Jeff G.

Membersph
  • Content count

    3,727
  • Joined

  • Last visited

Everything posted by Jeff G.

  1. Link analysis is performed by the SpamCop Parser, part of the SpamCop Parsing and Reporting Service. Finding links in message body is the first step of the process. The Parser steps through the body (if any) and each attachment that could contain a link (if any). It skips attachments that contain images and will reduce redundant links as necessary. It doesn't actually display the links it found in this step. It sometimes fails to find links that are really there - refreshing usually helps. Resolving link obfuscation is the middle step of the process. The Parser displays each link it found, followed by any deobfuscation that is necessary, followed by the IP Address of the link's host (a lookup of the A DNS Record), followed by the canonical name of that IP Address (a lookup of the PTR DNS Record). It frequently fails to start looking up the IP Address - refreshing usually helps. It also sometimes fails to resolve the IP Address, especially with the domains of spammers who are playing fast and loose with the Domain Name System, producing "ip not found" and "discarded as fake." messages - refreshing usually helps, and parsing the URL only in a separate browser window usually helps in stubborn cases when refreshing hasn't been helping. Tracking link is the final step of the process. The Parser again displays each link it found and was able to resolve (deobfuscated if necessary), again followed by the IP Address, and then the email addresses in the whois lookups of that IP Address from cache or (if the cached entry is stale or nonexistent) from ARIN and other appropriate Registries (there is currently a known issue with lookups of contacts at APNIC), followed by the abuse.net lookups of those email addresses (if those addresses are for role accounts), and finally a list of best contacts. It sometimes fails to start this step - refreshing usually helps. If it fails to resolve the IP Address, it displays a "Cannot resolve" message. Please make sure this email IS spam: indicates the end of the link analysis process. If you get tired of refreshing, please send a Manual Report for the URL(s). I believe all the failures described above are known issues, I just wanted to document them in one Topic. See also: SpamCop reporting of spamvertized URLs and a contribution from Don in that Topic. Edit: 2005/07/01 23:13 EDT -0400 Jeff G. added messages and Manual Report. Also added APNIC, toned down the rhetoric, and added " (if those addresses are for role accounts)". Edit: 2005/10/29 18:44 EDT -0400 Jeff G. added references to SpamCop reporting of spamvertized URLs and a contribution from Don in that Topic.
  2. I've had FREE ZoneAlarm, Kerio Personal Firewall, and Sygate Personal Firewall recommended (the last two via http://forum.grisoft.cz/freeforum/read.php...50719#msg-50719). Suggestions? Comparisons? Comments? Thanks!
  3. As Spambo wrote way back in May of 2002: Other than the Received: lines (which are always essential) the headers must contain at least ONE of the following components in order for the parser to consider a submission to provide *full* headers. · Subject: · Message-ID: · From:
  4. SenderBase's "Magnitude" appears to be on a logarithmic scale using Base Ten, such that Estimated Daily Email Volume equals 1.34 x 10^Magnitude, as follows: Magnitude 0 = 1.34 Estimated Daily Email Volume Magnitude 1 = 13.4 Estimated Daily Email Volume Magnitude 2 = 134 Estimated Daily Email Volume Magnitude 3 = 1.34 Thousand Estimated Daily Email Volume Magnitude 4 = 13.4 Thousand Estimated Daily Email Volume Magnitude 5 = 134 Thousand Estimated Daily Email Volume Magnitude 6 = 1.34 Million Estimated Daily Email Volume Magnitude 7 = 13.4 Million Estimated Daily Email Volume Magnitude 8 = 134 Million Estimated Daily Email Volume Magnitude 9 = 1.34 Billion (Thousand Million in UK English) Estimated Daily Email Volume The interval between displayed Magnitudes (an increase in Magnitude of 0.1) is the tenth root of ten, or approximately1.2589254117941672104239541063958 (as caclulated by a Pentium). Edit 6-5-09 - note: email volume has increased greatly of the last few years with todays volume estimated closer to 200 Billion - please read the following posts
