Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by RobiBue

  1. RobiBue


    I learn it from a book 🙃🤗🤣
  2. almost -- it's missing the net (sorry for the late reply, have been busy otherwise. Even my spam folder accumulated several days of unreported spam 🤫)
  3. if I use my "potaroo.net" IPv6 checker on the aforementioned IPv6 address: http://www.potaroo.net/cgi-bin/ipv6addr?pfx=2402%3Abc00%3A0%3Aa216%3A%3A19%3A124 I see the following comment in the APNIC entry: remarks: This information has been partially mirrored by APNIC from remarks: JPNIC. To obtain more specific information, please use the remarks: JPNIC WHOIS Gateway at remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client remarks: defaults to Japanese output, use the /e switch for English remarks: output) last-modified: 2014-03-10T22:41:03Z not shown above are other "last-modified" entries, the oldest dating 2009-11-04T06:54:54Z (that's a 10 year old listing), while the shown last-modified is 5 years old, whois.nic.ad.jp should have the current listing although I do not find the abuse address mentioned by MIG, I find 2 entries, both using the same email address https://whois.nic.ad.jp/cgi-bin/whois_gw?key=JP00076967/e and https://whois.nic.ad.jp/cgi-bin/whois_gw?key=JP00065730/e Group Contact Information: [Group Handle] JP00076967 [Group Name] networkhozen [E-Mail] SS01629@enecom.co.jp <--- [Organization] Energia Communications,Inc [Division] [TEL] 050-8201-2351 [FAX] [Last Update] 2017/04/05 16:53:06(JST) one is from 2011 and this one from 2017...
  4. in fact, the whole /19 range is! see http://wq.apnic.net/static/search.html?query= or actually the RIPE db: (sorry about that, not APNIC) https://apps.db.ripe.net/db-web-ui/#/query?searchtext= still shows the same abuse address: Abuse contact info: abuse[at]phe.uk.com inetnum: -
  5. currently spamcop parses it as follows: https://www.spamcop.net/sc?action=showroute;ip=;typecodes=16 apnic has: % Abuse contact for ' -' is 'abuse[at]phe.uk.com' <<---------- please fix to this correct abuse address while Rob.Urry address mentioned in the SC parse is somewhat listed, SC says: rob.urry[at]rapidwaters.net bounces (7 sent : 6 bounces) No good!
  6. That's correct, in your case, the first link is basically just a link parser equivalent, and nothing more, although the report to the telegram . org abuse desk will contain the complete spam for parsing (munged if your settings have it so selected) The next ones are targeting the source of the spam, and will contain the full, yet probably munged, headers and message body. Glad we could help 🙂
  7. @bolandross, have you clicked on [View Recent Reports] and tried yourself? Just curious. Anyway, there are different "forms" of reports the ones not yet filed: as you can see, there's no link and then, filed: depending on how and what you clicked to report the spam, the links provided will vary here, the first few links are just URL parses which point to the owner/administrator/abuse desk of the serving IP address of the spamvertised websites, then you might have a personal link if you request one in [Preferences]. There you can add notes, or see how the spam was parsed (Tracking URL) and then you might have one or more for the spam source ip address, where you can see a) the full spam (depending on your settings with the email address munged) and b) a link to how the spam was parsed (again, Tracking URL) (in the above, ending in 50, I replaced the link with the tracking URL because otherwise you wouldn't be able to see anything)
  8. RobiBue

    ocn.ad.jp spam

    Klappa had two posts. He mentioned you can add a recipient in settings (actually the [Preferences] tab/link) but he didn't mention that it's under Report Handling Options by adding an email address to the Public standard report recipients field. In the 2nd post (the one you quoted) he asked where (about adding a recipient for every report independently), but just recently, we all found out, that you can do that only if you have either a paid account, or fuel added (until it runs out) HTH
  9. RobiBue


    sorry, can't say I've noticed, but as Petzl mentioned, a tracking URL might be helpful. Petzl is not a troll, he might just have had a bad day with all the spam in the forum (it goes away after an admin browsed through it, but the TZ between OZ and US difference keeeps the spam visible much longer for him...) anyway, the past reports can be found here when logged in (same as the link/tab [Past Reports]) (p.s. that's TZ for Time Zone, OZ for Down Under, and US for a Colorado/Rockies location or something like that )
  10. I like Idea #2!, especially if everybody is on-board. a) it would convince amazon to clean up their act with spammers and hosting them, b) especially if they start losing legitimate clientele
  11. RobiBue

    re. @devnull.spamcop.net

    Just for clarification: I do not get [User Notification] either. Admittedly, I have not a paid account, and do not have "added fuel" either. And WRT checking the settings, tried both: on and off with no difference.
  12. RobiBue

    No reporting -> Less spam

    I too dislike it when folks sign up on a mailing list and then mark it as spam instead of unsubscribing, but I dislike it even more, when an emailer, after me having unsubscribed from *ALL* their emails, decides that I might still be interested, regardless of my decision. WRT gmail blocking/rejecting legitimate email: I haven't had that encounter yet, or the person that got rejected never got in touch with me about it...
  13. If amazon[dot]com is dev/null'ed, then placing it in the [User_Notification] field wouldn't change anything. It would still dev/null the address. @Lking, question about the "Note". Do I understand this correctly, that you send (apart from sending the spam to SC as "bcc") the spam (as attachment) to the three listed entities? How do you know where to send the spam before parsing it? When I send the spam to SC, it gets parsed and /* then */ I know whom to send it as well... (Color me confused)
  14. RobiBue

