Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by RobiBue

  1. Hello rdorsch,

    I am certain you are not the first one to report his own domain, and probably won't be the last.

    there is a reason why spamcop "kind-of" suggests not to report linked websites in the spam body, as spammers inject addresses of several "innocent" websites/domains, and you were the unfortunate recipient of such a spam.

    also, links in spams are not "counted" as spam origins and thus not blocked (AFAICR) but that does not necessarily mean that if the domain's upstream IP listed abuse desk receives a "complaint"/report that they won't act upon it.

    currently I see that the abuse desk is "/dev/nul"ed reports are disabled for contabo punkt DE which means that the link will not be sent to the abuse desk in case you forget to uncheck the box ;)

    Ich hoffe dies hilft!

    Gruss aus den Staaten nach Deutschland

  2. 20 hours ago, gnarlymarley said:

    Sounds like a business might not know about the double-opt-ins.  If they don't have any opt-in check, they they really should change their wording to "some subscribed using your email address to....."


    I've been fighting spam now for close to 20 years, and even back in the day, double opt-in was suggested to the companies affected by these malicious login attempts. I just don't understand how short the memory of some people is. I am sure some of these IT guys were also affected by these spamming opt-ins...

    I don't know how an "opt-in check" could work... I have a VPN and am accessing the web from different sites worldwide (at least on my tablet) so if I opt-in at some site, they might log my IP address, and probably ask for a captcha, but anybody can opt me in using a captcha and the IP address would still be as unknown as mine is... unless you mean "opt-in check" = "double-opt-in"

    just like this stupidity with spotify, where they send an email that somebody created an account, and for me to confirm, but in the end, confirmation is not needed since the account is already created and I receive emails from people logging in from two different sites (Ukraine and US) -- mindblowing 🤯

  3. you also need to keep in mind that links nowadays are tracked by the spammer, so if a link is clicked on, the spammer gets

    a) paid for successful promotion and propagation of the spam.

    b) if a link is clicked on multiple times, a counter increases and the spammer gets more money.

    c) a clicked link means the spammer will flood you with even more junk to click on because he now knows that the email address, linked to the tracking code in the link, is active and the user responds/reacts to it.

    links need to be handled carefully and redirected links even more since the tracking code is hidden in the redirect code. even worse, if the code for the redirect link is changed, the link doesn't (usually) work and is not linked to the actual spammer anymore...

  4. I hope an admin reads this:

    I just received re spam report with the following subject line/title:

    Subject: [WARNING: UNSCANNABLE EXTRACTION FAILED][SpamCop ( id:7052936601]Free - get our most popular daily mail - we think ..
    what does this mean?

    here's the SC link just in case, but I see no [WARNING: UNSCANNABLE EXTRACTION FAILED] in there...



  5. How quaint :)

    just received a cute email starting with:


    It’s been a while since you’ve visited us. Are you still interested in the stock market?
    If yes, we think you’ll enjoy our most popular daily mail called Must Reads.

    We cover how coronavirus impacts the market and offer unique perspectives and investing opportunities.

    sorry seekingalpha, 1st I do not recall ever having asked for emails from you, and since you say "it's been a while", there must have been a reason.
    BTW since I haven't "ever" (at least since November 2005) received an email from you, I would wager to say, you got my email address from somewhere else, so I'll pass, thank you very much :)

    So I go check my browsing history (ISO ALPHA-2) is all I get with alpha, and as for websites with passwords (wolframalpha.com) is the only one I have ever logged in, so sorry seekingalpha, your "pitch" doesn't work with me. You are sent to the spam bin and reported :) nyuknyuknyuk!

    At the very bottom:


    By default, clicking links in Seeking Alpha emails auto-logs you into the site. Be careful not to forward this email to anyone you don’t want having access to your account. You can change your email security settings

    Yeah, right! (and they say two positives don't make a negative), like I want to be auto-logged in without my decision... No Way in HE🏑🏒 (pity those hockey sticks are facing left). Also a reason why I do not click on links in emails I don't trust...

    I thought I'd share this nugget which is taken right from the spammer's playbook ;) 


  6. oddly enough, spotify sent me an activation link which I never clicked on, but it seems that whoever created the account was able to log in anyway, twice even...

    and I am fairly sure that my email account isn't being accessed without my knowledge :)

    my email address has definitely been used several times though...

    there seems to be something badly wrong if spotify sends me a confirmation to activate email and then the activation happens anyway... anyway, that is not spamcop's problem :) that is Spotify and yes, I ain't a fan of neither certain ways of opt-in/opt-out either :)

  7. somewhat "indirectly" related to this thread...

