Jump to content

Farelf

Forum Admin
  • Content Count

    7,012
  • Joined

  • Last visited

Everything posted by Farelf

  1. We cannot help you with that Peter - SC is nothing to do with APEWS, see our FAQ on that at http://forum.spamcop.net/forums/topic/13802-apews-removal/ and also read some of the earlier entries in this topic (to which this now merged) for our impression of APEWS (that would take some time, maybe just the previous one). (PMs sent to previous 2 posters about the move of their "topics" to this master thread - but it seems the standard mode is "dump and run", until demonstrated otherwise this thread should be regarded more in the way of sanitary engineering than of education.)
  2. Thanks to previous respondents. We resent posters presuming, against all advice, to use our forums as a public noticeboard for the Anonymous Postmasters in the faint hope that one of their Admins might stumble across it and take some action. From our point of view that is very close to any other form of spam, even more so if the author simply drops his post and runs, never to return. However we are anti-spam and happy to help anyone with spam-related problems. If you are having problems sending mail through mail.howyee.com (106.187.48.161) it is unlikely the cause will be the APEWS listing (any network using that for mail blocking is too clueless to stay in business) - and you are presently not listed in any major RBL. Have a look at your DNS records. Is your SPF authority actually what you intend? Looks to me like it is authorizing relays from an uncommonly wide range - and perhaps not the range intended by the irregular CIDR notation presently specified in that record. Also the nameservers point several other servers/domains to 106.187.48.161 (SUEBUY.COM and LI398-161.MEMBERS.LINODE.COM). Is that deliberate? Why? If you wish to discuss your problems with mail transit, feel free to return. If you simply want APEWS de-listing THIS IS NOT THE PLACE.
  3. I hit the "refresh/show" link for 173.213.65.99 (after pasting the IP address into submission form on my members' page) and instead of "No valid email addresses found, sorry!" it currently shows - - after referencing abuse.net and then picking up a redirection "order". That would seem to be the network's preferred abuse address for SpamCop reports and replaces the previous devnulled address. In some cases SC might go for the abuse address(es) from the ARIN database instead of the network preferred address, no doubt that network preferred address is monitored (for bounces, evidence of listwashing, etc.). As for the difference between Org(anization) and R(esource) ARIN records, I think we find the answers in ARIN - https://www.arin.net/resources/restful-interfaces.html - go down to the presentation "ARIN's Database Records" and click on the "Abuse POC" (Point of Contact) under Org ID and similarly "Resource Abuse POC" under Resource. In the "About POCs" in that presentation, it is clarified - So, it seems the same Org records populate all instances of that Organization's database entries while the Resource records may be added for a specific instance - and where different could be considered deliberately so. Well, that's how I interpret the materials BICBW.
  4. Farelf

    Tables

    Yes, I think the BB code interprets a later version of HTML that expects CSS to set the column width attributes and is defaulting to "100%". Nothing "we" can do about accessing/altering that stuff that I can see offhand. [edit] Well, we could enable HTML but that doesn't affect the width thing - worse, we lose the borders in HTML tables (another CSS-set attribute, I guess). But easier to create 100% width, no-border tables using that external table generator.
  5. Farelf

