Jump to content

Farelf

Forum Admin
  • Content Count

    7,012
  • Joined

  • Last visited

Everything posted by Farelf

  1. Hi Clive, Bad news indeed. But the spambots seldom retain any particular spoofed sender address for long (unless you have REALLY upset someone) - that is counter-productive for them. Being a spoofed sender is usually fairly rare and truly random. But even random rare occurrences can (even more rarely) recur in close succession - or maybe there have been inbuilt delays for retry attempts as used by some networks. The idea of reporting misdirected bounces is to educate the errant postmasters doing that bouncing. One way or another the situation does seem to have actually improved over the years. E-mail providers, depending on their resources, are able to filter out incoming misdirected non-delivery notices - perhaps that is the real reason for the general improvement, but education may have something to do with it as well. People with the bandwidth (and lack of flood control) used to get thousands of bounces an hour to the spoofed sender/return address for a few days. That doesn't happen any more. If you use e-mail submissions for reporting, you can send whole batches of them in each submission which streamlines the process. Since analysis of the bounce message body is pointless, "Quick" reporting might be a useful further streamlining option - but note there are risks of reporting your own provider if your network configuration changes unexpectedly. I see veronyka.co.ua is listed in the SURBL (real-time URI blacklists), which is probably one of the reasons for the reliance on "shortening" services. It will surely appear on other lists and reputation alerts as well (but not on the URIBL, the shortening services are working well in protecting that "spamvertized" website). Anyway, you can contribute to some of those lists and alerts since you possess evidence, even if it is not "your" spam directly. Also, some of those shortening services are amenable to complaints and will block attempts to abuse their services, Unfortunately bounce reporting doesn't involve content analysis of the original spam, that is something to be addressed, if at, outside of the SC reporting system. Those are some things to consider if it persists unreasonably - but for most it does not last long (it just SEEMS like an outrageously long time while it is happening).
  2. Farelf

    Commercial 'search' spam?

    In any event, I'm unsure if our members http://forum.spamcop.net/forums/user/2593-c2h5oh/ and http://forum.spamcop.net/forums/user/2984-137-trimethylxanthin/ have been alerted to any requirement for their propinquity.
  3. Farelf

    Report email rejected by someone

    Sounds like they're hitting anything with "spam" in it, so a fair bet the service[at]admin.spamcop,net would be blocked too - that is a domain but so is your "submit" address. Worth trying though. If that doesn't work either then I or someone else here will contact Don and alert him, maybe you can work out something between you. Sheesh, providers! - and we thought spammers were dumb ...
  4. Farelf

    Report email rejected by someone

    Sounds awfully like your provider/network has started filtering your outgoing. As has happened to many of us . Write to Don D'Minion with your reporting account detail and full copy of that bounce to see whether he can determine what is happening - spamcop[at]spro.net
  5. Farelf

    Commercial 'search' spam?

    The most visible tracks of the beast - http://research.google.com/pubs/DataMining.html Not just Google of course, Google is just (arguably) the most open (and openly mines e-mail as well as search-engine queries and some browser history). Depending how you define it, AI is up and running - neural networks accessing and digesting databases of almost unimaginable size, finding associations and "patterns" without mind or mentation, merely probability distributions for filters and some simple rules for discrimination. None of which should "out" e-mail addresses for commercial exploitation by third parties. Study the privacy policies of the enterprises you deal with and jump all over them if there is any evidence of a data breach (it might even be inadvertent and they might be grateful for the 'heads up' - well, pigs might fly too, though in a slightly different universe). Welcome to the 21st century. It took a long time and much anticipation but the future is finally here. Unfortunately, the most potent general driver of innovation and 'progress' remains the same as it always was - greed. Guess I'd best lay off on the 1,3,7-trimethylxanthine and resume the meds ...
  6. Farelf

