Jank1887

Membera
  • Content count

    205
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jank1887

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Baltimore, MD, US
  1. Tracking URL: https://www.spamcop.net/sc?id=z6106757373z395bb5769d3ea4684a4cc5d1039aabf7z thought it was odd when it suggested the source was 11.0.1.3 and wanted to direct the report to mail.mil. Not that that would be impossible, but looking at the header line Received: from mail6.bemta7.messagelabs.com by mail.asme.org (IceWarp 11.0.1.3 x64) with ESMTP id 201504290744006092 for <x>; Wed, 29 Apr 2015 07:44:00 -0400 I googled and apparently IceWarp is a server software and 11.0.1.3 is the version number. So, not sure if the problem is on the mailserver side (is that received line RFC compliant?) or on the parser side, but 11.0.1.3 is not part of the chain. Cancelled the report, but thought I'd post this in case it comes up again or can be fixed.
  2. http://www.junkfax.org/fax/profiles/wsp/BHLL.htm see the above for the full details. If you bought over a specific time while they were allegedly illegally issuing shares, you may be entitled to part of the settlement. I believe this stock was heavily touted over the internet and broadcast junk faxes.
  3. ok, lets recap: SC still does its job, providing an automated mechanism for assisting people in notifying ISP's about spamming activity, and maintaining the SCRBL. We've seen some evidence here and a pretty straightforward process (template) for communicating spamvertised site abuse to responsible parties, with success ranging from marginal to exceptional. Now, what? TerryNZ has hinted at direct past contact with some of the Powers that Be here with SC, and they've indicated a lack of resources to take this same approach in an automated fashion with the SC submissions. (more later) My thoughts: 1) start a new thread in the New Feature Request board. Link to this discussion (possibly to individual posts since this is getting long) showing the 'template' and results. Recommend SC find a way to implement some form of this Template. TerryNZ mentioned that it doesn't make sense to send a million of these to the registrars. So, maybe limit based on reported volume (1 report per day for each... ?domain? ?server? per #Threshold# reports). I.e., something with similar methods but "reasonable" resources. 2) Based on the statement above, would it make sense to implement similar limiting to the standard SC ISP reports? (one per IP per unique spam per... ?day? ?listing renewal? ?#threshold number of reports#) Maybe another New Feature Request. THose with better knowledge of the current reporting mechanism could shoot this down. End goal: ease up SC mailserver resources. (rather that send the ISP a link to individual reports, send them a link to a single page listing the reports for that IP, which gets updated as they come in.) 3) I just started playing around with the PhishTank. For those who aren't aware, it's a "new wacky cool Web 2.0" open (free) Phishing site database which is user driven. (submit a site with spam background, users vote it up or down onto a confirmed list, list available for free to those who could use it, with an open API) Currently I think it just feeds OpenDNS, but it's something. Anyway, the point is, would something like this approach be useful for facilitating item #1 above. Some user supported, system facilitated mechanism to notify the appropriate bodies in a controlled fashion. Just a thought.
  4. thought it was interesting that the first item in the "qmail bounce" search now is the thread where we were trying to find the "qmail bounce" information It's like Google SEO on a micro-scale. And, since it is going through Google, would the use of any of THESE help refine what results appear? Specifically, I'm thinking of the Query modifiers: site, allintitle, intitle, allinurl, inurl.
  5. I'll beat Wazoo to the punch: There are a number of other threads dealing with the web site resolving, reporting prority, etc., issues. But, here's the main FAQ link where most opinions have been summarized.: FAQ: SpamCop reporting of spamvertized sites - some philosophy Also, there is a SURBL, which I believe does pull from the SC reported lists:SURBL.org website
  6. well, I'm already going to claim stupidity at this point then, and wait for someone a little more clued in on Qmail to respond. I'm not familiar with what those patches attempt to do, and why they wouldn't be working for you.
  7. here's a page in the original Spamcop FAQ addressing misdirected bounces, corrections, and a specific entry on Qmail: http://www.spamcop.net/fom-serve/cache/329.html (to save Wazoo the time of posting the obligatory "you could have just searched the FAQ..." statement, this page didn't come up in a first attempt search using the "spamcop forum and spamcop FaQ" search option. I had to switch it to "Spamcop.net and original FAQ". the first attempt (search terms: qmail bounce) was just a wash of people who had qmail messages somewhere in their posts. I.e., qmail 8481 invoked from network, etc., etc. Would adding a 'spamcop faq only' search option be helpful? or just one other thing commonly ignored by people looking for help? Another thought (and likely an implementation headache unless someone's got a better idea), instead of a dropdown box for the search options, maybe some sort of radio button select, that way all options are visible, and a searcher is more likely to select an appropriate one? Not that this would have helped in the above case, but it's a thought.
  8. I recommend Sneakemail ( http://www.sneakemail.com ). I've been using it for a couple years, and my spam volume would be at least double or triple if not for that. Limited accounts (bandwidth limit only i think) are free. You create unique forwarding addresses (i.e., they redirect to your real address), and have a 'desktop' for managing them. So, each time you sign up with a company you're unsure of (or every company, if you want), pop over to sneakemail, create a new address (pretty quick process), and use that new one. You now will know if spam ever comes from that company, or as a result of their actions, because all email to you through that forwarding address will be identifiable to them. I've had 3/4 addresses scraped/sold/etc, in the years I've been using them. Posts about one of these Here. Edit: link fixed.
  9. troll, food. food, troll. Enjoy. *munch munch munch*
  10. because it typically shows up as the .doc attachment that it is. And we know that people LOOOVE to open unexpected attachments, and MANY computers have MS Office and can open those files. They aren't sending unreadable code. They're sending mainstream documents to the correct target majority.
  11. Here's the link: How To Fight spam Using Your Postfix Configuration Lot's of posts about RBL's, collateral damage, how horrible blocklists are, etc. I'd assume a few knowledgeable people here could add insight to the discussion.
  12. That's one of the advantages of a gmail account is that they give you a view as html option. makes things a 'little' safer. I haven't seen anyone through anything nasty in a MSWord doc yet that still executes when viewed as a converted html. anyway, that readable text is likely an MSWord web link. that's how all of these that I've been getting have been set up.
  13. I would suggest we mark this as: Resolved. As in, no more to see here. Just someone trying to get out of trouble with their ISP because they didn't think what they sent out was spam...
  14. from the spamcop parse, it's tough to tell what you mean by unreadable code. If you mean the Base64 encoding, that's how anything that isn't text is sent via email (MIME formatted, etc.). when you attach anything, a picture, a executable file, a zip file, etc, the email software encodes it into base-64 text. Email is a text ony medium, so that's how it gets transmitted. Your particular code is a MS Word document. I've been getting a lot of these lately. I even put in a feature request to parse the documents for links, since that's the actual "payload". (topic link: MS word / pdf attachment parsing... ) Edit: fixed link