    No reporting -> Less spam

    I'm seconding petzl. spam in my gmail inbox/spam folder has also dropped drastically. Currently I'm fighting a spammer that originally wasn't one, but has no idea -- clueless -- what it means when I unsubscribe, and weeks later, they start firing up a daily trivia email campaign... So now they are spamming me, and I have no remorse on telling their host about their newly turned spammer... Just a matter of time now. Either they'll figure it out, or their host will...
  15. RobiBue

    I am getting more spam when I report

    Uhmmm... scri_pt is safe, but I do have 2 confessions to make: Currently I have no access to the pc I wrote the scri_pt on, and The scri_pt is a vba scri_pt for win word where I just dropped the spam in, ran the scri_pt, and attached the resulting text files to an email addressed to my reporting SC address... The scri_pt works roughly as follows: search for an https?:// domain name with regex and replace the numerical path (or ?argument) with the —ID...— line that’s basically the idea. fun to play and test reg(ular) ex(pressions) : https://regex101.com/r/wN6cZ7/478 (already set up for domain names) and SO has a nice answer for the whole URL: https://stackoverflow.com/questions/27745/getting-parts-of-a-url-regex sorry that I can’t be of more help atm... working these answers off a tablet...
  16. Link removed due to giving out private information.... ? Sc admins? I was wondering if an admin, or someone with the ability to check the SC address entries can see and post here why the amazonAWS address is devnulled. When I report manually to abuse amazonaws com I get both sentient and robot replies. Can the devnull redirection be removed so that reports go again to their abuse desk? They seem to be taking care of their spammers, but only if the spam can be reported... I am not sure if abuse reports going to ipmanagement are actually going anywhere. I have seen 3 different abuse addresses listed for amazon aws and ec2, where ipmanagement seems like a fluke that ended up without an abuse address at amazon web services...
  17. RobiBue

    I am getting more spam when I report

    Yeah, unfortunately the spam examples get removed by SC to conserve space (there are so many reports a DB can hold without having to add more HDD...) and when I checked my inbox, the spam from back then had already been deleted as well... but I found examples in my sent folder: I had written a quick and dirty scri_pt, which would replace the numbers after the host name with the text “?—ID-number-<n>-(munged)—“ where <n> is the last digit of the number... and then sent it off to SC for reporting...
  18. RobiBue

    I am getting more spam when I report

    Yep, just like I thought, those sigarpi.com links are some of those tracking links. Hitting them, triggers a scri_pt on their server that “assumes” that you’re interested in their products and they send a spew of their junk to the address linked to the number. At least that’s the way it looks. See here... unfortunately nothing has been done about it Deselect the cloudflare report and you should be ok... I know, it’s not perfect, but you’d get less spam and eventually they’ll die out. Haven’t had one since last October...
  19. RobiBue

    I am getting more spam when I report

    1. welcome to the spamcop forum. We're mainly just SC users trying to help others in the fight against spam. Sometimes we can, sometimes we can't... That said, some spam messages contain URLs which, if triggered, will cause more spam to be sent to you. Sometimes the ISP is "spammer friendly" and provides the spammer with your email address to "listwash" their DB or provides them with the email headers and they extrapolate your address through tracking codes they inserted in the headers. If you have a Tracking URL (see Jeff G's welcoming post) and would provide it, it would be easier to analyze the reasons for your "multiplying spam" problems and find out a way to alleviate it. I used to have similar problems with some spammers and by not reporting the links, only the source of the email, it reduced the spam volume drastically. I also went in manually to report the links to the hosting companies and removing the tracking extension from the report, to prevent anybody from triggering more spam if they accidentally (or purposely) click on the link.
  20. I never report from the spammed email address, and always munge the latter. Several providers have asked for full headers and I always tell them that the email address is of no concern to them as I do not wish retaliation or listwashing from their customers. They sometimes claim it would be easier with my address, but I insist that they can enforce their AUP solely by the email received headers and the email content. This last scenario happened only twice in my umpteen years of reporting
  21. Oddly enough, I haven’t been getting any amazon/bit.ly spam as of a few days ago. In fact, I haven’t had any spam since Saturday 9th at noon. /me happy/
  22. the info behind the ? in the links is what gives the spammer your info. those are the ones I don't add in the reports ... btw, got the same one today too... recognize the identical bit.ly address...
  23. SC munges the headers (unless it's a ISP that requires full headers) for me when I report the message. usually the message ID looks something like this: Message-Id: <wecW_______________________________________________upLM@vevida.net> the underscore line is placed there by SC. and non-ISP headers are often used by the spammer to trace reported spam and retaliate... that's why I tend to do that. if the ISP wants more info, they can ask for it
  24. although they have your email, doesn't mean that if you report to their ISP that they know whodunit if you munge the name and address. of course, you'd also have to munge the message ID and a few other non-ISP headers that would/could reveal your info... Re: porn spam, amazon has AFAIU pretty strict guidelines and do not tolerate offenders.