Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by RobiBue

  1. On 10/6/2019 at 12:21 PM, Lking said:

    The way the system works is sometimes confusing.  When you are logged in to SpamCop and follow a tracking URL to look at a report you see the un munged report.  If you log out and follow the tracking URL, you will see the munged report others see as RubiBue reported above.

    I use Firefox, and if I open the tracking URL in a “private tab” even if I’m logged in, the private tab won’t be logged in — the Login credentials don’t carry over into new private tabs — and you can see the munged report right away without logging out first (but it has to be in a private tab)

    In the following link, there are several ways explained on how to accomplish this with ie, Firefox, and chrome as well as other methods with the aforementioned browsers:


  2. 4 hours ago, Appleseed said:

    Ok, it seems that that guy is the same as OOO-Patent-Media etc. and their company Romanenko Stanislav Sergeevich are hosting those spamsite https://dnslytics.com/bgp/as47981

    So vvsg180@gmail.com is their and also hawk@diamondc.ru and stell_hawk@mail.ru

    So it is impossible to stop that spam, if SPAMCOP report to them. Just like i was guessing in my first post.  Spamcop report directly to spammer itself.

    If someone could find who is host behind of their IP range, then the report could send directly to that ISP.

    looks like their IPv4 peer is AS 31343 ( Intertelecom Ltd ) (got it from your dnslytics link ;) )

    It seems that Intertelecom is the only peer Romanenko has, so it is likely that he is their customer... maybe they don't know what's going on in their "backyard/neighbourhood" and then again, maybe they do and the money they get is good enough for them...


  3. 1 hour ago, Shoo said:

    So potentially....if I paste into notepad first and remove the extra CRLF, then copy and paste into the form it might work?

    In principle, yes, but to save time only remove the empty lines in the header, leaving however many empty lines there are after the header part intact including, as Lking said, the required blank line at the end of the header.

    I hope this makes sense... ;) 

    I believe the reason for the empty lines is *nix (Unix, Linux, etc...) to windows conversion, where *nix is LF and windows is CR/LF where one line converts to an extra CR so LF ends up being CR/LF —> CR/CR 

    CR=carriage return, LF=line feed

    somehow Microsoft still has problems converting them correctly 🤫🤓😫 (after 40 or so years of experience...)

    Wikipedia (issues with different new-line formats)

  4. the problem with hotmail/live.outlook/microsoft is that when you copy/paste you have an extra CR/LF (empty line) between each line and that disrupts the parser.

    i.e. I have this:


    which ends up looing like this in notepad:

    Received: from BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com
     (2603:10b6:406:80::21) by BN8PR14MB3108.namprd14.prod.outlook.com with HTTPS
     via BN7PR06CA0008.NAMPRD06.PROD.OUTLOOK.COM; Tue, 8 Oct 2019 17:12:07 +0000
    Received: from BN3NAM04FT064.eop-NAM04.prod.protection.outlook.com
     ( by BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com
     ( with Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.20; Tue, 8 Oct
     2019 17:12:07 +0000

    at least that's what I get, an empty line between each line

    see https://www.spamcop.net/sc?id=z6579716938z8475af47adf145b28b287648c1133132z


  5. Ah, the reason why you can't see the "coded email address" is because you have an ISP control center account.

    you might need to try out different links and options, like:

    clicking on [control center], or [preferences], or trying the [Action:] option other than [Find reports v] option: (I don't know what other options are in that list... as I don't have an ISP control center account)

    2077442515_Screenshot_2019-10-08SpamCopnet-Help.png.1d90ade6e7ed6b140b0eb40bb651bc86.png<-- this one here maybe...

    or wait until someone with such an account can help...

  6. 21 minutes ago, hank said:

    Using Mac Mail, I just right-click and "forward as attachment" to the Spamcop reporting address.

    got it. although now-a-days there are not many email programs that let you attach emails (including headers).

    forward them, yes, but you lose the mail's identity.

    I believe many email providers changed that to protect their breadgivers/spammers...

  7. 3 minutes ago, hank said:

    One problem with editing spam -- you have to open it.

    Not such a good idea when it may be loaded with malware.

    well, when you submit the spam (depending on the way you submit it -- specifically in my case, copying and pasting the spam into the submission box in SC) you already got the raw spam, and as long as you don't click on any spam links (and also have a reliable anti-virus running on your system) you should be all good ...

  8. SpamCop automatically does that (well, with the email address)

    see one of my submissions: https://www.spamcop.net/sc?id=z6578044857zc86d7fb1db68d76d82418caac89c33fbz

    Delivered-To: x
    Received: from fundamental.avisayon.com (fundamental.avisayon.com. [])
            by mx.google.com with ESMTP id q67si3118259wme.53.2019.
            for <x>;
    To: <x>
    To: <x>

    my email address entries are obscured as you can see in the link itself, and the names, well, I get spam emails addressed to different people that it doesn't bother me if they have RobiBue, MaryScott, or the Pope of Rome in the name ;)

  9. 25 minutes ago, dr_bobbs said:

    I don't understand why there must be body text. So, all a spammer has to do is put the spam message entirely in the subject line, with no body text, and then SpamCop is unable to process his spam? I get this message whenever I submit spam from a spammer who has recognized this way to be unreportable to SpamCop. When all spammers have figured this out, and put all their spam messages into the subject line with no body text, then SpamCop will become completely useless? So SpamCop is really so easy for spammers to get around? Am I missing something here?

    Question: before you submit the spam without body, are you able to write

    <empty line>
    spam completely encompassed in subject line

    with <empty line> actually being an empty line and not the words and angled brackets ;) ?

