[Get Threatening Emails From My Account]

definitely a scam to get money (or bitcoins)...
I actually report it to the originating provider...
haven't received one in a long time now... used to get them frequently...

[Message blocked but IP is not on blacklist]

There are mailservers who use their own blocklists (but used to use the SCBL) and left the spamcop[dot]net message either by overlooking it, or just due to laziness, and you might think that SC could be the culprit from blocking emails.
Sendgrid does have a spammer problem (I get my occasional share) and as an example (I will just post a quick link of one of my fairly recent abuse links <-- well the [refresh/show] cache link
 

[refresh/show] Cached whois for 167.89.118.35 : abuse[at]sendgrid[dot]com
Using best contacts abuse#sendgrid[dot]com[at]devnull[dot]spamcopdot]net

as you can see, sendgrid is /dev/nulled right off the bat

[you accepted my email but block it to others, why]

5 hours ago, Noreen Rucinski said:

noreen[AT]schneiderrucinskienterprises[DOT]com

you accepted my email but block it to others, why

what do you see that my go daddy site doesnt see!! 

 

Noreen 

you provided your email address (tbh I would munge that, so spammers who frequent these forums can't abuse it) but checking it towards spamcop and blocklists I see no problem there.
now I presume that you received a message either through godaddy or from somewhere else saying that your email was blocked.
if that is the case, then the mail provider you are using has (or had) a spammer problem and might be getting blocked by some private blocklists who put in their reply that they are using the SCBL (SpamCop Block List) but are not, instead it's their own BL (Block List) and they don't have the ability or capability to automatically update it but have to do it manually. Many times that leaves old entries unchecked and actively blocked.

You might want to check directly with the provider that blocked you and explain your situation.

Either way, good luck.

[must be reported within 1 day...]

Seems like it. Thanks for the heads-up 👍

Somebody must have read the grievances and noticed the mistake  

Thanks Cisco/Ironport (or and whoever had their say) for changing it back to at least 2 days 🙏

[sending spam emails via email]

my scri_pt breaks it down to a maximum of 20 and if there are more it breaks it down into several submission emails (just checked: on June 24th 2018 I submitted 76 spam messages 😁)
The problem I have now, is that I have to

a) manually start the scri_pt, and
b) wait until SC has them ready (sends the confirmation email(s) back

but If I' running late, I don't have time to wait for the confirmation emails until I get back from work, and then, sometimes I run into the problem that I don't have time to react to the confirmations right away when I get back home and so I lost 3 spam reports due to the new "has to be less than 1 day old" limitation...

[must be reported within 1 day...]

Eventually they will want the reports within 1 minute, or even 1 second? at least if the trend continues.... 😞

Pardon my negativity here

[must be reported within 1 day...]

Quote

Sorry, this email is too old to file a spam report. You must report spam within 1 days of receipt. This mail was received on Mon, 21 Nov 2022 13:57:39 -0800

Message is 36 hours old

https://www.spamcop.net/sc?id=z6786521132zfa608a49023b1c68b7755922fa18db6cz

and 7 to 8 hrs prior to this message: just barely over 24 hours.... This change will affect many of my submissions as I submit them when I log on, but don't always have time to report them right after they are ready...

[must be reported within 1 day...]

well, this seems to be new. I used to be able to report within two days (I think it used to be less than 48 hrs) but now. when I don't have time to report "right off the bat" ( I also have a life outside spam fighting) the spam is old and stale after 24 hours...

 

Thank you Cisco/Ironport for throwing me under the bus. I guess my spam fighting time is over....

Bad move 👎

[sending spam emails via email]

depending on what email software you're using you can send the emails as attachment to spamcop

https://forum.spamcop.net/topic/6510-simple-instructions

It's an old post, and sadly Miss Betsy is no longer among us, but that's the way I submit my spams -- as attachments.

HTH

 

 

[spam from Microsoft]

I went ahead and reported my spam directly to abuse@microsoft.com with a note that they should get in touch with SC to correct the bounce issue (the address at SC was changed on November-5-2022 3:51:49 PM -0500)

(of course I also ran it through SC just to feed the SCBL ...)

I also told them that I expect a full investigation of the spam and not just an "unsubscribe" since that causes more spam 99.9% of the time...

let's see what happens 🤪

 

[spam from Microsoft]

interesting:
https://www.abuseipdb.com/check/40.107.6.107

and https://www.abuseipdb.com/whois/40.107.6.107

LOL! I did do a "self-search" of abuseipdb.com with their own tool and they are hosted on
cough cough
cloudflare cough cough
who has a spam problem themselves LOL
I thought I needed to throw that tidbit of information in there 🤣

[Report of blackmail spam sent but now what?]

