Jump to content

RobiBue

Membera
  • Content Count

    243
  • Joined

  • Last visited

Everything posted by RobiBue

  1. RobiBue

    Any point in reporting spam from AMAZONAWS?

    interesting read about the ports: https://pepipost.com/blog/smtp-port-25/ and https://pepipost.com/blog/25-465-587-2525-choose-the-right-smtp-port/ the former has a typo where it addresses port 467 (which is wrong as it is port 465) but in either case, that port schould not be used anyway
  2. As gnarlymarley mentioned previously, a tracking URL would be helpful to figure out what’s going on. the tracking URL can be found at the top of the spam processing screen after clicking the button [process spam] below the entry text box.
  3. RobiBue

    reports disabled for spam [at] uce dot org

    Sorry, I understand the sentiment, but that quote is definitely not “Twain’s”. His sentiment on voting was just the opposite: ”When a thing gets to be absolutely unbearable the people can rise up and throw it off. That's the finest asset we've got--the ballot box”
  4. RobiBue

    reports disabled for spam [at] uce dot org

    here's my take on this (at least the way I think I understand it): The FTC set up honeypots, but not for spamhaus or SURBL but for their own form of collecting spam and acting upon it within their own system. but here's the drawback: Honeypots take time to be harvested. spammers (afaik) get their lists from different sources existing spam lists exploited emails on the darkweb harvested emails (diverse forms) unless the FTC has seeded their honeypots into the above sources (which I doubt they have) it is possible that it will take years for them to actually be able to do anything (if at all) also the equal analogy applies with the current existing honeypots for spamcop Spamhaus and the known BLs: even though BLs are there, spam keeps coming regardless, due to different reasons: spammers use different providers sometimes but not more than often they are their own providers and change/add IP ranges at will or when they ended up in a BL spammers use malware infected computers (spam bots) to send their spew or use open proxies I have also seen them use IP addresses that were being transferred and thus not active anywhere (they spoofed those addresses and thus were untraceable) Somehow I understand the FTC reasoning as they often receive spam reports that actually are not, but people just get tired of unsubscribing from emails they subscribed to once upon a time for example: I have written to congressmen and whenever I did, I made sure not to receive their "daily digests", yet some congressmen think it is ok to send me their spew, so I end up unsubscribing once (even though I made sure to uncheck the box to receive emails), and after that, all the upcoming mails end up being reported as spam. I could just report their emails from the getgo but I do give them a chance to clean up their act. I was going to rant here, but I promised not to go political anymore
  5. RobiBue

    Message from the Wilderness

    Pony express or/and steam engines sill working, I hope 🐎🚂🏔🎿☃️
  6. RobiBue

    Replies from spammer BOK IQ PL

    Hetzner.de is basically the same. I manually reported to their listed abuse address and received a reply to report through their website. (After of course having went through the trouble of reporting it to them in the first place — SMH) No wonder they ended up in the /dev/nul list...
  7. RobiBue

    No Headers

    There’s Netflix or Hulu to alleviate that Believe me, I feel your pain! Mine Has to do with healthcare... (not physical pain, it’s the system, although it can give me headaches just thinking about it...)
  8. RobiBue

    No Headers

    Dang! something is definitely not right! it's like some scri_pt is removing those headers on purpose. (almost like malware on that computer, which I hope is not the case)
  9. RobiBue