    Tables

    Or (eliminating whitespace by putting all code on the one line): Sample Heading Row 1 Column 1 Row 1 Column 2 Row 2 Column 1 Row 2 Column 2 Horrible, isn't it? If there was a way to enable HTML we could use a table generator like http://www.tablesgenerator.com/html_tables
  6. Thanks for the feedback (and your candour - that will help others looking here for answers) - a good result then Note I have further munged the submission address you posted earlier. The code is "secret" and opinions vary on the risk of revealing it but if you find some joker submitting spam on your account and it becomes a nuisance then ask Don for a new submission address. Only you can complete the report process past the submission stage so it wouldn't be more than a nuisance, hopefully.
  7. Just which sign-in is being accessed may have some bearing in some cases. No doubt there have been changes in terms of error messages etc. but I currently see these options, assuming they all still work (I use 2a. only - simpler if the browser is set to "remember" credentials - on a non-shared PC! - I'm a little uncertain about how the others are processed): 1. https://www.spamcop.net/mcgi?action=loginform;returnurl=%2Fanonsignup.shtml (requires cookies) 2. https://members.spamcop.net//anonsignup.shtml ("HTTP basic auth") 2a. http://members.spamcop.net/ (produces the sign-in/"Authentication Required" pop-up of the above unless already logged in during the same browser session) 3. https://www.spamcop.net/ces/members.shtml (spamcop.net e-mail account users, hit the "Report Ѕpam" link) When the cookie expires subsequent to option 1. sign-in there can be confusion (unless something a little more tidy/automatic has been instituted lately) - but it simply requires accessing the page and re-setting the cookie. I guess the other thing to remember is that the reporting account "username" is the original e-mail address specified when starting the account - NOT the reporting alias/handle and NOT any subsequent contact e-mail address. I suppose, if 2. or 2a. fails, an alternative would be to try 1. (unless cookies are disabled for the browser) and vice-versa. I don't know, just something I would try. Otherwise straight to Don D'Minion.
  8. Farelf

    Spaghetti and beans

    Ah, it's just a touch of whimsy, to be sure. Can't recall the Asimov story but surely we are talking about deuterium oxide 2H2O or D2O. Not all water is the same, that's heavy water (higher SG: 1.107, higher MP: 3.82 °C, higher BP: 101.4 °C, than H20). It was thought for a while it might be the elixir of life, not sure why, perhaps just optimism (anything that rare had to be good). On closer examination it turned out to be toxic, in ways that are still imperfectly understood. Investigation is hampered by the expense of the stuff. Anyone wishing to OD on it would need to have deep pockets (and great patience, it would take a while) - or be an exceptional thief (and patient). But it wouldn't hurt to cook with it, occasionally, for the sort of reasons Napoleon III used aluminium cutlery.
  9. Hi hatters, People have occasionally had problems with MailWasher - settings unaccountably changing or some-such. Double check you settings and if nothing found write to Don D'Minion (SpamCop Admin) at spamcop[at]spro.net - with the full error message and context and your reporting account details (do not post those here). Steve
  10. Sounds like the sort of thing which the Spamhaus "snowshoe" list might eventually catch - http://www.spamhaus.org/css/ - it takes fairly special resources to address snowshoeing efficiently and I think that's well beyond the capability of the SCbl UNLESS heaps of reporters just keep on reporting, or the spammers' lists include SC spamtraps (note What is the SpamCop Blocking List (SCbl)?). If you have a "paid" reporting account you can look at the report histories of those IP addresses to see how many other reporters are making submissions. The spamstats - https://www.spamcop.net/spamstats.shtml - can give you an impression of how much spam traffic is passing through those networks (especially Ѕpam reports vs. email volume which, with a little guesswork, gives some clue as to the liklihood of future SCbl listing. And the links from those stats to the SenderBase analysis of the net range/network gives more detailed analysis. SenderBase can be generally-directly interrogated from http://www.senderbase.org/ as well. If the spammers are illegally hacking the sending serververs, then SC reports to the abused networks will generally - but not always - help, especially if the addresses are also on the CBL (shown in both the parse and the SenderBase analysis) and you mention that in the report notes to the abuse addresses. The CBL links often include specific advice to the network on disinfecting suborned servers. spam payload "spamvertized" domains are a potential weak link for snowshoe operations and SC reports go to the hosts of those (the first re-direction link at least) to invite their attention to the supposed abuse of their terms of use. We know from complaints made from (more or less innocent) domain owners/registrants on this forum that can be effective, sometimes rather too effective. A certain amount of SC spamvertizing "observations" are also picked up by the independent-specialiazied SURBL to list offending domains. "Complainterator" (seach the internet and this forum for that name) is a non-SC approach discussed here frequently, another is "KnujOn", either/both are certainly additional tools that might be used and there are members of this forum who use (or used) one or both. There's a lot that can be done (without becoming too obsessive) but SC reporting still has a part to play IMO - even if the results are not immediately apparent or spectacular.
  11. Farelf

    Living with the blocklist?