  5. I suggest the following free security tools and apps for Windows: Lavasoft's Ad-Aware SE Personal Edition German developer's site: http://www.lavasoft.de/support/download/ Download Page: http://www.lavasoftusa.com/support/download/ Latest version: 1.06r1 Date added to download.com: May 27, 2005 Size: 2.72MB Download.com Page: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5 Direct Download URL: ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe PepiMK Software's SpyBot Search&Destroy by Patrick M. Kolla Download Page: http://www.safer-networking.org/en/download/index.html Mirrors Page: http://www.safer-networking.org/en/mirrors/index.html Latest version: 1.4 Date added to download.com: June 1, 2005 Size: 4.8MB Download.com Page: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1 Direct Download URL: http://dw.com.com/redir?pid=10401314&merid...psid%3d10122137 or http://fileforum.betanews.com/sendfile/104.../spybotsd14.exe (among others) Network Associates' McAfee AVERT Stinger Latest version: 2.5.4 Size: 1.05MB As of: May 2, 2005 Download Page: http://vil.nai.com/vil/stinger/ Direct Download URL: http://download.nai.com/products/mcafee-av...t-i-n-g-e-r.exe Microsoft Wndows Update Requires trust of multiple Microsoft sites and allowing them to run java scri_pt and ActiveX. Microsoft Office Update Requires trust of multiple Microsoft sites and allowing them to run java scri_pt and ActiveX. Grisoft AVG Anti-Virus Free Edition Download Page: scroll to the bottom. Latest version: avg70free_338a597.exe Version 7.338 Size: 11.7MB Download.com Page: http://www.download.com/AVG-Anti-Virus-Fre...tml?tag=lst-0-1 (old Version 7.289 from December 2, 2004) Direct Download URL: http://free.grisoft.com/softw/70free/setup...ree_338a597.exe Microsoft Windows AntiSpyware (Beta) Download: Click "Download the beta of our new anti-spyware software today" on that page. Version: Beta Date Published: 6/24/2005 Language: English (YMMV) Download Size: 6.5MB Zone Labs' FREE ZoneAlarm Download Page: http://www.zonelabs.com/store/content/comp...reeDownload.jsp Latest version: 6.0.631.002 Date added to download.com: July, 2005 Size: 6.65MB Download.com Page: http://www.download.com/ZoneAlarm/3000-104...tml?tag=lst-0-1 (old version 5.5.094 from May 2, 2005) Direct Download URL: http://download.zonelabs.com/bin/free/1012..._60_631_002.exe InterMute's Trend Micro™ CWShredder™ Latest version: 2.15 Released: May 2005 Size: 0.47MB Download.com Page: http://www.download.com/CWShredder/3000-80...tml?tag=lst-0-1 (old version 2.1 from December 21, 2004) Direct Download URL: http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe Javacool Software's SpywareBlaster Download Page: http://www.javacoolsoftware.com/sbdownload.html Latest version: 3.4 Date added to download.com: May 18, 2005 Size: 2.44MB Download.com Page: http://www.download.com/SpywareBlaster/300...tml?tag=lst-0-1 Direct Download URL: http://ct7support.com/downloads/javacool/z...stersetup34.exe or http://www.javacoolsoftware.net.nyud.net:8...stersetup34.exe
  6. SpamCop's newsgroup/mailing list posting rules and guidelines at http://spamcop.net/forum.shtml apply here. You can find the FAQ for SpamCop at http://www.spamcop.net/fom-serve/cache/1.html, you can found our expanded version of that FAQ linked above at SpamCop FAQ, you can find the FAQ for these Forums linked above at Forum FAQ, and you can find the FAQ for Invision Power Board at http://forum.spamcop.net/forums/index.php?act=Help . Edit: 2004/01/28 02:48 EST -0500 Jeff G. beautified a bit. Edit: 2005/10/01 13:39 EDT -0400 Jeff G. updated with SpamCop FAQ and Forum FAQ.
  7. In Webmail, please add a SpamAssassin Score Column Display Option. From [spamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail in the Newsgroups: Also, in case I haven't mentioned it recently, options to display the from email address and the reason held would certainly be helpful. Thanks!
