is just a side task that Spamcop may or may not find the time to do. However, even when it is an optional thing, it *has* to give proper feedback. Silent failure is a total no-no in *any* UI. Insinuating that only n00bs would be irritated by an obviously missing error message is not acceptable. I consider myself a professional in both the spam and UI design business, and I was irritated myself by this silent failure before (and even posted about it here years ago, IIRC). Aggregating the number of posts in this forum which report this same thing shows that a sizeable amount of time is wasted by both posters and people trying to help them, pointing them to the FAQ again and again, complete with repeated grumbling that results from something that is simply bad quality in a service many people here pay for yearly through their Spamcop Email subscription (me included). It would save everybody a lot of time and frustration if the few minutes of developer time needed to introduce a message like "Timeout while resolving xyz" or "Gave up on resolving xyz" would be invested some of these days.
  5. Not for me. All three servers still show the problem persistently.
  6. OK, let me tell you how incredibly easy it was to find that contact form I used, OK? Spamcop start page after login... hmm... too bad, no "Contact" link. Ah well, let's try "Help". Drat, no contact link either. Hm, let's read the "Frequently Asked Questions". Ah, "How can I contact a SpamCop representative?", that sounds promising at last. Hmm, ah, "Email service support", that sure must be it. OK, let's see... "first check theTips from Newsgroups", hmmm, no contact hints there. "Secondly, the main source for quick help is the SpamCop Email Forum", yeah, I know how particular people in the forum are about that you can't expect help from SpamCop personnel there, so skip that. "A third place to get assistance in the SpamCop Mail Newsgroup", cool, except there's no SpamCop personnel there either. And that's all there is under ""Email service support". Great. So back one step. "Other reasons for contact". Well, what else can I do? They sure don't want you to be able to contact them about the email system easily. Obviously, that's the contact form I ended up using, and it worked after all. So, Mr. Helpful, when jumping at me for using the "wrong" contact form, how about at least telling me what the "right" one would have been?
  7. Got a reply from Ellen earlier ("Hi -- I have forwarded your mail to Jeff, who runs the email system."), and now the mail is finally pouring in!
  8. Just sent this through the Spamcop contact form, hoping for a quick resolution:
  9. Hm, good idea, but didn't work. I removed the entry and recreated it, and after the usual 5 minutes or so the error count increased again, showing "Unknown error: 6" again (really helpful message anyway). I did everything you can do to a POP server in a telnet session to that account, and it all worked flawlessly. I dearly hope Spamcop gets this resolved real soon, that account is drowning in spam
  10. Sounds likely. It's rather annoying - of the 4 accounts that Spamcop is supposed to POP, it has now resumed to process three, but the fourth has an error count of 152 by now, with error "Unknown error". It's the one with by far the highest amount of spam coming in, so the measure announced on the webmail page obviously remains active. More than 30 hours have passed since the initial failure - about time to have a replacement server running, IMO. No option but wait, I guess...
  11. iixii

    Block Brazil

    Argentina too: tracking URL Spamcop seems to have real problems applying the blackholes.us blacklists! The aforementioned spam came from 190.49.108.149, and checking the blackholes list clearly shows 190.48.0.0/15 under the 127.0.3.2:127.0.0.2:Argentina heading, where it has been for quite a while already.
  12. Image spam OCR is a lost case. In the image spams that I actually get to see (few, thanks to Spamcop), I've noticed that spammers have already started to overlay the text with funny pixel patterns that are designed to make OCR difficult, or use exotic fonts with the same intention. They have the counter-measures already in place, well before Spamcop even got that feature...
  13. iixii

    Incorrect recipient recieves spam report

    Why? abuse.net is just an independent service that Spamcop relies on, but no Spamcop deputy maintains it. If there's an error in their database, it has to be fixed by abuse.net - which has obviously happened in the meantime, as it now returns the single contact address network[at]aims.com.my for aims.com.my.
