Schmide

Members
  • Content count

    39
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Schmide

  • Rank
    Member

Contact Methods

  • ICQ
    0

Recent Profile Visitors

295 profile views
  1. https://www.spamcop.net/sc?id=z6406269155z2179a6c2238e07779015ef8b2b5c81b0z Tracking message source: 154.118.7.2: Routing details for 154.118.7.2 Report routing for 154.118.7.2: abuse@spectranet.com.ng This email contains no date
  2. https://www.spamcop.net/sc?id=z6351761016zea98422435348752ca2b032d7842d11dz Looking at the headers I see many dates? it looks like the lack of date on line Received: from 41.202.83.149:52242 by cmpweb17.aul.t-online.de with HTTP/1.1 (Lisa V4-6-5-0.13788 on API V5-3-1-0) breaks spamcop Edit: if you put a ; Tue, 10 Jan 2017 00:43:02 +0100 on that line sc accepts it
  3. It's back. https://www.spamcop.net/sc?id=z6351452624z8b7549cf459e808bcdb92fb585671994z Return-path: <coca63828@gmail.com> Envelope-to: x Delivery-date: Sat, 07 Jan 2017 05:43:10 -0500 Received: from mail-oi0-f65.google.com (snip) Subject: New Year Gift To: undisclosed-recipients:; Content-Type: text/plain; charset=UTF-8 Bcc: myemail -- (body) The "Content-Type: text/plain; charset=UTF-8 " before the "Bcc:" breaks it
  4. Edited email: (header snip for clarity) Subject: DEAR FRIEND, CAN I TRUST YOU? To: undisclosed-recipients:; Content-Type: text/plain; charset=UTF-8 Bcc: (my email) (body) If you add a blank line before the bold line above it works. It seems strange that google would allow such a mis-confromed header to come from their servers.
  5. https://www.spamcop.net/sc?id=z6322625836z2ff1b5517012c7eb95373a48b437746dz I received one that does this same thing (i think) today.
  6. They just moved the content of the spam to the subject. Kind of annoying that they get away with this. Return-path: (Snip my isp info) Received: from [27.123.206.58] by tm3.bullet.mail.tp2.yahoo.com with NNFMP; 09 Jul 2016 19:03:25 -0000 Received: from [127.0.0.1] by omp1003.mail.tw1.yahoo.com with NNFMP; 09 Jul 2016 19:03:25 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 998224.51996.bm@omp1003.mail.tw1.yahoo.com X-YMail-OSG: ..CFfekLUzvwa8T4VXu8e.yOFUK.JRYg5Zd.7ElMSOw- Received: from jws11017.mail.tw1.yahoo.com by sendmailws106.mail.tw1.yahoo.com; Sat, 09 Jul 2016 19:03:24 +0000; 1468091004.171 Date: Sat, 9 Jul 2016 19:03:23 +0000 (UTC) From: Sir Richard Liam <barrettjohn941@yahoo.com.tw> Reply-To: Sir Richard Liam <barr_gilbert.j_esq.org@outlook.com> Message-ID: <1089758370.44268.1468091003693.JavaMail.yahoo@mail.yahoo.com> Subject: You will be receiving 2500 dollars twice daily from your total winning of 750.000.00 dollars. Contact barrister Gilbert Jean with your full details where the funds will be sent once your fund release order file is signed by Accredited Attorney Barrister Gilbert. E-mail;{ barr_gilbert.j_esq.org@outlook.com } Thanks, Sir. Richard Liam MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit References: <1089758370.44268.1468091003693.JavaMail.yahoo.ref@mail.yahoo.com> Content-Length: 0 Edit; Spamcop's report says Tracking message source: 203.188.201.54: Routing details for 203.188.201.54 [refresh/show] Cached whois for 203.188.201.54 : abuse@yahoo.com network-abuse@cc.yahoo-inc.com redirects to spamcop@mailservices.yahoo.com Using best contacts spamcop@mailservices.yahoo.com Yum, this spam is fresh! Message is 0 hours old 203.188.201.54 not listed in cbl.abuseat.org 203.188.201.54 not listed in dnsbl.sorbs.net 203.188.201.54 not listed in accredit.habeas.com 203.188.201.54 not listed in plus.bondedsender.org 203.188.201.54 not listed in iadb.isipp.com No body text provided, check format of submission. spam must have body text.
  7. Sorry it was late at night when I found it. Here's a tracking url for it. https://www.spamcop.net/sc?id=z6028469378z3a0635c3ac1601ae431b595e5cccb578z Well it doesn't break spamcop's engine, but it does make it unreportable.
  8. Return-path: <webweg946[at]gdfasr.com> Envelope-to: x Delivery-date: Tue, 09 Dec 2014 01:41:34 -0500 Received: ME (snip) References: <#.#.#.JavaMail.yahoo[at]jws10069.mail.ne1.yahoo.com> (repeat very long) (^ This kills spamcop) Subject: Your winning information is attached in this email MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_###" Content-Length: 72489 (snip)
  9. I'm seeing a lot more listings, if there was a manual adjustment. Thank you.
  10. I'm understand that munging, rephrasing, random referring are the order of business and I can easily see that. Reality is if you look at many of these runs that include 10s to 100s of spams received at one address, comming from multiple IPs, often in incremental order, from a single ISP at the same time. When such a source is identified, there should be some multiplication effect. Failure to do so is allowing the ISPs and spammers to snowshoe.
  11. ISP x sends the exact same spam from multiple IPs over the course of a day. Either a huge unfathomable coincidence, or snowshoeing in action.
  12. Other than equate and add?
  13. It is more than obvious that the spammers are just snowshoeing their IPs to keep them under the magnitude needed to get listed. Mags stay around 5 and manual adjustments to the BL are completely non existent. I've been here since the late 90s, I understand the objectives. It's the lack of adaptation I cannot fathom. I'm not limiting this to spamcop, other lists/reports have been equally absent from the easily traceable signatures.