RobiBue
-
Posts
453 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by RobiBue
-
-
There are mailservers who use their own blocklists (but used to use the SCBL) and left the spamcop[dot]net message either by overlooking it, or just due to laziness, and you might think that SC could be the culprit from blocking emails.
Sendgrid does have a spammer problem (I get my occasional share) and as an example (I will just post a quick link of one of my fairly recent abuse links <-- well the [refresh/show] cache link
[refresh/show] Cached whois for 167.89.118.35 : abuse[at]sendgrid[dot]com Using best contacts abuse#sendgrid[dot]com[at]devnull[dot]spamcopdot]net
as you can see, sendgrid is /dev/nulled right off the bat
-
5 hours ago, Noreen Rucinski said:you accepted my email but block it to others, whywhat do you see that my go daddy site doesnt see!!Noreen
you provided your email address (tbh I would munge that, so spammers who frequent these forums can't abuse it) but checking it towards spamcop and blocklists I see no problem there.
now I presume that you received a message either through godaddy or from somewhere else saying that your email was blocked.
if that is the case, then the mail provider you are using has (or had) a spammer problem and might be getting blocked by some private blocklists who put in their reply that they are using the SCBL (SpamCop Block List) but are not, instead it's their own BL (Block List) and they don't have the ability or capability to automatically update it but have to do it manually. Many times that leaves old entries unchecked and actively blocked.You might want to check directly with the provider that blocked you and explain your situation.
Either way, good luck.
-
Seems like it. Thanks for the heads-up 👍
Somebody must have read the grievances and noticed the mistake
Thanks Cisco/Ironport (
orand whoever had their say) for changing it back to at least 2 days 🙏 -
my scri_pt breaks it down to a maximum of 20 and if there are more it breaks it down into several submission emails (just checked: on June 24th 2018 I submitted 76 spam messages 😁)
The problem I have now, is that I have toa) manually start the scri_pt, and
b) wait until SC has them ready (sends the confirmation email(s) backbut If I' running late, I don't have time to wait for the confirmation emails until I get back from work, and then, sometimes I run into the problem that I don't have time to react to the confirmations right away when I get back home and so I lost 3 spam reports due to the new "has to be less than 1 day old" limitation...
-
Eventually they will want the reports within 1 minute, or even 1 second? at least if the trend continues.... 😞
Pardon my negativity here -
QuoteSorry, this email is too old to file a spam report. You must report spam within 1 days of receipt. This mail was received on Mon, 21 Nov 2022 13:57:39 -0800
Message is 36 hours old
https://www.spamcop.net/sc?id=z6786521132zfa608a49023b1c68b7755922fa18db6cz
and 7 to 8 hrs prior to this message: just barely over 24 hours.... This change will affect many of my submissions as I submit them when I log on, but don't always have time to report them right after they are ready...
-
well, this seems to be new. I used to be able to report within two days (I think it used to be less than 48 hrs) but now. when I don't have time to report "right off the bat" ( I also have a life outside spam fighting) the spam is old and stale after 24 hours...
Thank you Cisco/Ironport for throwing me under the bus. I guess my spam fighting time is over....
Bad move 👎
-
depending on what email software you're using you can send the emails as attachment to spamcop
https://forum.spamcop.net/topic/6510-simple-instructions
It's an old post, and sadly Miss Betsy is no longer among us, but that's the way I submit my spams -- as attachments.
HTH
-
I went ahead and reported my spam directly to abuse@microsoft.com with a note that they should get in touch with SC to correct the bounce issue (the address at SC was changed on November-5-2022 3:51:49 PM -0500)
(of course I also ran it through SC just to feed the SCBL ...)
