Jump to content

emanmb

Membera
  • Content Count

    139
  • Joined

  • Last visited

Everything posted by emanmb

  1. Just found out about this spam reporting address that takes the email you fwd to them and then uses and AI bot to reply and engage the spammer for as long as possible wasting their time. Just got a juicy phishing spam today from .ng pretending to be Chase which will be my first submission. https://youtu.be/jPajqAJWiNA
  2. emanmb

    Colocrossing

    I'm sure I'm not alone here in getting frequent colocrossing spam. Due to it's frequency, I did a little googling. Perhaps others may find these pages of use or of interest. They do have a Twitter page and FB page so it's not like their some totally unresponsive monolith, although maybe so RE: spam https://www.000webhost.com/directory/reviews/colocrossing.com http://spamauditor.org/2017/01/happy-new-year-colocrossing/ https://irulan.net/blocking-colocrossing-spam/
  3. emanmb

    Adware Spreads Quickly on AOL IM

    Not sure how that is even possible now. https://techcrunch.com/2017/10/06/aol-instant-messenger-shut-down/
  4. Just curious. Given the huge amount of sites seemingly associated with amazonaws. com in the spam I am reporting, I'm wondering why they don't accept SC reports?
  5. emanmb

    DIY Reporting

    Yes hence my quotation marks. Also SC may know something I don't. In this instance I just got tired of the host not receiving any info about this spammer thus allowing the spammer to operate w/impunity. I figured, I was already getting their spam somewhat regularly why not see if I can stop it. So yes this may not work in any other instance.
  6. emanmb

    DIY Reporting

    One particular group of spams I get come from linode. com which SC doesn't report to them but to abuse#linode.com A devnull.spamcop.net. So after a lot of emails such as these coming through and being reported only through SC, I took a look at their site and decided they "looked legit enough" for me to fwd the spam to them directly. Seems it might have been worthwhile.
  7. emanmb

    non-functional parsing

    I just ran into this same issue today for the first time. One spam went thru fine, then next one not. Resubmitted and same results. Report page ends with "Parsing HTML part" as per below. "Parsing header: 0: Received: from 144.160.152.215 (EHLO flpd576.prodigy.net) (144.160.152.215) by mta1119.sbc.mail.bf1.yahoo.com with SMTP; Wed, 29 Nov 2017 12:25:47 +0000 Hostname verified: flpd576.prodigy.net Gmail/Postini received mail from YahooMain ( 144.160.152.215 ) 1: Received: from mongelli.ge.ieiit.cnr.it (mongelli.ge.ieiit.cnr.it [150.145.1.42]) by flpd576.prodigy.net (8.14.4 IN altR5 TLS/8.14.4) with ESMTP id vATCPiMp130102 for <x>; Wed, 29 Nov 2017 04:25:46 -0800 Hostname verified: mongelli.ge.ieiit.cnr.it YahooMain received mail from sending system 150.145.1.42 Tracking message source: 150.145.1.42: Routing details for 150.145.1.42 [refresh/show] Cached whois for 150.145.1.42 : muselli@ice.ge.cnr.it Using last resort contacts muselli@ice.ge.cnr.it Message is 16 hours old 150.145.1.42 listed in cbl.abuseat.org ( 1 ) 150.145.1.42 is an open proxy 150.145.1.42 not listed in accredit.habeas.com 150.145.1.42 not listed in plus.bondedsender.org 150.145.1.42 not listed in iadb.isipp.com Finding links in message body Parsing HTML part"
  8. In several brands of spam I get, my email address is also in the subject and/or in the body of the spam, either built into links or more frequently, "Dear emanmb@_______". Now I realize that changing any part of the spam being reported to SC is frowned upon, but in such cases, what else can I do to remain anonymous except to delete my email from wherever it appears in the report? A sample of the html incorporating my email in their link is below. <html> <head> <title></title> </head> <body> <a href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@--------"> <h2>Get $5730 deposited in your account to go back to school.</h2> <img src="http://w0yoorncgn.cu.cc/img/picture12.jpg/emanmb@---------" usemap="#edu" alt="Click here to Apply Now" /> </a> <map name="edu" id="edu"> <area alt="" title="" href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@---------" shape="default"/> </map> <br><br><br><br><br> </a> <a href="http://www.w0yoorncgn.cu.cc/1a8bb1a7bf24c6016ceaaa727a_92ba6759-01010101e4c5/C/">To Unsubscribe Click Here</a> <h5>To enable all links in this message (including unsubscribe link), please click Not spam on a toolbar</h5> </body> </html>
  9. Aha! Yes I remember seeing that somewhere. No I do not have reports sent to me and will try it just to see. This is where I added my address to do this in the preferences. Thanks!
  10. emanmb

    Curious about amazonaws .com

    One could always send it directly to them but since @Lking says reports bounce, that's probably what will happen. My guess is the building of the SCBL is of more importance than reporting to a company's supposed abuse dept.
  11. emanmb

    Curious about amazonaws .com

    Thanks Well that's unfortunate! Just did a little googling and the answer seems apparent from what the domain is associated with.
  12. Came here to post the same thing!
  13. emanmb

    What is Knujon On About?

    I go this this email from Knujon today and I'm wondering what the SC reference is about. "Hello, Sorry for the lack of communication. We have been digging into a scandal which has consumed all of our time, but it will be worth it. The final product will shake internet governance to its core. This is all due to the contributions KnujOn members have made to this project and the issues directly relate to your reported abuse. We will be relocating data centers shortly to resolve a number of issues, some of you have already noted. The servers at COLDRAIN will gradually stand down and be replaced. We are in the process of setting up a new data center in the next few days. We have also noted the news about SpamCop and will accept any former members and do what we can to handle their traffic. The issue is being taken very seriously. If you have sent us specific questions we will answer them in time. Thank you for understanding. -Garth" What news about SC?? Why so serious?
  14. emanmb

    What is Knujon On About?