  8. I had another "Release and Whitelist" accident today, causing me to spend a considerable amount of time reviewing my extensive Whitelist (pages are in the double digits) for the mistakenly added entries. My review revealed the following issues: "Release and Whitelist" still needs a safety. There are still some Whitelist entries that can be added by "Release and Whitelist", but cannot be removed by mere mortals, such as '"rndline:ncommall}"[at]quintanaroo.com' without the single quotes. JT, please remove that entry for me. Thanks! Whitelist database management capabilities are still very poor: No Complete List (unless you have <16 Entries). No Import. No Export. No Search. No Edit/Change. No IP-based Whitelist. No Left Hand Side Whitelist. No "Contains" Whitelist. No "Entries per Page" Configuration. [*]There is still a bug in the Whitelist code such that when an entry is deleted, for example on page 2, the resulting URL is https://webmail.spamcop.net/horde/imp/spamc...ed=1&page=2 (notice the erroneous "amp;") rather than https://webmail.spamcop.net/horde/imp/spamc...dified=1&page=2, causing the display to go back to page 1 rather than to stay on the new representation of page 2. A workaround in one's web browser is to go "Back" one page, and refresh if necessary. Others may have referred to this symptom in the past, but no one pointed out the syntax error that appears to have caused it.
  9. I'd love to see one set of user-defined recipients that default checked even for Quick Reports (like the FTC and my monitoring address) and another (much larger) set of categorized user-defined recipients that default unchecked (FDA; USPIS; SEC, NASD, NASAA, FDIC, and Treasury; hostmasters for .biz and .us; anti-piracy organizations Microsoft, Symantec, Adobe, NAI, MPAA, BSA, RIAA, SPA, and SIAA; anti-spam organizations or departments in Italy, Korea, the Netherlands, and China; Visa; and anti-kiddie-porn organizations).
  10. All SpamCop Reports are emails sent by Reporters using the SpamCop Parsing and Reporting Service to System or Network Administrators, alerting those Administrators to the association between their Systems or Networks and particular pieces of particular spam messages. "Report" as a verb is the act of sending a Report(n). If the Administrator replies to the Report, the reply will go to the "Report Email Address", and on to the Reporter's secret email address. If Reports to particular Administrators bounce enough times, those Administrators' email addresses will be flagged as bouncing, and will no longer receive Reports. Some Reporters will not want to send Reports to certain Administrators, and may want to send Reports to the Administrators of upstream or networks - this is one reason for the User Notification Report. The various types of SpamCop Reports follow. <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#SpamSourceReport">spam Source Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#UserDefinedRecipientReport">User Defined Recipient Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#ThirdPartySourceReport">Third Party Source Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#OpenRelayReport">Open Relay Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#OpenRelayTesting">Open Relay Testing System(s) Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#SpamvertizedURLReport">Spamvertized URL Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#ThirdPartyURLReport">Third Party URL Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4540#UserNotificationReport">User Notification Report</a> <a href="http://forum.spamcop.net/forums/index.php?showtopic=4473#Man">Manual Report</a> <a name="SpamSourceReport"></a>A spam Source Report is a Report of the IP Address of a System or Network that was traced by the Parser as having been the source of a spam message. The Parser's immediate output labels every spam Source Report's destination email address with "(Administrator of network where email originates)". The Report History labels every spam Source Report with "( IP Address )". The subject of every spam Source Report begins with "[spamCop (IP Address)". The first line of every spam Source Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every spam Source Report is "This message is brief for your comfort. Please use links below for details.". The third line of every spam Source Report is blank. The fourth line of every spam Source Report is "Email from IP Address / Date/Time Stamp of Received Header Line". The fifth line of every spam Source Report is the Tracking URL. The sixth line of every spam Source Report may be "IP Address is open proxy, see: http://www.spamcop.net/mky-proxies.html", if appropriate. A spam Source Report that is actually sent will increase the likelihood of the reported IP Address being listed by the SCBL, or if it is already listed increase the length of the listing. The ISP Control Center thinks of a spam Source Report recipient