    No Headers

    :thumbs-up: 😄 A long time ago, back until 2007 or so (I thought it was 2003), I used to use Outlook Express (OE) (a. it was easy, b. it was free) and I would have all my emails retrieved to my PC with it and was able to do some "nifty things" too with it. Anyway, I digress. with the dawn of Gmail, for which I received an invite back then, I realized that I could save space on my PC and keep emails for longer and have them retrieved just like with OE and still have most of OE's functionality. At about the same time, or just a bit earlier (can't really remember) -- I was and avid anti-spam enthusiast (posting and reading news.admin.net-abuse.email (nanae) and checking in with the "local" Lumber Cartel (using "Clue by four"s on spammers) since the late 90s ) -- I got wind of SC and started reporting spam through SC where before I used to check the headers myself and report manually to the entities responsible for the source, having occasionally had the pleasure to receive "kill" confirmations from AB (Afterburner) and Nyarla (Nyarlathotep) at Erols/RCN (there were others, but the names escape me...) aaaaaaaaanyway back to ... (where was I? oh, yeah!) ok, so several of my email accounts I had back then were discontinued because the companies I had them with started closing up shop or just discontinued their email services and I found myself with just about 4 or so email providers left finding no need for trying out new things so with that I stayed with gmail as my main email utility and got rid of OE and as I mentioned, didn't need a replacement so I didn't know about the developments of TB (although I do use FF 😉 ) I know, the above had nothing to to with the current thread, just an anecdote that came to mind while reading Lking's reply. I do hope though, @Dracosse's "No Headers" problem gets resolved.
  10. RobiBue

    No Headers

    Thanks 🙂 Hotmail and Outlook are MS, so they would be affected the same way although losing the Received: headers wouldn't benefit either Google nor M$ unless they would come up with a special way to trace the emails back to the source, so I don't think that's the issue here. Both Google and M$ have changed their Mx/mail server addresses internally or switched to a "local" IPv6 that isn't (or actually wasn't) recognized by SC. (the latter has changed to my knowledge though) There is still something else that changed that is dropping those Return: headers for the OP. Is Thunderbird still in development? I mean, is it possible that they changed something when emails are attached that makes them lose those header parts? I know, I'm grasping at straws but I have no other ideas...
  11. RobiBue

    No Headers

    ok, with a bit of line removing and space inserting due to format-/copy-/pasting, I created three reports (although I cancelled them since they are not mine 😉 ) First report with all headers: https://www.spamcop.net/sc?id=z6600908248z14fbf5e205d3bbcd06daf68b834afaa8z This one places hotmail.com in the offending party (but that's because of misconfigured servers on their side.) Second report (removing the misconfigured server received line (that's the topmost received line)): https://www.spamcop.net/sc?id=z6600909520z2c8b6de1573c6d56a4a1eda8247ebffez This one puts Google now on the hot plate. The third one I had removed both outlook server received headers (both the topmost received lines): https://www.spamcop.net/sc?id=z6600908461z0b3a82e2691b331270100d71daed223cz as is clear, this one also places google in the hot seat. Somehow when you forward/attach them, (I don't know how) all the received lines vanish in your reported spam. when you copy it like you did above, all headers are there (although they need to be cleaned up to the correct format.) Dracosse, something must have changed this last 3-4 weeks since you've been having trouble reporting.
  12. RobiBue

    No Headers

    in a way also known as "honeypots", but those should be redirected directly to a spamcop honeypot account (not sure if they still have them) and you wouldn't have to to anything but let it roll... at least that was my understanding back then. (honeypots are also email addresses that are hidden in a website, and no real person would ever see them while browsing/visiting unless they look at the raw html page. webcrawlers used by spammers usually pick them up and add them to their database.) sorry, the text file is not accessible, but that's ok. if it doesn't contain received headers, then it's not good anyway. maybe someone else has an idea why received headers are missing in an email message that relies on received headers to operate correctly for handoffs and tracking history. MTAs are supposed to add those received lines upon receipt of the email in their system.
  13. RobiBue

    No Headers

    from the other thread, I understand that you submit the spam as attachment using thunderbird. from the reporting URLs I can see that although the headers are there, the Received: headers are missing. this is somewhat "unconventional", since every email that arrives in a mailbox gets those Received: headers added to it. I need to ask, do you remove them from the spam/junk folder? (I saw that in the other thread there is the option to "Move to "junk" again") is it possible that thunderbird removes the Received: headers when the messages are removed from the junk folder (or flagged as "not spam")? Maybe there is some pattern there. if you look at the headers directly in hotmail or outlook, are the Received: headers there or are they missing?
  14. RobiBue

    reveal obfuscated url for reporting

    5 years ago, this piece was posted by a now Chief Information Security Officer (CISO), then working for Cybersecurity with NCR: https://isc.sans.edu/forums/diary/How+Malware+Campaigns+Employ+Google+Redirects+and+Analytics/19843/ I agree, feature request is best policy as not everyone has the ability and possibility to run a scri_pt with every submission, whereas every submission runs through a scri_pt 😉
  15. RobiBue

    Any point in reporting spam from AMAZONAWS?