    Latest Dumb spam

    Different forums, different fleas. That IP address (iliad-entreprises.fr/poneytelecom.eu) not banned "here", no cause - well, probable cause maybe - but the registration e-mail domain (once) a different matter. Latest IP banned "here" (an IP address range) is 193.201.224.0/24 (193.201.224.*), part of Alpha-Telecom-NET (UA), due to continuing use by a reputed spammer - and no regular members (just 1/27 unbanned and that "he" is a 'known spammer' as well) - using a variety of aliases and credentials, ever since the last implementation of this forum. That one likes to register with an account from any of the major free e-mail providers and seems to be into scraping this board, not spamming it as such (so no reportable activity here). In time he will go away/find new proxies and I can lift the restriction. Or maybe not - it is a spectacularly abused range, the owners must be complicit or dead. But goodness knows what exactly that spammer/associate has been doing here and why for the past several months (collecting the phoney backlink stats that SEO agencies use to bill their clueless clients, maybe?) but frustrating the ungodly is a duty gladly undertaken by the ... erm ... not so ungodly
  7. Farelf

    Latest Dumb spam

    Priceless - spamkiller spam served with a straight face/no evident conception of irony. That user-registration e-mail domain was the first ever banned on these forums, back in early 2006. With the evolution of spammer methods (and of counter-spam resources to match) we should probably reconsider that restriction for this forum. Can't see that the domain is currently particularly "toxic", whatever the situation might have been more than eight years ago. Anyway, it is possibly better to allow instances of spam and remove/keep it from public view so to authoritatively report the perpetrators' credentials for subsequent alerts to the wider internet community about current spam "campaigns" (exactly as you have done). That would/should be more effective in limiting the (supposed) profits of spam and its proliferation than will simple denial on an individual, isolated forum/bulletin board basis. Will consider ...
  8. E-mail Richard W at deputies[at]admin.spamcop.net to see if he can help with your forwarding problems.
  9. Are you saying you still have not received the e-mail from SC Admin at your registered address for your reporting account? (Only you and SC Admin know that address, do not reveal it here in public.) Have you followed the link on the form as posted above? Have you tried to contact SC Admin at spamcop[at]spro.net? You might like to use the "Follow this topic" link to be notified of further responses to your query in this topic.
  10. Farelf