  10. if thunderbird takes after firefox then, unless habul gets worked on, the tool will be useless since xul is being removed permanently.

    sorry to be the bearer of bad news :( 

    BTW, I think I remember legolas... wasn't he also an abuse admin like afterburner and nyarlahotep?

  11. looking up the abuse.net db on mschosting .com shows the aforementioned list...


    hostmaster and postmaster addresses are AFAIR quite old (10+ years) and often not used anymore... therefore the bounces.

    The tmcops address could be an old entry as well and it was never updated...

    There is also another possibility that all the addresses DO exist, but they have been either neglected or forgotten and the mailbox filled up and overflowed... ergo another bounce...

    Officially, APNIC lists noc-abuse for the mentioned IP address as the abuse address


  12. 4 hours ago, shirayuki said:

    whois returns search-apnic-not-arin#apnic.net@devnull.spamcop.net


    Use whois.apnic.net instead of whois.arin.net as the mail address "search-apnic-not-arin" says.


    yeah, spamcop has a few issues with APNIC when looking up the addresses in ARIN. Unfortunately they are more than just a few 😞


  13. On 8/5/2019 at 11:06 PM, Steve said:

    Not sure exactly what you mean



    On a certain date, sendgrid probably asked SC not to send spam reports. On that date, or soon after, somebody manually devnulled the sendgrid abuse address. That date would be interesting to know, as well as the reason the address was devnulled. That's what Petzl means with

    On 8/5/2019 at 8:17 PM, petzl said:

    Would like to know when (date) occurred as this is often a legacy issue which may or may-not apply today?
    Some are from last millennium!

    perhaps someone with backstage access could shed some light, or clear up these murky waters 😉


  14. 18 hours ago, Lking said:

    Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

    The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

    On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.


    16 hours ago, petzl said:

    That's it.
    The solution is here I think
    Latest forum flood
    https://www.myfitnesspharm.cXm/total-life-maxx/  Cloudflare


    I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

    Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

  15. 17 hours ago, Lking said:

    Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

    Another way to look at it is

    • On "Thursday"  10 members visited the forum
    • 6 show 1 post and have 1 warning point (i.e. been band for spamming)
    • 2 have joined and not posted yet.
    • That leaves 2 members in good standing ( + me)

    If I read this correctly:

    1. 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me)
    2. 6 of the 10 have all been now banned for spamming and received a warning point (for posterity)
    3. this leaves 4 (including me and you) and 2 of them have not posted yet
    • so who posted the other 6 spams?

    I am a bit confused...

    And according to what you say, there aren’t enough people around to mark the spam...


  16. Oh dear, I think I created a monster 😉

    I haven't been active recently. just been popping in occasionally (lately)...

    Anyway, back to the discussion:

    I do believe that the login in created by carbon entities who are promised a certain amount for every successful post

    On 8/26/2019 at 10:02 PM, Lking said:

    I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

    I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

    approach 1) I think it's too complicated, as there are too many diverse systems floating around.

    approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best.

    approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch.


    So let's say it's carbon entities and not silicon based bots.

    Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working?

    My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.

  17. Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...

  18. On 8/10/2019 at 4:49 AM, Lking said:

    "And now for the rest of the story"   It seems that near the end of the workday Thursday a contractor working between Durango and Silverton, CO, USA was digging and cut the fiber cable.  It truly was an "oh sh**" moment because they just filled in the hole and went home..  As a result it took telo a while to find the break.  And yes the one and only fiber cable coming into town stops here.  No loop, no redundancy, no second path. ~~ A stub end right here.   It took 5yr of everyone yelling to get the fiber.  This county seat was the last county in Colorado to get something that "looked" like the internet.  Before it was a multi-link microwave shot over 2 mountain passes which carried all the phone service/what ever out of town. 

    Because of the mining industry that use to be here, electrical power, on the other hand, came in from both the north and south.  No power for the mines, then we are talking real money.  With the mines closed, there is probably enough extra power here to make our own dilithium crystals.

    WOW! wouldn't it have been easier for them to set up BPL? at least as redundancy?
    Internet: the final frontier. These are the enterprises of Telo. Its continuing mission: to communicate in strange new ways, to seek out new fiberoptic breaks and new dug-out holes, to boldly go where no internet has gone before. starship-enterprise-png-7.png

    Besides, who needs the fiberoptics if you have Dilithium crystals. Just transmit and receive with subspace amplifiers...

    Live long and prosper ok-emoji-png-finger-8.png  nyuk nyuk nyuk 🙂


  19. On 8/3/2019 at 2:35 PM, MIG said:

    Greetings all👋!  I hope everyone's well and you've all been behaving!?

    Would anyone care to cast their 👀s over this bit of scum pleeze?

    Issue is, apparently "no links found", 'cept, I can find 8 - 4 are enclosed in brackets (), not sure about them, 4 are standard, from my objs, they're the ones that've confuzzed moi,  why didn't SC "detect"?

    Yes Master, I know urls are secondary to source, but, but, but.....


    VT tells me urls resolve to = netops@singlehop.com, source = = singlehop.net

    Anyone care to share their wisdom please?

    I remain, a grateful G🦗H🙏



    I don't know why the links don't appear in the report. I see them both, in the text/plain part, as well as in the text/html part

    of course, I also don't know why you'd be getting spam in German... unless the spammer thinks you're in Austria 🤣

    but yes, netops at singlehop dot net would be the place to send the link reports to.

    3 of them are links, and one is an image...

  20. 4 hours ago, gnarlymarley said:

    interesting, I have wondered if the spammers had a hidden account that was only created to verify that they the emails the forum sends out has their spam.  Though, I would lean more toward an account they created about two years ago for that.

    well, it is very possible, that those 2 are legit, just found SC, and decided to sign up in the forum.