Jump to content


Forum Admin
  • Content Count

  • Joined

  • Last visited

Everything posted by Lking

  1. Lking

    Sendgrid reports dev'nulled?

    It is quite possible that abuse{AT}sendgrid.com has ask SpamCop to not send reports.
  2. Lking

    Emails not being received

    It is understandable. Having joined the forum in the last hour, I can understand why you have not received email from he forum for the last 3 years. Try with your new account. Notification works fine for me. There is no indication that there is a issue with the system and current active accounts. Post split from an existing, older, unrelated topic and move to a more appropriate forum.
  3. Lking

    forum spam handling

    Not to be more cynical than usual, but... Wandered back and founld one new member "M" who joined ~3UTC (12 hours ago) who's IP is in New Delhi. We will see While looking at the list of new users saw three that have not yet validated their emails (2- outlooks & 1- protonmail) all from New Delhi. But then again RobiBue may be right.
  4. Lking

    forum spam handling

    Those are post I was in the process of hidding . The user's post count does not update when I hide their post, but there is nothing for you to see. Robi we are ships in the night.
  5. Lking

    forum spam handling

    I too have noted this variant. There is also a large number of spams by members that have registered days or more before posting. For example today (last night) there were 8 new members ~ all spammers. But there were 23 spam posted. You can mouse over the member icon and see date/time joined and date of last post. For a spammer likely their only post.
  6. Lking

    spam with entire contents in ENVELOPE_TO

    In the case where the body is missing in the original spam, It is OK to add something like "Body Missing" Be sure to include a blank line to mark the end of the header. It is of course to late to report this example.
  7. Lking

    forum spam handling

    To create an account the email must be validated stolen emails shouldn't work. Anecdotally, there is a pattern to the emails used to create accounts here. Using the forum tools sorting emails of course groups mailboxes not address domains. The most of the emails today are gmail and outlook. This looks to be true historically with lots of protonmail.com, mail.com, and yandex.com The email(s) used with the one IP use twice to post were mail.com and faithmail.org. Blocking email domains doesn't seem useful. A casual review highlights gmail and outlook but also protonmail, yandex and mail.
  8. Lking

    forum spam handling

    Still not an "in depth analysis" but today's sample of spamming IPs does not reveal much of a pattern in the first pass. Sorting the 23 IPs that posted spam over night today show only 1 duplicate post in "How To Use" otherwise the IPs are unique. The most active was 4 post from otherwise unique at that level. Although the system does not provide a tool to search users IPs, I tried to check the 22 different IP that posted 23 times today. I did not find those IPs in the historical db. Added Looking up the 22 IPs using https://www.spamcop.net/w3m?action=map the results at this time are not vary informative. Of the 22 addresses 8 are listed as "poor", and 1 as "neutral". I guess I was surprised that only ~1/3 are listed. The 4 addresses identified above are all "poor". The one IP that posted twice was not listed.
  9. Lking

    forum spam handling

    It has always been the feeling of the powers-that-be that one of the important audiences for this forum are those struggling with the side effects of having a spammer use their email, IP, infect there system or just be in their neighborhood. In part this concern is due to the impact of an effective SCBL; If emailers Alice & Bob temporally share an ISP/IP then Bob's email get blocked because of Alice's spam. The question then becomes how do "we" help Bob? How do those impacted contact the forum if any automatic blocking is used? If there post is delayed (until approved by someone) i'm guessing they just look for help elsewhere. I know I do. As stated we block reuse of usernames and email. Blocking IPs would also lock all users of gmail, about 1/5 the users of CenturyLink in Denver, etc and that person who shares an IP with a spammer. Now I have not done an in depth analysis but a quick look at 4 or 5 pages of 25 banned users (sorted by IP) did not reveal a clusters. Who ever designed the db screwed the date (mm/dd/yyyy) which makes it hard to look at say yesterdays spammers. I will work on that while watching the hearings in the morning. Beefing up the front end to keep out the bots seems to be the only acceptable solution, IMHO. Holding the first post it seems would discourage first posters that have been "blocked by SC" or are trying to deal with spam incoming to their system, both a primary audience. Blocking IP's or blocks of IP's has the same affect. (yes there have been lagit posters from Russia and India) Hiding post after n-number of reports 1) would require adding a feature to an off-the-shelf product (check the bottom of the screen) 2) There is also the reality that by the time I get to spam with my first cup, generally the spam has only been reported by @RobiBue. Sometimes one other. After those posted while I sleep, there are seldom any reports before I get to them. and 3) That type of process would open the forum to another type of attack that needs to be programmed to stop. (Only reports from certain group(s) of users can block. What about reports by other users?...) It is a pain. I have to work at keeping tract of threads that need attention with all the clutter. There was a time when @Wazoo had full access to the forum software and db. He tweaked the SW with regularity, which resulted in a system that was generally undocumented and not maintainable after he left the seen. That resulted in the migration to an ISP maintained package and unfortunately all the bad links in old threads. There are pros and cons to all changes. There is an issue but a solution where the pros win out is needed.
  10. Good catch. I missed that.
  11. Thank you for the link. I see several blank lines inserted by the spam tool. These may be confusing the parser as a blank line should signal the end of the header yet there are "X-" lines following the blank line What tools are you using to receive your email and to submit the spam? Your issue looks similar to problems with google (gmail) and outlook
  12. Lking