  14. iixii

    Block Brazil

    With "Brazil leaking", you mean that you have checked the brazil.blackholes.us list under Options/SpamCop Tools/Select your email filtering blacklists in the webmail interface, and those three spams you quoted still weren't held, right? In that case, it's true that there must be a bug in Spamcop, as all three IPs are listed in that blacklist, as can be easily verified by checking http://www.blackholes.us/zones/country/brazil.txt
  15. OK, since three weeks it's now impossible for me to report any spam. My reporting privileges have been suspended by some SpamCop Admin, and it was all a silly ISP's fault. The complete exchange with that ISP is attached below (actual spam snipped for brevity, except the pertinent received lines), and was already CCed to that SpamCop Admin. When no reaction ensued, I asked directly for my reporting to be re-enabled. Twice. Still no reaction whatsoever. Then I wrote to deputies[at]spamcop.net a week ago, quoting all of the below and asking yet again for my reporting to be re-enabled. Nothing. I know that it won't be resolved by posting here, what I want to know is: Has anybody been in the same situation and has any idea how I should proceed now? I don't mean getting the reporting privileges suspended, that seems to happen often enough, as a forum search shows. However, all these forum entries tell me that people got their reporting back within hours of resolving the problem, while I'm stuck for three weeks now and have no idea how to proceed. That's the situation. In fact, I'm pretty pissed off at Spamcop now. I'm paying for the ability to report spam, and it has now been revoked for weeks without anyone caring. Again, I know that protesting here will not solve it, but I want people to know how unfriendly Spamcop has been to me lately, and would love to hear if someone has any thoughts about this. Exchange with stoopid ISP: 28.01.2007 02:03:29, SpamCop Admin <service[at]admin.spamcop.net> wrote: > I am sorry to report that the spam you get cannot always be processed > correctly by our system, resulting in SpamCop accusing your own service > provider as being the source of the spam you are reporting. Which is not what happened, see the exchange quoted below. > I'm sorry, but I can't allow you to continue reporting your own service > provider Which I didn't, it was completely the ISP's fault, and I am really miffed that you blocked me from reporting solely based on this mistake of theirs, without so much as asking me for a statement first. > so I have had to suspend your reporting privileges until you get > the Mailhost configuration completed. I did this a couple of days ago. > As soon as you're finished, please let me know so that I can reinstate your > account and get you back to reporting spam. Please do so. >- Don D'Minion - SpamCop Admin - > service[at]admin.spamcop.net > http://www.spamcop.net/ Exchange with Easynet about their mistake (which BTW was CCed to you): ====================================================================== Date: Sun, 28 Jan 2007 23:18:43 +0000 From: Easynet Abuse Team <abuse[at]uk.easynet.net> To: volker[at]spamcop.net Cc: Easynet Abuse Team <abuse[at]uk.easynet.net>, service[at]admin.spamcop.net Subject: Re: [spamCop (82.110.105.40) id:2117961867]Lea hat letzte Nacht 376.- US$ gewonnen Message-ID: <20070128231843.GA22681[at]abuse.noc.uk.easynet.net> On Sun, Jan 28, 2007 at 11:31:24PM +0100, volker[at]spamcop.net wrote: > Quoting Easynet Abuse Team <abuse[at]uk.easynet.net>: > >> On Sat, Jan 27, 2007 at 06:32:25AM +0100, Volker Krüger wrote: >>> [ SpamCop V620 ] >>> This message is brief for your comfort. Please use links below for details. >>> >>> Email from 82.110.105.40 / Sat, 27 Jan 2007 06:32:25 +0100 >>> >>> [ Offending message ] [snip] >>> Received: from pop.1und1.de [212.227.15.162] >>> by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) >>> for volker[at]spamcop.net (single-drop); Sat, 27 Jan 2007 00:43:12 -0500 (EST) >>> Received: from [82.110.105.40] (helo=mail5.extendcp.co.uk) >>> by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis), >>> id 0MKpV6-1HAgAr0hTn-0006NA for info[at]pensau.de; Sat, 27 Jan 2007 06:32:25 +0100 [snip] >> >> Hi >> >> IP address 82.110.105.40 is in fact allocated to our customer Heart >> Internet, and it appears likely that you are their customer. > > I am not, and never was, a customer of Heart Internet or Easynet. > >> Specifically, it is likely that Heart Internet provide the incoming >> email infrastructure for the domain to which the Unsolicited Bulk >> Email reported above was originally transmitted. >> >> It also appears that you have your domain's Heart Internet hosting >> account set up to forward mail received for your domain to an account >> for whom kundenserver.de provide the inbound mail infrastructure. >> >> As a result, 82.110.105.40 