    My turn in the barrel

    Yes, this forum has seen a bit of a surge in the past 24 hours or so. Some commentary suggests increased activity from the Russian Federation and the Ukraine but not seeing any pattern changes myself - just a bit more of it, so far. Origins, including "banned" at registration (which most of them are): Country CIDR Australia 58.160.0.0/12 Canada 192.99.0.0/16 Canada 192.99.0.0/16 China 120.192.0.0/10 France 195.154.128.0/17 France 212.83.128.0/20, 212.83.144.0/21, 212.83.152.0/23 France 37.187.128.0/21 France 5.135.99.192/27 France 62.210.0.0/17 France 62.210.128.0/17 France 62.210.128.0/17 Germany 84.19.165.208/28 Germany 84.19.169.160/28 Germany 85.25.129.0/24, 85.25.130.0/20, 85.25.144.0/21, 85.25.152.0/23 Pakistan 39.32.0.0/11 Russian Federation 176.104.192.0/19 Russian Federation 31.184.238.0/24 Russian Federation 80.252.152.0/22 Russian Federation 87.117.176.0/20 Turkey 78.174.0.0/16 Ukraine 193.201.224.0/22 Ukraine 194.44.222.0/24 Ukraine 46.118.113.0/24 Ukraine 91.200.12.0/22 Ukraine 91.200.12.0/22 Ukraine 91.207.4.0/22, 91.207.8.0/23 USA - California 98.143.146.224/28 USA - California 69.12.64.0/19 USA - Illinois 104.128.16.0/20 USA - Kansas 70.14.0.0/16, 70.0.0.0/13, 70.12.0.0/15, 70.8.0.0/14 USA - Missouri 142.54.172.216/29 USA - Missouri 173.208.205.64/27 USA - Nevada 76.164.192.0/19, 76.164.224.0/20 USA - Pennsylvania 199.168.136.0/21 USA - Texas 198.52.244.0/24 USA - Utah 173.213.80.0/22
  11. And it is listed again. https://www.spamcop.net/w3m?action=checkblock&ip=46.63.127.118 Currently, As can be seen - it slips in and out of the BL, depending on reports received, The idiot owners tried to de-list it without stopping the spam so now they are not trusted to "express-delist", they must wait for the full time to expire.
  12. Good idea - it is my impression that the client was the problem, outlook.com webmail was then hotmail and never "in the frame" as far as the curiously variable mangling of the "Received:" header sequencing goes, which was/is at the heart of the Outlook client problem. Outlook Express was never implicated either.
  13. Yes, that is the reason. Thanks for the links. I currently see "46.63.127.118 listed in bl.spamcop.net (127.0.0.2)" IP address 46.63.127.117 cannot be far behind as the message volumes for those are similar according to SenderBase (http://www.senderbase.org/lookup/?search_string=46.63.127.118 & repeat for 46.63.127.117) - OR it could be 46.63.127.118 has hit spamtraps which have more influence than member reports. Note, when spam from it stops, a listed IP address will "time out" of the SC BL soon after (within 24 hours). Here is the reporting history for 46.63.127.117 Submitted: 12/12/2014 10:35:09 pm +0800:=?windows-1251?B?weXx7+vg8u376SDq8/DxIMDr5erx4CDf7e7i8eru4+4=?= 6237759385 ( http://www.rokod.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237759384 ( http://www.rokod.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237759383 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 12/12/2014 10:35:09 pm +0800:=?windows-1251?B?w+Xw7ODt6P8g5Ov/IObo5+3oIOgg4ejn7eXx4A==?= 6237758611 ( http://www.prodeur.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237758610 ( http://www.prodeur.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237758609 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 12/12/2014 6:02:37 pm +0800:=?windows-1251?B?+Ojw7uro6SDg8fHu8PLo7OXt8iDt4PDz9+379Swg7eDx8u7r/O379Swg7eDv... 6237642591 ( http://aerofun.in.ua/cityadspix2/index.html ) To: noc[at]mirohost.net 6237642590 ( http://aerofun.in.ua/cityadspix2/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6237642589 ( http://aerofun.in.ua/cityadspix2/index.html ) To: postmaster[at]icg.com.ua 6237642588 ( http://aerofun.in.ua/cityadspix2/index.html ) To: postmaster[at]mirohost.net 6237642587 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 12/12/2014 6:01:57 pm +0800:=?windows-1251?B?UmU6IM3g8PP37fvlIPfg8fsgQ0FTSU8gRy1TSE9DSw==?= 6237642485 ( http://www.ovhinc.in.ua/cityadspix4/index.html ) To: noc[at]mirohost.net 6237642484 ( http://www.ovhinc.in.ua/cityadspix4/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6237642483 ( http://www.ovhinc.in.ua/cityadspix4/index.html ) To: postmaster[at]icg.com.ua 6237642482 ( http://www.ovhinc.in.ua/cityadspix4/index.html ) To: postmaster[at]mirohost.net 6237642481 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 12/12/2014 12:36:20 pm +0800:[spam] Generika Testpaket fur 29 euro 6237532426 ( http://www.trueda.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237532425 ( http://www.trueda.