efa

Membera
  • Content count

    152
  • Joined

  • Last visited

Community Reputation

0 Neutral

About efa

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0
  1. I pasted all the Received lines, as always, like in Spamcop reporting form. Wrote to deputies, thanks for contact
  2. I'm sure I pasted the mail with headers. Can I post the mail complete with headers in this forum (or as tracking URL), or must remain reserved?
  3. pasting the "account configuration email" to the address: https://www.spamcop.net/mcgi?action=mhreturn for my company account, I always got this error: Sorry, SpamCop has encountered errors: Source IP not found. Your email host does not appear to correctly identify the sending IP of the email you receive. I'm using Thunderbird 45.1.0 on Win7 64 bit, CTRL+U to get mail source I tried also to forward the "account configuration email" complete with headers by email, but I got: Hello SpamCop user, Sorry, but SpamCop has encountered errors: Headers not found. No idea what I had to do now
  4. did you know a working contact to report to Google?
  5. this spam is not tracked correctly, first time that happen. In also tried the "Add new hosts", that sent this: Sent test email to x through alt1.gmail-smtp-in.l.google.com. Sent test email to x through alt4.gmail-smtp-in.l.google.com. Sent test email to x through alt3.gmail-smtp-in.l.google.com. Sent test email to x through gmail-smtp-in.l.google.com. Sent test email to x through alt2.gmail-smtp-in.l.google.com. same results. Here the tracking url: http://www.spamcop.net/sc?id=z5618370016z1...4349081a74092ez
  6. we can do something about 184.82.0.0 contact email "No reporting addresses found, used by yeaca.com and dudreda.com?
  7. hi, I'm receiving many spams that spamvertize: gohisa.com yeaca.com and sevxr.com dudreda.com Here two examples: http://www.spamcop.net/sc?id=z5431267123zb...0b7dc080e96ab5z http://www.spamcop.net/sc?id=z5431170214z6...43ca760e2f8969z Two of those domains are hosted by abuse[at]blacklotus.net Why this provider "does not wish to receive reports" ? and why SC do not send them? More bad 184.82.204.21-22 (all the block 184.82.0.0/16) used by the other two, has "No reporting addresses found", so no report at all is sent for those domains
  8. whats mean "ISP does not wish to receive reports regarding hXXp://www.va-ua.com/ - no date available" ? Why a host should ignore complaints, and why Spamcop can avoid sending complaints. Today I received about 300 spams with this spamvertized link inside, the domain was suspended one month ago, with a precedent spam burst, now is resurrect, and send again lot of spams. Here the tracking url of the first reported: http://www.spamcop.net/sc?id=z5385618516z6...08c4842a82e38az
  9. I hope net engineer identified the account responsible of flooding, and maybe the source of the attack
  10. mail source was: airtel.in, sanchernet.in, bol.net.in, saudi.net.sa, ttnet.net.tr and sjrb.ca so not all by RIPE. Update: for the last ones, all went through very fast
  11. RIPE area for the mail source IP or for the host of the spamvertized links?
  12. I'm trying to send the 2 day backlog of spams, I can send all with intermittent behavior. Some went through fastly, most take a long time (more than the promised 6 sec nag screen and the browser reload do not change the situation), few time end in gateway timeout where a reload finally sent. The "Send spam Report Now" button always sent in normal time, is the parsing phase that took lot of time, hope this help diagnosing. Note: As all the spams in these down days are about the same, with only 3 .ru and .ua spamvertized domains, I have the doubt that are innocent domains.
  13. I understood that the spammer sent spam mails like normal users, but they send a lot. In this sense is the same protocol and mimic of normal SC server load. Normally a DOS is different, the attacker "connect" the server so it has to open a socket for him (allocate memory, resources, and so on), then open another one, another one, and so on ... sometimes they send ping with garbage, but never close any socket, so is the server that has to timeout or dead, see: $ man 2 connect
  14. It is important to say, that was not a DOS attack, but a load attack. From the information we have, the spammer used the same protocol and same mimic of normal users, so was not a DOS, and this complicate to the engineers distinguish good traffic from bad one. Engineers shoud discover from where came the bad traffic attack, hope more news on this regards.
  15. exactly, at first all gone, now got sigalarm, taking too long to process, aborted