Jump to content

lcusdtech

Members
  • Content Count

    59
  • Joined

  • Last visited

Everything posted by lcusdtech

  1. Forwarding "As Attachment" from Novell GroupWise 6.x is generally the best way to Report your spam from GroupWise if you don't have a SpamCop Email System Account (if you do have such an Account, just drag the spam message(s) to your Held Mail mailbox/Folder). "As Attachment" is extremely important, as SpamCop's Parser can't do anything with GroupWise in-line forwarded e-mails (the default action) - it needs full Headers, including Received Header Lines. The following step-by-step instructions will walk you through the process. Requirements: 1. A system running Windows and GroupWise 6.x client (can not be done using the web interface for GroupWise otherwise know as GroupWise Webaccess) 2. A SpamCop Account entitled to submit spam via email, and an associated Submit Address (submit.16charANcodeNMBR[at]spam.spamcop.net) 3. One or more spam email message(s) you wish to Report Instruction Steps: 1. From the GroupWise item List, select the e-mail(s) you wish to Report (multiple messages can be selected with Shift-Click, Ctrl-Click, etc. as normal in Windows). 2. Select the Action Menu. 3. From the Action Menu, select the "Forward As Attachment" Item. 4. Send the message to your Submit Address submit.16charANcodeNMBR[at]spam.spamcop.net (easiest if you have a shortcut for that Address in your Address Book). 5. Wait for the Tracking URL which will let you Report that (or the first) message either in a reply email or as the "Report spam Now" Link on your SpamCop Parsing and Reporting Service webpage. Edit: 2005/11/09 12:47 lcusdtech. adapted from FAQ Entry: Forwarding "As Attachment" From OE6.
  2. lcusdtech

    New spammer URL trick?

    Can you even click on the URL when it's displayed as the To: address? I guess that might depend on how/with what you are viewing the e-mail with. And I would add that you would have to be really dumb to click on a link in a To: field, right.
  3. lcusdtech

    Google redirect parsing

    Sure, there are different ways of looking at it, no need to hash it out again. But alas, nothing is being done. I'd like to hear an official SpamCop position on it, because the parser is still only finding Google: http://www.spamcop.net/sc?id=z929960465zce...001edd2052b140z
  4. lcusdtech

    Google redirect parsing

    I parsed it a few times to see if it would pick up the correct URL. Most of the time it found Google, at least once it didn't parse, spits the url back at you with no host resolve or any info about the url. I agree, but that falls outside of what SpamCop does. Getting Google to change their policies or the way their sites function is not what this service is about. For the purposes of the parser, it needs to be able to find the correct url for it to be effective. Pursuing Google to get them to change should be a separate campaign outside of reporting spam and spamertized websites.
  5. lcusdtech

    Google redirect parsing

    Here's a new one that the parser does not pick up the correct url. http://www.spamcop.net/sc?id=z927653881z47...3ed4e28ee5a36az [[Moderator note: this and the three replies, immediately below, have been moved here from another post. PM sent to all involved to let them know.]]
  6. lcusdtech

    Time to stop chasing spamvertized URLs

    Just a quick follow up on this. I had an ebay phishing scam e-mail mis-parse today. The first time it parsed it did not find the correct website, only came up with ebay urls. I hit reload on my browser and it parsed correctly the second time. Maybe the deputies should take a closer look at the parser. Tracking url: http://www.spamcop.net/sc?id=z910438195zf6...aba42e48dfd9dfz
  7. Parser says: error: couldn't parse head Message body parser requires full, accurate copy of message I know I've copied the full headers, can someone take a look at it, I don't read mime headers very well. Tracking url My guess is that the spammer intentionally mis-formatted it, but I can't tell.
  8. lcusdtech

    Parser: couldn't parse head

    Even with the dashes in red it still took me a few times over to see it.
  9. lcusdtech

    Time to stop chasing spamvertized URLs

    Looks to me like it is parsing corectly today. I took the header from a phishing scam I just got and pasted the body from one of your examples above and got the following parse: http://www.spamcop.net/sc?id=z909108980z80...181ab628eae9c4z I didn't submit it of course.
  10. lcusdtech

    [Resolved] 81.255.54.11

    English translation by way of Bable Fish: We received your message, and we thank you. We are victims of the spammeurs and we employ the means necessary to fight against those. We present our excuses for the undergone nuisances to you and let us ensure you that we put all works about it to solve this incident as soon as possible and to improve quality of our services. We remain at your disposal for any additional information, heading "to write to Us": http://www.laposte.net/cgi-bin/ecrire/ecrire.pl Cordially. The Customer service laposte.net
  11. lcusdtech