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237532424 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 4:51:02 pm +0800:=?windows-1251?B?z+7x6+Xk7ejlIOjn7OXt5e3o/yDSyiDQ1CDiIDIwMTTjLiDN7uLg/yDu?= =... 6237115755 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 2:23:08 pm +0800:=?windows-1251?B?wfDl6+roIPEg6+7j7iDu8iAxOSDw8+Hr5ek=?= 6237060172 ( http://www.rivner.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237060171 ( http://www.rivner.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237060170 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 2:23:08 pm +0800:=?windows-1251?B?wfDu7fwg7vLl6+XpIOHl5yDv7vHw5eTt6Oru4g==?= 6237060164 ( http://www.vomoe.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237060163 ( http://www.vomoe.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237060162 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 2:23:08 pm +0800:=?windows-1251?B?xO7v7uvt6PLl6/zt++kg5+Dw4OHu8u7q?= 6237060156 ( http://www.gokan.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6237060155 ( http://www.gokan.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6237060154 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 9:33:45 am +0800:=?windows-1251?B?wfDl6+roIPEg6+7j7iDu8iAxOSDw8+Hr5ek=?= 6236974838 ( http://www.rivner.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6236974837 ( http://www.rivner.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6236974836 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 11/12/2014 7:30:56 am +0800:Swiateczno-sylwestrowa dostawa 6236939780 ( http://teleports.info/ ) To: postmaster[at]hostenko.com 6236939777 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 11:51:09 pm +0800:Swiateczno-sylwestrowa dostawa 6236786784 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 9:06:03 pm +0800:Swiateczno-sylwestrowa dostawa 6236733608 ( http://teleports.info/ ) To: postmaster[at]hostenko.com 6236733601 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 8:39:08 pm +0800:Swiateczno-sylwestrowa dostawa 6236721188 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 4:54:07 pm +0800:=?windows-1251?B?VmVyeSBlY29ub21pY2FsIElSIGhlYXRlciAoVWtyYWluZSkgLyDd6u7t7uzo... 6236654230 ( http://www.halfiger.in.ua/ebay8/index.html ) To: noc[at]mirohost.net 6236654229 ( http://www.halfiger.in.ua/ebay8/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6236654228 ( http://www.halfiger.in.ua/ebay8/index.html ) To: postmaster[at]icg.com.ua 6236654227 ( http://www.halfiger.in.ua/ebay8/index.html ) To: postmaster[at]mirohost.net 6236654226 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 3:52:05 pm +0800:=?windows-1251?B?y+jq4ujk4Pbo/yDu8iAzNCA5MDAg8PPhLiDv7iDi8eXsIPDl4+ju7eDs?= 6236637189 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 3:12:57 pm +0800:[spam] Viagra Generika fur 1,65 Euro ohne Vorauszahlung 6236619033 ( http://www.alikins.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6236619032 ( http://www.alikins.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6236619031 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 2:33:06 pm +0800:=?windows-1251?B?yvDg8e3g/yDI6vDgIDAuNSDq4yDn4CAxMzAwIPDz4S4=?= 6236606902 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 12:28:02 pm +0800:=?windows-1251?B?y+jq4ujk4Pbo/yDu8iAzNCA5MDAg8PPhLiDv7iDi8eXsIPDl4+ju7eDs?= 6236569073 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 10/12/2014 5:38:04 am +0800:=?windows-1251?B?VmVyeSBlY29ub21pY2FsIElSIGhlYXRlciAoVWtyYWluZSkgLyDd6u7t?= =... 6236450751 ( http://www.halfiger.in.ua/ebay7/index.html ) To: noc[at]mirohost.net 6236450750 ( http://www.halfiger.in.ua/ebay7/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6236450749 ( http://www.halfiger.in.ua/ebay7/index.html ) To: postmaster[at]icg.com.ua 6236450748 ( http://www.halfiger.in.ua/ebay7/index.html ) To: postmaster[at]mirohost.net 6236450747 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 9/12/2014 5:02:06 pm +0800:Viagra Generika fur 1,65 Euro ohne Vorauszahlung 6236169130 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 9/12/2014 12:29:02 pm +0800:=?windows-1251?B?y+jq4ujk6PDz5ewg7+4g4vHl6SDQ7vHx6Og=?= 6236072043 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 9/12/2014 10:00:45 am +0800:=?windows-1251?B?zfPm7eAg7+7s7vn8INHg+OUu?