Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by MIG

  1. Hey Rajasekar.svel, Without a working tracking URL it's a little difficult to offer commentary, however, are you posting that you've had a positive result from Zoho Abuse Monitoring Desk? In which case super! If I've misunderstood, please post a working SC tracking URL? Also, just for accuracy, SCA advise: remove the 1st/first [ Received: etc to +0000] It may well be that removing the top two [ Received: etc ] is also effective, but (imo) I don't think so, I'll test this method & post back. Cheers! G🦗H
  2. Hey Petzl, There's quite a few using this method. I've noticed Hetzner do take action on receipt of submission/s. Cheers! G🦗H
  3. Hey Gnarlymarley, I'm all for understanding👍 No, I wasn't referring to https://www.spamcop.net/sc?action=showroute x I was suggesting a pinned topic/table exist in SC Forum, collating addresses that SC doesn't identify BUT SC members have shown to be effective spam fighting endpoints. Cheers! G🦗H
  4. Hello All, The idea for an address table/pinned topic, was not that it was open to anyone to post the info, rather it was/is a repository of all "effective/helpful" addresses SC parser is not identifying, managed by SCFA. (I offered to do the grunt work if SCF Admins or whomever currently carries the work/maintenance burden wanted some willing assistance). This translates to, the table/topic existing, any identified addresses forwarded to SCFA who'd then update the table/pinned topic. Cheers G🦗H
  5. G🦗H may be wrong but for: 2402:bc00:0:a216:0:0:19:124, G🦗H gets: abuse@ene.megaegg.ne.jp
  6. Hey Klappa & Lisati, Yep, the SCR Help R&RA is there, is a good resource, and (my understanding) is that it's for corrections, whereas, G🦗H sees the pinned table as a repository of additional addresses, built from info posted by SCF members who, every so often mention (an address) as being an effective end point when they reached out for assistance with knocking off a spammers head🤬
  7. Hello All, https://www.spamcop.net/sc?id=z6545751660z5e326ea89b256a6150d73e004fb98521z Is there a logical explanation for "I know this ISP's abuse address", as opposed to the actual information ?(which I know, unsure if I need to put it here) ? confused GH
  8. Thanks Petzl, Alice broke the looking glassG🦗H
  9. Thank you Lisati, G🦗H
  10. Nifty tool, automatic "check email address" popup when visiting sites that have had data breaches. Breach data provided by HaveIBeenPwned. Pulled up a site I've never heard of, let alone knew I was registered on😒 G🦗H https://www.bankinfosecurity.com/breach-verificationsio-exposes-763-million-records-a-12158
  11. Thank you Petzl, "them" = ? Why then did L3 send the report to the registered abuse address and notify me? G🦗H feels like Alice...
  12. Hey Lisati, Sorry I didn't acknowledge your post, didn't see it... need new eyes.. Thanks for the explanation, "keep an eye, special handling" GH can understand... Re "report now", yes I didn't clear/cancel the 2nd parse - thanks "TEAM😁!"
  13. Thanks Petzl, Geez, GH thought SCA was Lvl3😩. Anyhoo, it just got weirder, I received an email from SFB@L3 thanking me for notifying an abuse address I didn't notify😵 I simply do not understand why SCparser doesn't know "that" abuse address, why does it have to go all the way to Lvl3? (feels like dealing with KGBMi5FBi)... Re "submitted SC report", I did, I used account that has my email address as recipient, n then, I parsed with acc that has no email address so I could post the URL here.... 'Cause, as we know, SC doesn't have the facility to keep recipient email addresses private... Maybe I didn't cancel the 2nd parse, I'll check, thanks for the heads-up! Cheers! GH
  14. Hey Petzl, "Go to SCA", I understand, "Bitbinned, but not to SC", I don't. Why not devnull it with the regular redirect to SC? GH still confused... Cheers!
  15. Hey Tesseract, Thank you! " common factor seems to be an invalid host name both for starting with . and for containing @ " I agree, using account with MailHosts configured - my results match yours, using an account without MailHosts, the results are: https://www.spamcop.net/sc?id=z6545556269zcc99c68f6b5503a9beee14fed8dfa944z https://www.spamcop.net/sc?id=z6545556709z3accdd54783b338901c40c748bee5947z https://www.spamcop.net/sc?id=z6545556992za7eece61ab47f04741f34bc8b0d86b17z 🤔 G🦗 H
  16. Hey Jelmer, Welcome back, no apology necessary! MailHosts disabled: the successful parse was done with an account WITHOUT MailHosts, I'm reluctant to tamper with my SC account (with MailHosts) as they were a bugger to set up, reluctant to go thru that one again, "disabled" that's another thing all together....🤔 NW/ changes, chk MailHosts: yep! Good idea. (a) 🤔 (b) 🤔 (c) Not always, my rule of thumb: if SC parser produces wonky results, I change accounts (MailHosts/No MailHosts) & reparse, if, both accounts are unable to successfully parse I start digging and come here for support... (d) Good idea. Cheers! G🦗 H
  17. Hey Tesseract, I reparsed, firstly I removed: From MAILER-DAEMON Fri May 10 02:41:48 2019 Return-Path: <> X-Original-To: x Delivered-To: x I also amputated the embedded http links, not necessary to get a resolved parse, just based on my understanding of information provided by knowledgeable SCF members, each time a link is parsed it's a hit for the spammer... grrrr Results: https://www.spamcop.net/sc?id=z6545327526z3c3d9b7ea27f204c8c57cac8f816abb7z Re "removed" stuff, I probably can't explain without confusing everybody, however, the previously referenced knowledgeable SCF members, I'm sure, will pitch in with sage advice... I'm curious to test again if you'd like to share the other tracking URLs please? Cheers! G🦗 H
  18. MIG