    Somebody in the Ukraine created a spotify account with my gmail address and it received two logins, one from Ukraine and one from the US. the account claimed that whoever "I" am, lives in GB :) so I logged in as well, noticed that the name was gibberish, changed the password, and kicked everybody who would have been logged in out.

    In the spotify forum I noticed that Ukrainians wanted their country to be added to the spotify approved list ... sure, creating fake accounts will help them...

    edit: unless it's Russians using a Ukrainian VPN to keep them from getting approved...

    edit 2: with Russians I mean Vlad Drac^h^h^h^hPutin's agents...

  8. 1 hour ago, styncer said:

    I apologize for the delay in my response.  I've tried to follow the Add Mailhost for my address (*****@mac.com) again.  I receive the test email, and when I paste the headers and body into the form, it returns the following error:

    When I try to follow the "Proceed Here" URL, I receive an error, "500 Internal Server Error".

    As gnarlymarley mentioned previously, a tracking URL would be helpful to figure out what’s going on.

    the tracking URL can be found at the top of the spam processing screen after clicking the button [process spam] below the entry text box.


    SpamCop v 5.1.0 © 2020 Cisco Systems, Inc. All rights reserved.
    Here is your TRACKING URL - it may be saved for future reference:
    Skip to Reports

    Delivered-To: x

  9. 4 hours ago, petzl said:

    If voting made any difference, they wouldn't let us do it- Mark Twain 

    Sorry, I understand the sentiment, but that quote is definitely not “Twain’s”. His sentiment on voting was just the opposite:

    ”When a thing gets to be absolutely unbearable the people can rise up and throw it off. That's the finest asset we've got--the ballot box”

  10. here's my take on this (at least the way I think I understand it):

    The FTC set up honeypots, but not for spamhaus or SURBL but for their own form of collecting spam and acting upon it within their own system.

    but here's the drawback:

    1. Honeypots take time to be harvested.
    2. spammers (afaik) get their lists from different sources
      • existing spam lists
      • exploited emails on the darkweb
      • harvested emails (diverse forms)

    unless the FTC has seeded their honeypots into the above sources (which I doubt they have) it is possible that it will take years for them to actually be able to do anything (if at all)

    also the equal analogy applies with the current existing honeypots for spamcop Spamhaus and the known BLs: even though BLs are there, spam keeps coming regardless, due to different reasons:

    1. spammers use different providers
      • sometimes but not more than often they are their own providers and change/add IP ranges at will or when they ended up in a BL
    2. spammers use malware infected computers (spam bots) to send their spew
    3. or use open proxies
    4. I have also seen them use IP addresses that were being transferred and thus not active anywhere (they spoofed those addresses and thus were untraceable)

    Somehow I understand the FTC reasoning as they often receive spam reports that actually are not, but people just get tired of unsubscribing from emails they subscribed to once upon a time

    for example: I have written to congressmen and whenever I did, I made sure not to receive their "daily digests", yet some congressmen think it is ok to send me their spew, so I end up unsubscribing once (even though I made sure to uncheck the box to receive emails), and after that, all the upcoming mails end up being reported as spam.

    I could just report their emails from the getgo but I do give them a chance to clean up their act. I was going to rant here, but I promised not to go political anymore ;)


  11. On 12/21/2019 at 7:49 AM, gnarlymarley said:

    My understanding is that the from address on each report changes as it appears to be the number is the report ID.  Some ISPs like this authorize only the full address.  The deputies might be able to work something out with the ISP.  Under the circumstances, might just be an autoresponder that sends it to the bit bucket.  Like Lking says, that this may be added to the blocklist.

    Hetzner.de is basically the same. I manually reported to their listed abuse address and received a reply to report through their website. (After of course having went through the trouble of reporting it to them in the first place — SMH)
    No wonder they ended up in the /dev/nul list...

  12. 2 hours ago, Lking said:

    No matter your politics, today the American TV is depressing.

    There’s Netflix or Hulu to alleviate that ;) 


    6 hours ago, Dracosse said:

    I've scanned this PC with Malware bytes checked it with Clamwin Antivirus [always worked in the past], Windows 10 with Windows Defender and monitored the startup apps + I have used Spybot Search and Destroy for years.