= 6236029885 ( http://www.facebook.com/groups/557423757616453/ ) To: abuse#fb.com[at]devnull.spamcop.net 6236029884 ( http://vk.com/club51350974 ) To: nomaster[at]devnull.spamcop.net 6236029883 ( http://vitabud.com.ua/glasses/Sasha.shtml ) To: abuse#your-server.de[at]devnull.spamcop.net 6236029882 ( http://vitabud.com.ua/glasses/Sasha.shtml ) To: abuse#hetzner.de[at]devnull.spamcop.net 6236029881 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 8/12/2014 2:08:23 pm +0800:=?windows-1251?B?z+7x6+Xk7ejlIOjn7OXt5e3o/yDSyiDQ1CDiIDIwMTTjLiDN7uLg/yDu?= =... 6235593788 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 6/12/2014 3:28:27 am +0800:Generika Testpaket fur 29 euro 6234551979 ( http://www.keela.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6234551978 ( http://www.keela.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6234551977 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 9:33:38 pm +0800:=?windows-1251?B?wevl7eTl8CBQaGlsaXBzIOfgIDE3OTkg8PPhLiDt4CDv7uTg8O7q?= 6234421153 ( http://www.ohain.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6234421152 ( http://www.ohain.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6234421151 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 8:45:27 pm +0800:=?windows-1251?B?wcjOzMDDzcjS2yDEy98gz87V08TFzcjf?= 6234403518 ( http://analitics.in.ua/cityadspix/index.html ) To: noc[at]mirohost.net 6234403517 ( http://analitics.in.ua/cityadspix/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6234403516 ( http://analitics.in.ua/cityadspix/index.html ) To: postmaster[at]icg.com.ua 6234403515 ( http://analitics.in.ua/cityadspix/index.html ) To: postmaster[at]mirohost.net 6234403514 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 2:42:34 pm +0800:=?windows-1251?B?zszOy8DGyMLA3tnA3yDP0M7WxcTT0MAgxMvfIMvI1sAgwcXRz8vA0s3OIQ==?= 6234265475 ( http://www.halfiger.in.ua/cityadspix/index.html ) To: noc[at]mirohost.net 6234265474 ( http://www.halfiger.in.ua/cityadspix/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6234265473 ( http://www.halfiger.in.ua/cityadspix/index.html ) To: postmaster[at]icg.com.ua 6234265472 ( http://www.halfiger.in.ua/cityadspix/index.html ) To: postmaster[at]mirohost.net 6234265471 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 2:09:01 pm +0800:=?windows-1251?B?wcjOzMDDzcjS2yDEy98gz87V08TFzcjf?= 6234256567 ( http://analitics.in.ua/cityadspix/index.html ) To: noc[at]mirohost.net 6234256566 ( http://analitics.in.ua/cityadspix/index.html ) To: abuse#mirohost.net[at]devnull.spamcop.net 6234256559 ( http://analitics.in.ua/cityadspix/index.html ) To: postmaster[at]icg.com.ua 6234256557 ( http://analitics.in.ua/cityadspix/index.html ) To: postmaster[at]mirohost.net 6234256553 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 12:32:02 pm +0800:=?windows-1251?B?0uDv7vfq6CDk6/8g5O7s4A==?= 6234233595 ( http://www.ehalat.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6234233594 ( http://www.ehalat.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6234233593 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 5/12/2014 12:32:02 pm +0800:=?windows-1251?B?0uDv7vfq6CDk6/8g5O7s4A==?= 6234233595 ( http://www.ehalat.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6234233594 ( http://www.ehalat.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6234233593 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 4/12/2014 11:21:04 pm +0800:=?windows-1251?B?UHJlc3Mtd2FsbCwgQnJhbmQtd2FsbCwgIEJhY2tzdGFnZSwg1O7y7i3x8uXt... 6234001702 ( http://www.kipol.in.ua/standbuy/index.html ) To: nomaster[at]devnull.spamcop.net 6234001701 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 4/12/2014 2:16:15 pm +0800:=?windows-1251?B?y+jq4ujk4Pbo/yDn4CAzNCA5MDAg8PPhLg==?= 6233801209 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 4/12/2014 12:33:03 pm +0800:=?windows-1251?B?0PP36ugg7vIgNTUg8PPh6+XpIPEgwuD45ekg4/Dg4ujw7uLq7uk=?= 6233776094 ( http://www.roeel.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6233776093 ( http://www.roeel.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6233776092 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 8:36:00 pm +0800:=?windows-1251?B?w+Dw4O3y6PDu4uDt7fvpIO/u8u7qIO3u4vv1IOrr6OXt8u7iIPPm5SDqIM3u... 6233458445 ( http://www.sop.in.ua/landing-page5/index.html ) To: nomaster[at]devnull.spamcop.net 6233458444 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 8:33:05 pm +0800:=?windows-1251?B?ze7i7uUg4iDy8PPk7uLu7CDn4Oru7e7k4PLl6/zx8uLlLSAyMDE0LTIwMTXj... 6233457880 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 8:28:04 pm +0800:=?windows-1251?B?wuD4IO706PEg4iDM7vHq4uUuIDQ5MDAg8PPhLi/s5fEu?= 6233456756 ( http://services-business.re/ ) To: abuse[at]relcom.net 6233456755 ( http://services-business.re/ ) To: abuse[at]mtw.ru 6233456754 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 8:28:04 pm +0800:=?windows-1251?B?wujn6PLq6CDn4CAzOTkg8PPhLg==?