5 hours ago, petzl said:

me thinks a troll

¯\_(ツ)_/¯     Possibly    (•ˋ‸‸‸ˊ•)

[Report of blackmail spam sent but now what?]

16 hours ago, bouarfalisted said:

Wow, that's really messed up! I'm so sorry that you had to go through that. It sounds like you're handling it really well, though. I'm sure whoever sent that message is just trying to scam people, and they don't actually have anything on you. So don't worry about it too much. Just be careful in the future, and maybe consider using a different email address for important things. If you are concerned about such types of emails, you can contact the experts from digital forensics [link removed]   to deal with such problems. Thanks for reporting it, too! We need to make sure that people know this kind of thing is going on so that they can be more aware and hopefully avoid it.

hate to ask: is this a "shameless plug"?
you noticed that this thread had been inactive for over 4 years?

[incorrect abuse contact for IP 164.100.134.57]

for IP 164.100.134.57 SC says:

 

Tracking message source: 164.100.134.57:

Routing details for 164.100.134.57
Report routing for 164.100.134.57: abuse AT nic DOT in
I refuse to bother abuse AT nic DOT in

while I understand that SC "refuses to bother" the nic.in address, SC entry in the routing details clearly states that

routeid: 78637626 164.100.0.0 - 164.100.255.255 to: abuse@nic.in
Administrator interested in all reports

-->Administrator interested in all reports <--

so the refuses to bother command should be removed for that block.

Additionally if I check apnic, there is an entry:

% Information related to '164.100.134.0/24AS55824'

and by checking AS55824

% Information related to 'AS55824'

% Abuse contact for 'AS55824' is 'abuseteam AT nkn DOT in'

and:

remarks:	abuseteam AT nkn DOT in was validated on 2022-08-23

Entries for that block should be updated. I did ask nic.in and nkn.in to update their apnic records to correctly return the right abuse contact(s)

[Invalid abuse contact for 169.159.69.180]

looking at that block, it's an afrinic registered network:

whois -h whois.afrinic.net '169.159.69.180'

inetnum:        169.159.64.0 - 169.159.95.255
netname:        Lagos-core-public
descr:          Smile Telecoms Nigeria- Lagos Core via London
country:        NG
admin-c:        SC6-AFRINIC
tech-c:         SK59-AFRINIC
tech-c:         SC6-AFRINIC
status:         ASSIGNED PA
remarks:        Smile Telecoms Nigeria- Lagos Core
remarks:        Abuse : - Abuse@smilecoms.com
mnt-by:         SMILE-NG-MNT
source:         AFRINIC # Filtered

Nigeria... why am I not surprised...
anyway... remarks:        Abuse : - Abuse@smilecoms.com

BUT: Chopra is in South Africa??? J'burg??? smile communications doesn't even operate there...

person:         Sudhir Chopra
address:        Postnet Suite 605
address:        Private Bag X5
address:        Fourways North
address:        2086
address:        South Africa
address:        Johannesburg 2191
address:        South Africa
phone:          tel:+234-812-793-1879
fax-no:         tel:+27-86-677-6750
nic-hdl:        SC6-AFRINIC
mnt-by:         SMILE27-MNT
source:         AFRINIC # Filtered

and
 

person:         Sudeep Kumar
address:        39C, Ahmed Onibudo
address:        Off Adeola Hopewell Postal Code 101241
address:        Victoria Island
address:        Lagos
address:        Nigeria
phone:          tel:+234-812-793-1879
nic-hdl:        SK59-AFRINIC
mnt-by:         GENERATED-XPO95DARB1DY22LF7O31GLFGFL7EMLTB-MNT
source:         AFRINIC # Filtered

what I would do in this case is get in touch through
https://www.smilecoms.com/contactus

and also to fix their contacts in whois:afrinic by adding the abuse entry the way it should be done properly.

[Cannot Register Original Email]

11 hours ago, emanmb said:

I post the whole thing.  The spams that are too large for SC get truncated automatically.  This is the link to see a report that I just did today did not go thru AND was truncated by SC.

https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z

looking at the headers, there are only two Received: lines

1. Received: from 127.0.0.1
     by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Thu, 27 Oct 2022 17:34:26 +0000

2. Received: from 52.100.223.201 (EHLO APC01-TYZ-obe.outbound.protection.outlook.com)
     by 10.215.174.32 with SMTPs
     (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);

     Thu, 27 Oct 2022 17:34:26 +0000

and 52.100.223.201 is mail-tyzapc01hn2201.outbound.protection.outlook.com which is an outlook/hotmail/microsoft mail relay.
Apparently microsoft does their own headers which makes it impossible for spamcop to go further back, and since the mailhosts are set up, there is nothing to do since SC looks at the trusted relay as "innocent".