    When I reverted to an older version of Thunderbird. I checked to "share experience with developers" When I get up the gumption to do that again I won't check that box. Maybe the developers are doing something in proactive mode? Also next time I'll make sure to backup the contacts list 1st. (OUCH!)


    yea I'm depressed this morning.

    Believe me, I feel your pain! Mine Has to do with healthcare... (not physical pain, it’s the system, although it can give me headaches just thinking about it...)

  13. 7 hours ago, Dracosse said:

    I rolled back to an older version of Thunderbird [38.0] and for 2 hours I was able to report spam just like before. Then suddenly the same thing happened. Almost all messages have no tracking information.

    Weird. I don't understand that?

    Dang! something is definitely not right! it's like some scri_pt is removing those headers on purpose. (almost like malware on that computer, which I hope is not the case)

  14. 7 hours ago, Lking said:

    Well yes, currently version 68.x   Things would be easy enough to check <ctrl>U will display the full content and header received.  By looking at a "good" email from a known source (a friend, your bank...) would tell the story.

    TB has been one of the easiest to send reports from for a really long time.

    :thumbs-up: 😄

    A long time ago, back until  2007 or so (I thought it was 2003), I used to use Outlook Express (OE) (a. it was easy, b. it was free) and I would have all my emails retrieved to my PC with it and was able to do some "nifty things" too with it. Anyway, I digress.

    with the dawn of Gmail, for which I received an invite back then, I realized that I could save space on my PC and keep emails for longer and have them retrieved just like with OE and still have most of OE's functionality.

    At about the same time, or just a bit earlier (can't really remember) -- I was and avid anti-spam enthusiast (posting and reading news.admin.net-abuse.email (nanae) and checking in with the "local" Lumber Cartel (using "Clue by four"s on spammers) since the late 90s ) -- I got wind of SC and started reporting spam through SC where before I used to check the headers myself and report manually to the entities responsible for the source, having occasionally had the pleasure to receive "kill" confirmations from AB (Afterburner) and Nyarla (Nyarlathotep) at Erols/RCN (there were others, but the names escape me...) aaaaaaaaanyway back to ... (where was I? oh, yeah!)  ok, so several of my email accounts I had back then were discontinued because the companies I had them with started closing up shop or just discontinued their email services and I found myself with just about 4 or so email providers left finding no need for trying out new things so with that I stayed with gmail as my main email utility and got rid of OE and as I mentioned, didn't need a replacement so I didn't know about the developments of TB (although I do use FF 😉 )

    I know, the above had nothing to to with the current thread, just an anecdote that came to mind while reading Lking's reply.

    I do hope though, @Dracosse's "No Headers" problem gets resolved.

  15. 7 hours ago, Lking said:

    Hotmail, gmail, outlook have been known to make changes, without notice or acknowledgement. Not sure why others have not reported similar issues.

    Good research @RobiBue

    Thanks 🙂

    Hotmail and Outlook are MS, so they would be affected the same way ;) although losing the Received: headers wouldn't benefit either Google nor M$ unless they would come up with a special way to trace the emails back to the source, so I don't think that's the issue here.

    Both Google and M$ have changed their Mx/mail server addresses internally or switched to a "local" IPv6 that isn't (or actually wasn't) recognized by SC. (the latter has changed to my knowledge though)

    There is still something else that changed that is dropping those Return: headers for the OP.

    Is Thunderbird still in development? I mean, is it possible that they changed something when emails are attached that makes them lose those header parts?

    I know, I'm grasping at straws but I have no other ideas... :(

  16. 1 hour ago, Dracosse said:

    <spam email removed>

    ok, with a bit of line removing and space inserting due to format-/copy-/pasting, I created three reports (although I cancelled them since they are not mine 😉 )

    First report with all headers: https://www.spamcop.net/sc?id=z6600908248z14fbf5e205d3bbcd06daf68b834afaa8z

    This one places hotmail.com in the offending party (but that's because of misconfigured servers on their side.)

    Second report (removing the misconfigured server received line (that's the topmost received line)): https://www.spamcop.net/sc?id=z6600909520z2c8b6de1573c6d56a4a1eda8247ebffez

    This one puts Google now on the hot plate.