= 6233456646 ( http://www.pereru.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6233456645 ( http://www.pereru.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6233456644 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 4:35:22 pm +0800:Kausnacks fur den Hund und 1 IPod gewinnen 6233360941 ( http://www.nasuk.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6233360940 ( http://www.nasuk.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6233360939 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 3/12/2014 2:25:03 pm +0800:=?windows-1251?B?z+jm4Oz7IPHuIPHq6OTq7ukgLTUwJQ==?= 6233318514 ( http://www.tokoba.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6233318513 ( http://www.tokoba.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6233318506 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 1/12/2014 1:59:06 pm +0800:=?windows-1251?B?0vDz8ejq6CDx7iDx6ujk6u7pIOTuIC0gNzUl?= 6232408240 ( http://www.clrof.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6232408239 ( http://www.clrof.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6232408238 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 29/11/2014 6:06:03 pm +0800:=?windows-1251?B?U2Vla2luZyBmb3IgYnVzaW5lc3MtcGFydG5lciAvIOj55ewg4ejn7eXxLe/g... 6231609970 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 29/11/2014 8:44:05 am +0800:Generika Testpaket fur 29 euro 6231460563 ( http://www.fobon.in.ua/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6231460562 ( http://www.fobon.in.ua/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6231460556 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 28/11/2014 4:01:15 pm +0800:=?windows-1251?B?y+jq4ujk4Pbo/yDv7iDi8eXpINDu8fHo6A==?= 6231100563 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 27/11/2014 3:47:04 pm +0800:=?WINDOWS-1251?B?z+7x6+Xk7ejlIOjn7OXt5e3o/yDSyiDQ1CDiIDIwMTTjLiDN7uLg/yDu8uLl... 6230593425 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.uaSubmitted: 24/11/2014 4:51:08 pm +0800:=?windows-1251?B?0fLl6uv/7e375SD34Pjq6CDu8iAyNCDw8+Eu?= 6229176428 ( http://www.egolob.ru/chasodverxq'>http://www.egolob.ru/chasodverxq ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6229176427 ( http://www.egolob.ru/ ) To: postmaster#dominant.lt[at]devnull.spamcop.net 6229176426 ( http://www.egolob.ru/chasodverxq'>http://www.egolob.ru/chasodverxq ) To: abuse#dominant.lt[at]devnull.spamcop.net 6229176425 ( http://www.egolob.ru/ ) To: abuse#dominant.lt[at]devnull.spamcop.net 6229176424 ( 46.63.127.117 ) To: r.kabakov[at]x-city.com.ua The earliest report is 24/11/2014 4:51:08 pm +0800. Each report summary begins with Submitted:
  14. Nothing relevant in the Email Error Logs - Don's notices should have gone out OK.
  15. Hi Pavel. Only SC staff can view that spam from the report ID links you provide (you would need to post Tracking URLs if you wanted the general membership to see what it is you are discussing). However, you can retrieve the reporting history for any IP address* (last 90 days) by pasting the address into the submission window in your member's page, hitting "Process spam" then selecting the "[report history]" link from the resulting display - and select "Last 90 days" for all the data. That will give you an idea of how many others are reporting that address. Alternatively, you can "drill down" through the IPv4 netspace map at https://members.spamcop.net/w3m?action=map to successive levels of detail. As noted in the link about what is on the SC BL indicated by Steve T, an address can pump out a lot of spam but if it also handles a much greater amount of real e-mail it is unlikely to be listed through reporter action alone. * (if you are a paying reporter)
  16. Hi Schmide, Haven't heard of a (properly constructed) header breaking the parser before. Does that mean the parser page does not display a tracking URL (up near the head of the parse) before you dismiss it? If it does you could copy that and paste it here, even though no reports are generated and the reference is not recoverable from your report history. What errors does the parser bleat? Are you "pasting in" the spam in the submission form or e-mailing? First thought is this could be a mangling introduced by the tools used in whichever submission method (supposing paste in given Yahoo problems with forwarding attachments).
  17. Well, that's good news, thanks for passing it on. Although apparently not COMPLETELY so, marking this topic resolved.
  18. Farelf

