-
Content Count
2,546 -
Joined
-
Last visited
Posts posted by petzl
-
-
42 minutes ago, pusser_uk said:Reporting to abuse@microsoft.com or report_spam@hotmail.com, where it originates, seems obviously not to work but just to multiply the amount of spam that returns. All the spam has a common thread in the "reply to" field which contains in various different forms deutsche.xyz with or without extra characters. All of them have in common, https://optimized-by.rubiconproject.com plus the rest of an address. Is there a way of stopping this amount of spam or do we keep reporting through SpamCop?
I suspect your reports are working (tried a link and came up dead) Appears you are/maybe being spammed by a "hosting site"
https://dan.com/ registrar : domainabuse[AT]tucows[DOT]comMicrosoft/Azure are now open for spamming with their "free" trials.
https://azure.microsoft.com/en-us/free/
-
6 hours ago, noisydaddy said:50.31.49.42
https://www.spamcop.net/w3m?action=checkblock&ip=50.31.49.42
Listings are for 24 hours, I suspect someone has paid for a email address list full of spam-trap addresses.
These are poisoned addresses, scrapped from Web pages/internet sources by WebBot's.
SpamCop's blocklist is a radar, detecting malevolent emails, then blocking for 24 hours.
Who/whatever's doing this needs to first scan their computer for malware and change passwords
If a who, they need to lookup double-opt-in, for marketing purposes.
Possible this is a shared IP
If you put a email address on the web do it this way "nobody[AT]nobody[DOT]net" please edit your post and remove the email address in it!50.31.49.42 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours.Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past weekListing History
In the past 90.4 days, it has been listed 30 times for a total of 36.7 days
Other hosts in this "neighborhood" with spam reports
50.31.48.230 50.31.49.41 -
20 hours ago, sc_aswglo said:"Educated" idiots being smug want one to jump through their hoops now!
They have a webpage
https://support.google.com/code/contact/cloud_platform_report
But you can try reporting directly from your own email addressOr consider having your email forwarded to your Gmail account (Leave the email forwarded on your server, do not delete)
Then mark spam on their/your Webmail page as phishing - seems effective -
2 hours ago, Raccoon said:Been looking around and this was just beginning last year...
I did a search by year and it didn't drag any others like that out; The similarities are scary. Practically spit image of my current issue. Not to mention MAYBE same time line..?
SpamCop is a "Bot"
The main problem with spamtraps email addresses is that spammers can find out what they are and use revenge attacks on servers they object to?
I get on my throwaway Gmail account I use for marketers a fictitious "unsubscribe" which posts to a 100 spamtrap addresses this activates a blocklist? -
4 hours ago, Raccoon said:The 2 emails that said person uses gets blocked a lot to different emails that she has had contact with in the past. They are not spam emails, they are regular emails talking about invoices/purchases which may include an attachment .pdf or two.
You are not the only one using that/those IP's unfortunately some clown has bought a scam mailing list full of "poisoned" or spamtrap email addresses
A spamtrap email address are hidden in web pages in which a "spambot" has crawled through gathering email addresses. Some good, some spamtrap ones!
Might pay to consider a different email provider?
A very popular spam filter is SpamAssassin that uses the SpamCop blocklist to help score/decide what is spam or not
Then there big email providers have secret blocklists and spam recognition programs that they don't disclose publicly, Cisco email servers are the best at sorting "spam from ham" and don't bother telling if mail has been deleted (they have no need to, they are that good) I don't see it and just don't care. All non-spam email goes to my inbox 100% accurate. -
7 hours ago, Raccoon said:I rechecked the time for the delisting and its at 22 hours. I don't think its changed at all since your last report previously. 😥
The SpamCop blocklist is spam traps getting hit , spamtraps are factious email address's that should not be getting email (like a radar)
When a spamtrap is hit ir resets the the block back to 24 hours
Some have been sent to real addresses and been reported as spam
These are some of the reported subject lines which look "spammy" to me
Those whishing to do "email marketing" should learn about "Double Opt-in"Order premium generic healing production here. Inviting:-) can u chat? Let's try to idyllic talks;-) My Mister charming =?utf-8?q?=5Bpossible_spam=5D?= Hi Y o u R TransUni0n, Equifax_And Experian Credit Scores In_Sec0nds For 0 Dolla... Own top rated treatment products here!
https://www.spamcop.net/w3m?action=checkblock&ip=208.180.40.71
Listing HistoryIn the past 87.5 days, it has been listed 20 times for a total of 50.4 days
Other hosts in this "neighborhood" with spam reports -
6 hours ago, gnarlymarley said:I have noticed that sometimes spammers use too many URLs in their spam. Would it be possible to group links by hostname and processs them by that? When the report is sent, they combine there. Moving it to the hostname means if all the links share the same hostname, they can still be reported. This would also save on DNS look ups if the links are below the limit.
https://www.spamcop.net/sc?id=z6698896959z37653b35adb76c14bc27cd5541f78a03z
Sometimes yo goto do this your self Namecheap sites are the ones that hammer our group here!