I also told them that I expect a full investigation of the spam and not just an "unsubscribe" since that causes more spam 99.9% of the time...
let's see what happens 🤪
-
interesting:
https://www.abuseipdb.com/check/40.107.6.107and https://www.abuseipdb.com/whois/40.107.6.107
LOL! I did do a "self-search" of abuseipdb.com with their own tool and they are hosted on
cough cough
cloudflare cough cough
who has a spam problem themselves LOL
I thought I needed to throw that tidbit of information in there 🤣 -
5 hours ago, petzl said:
me thinks a troll
¯\_(ツ)_/¯ Possibly (•ˋ‸‸‸ˊ•)
-
16 hours ago, bouarfalisted said:
Wow, that's really messed up! I'm so sorry that you had to go through that. It sounds like you're handling it really well, though. I'm sure whoever sent that message is just trying to scam people, and they don't actually have anything on you. So don't worry about it too much. Just be careful in the future, and maybe consider using a different email address for important things. If you are concerned about such types of emails, you can contact the experts from digital forensics [link removed] to deal with such problems. Thanks for reporting it, too! We need to make sure that people know this kind of thing is going on so that they can be more aware and hopefully avoid it.
hate to ask: is this a "shameless plug"?
you noticed that this thread had been inactive for over 4 years? -
for IP 164.100.134.57 SC says:Tracking message source: 164.100.134.57:
Routing details for 164.100.134.57
Report routing for 164.100.134.57: abuse AT nic DOT in
I refuse to bother abuse AT nic DOT inwhile I understand that SC "refuses to bother" the nic.in address, SC entry in the routing details clearly states that
routeid: 78637626 164.100.0.0 - 164.100.255.255 to: abuse@nic.in Administrator interested in all reports
-->Administrator interested in all reports <--
so the refuses to bother command should be removed for that block.
Additionally if I check apnic, there is an entry:
% Information related to '164.100.134.0/24AS55824'
and by checking AS55824
% Information related to 'AS55824' % Abuse contact for 'AS55824' is 'abuseteam AT nkn DOT in'
and:
remarks: abuseteam AT nkn DOT in was validated on 2022-08-23
Entries for that block should be updated. I did ask nic.in and nkn.in to update their apnic records to correctly return the right abuse contact(s)
-
looking at that block, it's an afrinic registered network:
whois -h whois.afrinic.net '169.159.69.180'
inetnum: 169.159.64.0 - 169.159.95.255 netname: Lagos-core-public descr: Smile Telecoms Nigeria- Lagos Core via London country: NG admin-c: SC6-AFRINIC tech-c: SK59-AFRINIC tech-c: SC6-AFRINIC status: ASSIGNED PA remarks: Smile Telecoms Nigeria- Lagos Core remarks: Abuse : - Abuse@smilecoms.com mnt-by: SMILE-NG-MNT source: AFRINIC # Filtered
Nigeria... why am I not surprised...
anyway... remarks: Abuse : - Abuse@smilecoms.comBUT: Chopra is in South Africa??? J'burg??? smile communications doesn't even operate there...
person: Sudhir Chopra address: Postnet Suite 605 address: Private Bag X5 address: Fourways North address: 2086 address: South Africa address: Johannesburg 2191 address: South Africa phone: tel:+234-812-793-1879 fax-no: tel:+27-86-677-6750 nic-hdl: SC6-AFRINIC mnt-by: SMILE27-MNT source: AFRINIC # Filtered
and
person: Sudeep Kumar address: 39C, Ahmed Onibudo address: Off Adeola Hopewell Postal Code 101241 address: Victoria Island address: Lagos address: Nigeria phone: tel:+234-812-793-1879 nic-hdl: SK59-AFRINIC mnt-by: GENERATED-XPO95DARB1DY22LF7O31GLFGFL7EMLTB-MNT source: AFRINIC # Filtered
what I would do in this case is get in touch through
https://www.smilecoms.com/contactusand also to fix their contacts in whois:afrinic by adding the abuse entry the way it should be done properly.
-
11 hours ago, emanmb said:
I post the whole thing. The spams that are too large for SC get truncated automatically. This is the link to see a report that I just did today did not go thru AND was truncated by SC.
https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z
looking at the headers, there are only two Received: lines
-
Received: from 127.0.0.1
by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Thu, 27 Oct 2022 17:34:26 +0000 -
Received: from 52.100.223.201 (EHLO APC01-TYZ-obe.outbound.protection.outlook.com)
Thu, 27 Oct 2022 17:34:26 +0000
by 10.215.174.32 with SMTPs
(version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
and 52.100.223.201 is mail-tyzapc01hn2201.outbound.protection.outlook.com which is an outlook/hotmail/microsoft mail relay.