as "source (Administrator of network where email originates)". Please see What does a SpamCop Report look like? for details on what a spam Source Report looks like. <a name="UserDefinedRecipientReport"></a>A User Defined Recipient Report is a Report of the IP Address of a System or Network that was traced by the Parser as having been the source of a spam message, and is selected via checkbox by the Reporter as one of the addresses the Reporter may have pre-loaded into the Reporter's "Advanced Preferences" AKA "Report Handling Options" AKA "Reporting Preferences" (up to one in "Personal copies of outgoing reports" and up to 100 bytes in "Public standard report recipients"). The Parser's immediate output labels every User Defined Recipient Report's destination email address with "(User defined recipient)". The Report History labels every User Defined Recipient Report with "( Forwarded spam )". The subject of every User Defined Recipient Report begins with "[spamCop (Forwarded spam)". The first line of every User Defined Recipient Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every User Defined Recipient Report is "This message is brief for your comfort. Please use links below for details.". The third line of every User Defined Recipient Report is blank. The fourth line of every User Defined Recipient Report is "User-targeted report, see notes, if any." The fifth line of every User Defined Recipient Report is the Tracking URL. The ISP Control Center thinks of a User Defined Recipient Report recipient as "notify (User defined recipient)". <a name="ThirdPartySourceReport"></a>A Third Party Source Report is a Report of the IP Address of a System or Network that was traced by the Parser as having been the source of a spam message, and is optionally selected by the Reporter. The system-wide Third Party Source Report goes to spamcop[at]imaphost.com - see Cyveillance spam collection for details, noting that some Reporters don't like Cyveillance - details 1 and details 2. Third parties specifically request notification of such IP Addresses. The Parser's immediate output labels every Third Party Source Report's destination email address with "(Third party interested in email source)". The Report History labels every Third Party Source Report with "( IP Address )". The subject of every Third Party Source Report begins with "[spamCop (IP Address)". The first line of every Third Party Source Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every Third Party Source Report is "This message is brief for your comfort. Please use links below for details.". The third line of every Third Party Source Report is blank. The fourth line of every Third Party Source Report is "Email from IP Address / Date/Time Stamp of Received Header Line". The fifth line of every Third Party Source Report is the Tracking URL. The sixth line of every Third Party Source Report may be "IP Address is open proxy, see: http://www.spamcop.net/mky-proxies.html", if appropriate. The ISP Control Center thinks of a Third Party Source Report recipient as "intermediary (Administrator interested in intermediary handling of spam)". <a name="OpenRelayReport"></a>An Open Relay Report is a Report of the IP Address of a System or Network that was parsed as having been an Open Relay. The Parser's immediate output labels every Open Relay Report's destination email address with "(Administrator of network with open relays)". The Report History labels every Open Relay Report with "( IP Address )". The subject of every Open Relay Report begins with "[spamCop (IP Address)". The first line of every Open Relay Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every Open Relay Report is "This message is brief for your comfort. Please use links below for details.". The third line of every Open Relay Report is blank. The fourth line of every Open Relay Report is "Open relay exploited: IP Address / Date/Time Stamp of Received Header Line". The fifth line of every Open Relay Report is the Tracking URL. The ISP Control Center thinks of an Open Relay Report recipient as "relay (Administrator of network with open relays)". <a name="OpenRelayTesting"></a>An Open Relay Testing System(s) Report is report of the IP Address of a System or Network that was parsed as having been an Open Relay to one or more Open Relay Testing System(s), but it is not sent as a regular Report with a Report ID, it is instead sent in a proprietary format. The Parser's immediate output labels every Open Relay Testing System(s) report's destination email address with "(Automated open-relay testing system(s))". The Report History labels every Open Relay Testing System(s) Report with "Saved relay ip: IP Address". The form of the Open Relay Testing System(s) report has not yet been disclosed - its Preview is "Would submit to open relay tracker:IP Address". The ISP Control Center does not specifically mention an Open Relay Testing System(s) Report recipient, as the