petzl
-
Content count
2,005 -
Joined
-
Last visited
Posts posted by petzl
-
-
On 9/11/2018 at 4:26 PM, mojorisin said:209.85.218.43 is an IP address from within our whitelist.
209.85.218.43 is not a routeable IP address
Probably a Google network address post a tracking url the info you gave is useless
-
7 hours ago, SuperMacro said:Next UCE arrived today with unparsable headers
https://www.spamcop.net/sc?id=z6483930589z531db03c3000f0ee59c5fc2c685e9011z
Your email provider is putting adding to headers some "anti-spam" code to headers (which don't seem to work), however SpamCop is sending abuse report to a abuse desk where email/spam originates
-
20 hours ago, showker said:Life is short. I'm concentrating on what I can change, and ignoring all that I cannot change!
I'm hitting Chinese spam all fed by Botnet probably from outside China but Chinese writing same as "our" Forum spammer just something to disrupt
Chinese spam need to be forwarded as attachment to abuse [at]12321 [] cn include what you can in report
For unknown reasons China has a lot of providers with "Port 25" open
Sample auto-ack with report
112.112.13.114 is an open proxy BOTNET (Botnet is IP hopping) spewing spam anti-spam [ ] ns.chinanet cn net SEE https://www.abuseat.org/lookup.cgi SEE ALSO CisCo sites REPUTATION IP LOOKUP https://www.talosintelligence.com If Microsoft Windows Defender is available to your customers, they need to use it! THEN Change Password https://www.spamcop.net/w3m?action=checkblock&ip=112.112.13.114 In the past 88.9 days, it has been listed spewing spam 28 times for a total of 34.6 days BLOCK OUTBOUND PORT 25, https://www.spamhaus.org/pbl/query/PBL340179 > -
10 hours ago, RobiBue said:btw, what do you mean with the quote below the SBL link? I don't get the connection...
Just the blurb I copy and paste into reports, seemed to me a compromised computer.
I did not know that CocaCola no longer owned that IP but as it's not on spamtrap addresses makes me wonder if that IP has not scraped email addresses from it?You though had it nailed by being in touch with CocaCola. It has already been disabled😎
-
7 hours ago, RobiBue said:info [AT] cert. gov. au and consumer_information [AT] ccamatil . com
They have no abuse contact but a Australian IP belongs to CocaCola
167.103.35.178
https://www.spamhaus.org/sbl/query/SBL247801
compromised/forged web and or email accounts If Microsoft Windows Defender is available to you, use it Scan for Malware! THEN Change log-on to a more secure password-Phrase! > -
5 hours ago, oZoneCapHill said:https://www.spamcop.net/sc?id=z6482811398z97674f89b815c3861fb07fa299740b66z
Working now? hotmail throwaway email account
-
On 8/28/2018 at 11:11 AM, lemj3 said:I may be misunderstanding your response, but there is no problem with reporting spam. The issue is the SpamCop AutoResponse messages are being blocked. Somewhere
No problem for me but I cut and past. Sometime you have to work out your problem yourself.
Firstyou have to work out who is blocking/bouncing your SpamCop AutoResponse look at the bounce headers it should tell you -
7 hours ago, lemj3 said:Mail to me has to go through two mail systems, it would help if the message indicated which server is the blocker.
Run the email through SpamCop parser it should clue you in? then cancel report.
Also configure or check your Mail Host set-up
-
6 hours ago, Calion said:Sure. Every one of these is being sent to “abuse@apple.com.” The question is, should they also be sent to “reportphishing@apple.com”?
YES leave it
-
19 hours ago, Calion said:I’m confused. It’s a phishing scam for Apple when it in no way purports to come from Apple?
Not sure but it looked to me to be coming through a "chat" group?
-
5 hours ago, RobiBue said:the Russian server is there...
Sound like it's a Russian crime gang? 84.22.137.8 appears clean but
https://www.spamcop.net/w3m?action=checkblock&ip=84.22.137.26
System has been listed for 3.8 days.
-
6 hours ago, Calion said:I get a lot of spam that is apparently sent from Apple servers. However, almost none of it is phishing attempts. Therefore, I have to uncheck “reportphishing@apple.com”
There is a unsubscribe link try using it? Then if it still comes it is legally a phishing scam.