    no reporting for IP

    😁 But on the edge Rob.
  13. Lking

    no reporting for IP

    Heather(?) Sometimes 'Things come to those who wait.' When I looked at the link now, then your report was 6 hrs old I see
  14. Lking

    forum spam handling

    Rob, Thanks for your concern and active efforts to control of this forurm's spam. I think your suggestions is overly complicated. Currently: I review each new post to this forum. Hide the spam Restrict the poster from posting - Indefinitely Send a warning email Report the spam to: FaceBook if appropriate Stop Forum spam https://www.stopforumspam.com/ when I have time. In the morning after getting required quantities carbs, sugar and caffeine I start reviewing post. Also randomly during the day and last thing at night. The timing, depending on the time of year, is UTC -6/7h so some may see the spam longer than others. Rob it is apparent that many mornings you get to the forum before I do. Currently there are some 4,450 member accounts ban from posting. Banning vs deleting an account prevents spammers from reusing an email address or user name.
  15. Lking

    Spell Checking

    SpamCop spamvertize mailhost blocklist
  16. Lking

    spam via VPN

    Same old problem with/without VPN. "Its just an email for aunt Mable"
  17. Lking

    spam via VPN

    It does depend on the VPN/PIA provider. The service I use has contacted me a couple of times because of the level of activity between me and spamcop.net On the other hand I am amused by the adds/weather from Huston or Washington DC depending where I connect. When I first signed on, there was lots of discussion between us about them not tolerating any activity by me that took advantage of being hidden. Privacy was a different issue.
  18. Lking

    The problem against spam users.

    The source of an email can be identified by the FROM: line or the IP address found in the list of Received: lines in the header. The FROM: which looks like a good choice and is valid for all legitimate emails emails you received, it is easy to forge by the spammer (or anyone) and maybe a valid email for someone totally unrelated to the source of the spam. Although it could be a Joe Job, The forged/spoofed FROM: is just a randomly selected mailbox. The IP address found in the header Received: lines must point back to the true source (well mostly). If the IP address is not correct the network will not be able to do the required handshaking as the email (packets) move through the network to the destination. As you correctly observe, anyone using the same IP address will also be blocked along with the spammer who shares the IP address. But this is why spam reports are sent to the managers of the IP address i.e. the abuse[at]... for the IP address or block of addresses. This gives a 'caring" admin the opportunity check their logs, identify the sender and crush the bugs using their bandwidth. This is a good reason to have a dedicated IP address, especially if you rely on you email being delivered.
  19. Check Can I automatically forward spam from my spamtraps? On the Staff tab contact Richard W
  20. Lking

    SpamCop codeing error??

    copied the following from a Quick report. This is new. there may be an error in the last hot patch. Only occurs when as shown below. From: and Subject: lines vary.
  21. I loaded the new T-bird ver 3 and tried to report some spam using my quick account using the same approach as with T-bird 2 and I got an error message email back for SpamCop. Standard approach has been: 1. open an email addressed correctly to Spamcop 2. drag and drop spam on the SpamCop email, one at a time or in groups 3 send email to Spamcop Receiving
  22. This may be your issue. Your mailhose configuration should reflect the path of reported email (spam) not the reporting email. Depending on your situation this may be a distinction without a difference. If all the email spam you are reporting has all been sent to [at]ourdomain.com received by one host then the configuration should be simple. The purpose of the mailhost configuration is to document the local path of email through your servers from 'the outside world' to your inbox. This information enables the parser to know which Received: lines in the header are expected local entries and not part of the external source of the spam. I think you are correct about the source of the problem. Is email to spamcop[at]ourdomain.com now follow a different path than other email? I think an in depth review of what you tweaked is in order.
  23. Just to be sure and not knowing your email configuration: You have configured you mailhost following https://www.spamcop.net/fom-serve/cache/397.html for all paths?
  24. The "Submit" by SpamAssassin should result in a Tracking URL just like the the example in your OP. That tracking URL will include the spam sent by SpamAssassin. Or am I missing something?