• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About csouter

  • Rank
    Advanced Member
  • Birthday 07/07/1948

Contact Methods

  • Website URL
    http://404 NOT FOUND

Profile Information

  • Gender
  • Location
    Sydney, Australia
  • Interests
    Classical Music, Computers, Photography, Good Food, Fine Wine, Cars, Horse Racing
  1. Hi all, I have a question about SpamCop's policy regarding email source modifications. I use Avast Premier AV, which has, among its components an Anti-spam feature and a separate Mail Shield feature. By default, these features will modify email messages in various ways. Rather than going into all the details, (one picture is worth a thousand words), I provide here links to the relevant settings pages. 1. Avast Premier AV Anti-spam Settings Page 2. Avast Premier AV Mail Shield Settings Page If you care to visit these two links, you will see what Avast adds to the different kinds of emails, regardless of whether or not they have been flagged as spam. My question is: If Avast, (or any other AV, for that matter), modifies emails in this way, do they still fit within the SpamCop guidlines regarding unmodified sources? Thanks in advance for any help or advice on this matter. Best regards to all, Chris Souter (Sydney, Australia)
  2. OK, thanks for that. So if it's from Brazil, I can use cert.br as well as the ISPs own abuse desk, right? So, I guess I would have to research each one of them and try to build up a database of who will & who won't accept SpamCop reports. Sounds rather time-consuming, doesn't it? Downloaded and installed already! I've been reporting to SpamCop since about 2004, I think. I started using KnujOn after the BlueFrog fiasco, around the middle of 2006, IIRC. I can't remember how I found out about them, but maybe it was through CastleCops, where I was a member until they closed down in the face of the massive DDoS attacks of 2008. KnujOn had a forum on CastleCops, but when they closed down, he moved to LinkedIn, and I didn't follow; as a retired person, I have no interest in furthering business connections. That would certainly get their attention, but I couldn't use that for the pay2us site: I doubt if they're child porn spammers; from what I can find out about them, it's most likely a phishing site. Do you think it's any use for me to send reports to the FTC? I'm not a US citizen; I'm an Australian citizen, (obviously, also living in Australia). I seem to remember reading somewhere that the FTC is not interested in reports from outside the US, but please correct me if I'm wrong. Many thanks for all your info!
  3. Hello, petzl, and thank you for the information. I do, however, have some questions, if you would be so kind as to answer them. 1. After a bit of Googling, I now know what a "boilerplate" is, but I have no idea how to use one, let alone how to use it in conjunction with SpamCop reporting. Should I ask you for advice in this thread, or ask everyone, by starting a new topic in the Lounge? (I have no wish to ask questions in the wrong place, and I suspect that asking such a question here could be seen as "thread hijacking.") 2. I understand why you say that an additional report needed to be sent to cert.br, (the spam originated from a Brazilian ISP), but what would CERT be able to do that the Brazilian ISP's abuse desk could not? 3. A bit more Googling led me to the CERT website, where I was hoping that I might find a list of CERT reporting addresses worldwide. Unfortunately, I was unable to find such a list anywhere on the site, but my Google search showed that there are many such agencies throughout the world. Could you possibly provide a link to such a list, or alternatively, give me some suggestions where to look? 4. Your boilerplate covers the spam source, but I would also like to report the spammed site. The SpamCop parser gives the ISP as Cloudflare, and states that they do not wish to receive reports about the spammed site, which is still up and running, and has been for several years, according to Netcraft. Do you have any suggestions as to what I might be able to do about pay2us.biz, in addition to reporting the site to KnujOn, as I normally do?
  4. I got one of these this morning. Here is the tracking URL: https://www.spamcop.net/sc?id=z6192680539z3e71881001ff276a5234d3c859906cb1z Previous spams I've been getting have contained links to pay2us.biz, and the text in the message referred to in the above link has been lifted from their website. The previous spams have all been about some kind of expired account with an amount to pay (amounts vary) and a link to pay2us.biz. Here is the tracking URL to a recent example of this: https://www.spamcop.net/sc?id=z6192381628z6c239d393d50bdf7033887b9b6cb7b96z Here is the Netcraft Toolbar site report: http://toolbar.netcraft.com/site_report?url=https://pay2us.biz This report states that the domain is on the Spamhaus Domain Block List. I've been getting spams like this every day for about the last 2 to 3 weeks, but the spam mentioned at the top of my post is the first time I have seen this particular variant. There is a message about spamcop.net's ISP not wishing to receive reports (obviously to be expected), but what does worry me is that the SpamCop parser always shows the same message about pay2us.biz (I've tried my best to obfuscate the link): "ISP does not wish to receive reports regarding [h|t|t|p|s]etc/ pay 2 us . [biz] no date available" Does Cloudflare's ISP normally ignore complaints about sites hosted by them? If I'm correctly understanding petzl's reply to the OP, pay2us.biz is hosting malware; is that correct? If so, what can actually be done about this site?