    Parser: couldn't parse head

    Ok, just wanted to make sure it wasn't some new trick or something. Thanks.
  12. lcusdtech

    FAQ Entry: The Link Analysis Process

    Just to add my 2 cents, the failure on the parsers part to resolve urls is of concern to me too, as I have said before in other posts about this subject. So there are others here that feel getting the websites reported is important.
  13. lcusdtech

    tricking with google

    edit: I think this is another example of the parser missing the url google is redirecting even though it is in plain sight. Tracking url Moderator edit: Merged this new post into an existing Topic/Discussion. PM sent.
  14. lcusdtech

    Filtering webmail folders

    I would offer help if I had any experience in using SpamCop webmail. Since I don't, someone that does will have to chime in here. I'm just posting so you don't think you are being ignored. Any of you experts have any advise?
  15. lcusdtech

    forwarded spam

    Maybe you would be interested in quick reporting. See this thread Quick Reporting
  16. lcusdtech

    domain theft by spammers

    That is quite interesting. If I was to venture a guess, it looks to me like a spammer has harvested Larry's personal information and used it for domain registration. Quite ingenious. Makes the registration info apear "more" correct. Doesn't fool us though.
  17. I'd say it's not your imagination. And I hope this trend continues. It is so nice to see.
  18. lcusdtech

    domain theft by spammers

    The non-capitalized name is what raised my eybrow. But what you got there is the smoking gun.
  19. lcusdtech

    How We Use SpamCop

    My usage: I manage two e-mail server with about 400 users. These users are all internal, or employees. One of the servers is only used for a handful of listservs. These are managed by me directly, people can not subscribe to them, the lists are setup by me for the purposes of our business. (I know that may sound like every other spammer out there, but I am not. And to this date neither of our two e-mail servers has ever been on a blacklist, that I am aware of) Anyway, on to the usage. The other server is our main e-mail server. It's gateway is configured to check the following lists in this order and drop the connection if there is a hit: bl.spamcop.net, sbl.spamhaus.org, spam.dnsbl.sorbs.net, dul.dnsbl.sorbs.net, nomail.fhsbl.sorbs.net, list.dsbl.org, cbl.abuseat.org Yes I know that it is not recommended to reject mail based on a blacklist. That may be fine for others, but I prefer to reserve our limited bandwidth for legitimate traffic and deal with the small amount of false blocks. This config is very effective as these stats show: Server uptime: 3 days 7 hrs 27 mins Messages Received: 6,649 Messages Sent: 1,582 Connection Denied: 44,778 (this is what the blacklist checks reject from coming in) As you can see most of our traffic is in-bound, and the blacklists are keeping a huge amount of spam from even getting in. Of the 6,649 messages that make it in, about another 500 a day of those are caught by our second line of defense. A server side process that checks each message against spam filters, does a viruses scan, a SURBL check, looks at sender address for things like opt-in, and message content before it is sent on to the users inbox. This almost completely eliminates spam from getting to an inbox. What does make it in is about 1-5 a day for me. Some messages are also falsely identified as spam by this process, and I have to manually pass those through when a user notifies me of such. I have some users forward what spam gets through to me, I take that along with what I get and use a paid SpamCop account to parse and report those. For these I view the mime source, select all, copy, open FireFox, goto the SpamCop REport spam web interface, paste, process, and sned reports. Occasionally when I have a lot of free time, I'll check to see what is not getting a SURBL hit and submit those too. (since this system stores everything it blocks, I can go back an recover any message) I also use these forums to keep up to date on what is going on with SpamCop. When I have time I try to contribute what little I can to the cause of fighting spam, and to other users of SpamCop. I'd also like to note that I have never user the SpamCop newsgroups.
  20. lcusdtech

    Decrease in SMTP activity?

    It's worth asking them the question. I'm not saying it is happening, just that it's possible.
  21. lcusdtech

    domain theft by spammers

    Is it just me, or does this look like bogus info?
  22. lcusdtech

    forum stuff

    FYI maz, you can install FireFox on your imac (Mac OS X 10.2.x and later), that may help you out a little. Here's a link to where you can download it http://www.mozilla.com/firefox/
  23. I could be wrong, but this looks like a completely different issue than the original issue you came here with. (note the text I highlighted)
  24. lcusdtech

    Decrease in SMTP activity?

    Even though this is true, an upstream router from you could be doing filtering. The IP packets still have to travel from router to router to get from the source to the destination. (the destination in this case being your SMTP server) So turetzsr is not completely ignorant. (in this case I don't have as mush restaint as Andrew)
  25. lcusdtech

    I feel stupid - what am I missing

    Good point. I hadn't put that much brain power into it.
×