Apparently microsoft does their own headers which makes it impossible for spamcop to go further back, and since the mailhosts are set up, there is nothing to do since SC looks at the trusted relay as "innocent".Since I do not have mailhosts set up, here's what I get (I didn't get the whole body, but kept the top part of it and canceled the report since it's not mine to report):
https://www.spamcop.net/sc?id=z6782310652z69578185aa66c193943713af62cd294bz -
-
-
6 hours ago, lartingyou said:
I hope you can reconsider. 🙏
Just to point out, Lking is a forum admin and has nothing to do with the way SC works. He just has more experience during all these years he's been doing it
Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.
You also have to take into consideration that SC checks the different databases be it for IP or for domain abuse addresses. Many of those abuse addresses get their mailbox full really quick if a spam slew is happening and therefore SC gets bounces and, even though the IP is entered in the SCBL, the report then ends up going to /dev/nul to save bandwidth since it would be returned undeliverable anyway....HTH
-
always pleased to help ([if|when] I can)
-
4 hours ago, LodeHere said:
I had to search for what a TLD is. 😀
So it would be (if I understand it well) "spam.spamcop.net" that they would have to add to their whitelist.
actually, the TLD for spamcop.net is just <net> (that's the Top Level Domain - TLD) like .com, .edu, .info, .tv, .gov, and so on.
spamcop (in spamcop.net) is the domain name.
subdomains for spamcop are, among others:bounces.spamcop.net
devnull.spamcop.net
spam.spamcop.netyou would want spamcop.net whitelisted, including its subdomains.
-
On 10/12/2022 at 9:31 AM, rpprevost said:
To: ArtmakersWorlds
I tried the solutions Petzl mentioned on 9/28, and it worked. Follow the instructions in his last comment. Basically, you need to log in to SpamCop. Click the "Mailhost" tab at the top. Then delete any registrations you have previously set up. They'll each be shown on that page.
I believe he did (according to his message). BTW you did a great job explaining what some of us tried to do! Thank you rpprevost!
On 10/9/2022 at 10:42 AM, ArtmakersWorlds said:That being said I did delete my email in the mail host tab and so far it's been working fine.
and ArtmakersWorlds, I hope it continues to work fine
-
With
this is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report )Parsing header: Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Tue, 27 Sep 2022 17:31:58 +0000 host 127.0.0.1 (getting name) no name 127.0.0.1 discarded Received: from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000 host 185.232.170.246 = stop.tropos.fun. (cached) stop.tropos.fun. is 185.232.170.246 Possible spammer: 185.232.170.246 Received line accepted Tracking message source: 185.232.170.246: Routing details for 185.232.170.246 [refresh/show] Cached whois for 185.232.170.246 : audit[at]firstbyte[dot]pro Using last resort contacts audit[at]firstbyte[dot]pro
this doesn't give me
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed. -
1 hour ago, petzl said:
I have never reported spam from yahoo email
Tried on one of the SpamCop Mailhost replies
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z
seems to work (I use a VPN)Honestly, I have no idea how the mailhosts configuration works, as I personally have no use for it as it stands.
What I did notice though, on your parse, there is the last (or first for that matter) Received: header which is as follows:Received: from [191.101.210.140] by spamcop.net with HTTP; Tue, 20 Sep 2022 23:37:40 GMT
To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.
-
32 minutes ago, petzl said:
If it's not broken don't fix it.
I have used mailhosts since they began and no troubles.I agree there, but somehow for ArtmakersWorld it seems broken. So either the fix for him could be
a) delete the mailhosts and reinstate them correctly, or
b) delete the mailhosts (and have none just like I have no mailhosts)I have no mailhosts and have no troubles either
-
@ArtmakersWorlds, it's a pity; you have been a member with SpamCop for at least 10 years. I know it's frustrating sometimes.
What I would do is just delete the mailhost entries in the settings.
- If that is a bad idea, then I would like for someone to tell me why, since I have no mailhost entries in my settings and it all works fine...
Get Threatening Emails From My Account
in SpamCop Lounge
Posted
definitely a scam to get money (or bitcoins)...
I actually report it to the originating provider...
haven't received one in a long time now... used to get them frequently...