    Hi prusswan, welcome. Usually, it will take more than a minority of errant users to get a particular server listed in the SCbl - see What is the SpamCop Blocking List (SCbl)? In most instances SC offers (by default) very detailed reports to mail administrators long before before any listing, allowing them to pinpoint those errant users. An exception might be when spamtraps (only) are tripped. Those have a higher weighting than human submissions and do not generate reports. In that instance, it is the result of serious spammers abusing the mail service and the IT department should be very much concerned (and already aware) about the typically huge demands on their network resources (also adversely affecting regular mail operations) by illegal user agents and involving who knows what other security issues in the network. In any event, listing in the SCbl is an "early warning" of network abuse, allowing mail administrators the opportunity to find and isolate the source(s) before continued abuse tips the mail service into more serious and unrelenting blocklists. Unlike most, removal from the SCbl is automatic and rapid (<24 hours) once the spam stops. Under the circumstances, bombarding the IT department is a very reasonable response from the inconvenienced genuine user group. They (the IT department) have been asleep at the wheel or are inadequately resourced to do their job (and need the complaints to prove it). P.S. Administrators (and users) can monitor block list status with http://www.senderbase.org/ ("Search IP, domain or a network owner") which will have the advantage of showing other outgoing servers in the network bloc and checks several other blocklists in addition to the SCbl - including the CBL (with a link to any listing detail there), the CBL being excellent for picking up evidence of server compromise (and usually providing helpful hints about the "disinfection" measures needed in that case). SC's own online real-time SCbl checker is at https://www.spamcop.net/bl.shtml which has other useful links.
  12. Farelf

    Spaghetti and beans

    Aaagh! Proteins and starches in excess - you fiend! I love such food, but it no longer loves me.
  13. Farelf

    Server blocked...

    Much later - 66.216.65.160/27 (66.216.65.160 - 66.216.65.191) is still allocated to Glen Group but apparently no e-mail transits that block, sadly it seems they found it necessary to migrate that part of the business elsewhere. If spam ever did come from there, reports would still (probably) go to abuse[at]rackspace.com (for 66.216.64.0/18), abuse[at]glengroup.com (for glengroup.com) IS set up in abuse.net but the OrgAbuseEmail for that /27 in ARIN WHOIS data is nobody[at]example.com (for any/all Glen Group contact in that bloc actually) which doesn't currently matter since nothing externally discernible of any sort appears to be happening within the /27. Which might indicate the proper/intended use for nobody[at]example.com addresses in ARIN data which have been seen elsewhere, causing wonderment and consternation - especially when it related to spam sources (but that was not from Glen Group netspace that I can recall - and blessed if I can find the reports by forum search on "example.com" keyword now).
  14. Farelf

    Commercial 'search' spam?

    Nothing to benefit the forces of the malign (though they should feel free to experiment in a confined, unventilated space, locked from the outside) - just, in these later stages, cautions, hard-learned lessons from the School of Life offered in the hope that others need not recapitulate the actual experiences to know the risks. But yes it has spiralled, in natural progression, way beyond the bounds. But certainly it remains a little geeky.
  15. Farelf

    Commercial 'search' spam?

    Don't know about mustard gas but you would certainly notice the hydrochloric acid vapour as it starts eating your lungs. My wife actually, deliberately, once mixed chlorine bleach and cloudy ammonia on the very reasonable assumption a more potent cleaning mixture would result for the be-grimed bathroom tiles. Chemistry can be SO unreasonable. Nasty, nasty stuff. She only did it the once but she coughs to this day, nearly 40 years later (she persisted though choking, apparently it worked fairly well as a cleanser, frantic husband probably being the only reason she didn't ever use it again). Around that time I also tried to convince a (diesel) power station maintenance foreman to use the breathing protection I provided when he poured conc. HCl for the coolant de-ionizer, a daily task. He preferred to cough blood but was very touched that someone actually cared. He was ex Kriegsmarine and possibly had some issues with survival. His boss was ex Kaiserliche Marine and had marginally better results in convincing "young" Kurt (he wore a mask thereafter, even with filters fitted, sometimes ... if he knew someone was watching). But whenever he delegated the job, he made very sure his man wore a mask - with the correct filters. People are funny. But mixing chlorine bleach and ammonia is not.
  16. Ah, good. Can't rely on SC reports adding to the SURBL (difficulty parsing URIs in the body sometimes, as we know, also "Quick" reports don't contribute) but it obviously does sort of work. More leverage, FWIW, on the lackadaisical/complicit shortening services and a tool to help divert/drop the mailbox spam load. CleanTalk (https://cleantalk.org/blacklists) currently lists mow.so too - CleanTalk lists are mostly for comment spam IIUC.
  17. Farelf