recipient(s) is/are Open Relay Testing System(s), not ISP(s). <a name="SpamvertizedURLReport"></a>A Spamvertized URL Report is a Report of a URL that was parsed as having been advertised in either a plain text spam message or an A Tag href in an HTML spam message (IMG Tag src URLs are not parsed due to past risk of Innocent Bystanders). The Parser's immediate output labels every Spamvertized URL Report's destination email address with "(Administrator of network hosting website referenced in spam)". The Report History labels every Spamvertized URL Report with "( URL )". The subject of every Spamvertized URL Report begins with "[spamCop (URL)". The first line of every Spamvertized URL Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every Spamvertized URL Report is "This message is brief for your comfort. Please use links below for details.". The third line of every Spamvertized URL Report is blank. The fourth line of every Spamvertized URL Report is "Spamvertised web site: URL". The fifth line of every Spamvertized URL Report is the Tracking URL. The sixth line of every Spamvertized URL Report is "URL is IP Address; Date/Time Stamp of Parsing". The ISP Control Center thinks of a Spamvertized URL Report recipient as "www (Administrator of network hosting website referenced in spam)". <a name="ThirdPartyURLReport"></a>A Third Party URL Report is a Report of a URL that was parsed as having been advertised in either a plain text spam message or an A Tag href in an HTML spam message (IMG Tag src URLs are not parsed due to past risk of Innocent Bystanders), and is optionally selected by the Reporter. Third parties specifically request notification of such URLs. The Parser's immediate output labels every Third Party URL Report's destination email address with "(Third party interested in spamvertized web site)". The Report History labels every Third Party URL Report with "( URL )". The subject of every Third Party URL Report begins with "[spamCop (URL)". The first line of every Third Party URL Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every Third Party URL Report is "This message is brief for your comfort. Please use links below for details.". The third line of every Third Party URL Report is blank. The fourth line of every Third Party URL Report is "Spamvertised web site: URL". The fifth line of every Third Party URL Report is the Tracking URL. The sixth line of every Third Party URL Report is "URL is IP Address; Date/Time Stamp of Parsing". The ISP Control Center thinks of a Third Party URL Report recipient as "ns (Name server for spamvertised domain)". <a name="UserNotificationReport"></a>A User Notification Report is a Report of the IP Address of a System or Network that was traced by the Reporter as having been the source of a spam message. The Reporter types or pastes in up to four email addresses that should be sent User Notification Report(s). The Parser's immediate output labels every User Notification Report's destination email address with "User Notification". The Report History labels every User Notification Report with "( )". The subject of every User Notification Report begins with "[spamCop ( )". The first line of every User Notification Report is "[ SpamCop VParser Version ]", currently "[ SpamCop V1.471 ]". The second line of every User Notification Report is "This message is brief for your comfort. Please use links below for details.". The third line of every User Notification Report is blank. The fourth line of every User Notification Report is "User-targeted report, see notes, if any." The fifth line of every User Notification Report is the Tracking URL. The ISP Control Center thinks of a User Notification Report recipient as "notify (User defined recipient)". User Notification Reports are not available to Free Reporters. Edit: 2005/07/18 16:31 EDT -0400 Jeff G. replaced "identifies" with "labels" and corrected "User Notification Report" to add the email addresses. Edit: 2005/07/18 21:17 EDT -0400 Jeff G. addressed Miss Betsy's concerns about Reporters who don't want to send reports to Administrators that look like the spamvertiser, Reporters who don't want to report to Cyveillance, and why people use the User defined reports. Edit: 2005/07/23 18:28 EDT -0400 Jeff G. added more Cyveillance details. Edit: 2005/07/27 10:08 EDT -0400 Jeff G. added What does a SpamCop Report look like?. Edit: 2005/07/31 02:12 EDT -0400 Jeff G. added new sightings "(Administrator of network with open relays)" and "(Automated open-relay testing system(s))" and Report texts. Edit: 2005/10/27 12:55 PDT -0700 dbiel added HTML tags. Edit: 2005/10/29 09:58 EDT -0400 Jeff G. added an HTML tag index and info from the ISP Control Center, and moved the HTML tags closer to the text they reference. Edit: 2005/11/07 13:05 EST -0500 Jeff F. added "User Notification Reports are not available to Free Reporters." Edit: 2005/11/16 05:32 PST -0800 dbiel added link to "Manual Report