    oath.com spam

    Got it.. I've seen those, they're bigger than my lounge/office combined👀 Cheers! G🦗 H
  19. Hey oZoneCapHill, With all Outlook/Hotmail mail, the "original"/Classic or "new", was BETA, now referred to a "production" by MS, always remove the first: Received: from xxx all the way through to +0000 In the example you've submitted it's as follows: Received: from AM5EUR02HT165.eop-EUR02.prod.protection.outlook.com (2603:10b6:a02:a8::18) by BYAPR02MB4678.namprd02.prod.outlook.com with HTTPS via BYAPR03CA0005.NAMPRD03.PROD.OUTLOOK.COM; Sun, 5 May 2019 11:38:40 +0000 The explanation provided by SpamCop Admin (as to why it's optimal to do this), was/is: "A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so. Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means we can't trust their headers and will often take them as the source of the spam." Using the SC URL you've submitted I removed the above "Received, etc > +0000", ran it thru SC, using a SC account with MailHosts , this is the result: https://www.spamcop.net/sc?id=z6543932098z889c38dc916f2b763336930b55cf1af9z **** To address the MailHosts issue, (imo) the fastest, most successful & least painful (for you) solution, is to contact SC admin, provide details & ask for their assistance. Many folks have either had trouble setting up the hosts & or, having modified previously setup hosts, find the mods have "buggered" up spam being parsed successfully... **** Back to the SC URL you've provided: The 2nd issue (when the SC generates a result) is "no links detected", irrespective of the fact there are indeed embedded links... There's various good commentary, across SCF, as to why the parser may not detect links & why this is less of an issue than the parser not being able to parse the spam at all. I think from memory, these posts also contain: "try x", "try y", solutions, in some of the posts. With your specific URL, I'm unsure if the reason, is a failing by SC parser, or, the actual formatting in the message body. Again, with your specific URL, the links resolve to:, AS 45839 (Shinjiru Technology Sdn Bhd), abuseATshinjiruDOTcomDOTmy Condensing all of the above: with working hosts & modifying the spam, before presenting to SC parser, it would be good to see if there's better results. Cheers! G🦗H
  20. MIG

    oath.com spam

    Don't you have a 📺 Petzl? ***Exactly!*** Mark Twain was a very smart man, 'cept, in "our" case, any change means more of the same😩
  21. MIG

    oath.com spam

    Surprisingly (to me anyway) I do know the answer, 15 years in Oct. And, on the graves of all my treasured ones, I've never, never, had 1 spam in my Yahoo acc, Hotmail on the other hand, until I found SpamCop, I believed my details had to be on some out-of-control-crap-web-rotation... CieLeVie. Avagoodwe Petzl. Election soon, gird your loins! G🦗 H
  22. MIG

    oath.com spam

    😕7 years ago? Not disputing the reference or the rationale Petzl , just curious...🤔 Cheers G🦗 H
  23. MIG

    oath.com spam

    10-4 Petzel, ?, are you "saying" the 3 urls in this topic are from spam the source of which is yahoo? Curious... Cheers! G🦗 H
  24. MIG

    oath.com spam

    Hey Petzl & Lisati, Yahoo acc 15 years, it's been good for us, never had one spam, not before the "Oath" change & not since, seamless🤫, have to shush that comment, don't wanna jinx them & start getting a flood. - HOSTNAME: sonic316-12dotconsmrdotmaildotbf2dotyahoodotcom DOMAIN: yahoo.com Organization: Yahoo! AS 26101 (Yahoo!) NETWORK OWNER(ISP): Oath Holdings Reading the reference article "Oath was renamed Verizon Media 08/01/2019" Looks like their changes have been many & not complete, no surprise, that's "business" in a "Global" world. Cheers! G🦗 H
  25. MIG


    MTA, not sure if it's "commonly" used, it is used by SCF members.... Meaning? No idea. Thanks!