Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About MIG

  • Rank
    Advanced Member

Recent Profile Visitors

499 profile views
  1. GH may be wrong but for: 2402:bc00:0:a216:0:0:19:124, GH gets: abuse@ene.megaegg.ne.jp
  2. Hey Klappa & Lisati, Yep, the SCR Help R&RA is there, is a good resource, and (my understanding) is that it's for corrections, whereas, GH sees the pinned table as a repository of additional addresses, built from info posted by SCF members who, every so often mention (an address) as being an effective end point when they reached out for assistance with knocking off a spammers head互
  3. Thanks Petzl, Alice broke the looking glassGH
  4. Thank you Lisati, GH
  5. Nifty tool, automatic "check email address" popup when visiting sites that have had data breaches. Breach data provided by HaveIBeenPwned. Pulled up a site I've never heard of, let alone knew I was registered on GH https://www.bankinfosecurity.com/breach-verificationsio-exposes-763-million-records-a-12158
  6. Thank you Petzl, "them" = ? Why then did L3 send the report to the registered abuse address and notify me? GH feels like Alice...
  7. Hey Lisati, Sorry I didn't acknowledge your post, didn't see it... need new eyes.. Thanks for the explanation, "keep an eye, special handling" GH can understand... Re "report now", yes I didn't clear/cancel the 2nd parse - thanks "TEAM!"
  8. Thanks Petzl, Geez, GH thought SCA was Lvl3. Anyhoo, it just got weirder, I received an email from SFB@L3 thanking me for notifying an abuse address I didn't notify I simply do not understand why SCparser doesn't know "that" abuse address, why does it have to go all the way to Lvl3? (feels like dealing with KGBMi5FBi)... Re "submitted SC report", I did, I used account that has my email address as recipient, n then, I parsed with acc that has no email address so I could post the URL here.... 'Cause, as we know, SC doesn't have the facility to keep recipient email addresses private... Maybe I didn't cancel the 2nd parse, I'll check, thanks for the heads-up! Cheers! GH
  9. Hey Petzl, "Go to SCA", I understand, "Bitbinned, but not to SC", I don't. Why not devnull it with the regular redirect to SC? GH still confused... Cheers!
  10. Hello All, https://www.spamcop.net/sc?id=z6545751660z5e326ea89b256a6150d73e004fb98521z Is there a logical explanation for "I know this ISP's abuse address", as opposed to the actual information ?(which I know, unsure if I need to put it here) ? confused GH
  11. Hey Tesseract, Thank you! " common factor seems to be an invalid host name both for starting with . and for containing @ " I agree, using account with MailHosts configured - my results match yours, using an account without MailHosts, the results are: https://www.spamcop.net/sc?id=z6545556269zcc99c68f6b5503a9beee14fed8dfa944z https://www.spamcop.net/sc?id=z6545556709z3accdd54783b338901c40c748bee5947z https://www.spamcop.net/sc?id=z6545556992za7eece61ab47f04741f34bc8b0d86b17z G H
  12. Hey Jelmer, Welcome back, no apology necessary! MailHosts disabled: the successful parse was done with an account WITHOUT MailHosts, I'm reluctant to tamper with my SC account (with MailHosts) as they were a bugger to set up, reluctant to go thru that one again, "disabled" that's another thing all together.... NW/ changes, chk MailHosts: yep! Good idea. (a) (b) (c) Not always, my rule of thumb: if SC parser produces wonky results, I change accounts (MailHosts/No MailHosts) & reparse, if, both accounts are unable to successfully parse I start digging and come here for support... (d) Good idea. Cheers! G H嚜
  13. Hey Tesseract, I reparsed, firstly I removed: From MAILER-DAEMON Fri May 10 02:41:48 2019 Return-Path: <> X-Original-To: x Delivered-To: x I also amputated the embedded http links, not necessary to get a resolved parse, just based on my understanding of information provided by knowledgeable SCF members, each time a link is parsed it's a hit for the spammer... grrrr Results: https://www.spamcop.net/sc?id=z6545327526z3c3d9b7ea27f204c8c57cac8f816abb7z Re "removed" stuff, I probably can't explain without confusing everybody, however, the previously referenced knowledgeable SCF members, I'm sure, will pitch in with sage advice... I'm curious to test again if you'd like to share the other tracking URLs please? Cheers! G H
  14. MIG

    oath.com spam

    Got it.. I've seen those, they're bigger than my lounge/office combined Cheers! G H
  15. Hey oZoneCapHill, With all Outlook/Hotmail mail, the "original"/Classic or "new", was BETA, now referred to a "production" by MS, always remove the first: Received: from xxx all the way through to +0000 In the example you've submitted it's as follows: Received: from AM5EUR02HT165.eop-EUR02.prod.protection.outlook.com (2603:10b6:a02:a8::18) by BYAPR02MB4678.namprd02.prod.outlook.com with HTTPS via BYAPR03CA0005.NAMPRD03.PROD.OUTLOOK.COM; Sun, 5 May 2019 11:38:40 +0000 The explanation provided by SpamCop Admin (as to why it's optimal to do this), was/is: "A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so. Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means we can't trust their headers and will often take them as the source of the spam." Using the SC URL you've submitted I removed the above "Received, etc > +0000", ran it thru SC, using a SC account with MailHosts , this is the result: https://www.spamcop.net/sc?id=z6543932098z889c38dc916f2b763336930b55cf1af9z **** To address the MailHosts issue, (imo) the fastest, most successful & least painful (for you) solution, is to contact SC admin, provide details & ask for their assistance. Many folks have either had trouble setting up the hosts & or, having modified previously setup hosts, find the mods have "buggered" up spam being parsed successfully... **** Back to the SC URL you've provided: The 2nd issue (when the SC generates a result) is "no links detected", irrespective of the fact there are indeed embedded links... There's various good commentary, across SCF, as to why the parser may not detect links & why this is less of an issue than the parser not being able to parse the spam at all. I think from memory, these posts also contain: "try x", "try y", solutions, in some of the posts. With your specific URL, I'm unsure if the reason, is a failing by SC parser, or, the actual formatting in the message body. Again, with your specific URL, the links resolve to:, AS 45839 (Shinjiru Technology Sdn Bhd), abuseATshinjiruDOTcomDOTmy Condensing all of the above: with working hosts & modifying the spam, before presenting to SC parser, it would be good to see if there's better results. Cheers! GH