    The third one I had removed both outlook server received headers (both the topmost received lines): https://www.spamcop.net/sc?id=z6600908461z0b3a82e2691b331270100d71daed223cz

    as is clear, this one also places google in the hot seat.

    Somehow when you forward/attach them, (I don't know how) all the received lines vanish in your reported spam. when you copy it like you did above, all headers are there (although they need to be cleaned up to the correct format.)

    Dracosse, something must have changed this last 3-4 weeks since you've been having trouble reporting.

  17. 10 hours ago, Dracosse said:

    Many years ago I complained to the IT Admin at my place of work about all the spam I was receiving. ---Long story greatly shortened--- he showed me how to create email addresses that are specifically designed to harvest spam, how to add those email addresses to the spammers list of addresses and how to use Spamcop to report those spam messages that I receive. Some of my spam dedicated addresses are more fruitful than others and these days I only use Hotmail, Outlook and Comcast email because I no longer have access to my old corporate account. A few accounts only receive 2 or 3 messages an hour.
    On those accounts I use the "Move to Junk Again" feature to transfer the few messages into a Junk folder of a different email account.
    This makes it simpler for me to report multiple messages [12-13] at a time to Spamcop.


    create email addresses that are specifically designed to harvest spam

    in a way also known as "honeypots", but those should be redirected directly to a spamcop honeypot account (not sure if they still have them) and you wouldn't have to to anything but let it roll... at least that was my understanding back then.

    (honeypots are also email addresses that are hidden in a website, and no real person would ever see them while browsing/visiting unless they look at the raw html page. webcrawlers used by spammers usually pick them up and add them to their database.)

    sorry, the  text file is not accessible, but that's ok. if it doesn't contain received headers, then it's not good anyway.

    maybe someone else has an idea why received headers are missing in an email message that relies on received headers to operate correctly for handoffs and tracking history.

    MTAs are supposed to add those received lines upon receipt of the email in their system.

  18. On 12/12/2019 at 10:30 AM, Dracosse said:

    I have been submitting spam to SpamCop for years but I'm afraid that I don't have the experience or the terminology to always understand what I read in the forums. Please don't come down on me if I am duplicating other requests.

    As LKing can attest I have been posting in the lounge a problem that has been plaguing me for the last 2 or 3 weeks.  I'm not getting any support from Hotmail or Outlook admins either. The problem is that I receive literally hundreds of spam messages every day and Spamcop reports "No source IP Address Found", "Probably not full headers, See FAQ". I use Thunderbird to forward messages as attachments. Because of this I provide Spamcop with the entire message.

    I would like to request a feature that I can turn on or off that would allow Spamcop to NOT send me a link that reports the no IP address condition. Below I provide examples of my problem.




    from the other thread, I understand that you submit the spam as attachment using thunderbird.

    from the reporting URLs I can see that although the headers are there, the Received: headers are missing.

    this is somewhat "unconventional", since every email that arrives in a mailbox gets those Received: headers added to it.

    I need to ask, do you remove them from the spam/junk folder? (I saw that in the other thread there is the option to "Move to "junk" again")

    is it possible that thunderbird removes the Received: headers when the messages are removed from the junk folder (or flagged as "not spam")?


    Maybe there is some pattern there.

    if you look at the headers directly in hotmail or outlook, are the Received: headers there or are they missing?

  19. On 11/2/2019 at 3:29 PM, Art101 said:

    The internet was the most important advance in human communication since the invention of the printing press. It's hijacked by spammers, phishers, massive money-grubbing corporate interests, governments that leverage it to keep us stupid and scared, and related nightmares.


    🙂 and don't forget social media 🙂

  20. 44 minutes ago, kolor said:

    Lking you just joke form my English .Try to write Polish language .If you can.

    I just do not understand all then I just [...] ASK !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    let's all take a step back and take a breath.

    1. you, as OP (original poster) asked about a link in spam to "nospammer.net"
    2. Lking then pointed out the body of the spam showed the "no spam" link implying that the whole spam including link is all spam.
    3. you then ask if you should report the spam
    4. lking replies "yes" (he would report it if he received that spam)

    I feel better after having taken a few breaths of fresh air ;)

    now as an aside, I didn't see any joke anywhere, so I'll post one:

    • How many psychiatrists does it take to change a lightbulb?
    • only one; but the lightbulb has to really want to change!