    ConstantContact

    Some later discussion - http://forum.spamcop.net/forums/topic/10304-reputation-check-please/ The code strings in the constant contact URIs could be anything but probably (mostly) track the referrer to your response. E-mail marketing is always going to be more than a little contentious within the demographic of this forum. A little de-mystification is going to be useful. Here is one supportive review - http://au.pcmag.com/e-mail-products/27210/review/constant-contact-email-marketing (negative reviews aren't hard to find either but probably don't go as far in explaining the process and supposed checks and balances). World Of Trust reviews are mixed but not generally supportive - https://www.mywot.com/en/scorecard/visitor.constantcontact.com The general quality of internet product/service review is low and notoriously prone to competitor "white-anting" - I would prefer the views of the forum members in the "later discussion" linked above, especially those who have used the service, and hopefully some of those might respond here - if not, I'm sure they wouldn't mind you PMing them for their informed opinions (and, with their consent, adding such comment to the dialogue "here" for broader dissemination).
  18. Farelf

    Commercial 'search' spam?

    Very droll. Can we get further off-topic? Of course we can! I just feel bound to mention, seriously, that (suspected) peptic/stomach ulcer sufferers tend to find all sorts of ways to "live with" their condition in preference to obtaining diagnosis and (these days) simple, no-fuss and effective treatment. Contrary to this very natural and entirely "human" tendency to avoid actually confronting the condition, they really, truly owe it to themselves and their loved ones to seek professional assistance, the earlier the better. Otherwise there are risks of progression to worse things. Very much worse. Trust me. Sorry to be a "wet blanket" but this touches (well, slams) close to home - when the wrong decision, delayed decision (or, more likely, the absence of decision) can, in the worst case, be disastrous - quite literally. So simple not to let it go so far. And, after that caveat, the Fuzzy White Russian sounds like fun Gin and tonic (once the certain sign of a "ruined digestion") gets a bit monotonous after a while.
  19. Hi Clive, Bad news indeed. But the spambots seldom retain any particular spoofed sender address for long (unless you have REALLY upset someone) - that is counter-productive for them. Being a spoofed sender is usually fairly rare and truly random. But even random rare occurrences can (even more rarely) recur in close succession - or maybe there have been inbuilt delays for retry attempts as used by some networks. The idea of reporting misdirected bounces is to educate the errant postmasters doing that bouncing. One way or another the situation does seem to have actually improved over the years. E-mail providers, depending on their resources, are able to filter out incoming misdirected non-delivery notices - perhaps that is the real reason for the general improvement, but education may have something to do with it as well. People with the bandwidth (and lack of flood control) used to get thousands of bounces an hour to the spoofed sender/return address for a few days. That doesn't happen any more. If you use e-mail submissions for reporting, you can send whole batches of them in each submission which streamlines the process. Since analysis of the bounce message body is pointless, "Quick" reporting might be a useful further streamlining option - but note there are risks of reporting your own provider if your network configuration changes unexpectedly. I see veronyka.co.ua is listed in the SURBL (real-time URI blacklists), which is probably one of the reasons for the reliance on "shortening" services. It will surely appear on other lists and reputation alerts as well (but not on the URIBL, the shortening services are working well in protecting that "spamvertized" website). Anyway, you can contribute to some of those lists and alerts since you possess evidence, even if it is not "your" spam directly. Also, some of those shortening services are amenable to complaints and will block attempts to abuse their services, Unfortunately bounce reporting doesn't involve content analysis of the original spam, that is something to be addressed, if at, outside of the SC reporting system. Those are some things to consider if it persists unreasonably - but for most it does not last long (it just SEEMS like an outrageously long time while it is happening).
  20. Farelf

    Commercial 'search' spam?