    🙂 and don't forget social media 🙂
  16. RobiBue

    www.nospammer.net/SpamSubmission

    let's all take a step back and take a breath. you, as OP (original poster) asked about a link in spam to "nospammer.net" Lking then pointed out the body of the spam showed the "no spam" link implying that the whole spam including link is all spam. you then ask if you should report the spam lking replies "yes" (he would report it if he received that spam) I feel better after having taken a few breaths of fresh air now as an aside, I didn't see any joke anywhere, so I'll post one: How many psychiatrists does it take to change a lightbulb? only one; but the lightbulb has to really want to change!
  17. RobiBue

    obscuring personal IDs in reports

    I use Firefox, and if I open the tracking URL in a “private tab” even if I’m logged in, the private tab won’t be logged in — the Login credentials don’t carry over into new private tabs — and you can see the munged report right away without logging out first (but it has to be in a private tab) In the following link, there are several ways explained on how to accomplish this with ie, Firefox, and chrome as well as other methods with the aforementioned browsers: https://www.howtogeek.com/126621/how-to-log-into-multiple-accounts-on-the-same-website-at-once/
  18. I don't know, but as of late, I submit spams (to seekrit.email@spamcop.com) but only occasionally am able to submit the spam. the others are lost in limbo... maybe that has to do with the green spikes?
  19. looks like their IPv4 peer is AS 31343 ( Intertelecom Ltd ) (got it from your dnslytics link ) It seems that Intertelecom is the only peer Romanenko has, so it is likely that he is their customer... maybe they don't know what's going on in their "backyard/neighbourhood" and then again, maybe they do and the money they get is good enough for them...
  20. RobiBue

    No Data Found

    In principle, yes, but to save time only remove the empty lines in the header, leaving however many empty lines there are after the header part intact including, as Lking said, the required blank line at the end of the header. I hope this makes sense... I believe the reason for the empty lines is *nix (Unix, Linux, etc...) to windows conversion, where *nix is LF and windows is CR/LF where one line converts to an extra CR so LF ends up being CR/LF —> CR/CR CR=carriage return, LF=line feed somehow Microsoft still has problems converting them correctly 🤫🤓😫 (after 40 or so years of experience...) Wikipedia (issues with different new-line formats)
  21. RobiBue

    No Data Found

    the problem with hotmail/live.outlook/microsoft is that when you copy/paste you have an extra CR/LF (empty line) between each line and that disrupts the parser. i.e. I have this: which ends up looing like this in notepad: Received: from BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com (2603:10b6:406:80::21) by BN8PR14MB3108.namprd14.prod.outlook.com with HTTPS via BN7PR06CA0008.NAMPRD06.PROD.OUTLOOK.COM; Tue, 8 Oct 2019 17:12:07 +0000 Received: from BN3NAM04FT064.eop-NAM04.prod.protection.outlook.com (10.152.92.54) by BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com (10.152.93.177) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.20; Tue, 8 Oct 2019 17:12:07 +0000 at least that's what I get, an empty line between each line see https://www.spamcop.net/sc?id=z6579716938z8475af47adf145b28b287648c1133132z
  22. Ah, the reason why you can't see the "coded email address" is because you have an ISP control center account. you might need to try out different links and options, like: clicking on [control center], or [preferences], or trying the [Action:] option other than [Find reports v] option: (I don't know what other options are in that list... as I don't have an ISP control center account) <-- this one here maybe... or wait until someone with such an account can help...
  23. got it. although now-a-days there are not many email programs that let you attach emails (including headers). forward them, yes, but you lose the mail's identity. I believe many email providers changed that to protect their breadgivers/spammers...
  24. well, when you submit the spam (depending on the way you submit it -- specifically in my case, copying and pasting the spam into the submission box in SC) you already got the raw spam, and as long as you don't click on any spam links (and also have a reliable anti-virus running on your system) you should be all good ...
×