  11. I'm considering moving away from production use of Gmail for collecting from or being the recipient of forwards from high-spam-percentage accounts for a number of reasons: 1. Gmail doesn't include in any Header Lines the IP Addresses of its web-based users when they send email like most every other web-capable public email system, causing their server's IP Address to get listed for spamming, rather than their web-based spammer users' IP Addresses, and causing their web-based spammers users to gravitate towards it because they can hide their IP Addresses. 2. Gmail doesn't have any real capabilities to modify their spam filter, such as turning it off, whitelisting, blacklisting, or granular selection of filtering resources (such as blocklists, blacklists, and SpamAssassin), like the SpamCop Email System has. 3. Gmail doesn't offer IMAP access, like the SpamCop Email System and some others do. 4. While Gmail offers authenticated SMTP access, it forces the authenticated user's identity on the emails it processes. 5. I'm not all that comfortable with the idea of Gmail having so much access to my email that they can use that access to target ads they send me. OTOH, Gmail has excellent capacity, POP access, web access, SMTP access, and some interesting filtering, labeling, and fast searching capabilities, and their ads are only in their web-based access method. I'm thinking about switching those accounts over to using my account with Yahoo! UK because I can turn off its spam/bulk filter, I can POP from it, I can auth-SMTP through it, I can access it via the web, and it has a 1.0GB capacity. Downsides are lack of IMAP, conflict with my two Yahoo! .com accounts (I can only be logged in as one Yahoo! user at a time per browser program, and I haven't yet figured out how to share or transfer My Yahoo! Bookmarks between my accounts), and "whaddya mean, .uk?". I picked ".uk" because it's not ".com" (where POP & SMTP were swiped) and I was pretty darn sure the site would be in English, my language of choice.
  12. Google's Gmail email service is still in invitation-only beta testing, and Gmail users are limited in the number of invitations they can send. Here's how this Topic will work: Person A wants an invitation, and so posts a "Please invite me" Post. Person B (already a Gmail user) responds "I'll invite you, PM me your email address." Person A PM's their email address to Person B. Person B invites Person A's email address to join Gmail. Please note that both people's email addresses will be revealed to each other.
  13. Please have that the Parser do something about that by throwing fast hardware configured to do OCR (Optical Character Recognition) at the problem, so that pictures of URLs could be reported. If not enough fast hardware is available, please add a new Parsing Preference Checkbox like "Take additional time to OCR attached images" that defaults to "Unchecked". Thanks!
  14. Image links further the spammer's cause by making the spam look more appealing. Webmasters and hostmasters that host those images are providing spam support services. They and their ISPs should be notified of this support. If certain potential reportees don't want reports of image links, they can opt out of them with what appears to be a small addition to the code which already supports opting out of third-party reports. Otherwise, please allow such reports for the rest of the potential reportees. Thanks!
  15. The following is from the Blacklists / Blacklist Filters page, in its secure and insecure forms, modified in form for posting here: Select the DNS Zone blacklists you want to use. DNS blacklists are used by SpamCop to identify possible spamming IP addresses or misconfigured mail relays. Only the SpamCop blacklist is run by SpamCop. All others are run by independent third parties with no connection to SpamCop and have their own criteria for who to list. The default selection is to query only the SpamCop list. To potentially stop even more spam, try one or more of the other lists. The more lists you use, the higher the potential that legitimate email will be blocked. [B]DNS Blacklist DNS Zone Website[/B] ------------- -------- ------- SpamCop Blacklist bl.spamcop.net www.spamcop.net/bl.shtml SPEWS level 1 l1.spews.dnsbl.sorbs.net www.spews.org DSBL open relays list.dsbl.org dsbl.org Spamhaus Blacklist sbl.spamhaus.org www.spamhaus.org/sbl/ South Korea (the country) korea.services.net korea.services.net China (the country) cn.rbl.cluecentral.net www.cluecentral.net/rbl/ Nigeria nigeria.blackholes.us www.blackholes.us Argentina argentina.blackholes.us www.blackholes.us Brazil brazil.blackholes.us www.blackholes.us Composite Blocking List cbl.abuseat.org cbl.abuseat.org Spamhaus XBL xbl.spamhaus.org www.spamhaus.org/xbl/ SORBS DNSbl dnsbl.sorbs.net www.dnsbl.sorbs.net I am using all the blacklists except South Korea (korea.services.net, only because I can't whitelist bigfoot.com's mailservers in that country).