    In any event, I'm unsure if our members http://forum.spamcop.net/forums/user/2593-c2h5oh/ and http://forum.spamcop.net/forums/user/2984-137-trimethylxanthin/ have been alerted to any requirement for their propinquity.
  21. Farelf

    Report email rejected by someone

    Sounds like they're hitting anything with "spam" in it, so a fair bet the service[at]admin.spamcop,net would be blocked too - that is a domain but so is your "submit" address. Worth trying though. If that doesn't work either then I or someone else here will contact Don and alert him, maybe you can work out something between you. Sheesh, providers! - and we thought spammers were dumb ...
  22. Farelf

    Report email rejected by someone

    Sounds awfully like your provider/network has started filtering your outgoing. As has happened to many of us . Write to Don D'Minion with your reporting account detail and full copy of that bounce to see whether he can determine what is happening - spamcop[at]spro.net
  23. Farelf

    Commercial 'search' spam?

    The most visible tracks of the beast - http://research.google.com/pubs/DataMining.html Not just Google of course, Google is just (arguably) the most open (and openly mines e-mail as well as search-engine queries and some browser history). Depending how you define it, AI is up and running - neural networks accessing and digesting databases of almost unimaginable size, finding associations and "patterns" without mind or mentation, merely probability distributions for filters and some simple rules for discrimination. None of which should "out" e-mail addresses for commercial exploitation by third parties. Study the privacy policies of the enterprises you deal with and jump all over them if there is any evidence of a data breach (it might even be inadvertent and they might be grateful for the 'heads up' - well, pigs might fly too, though in a slightly different universe). Welcome to the 21st century. It took a long time and much anticipation but the future is finally here. Unfortunately, the most potent general driver of innovation and 'progress' remains the same as it always was - greed. Guess I'd best lay off on the 1,3,7-trimethylxanthine and resume the meds ...
  24. Farelf

    Latest Dumb spam

    Different forums, different fleas. That IP address (iliad-entreprises.fr/poneytelecom.eu) not banned "here", no cause - well, probable cause maybe - but the registration e-mail domain (once) a different matter. Latest IP banned "here" (an IP address range) is 193.201.224.0/24 (193.201.224.*), part of Alpha-Telecom-NET (UA), due to continuing use by a reputed spammer - and no regular members (just 1/27 unbanned and that "he" is a 'known spammer' as well) - using a variety of aliases and credentials, ever since the last implementation of this forum. That one likes to register with an account from any of the major free e-mail providers and seems to be into scraping this board, not spamming it as such (so no reportable activity here). In time he will go away/find new proxies and I can lift the restriction. Or maybe not - it is a spectacularly abused range, the owners must be complicit or dead. But goodness knows what exactly that spammer/associate has been doing here and why for the past several months (collecting the phoney backlink stats that SEO agencies use to bill their clueless clients, maybe?) but frustrating the ungodly is a duty gladly undertaken by the ... erm ... not so ungodly
  25. Farelf

    Latest Dumb spam

    Priceless - spamkiller spam served with a straight face/no evident conception of irony. That user-registration e-mail domain was the first ever banned on these forums, back in early 2006. With the evolution of spammer methods (and of counter-spam resources to match) we should probably reconsider that restriction for this forum. Can't see that the domain is currently particularly "toxic", whatever the situation might have been more than eight years ago. Anyway, it is possibly better to allow instances of spam and remove/keep it from public view so to authoritatively report the perpetrators' credentials for subsequent alerts to the wider internet community about current spam "campaigns" (exactly as you have done). That would/should be more effective in limiting the (supposed) profits of spam and its proliferation than will simple denial on an individual, isolated forum/bulletin board basis. Will consider ...
×