  5. Hi, all! I get regular spams originating from dion.ne.jp These spams always contain spamvertised links which trace back to dion.ne.jp They are advertisements for sunglasses or other similar items. The reporting address for the spams and the spamvertised sites is abuse [at] dion.ne.jp (according to the SpamCop report. Here is the reporting URL for a report I submitted today: https://www.spamcop.net/sc?id=z6180432363z3d31273a2790e56e8e776523a894275cz The actual spamvertised sites' names are always different, but they are all hosted on dion.ne.jp I'm not getting a lot of spams from them - usually about 4 or 5 every week - but it has been going on for about 2 or 3 years now. Is anyone else getting presistent spams from this dion.ne.jp? I don't know why, but these spams always get through my spam filters, and they turn up in Outlook with all their embedded images intact for all to see... I have even attempted setting up a filter to block any messages from the .jp TLD, but to no avail. Any suggestions?
  6. Followed your instructions, but all that Google comes up with is this thread.
  7. Hi, all! Well, I'm not sure which column I'm in, but I had been getting no more than one or two spams a day, until yesterday afternoon, at least. Whichever botnet it was that was taken down, it, or a replacement, is up and running again. For a period of about 12 hours from about 4:00pm yesterday afternoon, to about 4:00am this morning, (Sydney, Australia UTC+10:00), I received about 160 spams, and all except two or three of them were for fake meds. That's an average of about 13 spams per hour, but during some one-hour periods, the actual number received was about 25 - 30 in certain periods. It seems to have stopped for the moment, but I expect another big run to start later this afternoon. That is what happened a few weeks ago, when SpamCop reporting was experiencing big problems, which, fortunately, seem to have been fixed. I expect this run to last about 3 days, as it did last time. Has anyone else experienced this? Reporting was quick and efficient, no delays from SpamCop, which is good for me, because the spams are all in a Gmail account, so I have to report each one individually, which takes quite a bit of time. Also, I noticed that the vast majority of the spams contained links which SpamCop was unable to resolve. They are the same website names as the run of a couple of weeks ago, but with two differences: they are in a different TLD, and the domain name was prefixed in each one by some kind of gibberish, a weird, apparently random mixture of upper and lower case characters. I'm wondering what this means. Perhaps they are some kind of code which would let the spammer know which email address was visiting the website. Any ideas? Of the domains which were able to be resolved, none had a reporting address, and, as with the originating address of a large number of the spams, the reports were all sent to nomaster[at]devnull[dot]spamcop[dot]net. I reckon at least 75% of the spams in this latest run were unreportable, either as to the originating addresses or the spamvertised domains. It never ends, does it?
  8. Hi, all! I got my free fuel as well! Thanks, SpamCop!
  9. No problems with reporting for the last two days now. Everything seems to be working very well! I'd just like to say A BIG "THANK YOU" to all those who have been working on fixing this problem!
  10. [at]hok: This is where I found the info: http://forum.spamcop.net/forums/index.php?showtopic=163 There is a lot of information in that thread, and it takes a bit of time to wade through it all. The following URL was given in an earlier reply to your enquiry: http://forum.spamcop.net/scwik/QuickReporting/ This page gives a much simpler explanation of the process, and is much easier to read.
  11. Only got 4 spams overnight. Only 2 of those were for misterjoy.ru, the others were what I mostly get these days: advance fee fraud (Nigerian scams). BTW, misterjoy.ru has no reporting address. Report goes to nomaster[at]devnull.etc... All 4 spams were reported with the full web interface in about 3 minutes. No problems at all, no delays or timeouts. Fingers crossed!
  12. Thanks, Don!
  13. I managed to report 32 spams through the web parser about an hour ago this morning. The process went quite quickly until the last four or five, when it slowed down appreciably. Those last few were quite slow, but there were no timeouts, and all my spam is cleared. Overall the process took about half an hour, reporting each spam manually, which is about right in my experience. Also, last night, I was finally able to access my mailhosts page, and re-enable quick reporting. Overall, I'm quite happy with the performance at the moment. BTW, I have one quick question. I'm sure someone will know the answer to this: Our individual reporting address are in this format: submit.XXXXXXXXXXXXXXXX[at]spam.spamcop.net IIRC, our quick reporting addresses are in the same format, except that they start with "quick" instead of "submit", which gives this format: quick.XXXXXXXXXXXXXXXX[at]spam.spamcop.net Am I correct? (I haven't used quick reporting for a few years, and I've forgotten how to set it up, or to find out what my quick reporting address is). Thanks in advance for any help or advice! [EDIT]: I just found the answer in the SpamCop FAQ, so just ignore my question. Sorry for any inconvenience!
  14. Working fine for me at the moment (Sydney, Australia, 09:57am, UTC+1000)! Just reported 15 spams (manually, via copy-and-paste into the reporting page). It took about 15 minutes, which is about normal for me. Keep up the good work, SpamCop admins!