Since I do not have mailhosts set up, here's what I get (I didn't get the whole body, but kept the top part of it and canceled the report since it's not mine to report):
https://www.spamcop.net/sc?id=z6782310652z69578185aa66c193943713af62cd294bz

[Cannot Register Original Email]

6 hours ago, emanmb said:

Then first thing this morning 3 in a row lol.  

 

have you tried deleting the mailhosts and submitting the spam without mailhosts set up? I don't have mailhosts and it seems to work on my end without them...

might be worth a try...

[TinyURL.com -- can spamcop send reports to abuse@tinyurl.com (rather than abuse@cloudflare.com)?]

6 hours ago, lartingyou said:

I hope you can reconsider. 🙏

Just to point out, Lking is a forum admin and has nothing to do with the way SC works. He just has more experience during all these years he's been doing it
Back in the days when Julian set up SC, everything was fluid and you might have gotten through to have bitly and tinyurl report to said addresses.
Unfortunately Cisco/IronPort is now at the helm of the ship and things work differently.
You also have to take into consideration that SC checks the different databases be it for IP or for domain abuse addresses. Many of those abuse addresses get their mailbox full really quick if a spam slew is happening and therefore SC gets bounces and, even though the IP is entered in the SCBL, the report then ends up going to /dev/nul to save bandwidth since it would be returned undeliverable anyway....

 

HTH

[My ISP is bouncing Spamcop]

always pleased to help ([if|when] I can)

[My ISP is bouncing Spamcop]

4 hours ago, LodeHere said:

I had to search for what a TLD is. 😀

So it would be (if I understand it well) "spam.spamcop.net" that they would have to add to their whitelist.

 

actually, the TLD for spamcop.net is just <net> (that's the Top Level Domain - TLD) like .com, .edu, .info, .tv, .gov, and so on.
spamcop (in spamcop.net) is the domain name.
subdomains for spamcop are, among others:

bounces.spamcop.net
devnull.spamcop.net
spam.spamcop.net

 

you would want spamcop.net whitelisted, including its subdomains.

[problem reporting spam]

On 10/12/2022 at 9:31 AM, rpprevost said:

To: ArtmakersWorlds

I tried the solutions Petzl mentioned on 9/28, and it worked. Follow the instructions in his last comment. Basically, you need to log in to SpamCop. Click the "Mailhost" tab at the top. Then delete any registrations you have previously set up. They'll each be shown on that page.

I believe he did (according to his message). BTW you did  a great job explaining what some of us tried to do! Thank you rpprevost!

On 10/9/2022 at 10:42 AM, ArtmakersWorlds said:

That being said I did delete my email in the mail host tab and so far it's been working fine.

and ArtmakersWorlds, I hope it continues to work fine

[problem reporting spam]

With

this is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report )

Parsing header:

Received:  from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Tue, 27 Sep 2022 17:31:58 +0000
host 127.0.0.1 (getting name) no name
127.0.0.1 discarded

Received:  from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000
host 185.232.170.246 = stop.tropos.fun. (cached)
stop.tropos.fun. is 185.232.170.246
Possible spammer: 185.232.170.246
Received line accepted
Tracking message source: 185.232.170.246:
Routing details for 185.232.170.246
[refresh/show] Cached whois for 185.232.170.246 : audit[at]firstbyte[dot]pro
Using last resort contacts audit[at]firstbyte[dot]pro

this doesn't give me

Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.

[problem reporting spam]

1 hour ago, petzl said:

I have never reported spam from yahoo email
Tried on one of the SpamCop Mailhost replies
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z 
seems to work (I use a VPN)

Honestly, I have no idea how the mailhosts configuration works, as I personally have no use for it as it stands.
What I did notice though, on your parse, there is the last (or first for that matter) Received: header which is as follows:

Received: from [191.101.210.140] by spamcop.net
	with HTTP; Tue, 20 Sep 2022 23:37:40 GMT

To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.

[problem reporting spam]

32 minutes ago, petzl said:

If it's not broken don't fix it.
I have used mailhosts since they began and no troubles.

I agree there, but somehow for ArtmakersWorld it seems broken. So either the fix for him could be

a) delete the mailhosts and reinstate them correctly, or
b) delete the mailhosts (and have none just like I have no mailhosts)

I have no mailhosts and have no troubles either

[problem reporting spam]

@ArtmakersWorlds, it's a pity; you have been a member with SpamCop for at least 10 years. I know it's frustrating sometimes.

What I would do is just delete the mailhost entries in the settings.

• If that is a bad idea, then I would like for someone to tell me why, since I have no mailhost entries in my settings and it all works fine...