    Thank you Elves and Gnomes

    Haven't changed browsers/browser settings/cookie management have you? Can't actually "see" the kind of changes that might change the board behaviour (no permissions at all in those areas) but I would anyway have to depreciate board change as a likely cause (and, like, good luck with Chrome, come what may). But of course possible. And your generous spirit is much appreciated
  19. ... Fortunately it was kind of short, but what if a spam has a big bunch of attachments -- won't the source be so big it won't fit into the text field? I remember reading somewhere that the text field has a limit, and there's also a limit to the Email size, but it's a lot bigger. ... __________________________________________________________________________________________ In addition to what Steve T has said, it is permissible to truncate the body of a spam submission. You can even eliminate it entirely (but you have to have something there - the parser looks for at least a blank line following the headers, then some following content, even if it is just your own note, such as "spam body removed"). That might also save on fuel, if you are a paying reporter.
  20. Thanks, that's progress. When providers filter spam (filtering both inwards and outwards) there will be a lag in recognition - thus they let in more than they let out. The shorter the interval between receiving it and reporting it, the better the chance of getting it through, one imagines. When I used to get lots of spam (and with the sort of filtering my provider was doing) I found they weren't quite so smart in picking up multiple spam submissions - that is one submission with multiple spam attached. Alternatively making the FIRST attachment non-spam seemed to work (if it was an old e-mail the parser wouldn't process reports for it so don't even need to cancel). An unnecessary botheration of electrons, but they make us do such things, our lame and limited service providers.
  21. Hi jasmith, sorry to hear of your problems. This topic belongs in the "Reporting help" section I think, Wazoo's diagnostic might be worth looking at - http://forum.spamcop.net/forums/topic/1848-emailed-spam-submissions-disappearing/ It seems to me that the incidence of providers silently filtering submissions (on the grounds that they contain spam ... duh!) has been steadily increasing. A quick and painless test would be to try submitting a non-spam email. Just be sure to CANCEL the report if it does get through. If it doesn't, you need further help. If it does get through, you probably have an issue with Comcast, Will move the topic to that other section shortly.
  22. Farelf

    namecheaphosting

    Hmmm ... softlayer,com hosting (mentioned earlier above) - https://www.spamcop.net/sc?id=z6022803755z675f6f7f0149e72fb6e07ccf7f700a84z - used by flipmailer.com in some pseudo "social networking" spam malarky. Social? I'm barely civil, where did they get my detail? When I go to SenderScore.org (need an account - free - to get full detail) I see softlayer is only the tip of the iceberg, the flipmailer junk is going through at least 296 servers in many different networks in some sort of concerted way (despite softlayer hosting the designated MX servers - 10 of them - in DNS records). Maybe the same or similar in the NameCheap case which is the subject of the discussion. We know about snow-shoeing but that is ridiculous! I fear the myrmidons of spamdom may have hit upon a new and infinitely vile "paradigm" for the distribution of their feculence.
  23. Are you actually using the quick submission address bairhair, like quick.somecode[at]spam.spamcop.net, or the "ordinary" submission address, like submit.some code[at]spam.spamcop.net? IIUC you can't use both (or at least you can't use quick reporting without it being enabled). Unless something has recently changed at Comcast, you may need to enlist the help of SC admin or deputies to look at it for you (deputies[at]admin.spamcop.net). They would need your reporting account name (don't post it here), and probably your submission address (ditto, don't post it here). The "... less than 10% of what I forward is making it through ..." is a bit weird - would expect all or nothing if there has been no change in the transmission. Probably best if you read through Wazoo's diagnostic first which I will link as soon as I find it. Ah yes: http://forum.spamcop.net/forums/topic/1848-emailed-spam-submissions-disappearing/
  24. Many thanks Richard - marked "Resolved" so others can find the procedure to progress from the dreaded "... appears to traverse more than one domain." auto response.
  25. Farelf

    SC Contacts

    Great - thanks Richard.
×