appears likely to be playing no part in >> the Unsolicited Bulk Email transmission, other than in respect of >> forwarding set up by yourself, and entirely under your own control. > > The spam quoted above was received by kundenserver.de on behalf of > info[at]pensau.de, and for all I know originated from 82.110.105.40. If any kind > of forwarding to info[at]pensau.de exists at Heart Internet, it is fraudulent. > Unfortunately, the forwarding mechanism (if it's indeed that and not just some > hacked service at Heart Internet) neglects to put any information about the > forwarding in the headers of the E-Mail, not even the domain for which the spam > was originally received. > Please supply this information about the supposed forwarding so I know what this > is about. Hi Volker Thank you for the above information, which is most helpful. In fact, having tested further, it appears that 82.110.105.40 is currently acting as a multi-hop open SMTP relay, with 81.154.124.155 being the input point. I will contact Heart Internet and inform them of this, and expect action to be taken to secure the vulnerability at the commencement of the business day tomorrow. Please accept our apologies for any inconvenience that this incident may have caused. Kind regards Anthony Edwards -- Easynet UK Abuse Team - Easynet Ltd Tel: 020 7900 4444 Fax: 0845 333 4503 http://www.uk.easynet.net/legal/acceptable.asp
  16. Errrr... now that I actually tried to report stuff, I still get "Cannot report 14085 - your reporting privileges have been suspended"....
  17. So posting here did resolve my problem in the end - YAY *happy dance* I'm sorry you feel that way, but I really don't have any other alternative. When I discover a reporting problem, I have to take action immediately. I can't wait for a response from a user who may continue the errors for days before he responds, or, as is the case with many users I write to, never responds at all. Yeah, I understand. Many thanks for clearing this up, and keep up the good work!
  18. I'd love if that was the case, but, quoting him: > I'm sorry, but I can't allow you to continue reporting your own service > provider Hm, OK, I'll wait a couple of days and then write again, skipping all the rest and just saying "I got my reporting abilities suspended and was asked for completing the mailhosts configuration, which I did quite some time ago, so please re-enable my reporting." Maybe that'll finally get the right attention. Thanks for the suggestion.
  19. Not true, neither have I called anyone names, nor have I dismissed anything that would have resolved the issue. I dismissed advice that was not addressing my problem, viz. Spamcop staff not reacting to resolve a wrongful reporting ban. If I am to be scolded for doing that, the attitute problem is entirely not on my end. Does that mean that none of the money actually goes to the people running the reporting system, it's all just to pay the e-mail side of things? If true, that would of course mean that I would be wrong to expect any more service regarding the reporting part than any other non-paying user. On the other hand however, while it's an interesting technical detail, it's not something that the user should have to care about as long as Spamcop is shown and paid for as a single entity. If it's not, that should be visible. Just back to stating the oft-repeted data .... there are the three paid staff involved, handling their self-described 800-1800 e-mails a day. The tone and content of e-mail sent there may have some bearing on things ...????? Certainly. What I'm worried about is that there is no reaction at all, I didn't get a "please supply more info" or "please do this or that" reply which would indicate that I have to actually do something to get my reporting back. One thing does have me curious, not having gone through the "been Banned/Revoked" situation .... when does this "error message" show up? Just wondering how it is that you could change settings, preferences, MailHost Configuration data, but not actually Report a spam .... Logging in to the reporting account is not affected, I can use the interface, change options and everything. Error messages only appear when I select the "Report spam" menu item ("Sorry, your account has been disabled.") or when I use the "Held Email" page and choose one of the "Quick..." or "Queue..." items ("Cannot report xxx - your reporting privileges have been suspended"). The webmail is not affected at all, it works exactly like before. That is true, it is a drawback when popping instead of forwarding. But having mail delayed by 5 minutes on average (as Spamcop checks about every 10 minutes) is quite bearable for me. If I do expect urgent mail, I can always fetch directly from the original server. Well, there's always a first time. He did not verify the ISP's claim that I reported my own