    Then this is strange then.
  15. emanmb

    Unicode domain names are breaking the parser

    I use the wrong OS to worry too much about the links, but I did click one in iOS 6 or mb it was OSX 10.7 (i think) and it was just a blank page. I'm sure from what petzl is saying that it was probably trying to do something evil tho.
  16. emanmb

    Unicode domain names are breaking the parser

    I was going to make my own post about this but fortunately I see I'm not the only one to have noticed this. My address issue is similar to salamander hxxp://okra.моуе.рф/?r=Click+here+to+proceed Result: Finding links in message body Parsing HTML part Resolving link obfuscation http:/ /okra.üþуõ.рф Tracking link: http:/ /okra./üþуõ.рф No recent reports, no history available okra. is not a hostname okra. is not a routeable IP address Cannot resolve http:/ /okra./üþуõ.рф Edited by SteveT to break links to avoid accidental undesired navigation.
  17. Getting a lot of these today. Backing up to the reporting page and clicking submit again sometimes cures it sometimes not, 500 Internal Server Error Sorry, your request could not be processed. Typically, this is the result of a temporary problem. Please re-try the operation which caused this error in a minute or two. You can even leave this error screen open and use your browser's "reload" button to re-try. Please do not press reload repeatedly though. Pressing the button more often does not resolve the problem faster. It just makes a bad situation worse. If you believe this is a bug which occurs only under specific circumstances or have observed the problem frequently, please contact us with a full description of the problem.
  18. emanmb

    Parsing error

    Yep.
  19. emanmb

    Parsing error

    Another odd thing is 10-30% were being processed normally.
  20. emanmb

    Parsing error

    Alrighty then! Got the waiver email, "Hello SpamCop user, Your waiver request has been processed. You should now be able to report spam through your account: _______[at]yahoo.com. - Don D'Minion - SpamCop Admin - " then I went to report my first spam of the day and still would not go thru. So I started this post, went back to the email and FWD'ed it to SC and still the same result. "Hostname verified: web142514.mail.bf1.yahoo.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do."
  21. emanmb

    Parsing error

    OK, I just went ahead and requested a waiver.
  22. emanmb

    Parsing error

    So I went to "Add/edit your mail host configuration" link and my Yahoo address is not there! How could that happen? I added that address back in the stone age when I signed up! Actually the Yahoo acct is the same address I use for sign in to SC! wth. OK so I TRIED to reinstate my yahoo address and replied the special emails back to the special SC address and that failed. What is going on here? On the page "Complex header analysis" I get this explanation: "SpamCop could not automatically identify any additional email accounts from this sample. The most common reason for this is that the email account you have configured is being forwarded to another mail host. Each mail host must be configured individually (click "try again" and enter the email address of the final destination account). Please select from the options below." I'm then given these options: "Delete all configuration for _____[at]yahoo.com Removing this configuration allows you to start over or give up. You can try again by selecting "Mailhosts". Try again.. Here, you can send additional sample emails to your accounts. Request waiver.. If the mailhost for _____[at]yahoo.com uses a complicated configuration using multiple different domains, you may request that a SpamCop administrator review this sample and manually categorize this mail host. Until this process is complete, you cannot report spam." So I need to request a waiver?
  23. emanmb

    Parsing error

    I'm having the exact same problem. Parsing header: 0: Received: from 98.139.244.173 (98.139.244.173) by 98.139.210.176(98.139.210.176); Thu, 08 May 2014 12:37:14 +0000 Hostname verified: web142513.mail.bf1.yahoo.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. I've been reporting spam from that address since I joined here and have had maybe 16 spam reports fail in the last 48hrs. This is a new issue for me as well. Submitted: May 8, 2014 10:04:54 PM GMT+07:00 +0700: Attention No reports filed Submitted: May 8, 2014 10:04:32 PM GMT+07:00 +0700: Results No: 01/05/2014 No reports filed Submitted: May 8, 2014 10:04:11 PM GMT+07:00 +0700: Vanguard Express World Fund Courier Service. No reports filed Submitted: May 8, 2014 10:03:51 PM GMT+07:00 +0700: Audio Transcription Service Provider - USD 0.60 per audio minute No reports filed Submitted: May 8, 2014 10:03:28 PM GMT+07:00 +0700: GOODNEWS No reports filed Submitted: May 8, 2014 5:37:25 PM GMT+07:00 +0700: My Dear Friend Kindly Reply Urgently No reports filed Submitted: May 8, 2014 4:36:41 PM GMT+07:00 +0700: GBT Bank of the Benin (CBB) No reports filed My reporting method is to get the email source directly from Mac Mail and paste that into SC's reporting page. The spams are coming to a free Yahoo acct. Let me know if I can supply any more info.
  24. Not in Mac OS using either Firefox or Safari, OS X 10.6.8 OTOH, I have an Ameritech (before company became sbcglobal, then ATT) Yahoo email and all the old functions are still there when signed into that account. Free Yahoo is just a mess and my older OS brings up a warning when going into free yahoo alerting me to upgrade my safari or firefox. There aren't anymore Safari upgrades for my OS so for now I use FF but will be upgrading to get more current. Even FF can be flaky w/the new yahoo.
  25. I used to do this before I learned the alt-shift-F method and since that method no longer works, yours IS an option, but SC won't be able to read the links in the spam. Yahoo web mail is a mess w/laggy performance and the occasional need to refresh the page to get buttons to work. One sure fire way to get the links parsed is to have your Yahoo mail accessed by an email client where you'll be able to view the full source and fwd that. For me it's gotten to be too much work trying to ruin a spammer's day.
×