Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About RobiBue

  • Rank

Recent Profile Visitors

245 profile views
  1. RobiBue

    url not a routable address

    .HOST is a valid TLD according to IANA it is possible that one of the registrars took it down: https://ntldstats.com/tld/host doubt it though, as It seems to be registered through namecheap... (sorry about the reCaptcha...) Domain Name: BXDGEI.HOST Registry Domain ID: D82021934-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2018-11-06T17:50:19.0Z Creation Date: 2018-11-06T17:50:07.0Z Registry Expiry Date: 2019-11-06T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registrant Organization: WhoisGuard, Inc. Registrant State/Province: Panama Registrant Country: PA
  2. RobiBue

    error: couldn't parse head

    that's why I wish SC/Cisco would also get their gears into motion and have the private 6to4 addresses parsed correctly and not ignore them and break like they have been doing thus far... 😞
  3. RobiBue

    Forona Technologies spam

    Welcome to SpamCop. please do not post private information, if someone else buys the property, or owns it, there could be people that take it the wrong way and do damage... and to the wrong people... thank you this is public information: https://ipinfo.io/AS36263 besides, as a newbie, posting the same stuff 3 times... not a good start...
  4. RobiBue

    Why you allow spaming this forum

    I usually get these posts fairly early and go through the unread posts, flagging the spams first. It does take a little while with a slow pc/nb, but eventually I have a clean slate to look at the real issues, and as Lking said, occasionally I flag a missed one
  5. Many times, pasting the spam into a blank notepad first, will take care of those empty lines or will show that there are empty lines. Usually this happens when there is a carriage return (cr) and a line feed (lf) like in unix (cr/lf) and microsoft (cr) receives it...
  6. RobiBue

    ISP has indicated spam will cease

    there are unfortunately more ways for spammers to send their junk: they can find an open proxy, that is a server who allows sending through it (on port 25) and you can find plenty of those on the web (unfortunately) another way is to spoof IP addresses, usually addresses that are not in use or still in transfer. I have been receiving my fair share of spam from IP blocks which are not in use and therefore a bounty for spammers as there is no abuse address for those IP blocks
  7. In SC when i submit as attachment, the spam needs to be truncated. SC won't accept it otherwise. Manually in the report box, it might be the case that SC does it automagically but I haven't tried that one in a while though
  8. careful, the above post could be a password phishing link... I haven't looked into it, but it looks suspicious... https://www.spamcop.net/sc?track=http%3A%2F%2Fwww.aoltechsupportnumber.com @admins, my post can be deleted if you delete the above post or if the link is safe
  9. if that's the case, then just post the header and the first few lines of the body in their form with the comment that the rest was truncated or omitted due to size restrictions. I do that when I report spam larger than 50kiB
  10. if they are that large, it would almost seem that they would contain some malware... (a virus or such)
  11. from the vast amount of data breaches, this goon got my old password as well: https://www.spamcop.net/sc?id=z6495594649zd2d6f1f75886a3a021dda5474e8bf174z reported. his mo seems to be that he subscribes you to some prn sites and then sends the canned letter...
  12. I would like to propose a change in SpamCop's handling of cloudflare links. 1. when looking up the whois for the domain, or test the link, do not use the full path, only use the domain name, as a visitor trigger trap causes more spam to be sent as soon as the report is performed. I munged for that purpose every link in my "cloudflare" spams: https://www.spamcop.net/sc?id=z6493410150za18869ba12b686fd60a88c35e34dc44ez https://www.spamcop.net/sc?id=z6493410187zb583dc5e2b40660c7a81ed43e718e3aaz https://www.spamcop.net/sc?id=z6493340629z49245d803153055044b14f0dc24f00a3z https://www.spamcop.net/sc?id=z6493340613z69f628f405e36a4d6fbdf4e2014ffe58z and so on and so forth. it would be grand if SpamCop could do this automagically.
  13. lately, I have to manually alter every cloudflare spammer link. I noticed a few weeks ago, that whenever I reporte cloudflare spam (I call it cloudflare spam because the links are hosted by cloudflare, and the spammer spoofs an inactive IP range -- currently CCAMATIL ( 167.103.249.nnn ) -- and seems to be getting away with it) a few seconds later, fresh spam from, you guessed it, cloudflare fills my inbox. So, whenever SpamCop analyzes the links (just touches them), the spam gets triggered. Now I munge the ID number and alter it verbally as: e.g. http://airlinedo.com/?--ID-number-5-(munged) where the 5 in this example is the last of 13 digits https://www.spamcop.net/sc?id=z6493410150za18869ba12b686fd60a88c35e34dc44ez or http://checkshownontv.com/?--ID-number-8-(munged) in this case it's 8 ... https://www.spamcop.net/sc?id=z6493410187zb583dc5e2b40660c7a81ed43e718e3aaz it would be nice if SC could refrain from using the full path so that the visitor trap doesn't get triggered And yeah, the originating IP address is also a problem as there is no real owner for the range, even though indirectly it belongs to the Australian branch (Amatil) of Coca-Cola. APNIC told me that someone is spoofing those IP ranges.
  14. Hello Alexey, this is a user supported forum, but we'll try to help as well as we can. it seems that your system doesn't have "double opt-in". this means, that when the user subscribes, you send a short message to the email address provided asking the subscriber to confirm (preferably not via email but via web-link or to enter a code sent) that they want the subscription to your list. if they do not react within a certain amount of time, you discard the address and leave it at that. do not keep on asking for confirmation, as that constitutes spamming too. also, if the user changes the email address, you do the same, send a message to the new address asking for confirmation via link or by entering a code. this way, you can make sure that someone who is trying to frame you, can not succeed. also, keep a log of the subscription requests and the messages where the replies come from (IP addresses) there could be a possibility that someone is adding "innocent" email addresses to your list, and with this method you can make sure that you're not getting in trouble. personally, if I receive unwanted mail (spam, ube, uce) I do not click on links. I report it. if the spammer keeps sending me requests to confirm my subscription, they are spamming me. if they sent the request once, and don't send me any more requests, then they can easily explain to their provider the way their system works, and if someone is trying to get you in trouble, you can follow up on recent attempts to subscribe (if the same IP address appears to be subscribing many email addresses, you can explain to your provider the situation and even block the IP address attempting to subscribe... you might have to clean out your address DB now, since you don't know who of the 5000 is the one that didn't want to be subscribed. hope this helps
  15. RobiBue


    The is not an IP address! It is the version number of the “IceWarp” system used by mail.gvii.net. SpamCop thinks that it’s an IP address because it is commented (in parentheses) after the host name... unfortunate misatribution...