They have your email address anyhow
-
43 minutes ago, nhraj700 said:I just sent a complaint via that feedback function. Thanks for that tip. Tired of modifying headers.
Remember to mark Gmail span as phishing. The pointy heads there have a automated process which they think works?
-
7 hours ago, billcole said:Yeah, I had pretty much reached the same conclusion.
Which is more generally described as:
If you have 2 accounts, Me@Provider1 and Myself@Provider2, both with SpamCop Mailhosts configured on the same reporting account, then SpamCop won't target Provider2 with reports when Spammer@Provider2 spams Me@Provider1.Even more generally:
It is harmful to add a Mailhost config for a retail mailbox provider to a SpamCop reporting account which has any other Mailhost config.With Gmail just report spam as phishing then delete! Gmail seem confident this will kill spam?
-
9 hours ago, Jonas Mellergård said:webb server (193.0.253.30/ 2001:67c:2b58:1:0:0:0:30) forwards everything to log/externalmail/server at 193.0.253.39.
193.0.253.39 has multiple ip numbers in the 193.0.253.0/24 net
Seems it was removed from the blocklist by ISP
QuoteParsing input: 193.0.253.39[report history]
ISP believes this issue is resolved 193.0.253.39ISP believes this issue is resolved: 193.0.253.39 - no date available -
10 hours ago, RobiBue said:Yes were told by Google months ago they would fix them but??
-
I doubt if Google are using legit email headers. Other email providers using ARC are parsed easily by SpamCop
Same for Google searches often you get "this site can't be reached" caused by Google changing security certification. Thought morons were only in politics?
-
Gmail seem to be the ONLY loons doing this?
presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments
Delivered-To: x Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE Sat, 28 Apr 2018 09:00:41 -0700 (PDT)
-
3 hours ago, Surefoot said:Note how Spamcop munges the List-Unsubscribe line entirely
SpamCop tries to remove email addresses in it's header except those from, "from"
-
7 hours ago, goodnerd said:Maybe this is related to the iana.org default reporting address...
SpamCop often gets reporting address wrong or can't find them. I use a freeware windows program to check.
Direct link for instalation download here http://www.nirsoft.net/utils/ipnetinfo_setup.exe it's hard to find on webpagehttp://www.nirsoft.net/utils/ipnetinfo.html but it's at the bottom/end of page
-
29 minutes ago, PARCO Innovation said:I have see that.
What is the ISP's ? In fench we said "l'hébergeur web". It's that ?
Because it's very problematic for us and we need a solution. We are totaly alone in this situation...
ISP means "Internet Service Provider". Whoever receives your email seems to be blocking OVH who once had a bad name for dealing with spammers. You maybe can contact recieving provider to ask them to "whitelist" your email.
SpamCop is like a radar, if it gets spam over normal volume in it's spamtrap and reporting submissions by members it blocks IP for 24 hours after last spam message.
You should maybe consider Gmail in emergency situations. It is not SpamCop blocking you. Also do not publish your full email address in public like here.
Use "commercia [AT]parco-innov[DOT]com" to hide from Bot's who scrape email address's. -
2 hours ago, PARCO Innovation said:You are a spam blocker, you need to soluce us for that.
It's not listed I see no evidence it ever was? the link below shows you the IP is not blocked.
Some times ISP's use their own blocklist and blame SpamCop for it!
https://www.spamcop.net/w3m?action=checkblock&ip=151.127.13.142
Cisco also gives your IP a clean spam report if it was ever listed it would give it a "poor" ratinghttps://www.talosintelligence.com/reputation_center/lookup?search=151.127.13.142
-
1 hour ago, PARCO Innovation said:host mail.reveyron.com [151.127.13.142]: 550 5.7.0 Your server IP address is in the SpamCop database, bye
Not listed now no reports of spam have been made?
If listed automatically it would mean that IP was hitting spamtrap (non-existent) email addresses by the thousand? -
4 hours ago, kolor said:Hi I would like ask .I could see this website what ask me about password .It is correct
I pay for SpamCop reporting.
that site is for unpaid subscription which would require a different password no longer than 28 alphanumeric characters.
ocn.ad.jp spam
in SpamCop Reporting Help
Posted · Report reply
I'v not yet had this? I just used GMAIL to send a abuse report to 'corp.mail.ru' no block