forwarding account, when in fact it was an open relay. He did accept it at face value. He could also have contacted me first for a statement. Quick reporting CAN be dangerous anytime one of the ISPs in your path makes a change. True, but while I it can happen, I believe it's highly unlikely on the whole, at least with any of the ISPs I use. Even when I had not configured and used the mailhosts system, as Don asked me to do, Spamcop never larted any ISP it shouldn't have. I don't remember all the details from the whole past year, but what I do remember is that 3 out of the 7 times, I had no route to the Spamcop domain at all, while there were absolutely no problems with any server around the world at the same time, and tracerts always stopped quite close to spamcop. Huh? I just sent an MP3 file to my SpamCop address and then timed the download. The total size of that email was 1.8M and it took a little more than 4 seconds to download. Interesting. Are you living in the US, maybe even geographically close to the SpamCop servers? If yes, that would indicate that Spamcop's ISP has a totally lousy uplink to the rest of the world, as I'm living in Germany. No, not at all. The IP of the open relay is there, plus the acknowledgement from the ISP that it indeed was an open relay. What else do you need to know? I mean, sure you can have the tracking link, but it won't tell you anything that I haven't told already. The fact that you acknowledged that your MailHost was not set up correctly prompted my response and suggestions. I hadn't configured the mailhost system before Don told me so, but the quick reporting had still worked flawlessly as all my ISPs were using one-hop SMTP without any forwarding. If it had been configured, it wouldn't have prevented this wrongful ban at all. I did configure it immediately after Don told me to, and I wrote back saying that it's now configured, with that precise message from several weeks ago quoted in my initial post. The fact that the ISP did acknowledge the problem on their end does not fully offset the problems on your end that you also acknowledged. Where did I acknowledge any problems on my end? There weren't any, it was entirely the ISPs fault. We simply try to provide what little help we can based on the limited information provided. That's nice. But please don't claim that you didn't have enough information when you really overlooked parts of it.
  20. If it's properly configured, it's absolutely not. OK, it has now become painfully obvious that you haven't taken the trouble to actually read the exchange I quoted in the initial post. Short recap for you: There were no reporting problems, there was a correct quick report for me to an ISP with an open relay, the ISP screwed up, blaming me, it was Don who took it at face value and blocked my reporting without giving me the chance to correct the ISP, and it is damn well justified for me to be pissed off about having no reporting for weeks because of something that is entirely not my fault. And if what you say is true and someone wants more proof beyond the painfully obvious proof consisting of the exchange initially quoted by me, he/she could darn well reply to me about it instead of just not reacting at all!!
  21. ? I actually have no idea what you mean by that advice, as it has absolutely no relation to the problem I posted about, viz. Spamcop wrongfully revoking my reporting abilities and not reinstating them for weeks.
  22. Exactly. I have 4 different mail accounts filtered through my Spamcop account, and only one of those has the option to forward at all. Spot on as well. Spamcop has not worked, one way or the other, on 7 (!) distinct times during the past year. This is something else I just put up with, but when it happens, I'd rather be able to fetch my mail directly. Plus, Spamcop's outgoing bandwidth sucks. Mail is trickling in at about 20 kB/s, instead of the 250 kB/s I'd get directly from the ISP. If some goon insists on sending something big by mail, I fetch it directly from the server. As I see no obvious disadvantages, would you please elaborate? It sure wouldn't have avoided the ISP screwup, and following Spamcop denial-of-service, so to speak, that my initial post is about.
  23. There seems to be a blacklist problem with spam from Korea. As most of you will have experienced, they send massive amounts of spam. Most of it gets caught by my SpamAssassin settings, but the odd one that isn't very rarely gets caught by the korea blacklist, though it does work sometimes. Just now, it failed again. Example: http://www.spamcop.net/sc?id=z1114240632z7...ae0d29af4532a6z Pinging 105.114.164.221.korea.services.net at the precise moment of reporting the spam showed that it resolved, i.e. that 221.164.114.105 is on the blacklist as it should be, but Spamcop still let it through. Anyone else seeing that?
×