  16. Interestingly enough, http://www.dnsstuff.com/tools/dnstime.ch?n....com&type=A currently says "Searching for systms.com A record at J.GTLD-SERVERS.NET. Reports no A records (NXDOMAIN). 208ms." and "Sorry, I could not continue.", my local tools cannot find domain systms.com in DNS, and http://www.spamcop.net/sc?id=z1098619467z7...7cd9b7b6bddfc7z is now showing "Host systms.com (checking ip) IP not found ; systms.com discarded as fake." and "Cannot resolve http://systms.com/online/www.rightreasons....ndex.html". Ask your ISP why you can resolve systms.com, possibly including results of a dig or nslookup command sent to your ISP's nameservers. OTOH, consider that eNom still has systms.com registered, and eNom's nameservers like dns1.name-services.com are still returning results as follows when queried with dig:
  17. I'd go with "Send As Is" as well.
  18. Please see my new additional suggestion at http://forum.spamcop.net/forums/index.php?...t&pid=48998
  19. It's now time to add to this request similar OCR scanning for SpamCop Email System Customers before SpamAssassin, so that SpamAssassin (and perhaps later content filtering apps) can read and recognize all the P&D buzzwords, and score accordingly. Keywords: Optical Character Recognition Pump&Dump Pump and Dump
  20. That's a fine workaround, but the part of the page that is supposed to actually DISPLAY the link to http://www.spamcop.net/mcgi?action=showhistory&offset=10 or http://members.spamcop.net/mcgi?action=sho...y&offset=10 or http://mailsc.spamcop.net/mcgi?action=show...y&offset=10 is still missing, and therefore broken. And no, there is no link to http://www.spamcop.net/mcgi?action=showhistory&offset=20 on http://www.spamcop.net/mcgi?action=showhistory&offset=10 either (for example).
  21. You might then be interested in http://forum.spamcop.net/forums/index.php?showtopic=1367 or perhaps one of the other projects on http://thescambaiter.com/antispam/
  22. Some servers can, they issue a 500-series error message for the dot (that terminates DATA).
  23. Do you mean 195.7.97.106 or a different one? No, it wasn't. It may have been listed by the SCBL, but the SCBL is a "Blocking List", not a "black list". You may or may not (probably not, in the case of email to spamtraps). After you have read the "Why am I Blocked" FAQ. Current evidence suggests that the reason why is for sending mail to spamtraps, probably UUBE. What reason(s) was/were listed yesterday on http://www.spamcop.net/w3m?action=blcheck&...ip=195.7.97.106? Because 24 hours passed after the last infraction. That's how the SCBL works. You'd have found that out if you'd read the SCBL FAQ. You're welcome.
  24. I parsed your example with a non-Mailhosted account, resulting in Tracking URL http://www.spamcop.net/sc?id=z1097698991z9...be2dfc7dd0c4fcz, which gave me the following: What Tracking URL did you try to use?
  25. The feature you mentioned, although titled "Report History", is more properly called the "View recent reports" feature, which can be accessed via the "View recent reports" Link on the "Past Reports" Tab, or directly via http://www.spamcop.net/mcgi?action=showhistory, http://members.spamcop.net/mcgi?action=showhistory, or http://mailsc.spamcop.net/mcgi?action=showhistory (depending on which site you're using). My account is experiencing the same symptom, in that only the first page shows up, and there is no link available for viewing subsequent pages (of older Reports). More specifically, there is absolutely nothing but a newline between the last 'No reports filed</div>' and '<div id="footer">'. I have just emailed a SpamCop Admin via service[at]admin.spamcop.net to look into this issue for us.