Domain Name: TIZIFI.COM
Registry Domain ID: 2522690312_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-05-06T08:47:07Z
Creation Date: 2020-05-06T08:47:04Z
Registry Expiry Date: 2021-05-06T08:47:04Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: mailto:abuse[AT]namechea[DOT].com
-
7 hours ago, MarkA said:If there are obvious issues with the headers, it seems that the mail provider needs to fix.
Try
deputies[AT]SpamCop[DOT]net
First look at preferences tab select
Report Handling Options
Then check "Enable quick data reports" should be checked
Quick Data Reports
Enable quick data reports
Disable quick data reports
You still may need permission to use this, it was turned off some years ago because of to much errant use.
My spam is low and prefer to copy and paste spam headers/body, and follow links to send abuse complaint to registrar -
1 hour ago, MarkA said:It's not clear here what constitutes traversing more than one domain, unless it's having issues with either the 0.0.0.0 IP or the handoff from mailchannels to dreamhost, and then my final email address in those headers is neither of those, being a hosted domain at Dreamhost.
So from bad to worse now. I don't have any forwarding between email accounts as part of this.
Thanks.
Seemed to me your Mail host had changed. It was not working at anyrate
Log into your SpamCop account
Go to preferences
Put in a working email address, if need be set up a Gmail one
Then try to set up your mailhosts again
-
18 hours ago, MarkA said:Any update for Dreamhost and Mailchannels here yet? I'm a long time spamcop user but new to the forums for this issue and am having similar recent issues with my Dreamhost reporting. And though I'm not experiencing a parser hang, the parser simply now says my mailhost is not configured correctly:
Just login to SpamCop click the tag mailhosts delete Dreamhost and Mailchannels (scroll down to "Delete Host")
Afterwards resend. Allow a hour? before resending just in case SpamCop is a bit slow in the taking. -
1 hour ago, gnarlymarley said:Or if you have already submitted, you can click on past reports, click on the link by the IP, then Parse, and you should have the tracking URL.
The spam is over the limit SpamCop can report SpamCop would truncate it automatically
https://www.spamcop.net/sc?id=z6697735603z2fd6d24e54ac6feda268f3f90621a6ebz;action=display -
15 minutes ago, petzl said:Would help if you sent a SpamCop Track
BEFORE you click submit look at page TOP
Example
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6697713791z3936f4bee8fc49cf1a24e632409448bdzWorked for me?
https://www.spamcop.net/sc?id=z6697735603z2fd6d24e54ac6feda268f3f90621a6ebz
With Gmail if you could report on your Gmail Webmail link spam as phishing it disables links for gmail users
Looks like some naïve user is not using a virus/malware checker, On windows Microsoft Defender Antivirus & More is best choice, one has already paid for this program and it is very good. Probably the best. -
2 hours ago, mrpHil said:These e=messages were happening regularly a while back then stopped. They seem to be back, Example
Would help if you sent a SpamCop Track
BEFORE you click submit look at page TOP
Example
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6697713791z3936f4bee8fc49cf1a24e632409448bdz -
21 minutes ago, emanmb said:I guess in some ways I'm looking for patterns where none really exist but for the randomness of what methods my yahoo spammers send me stuff. If I look in my gmail account it's stuff from all over the place. The consistency at which my one yahoo receives spam from google sources made me wonder what was up, and if google takes SC reports seriously at all. It probably means nothing
With Gmail learn to mark spam as "phishing". That immediately shuts down Google drive links
-
1 hour ago, Maine Train said:Neither are accessible, need a SpamCop track.
That said I set-up a Facebook account with my real name with my real name Gmail address.
Went to bed, next day getting spam in it?
Criminal phishing, bogus reply address, bogus unsubscribe
This/my email address I believe sold to this Russian (?) Crime gang by FaceBook
-
2 hours ago, Claudio said:Hello, does it make sense to keep routing information set up by a deputy more than ten years ago? Example:
https://www.spamcop.net/sc?id=z6696638230zd4234101e0e07f787c012ec0d368720ez
SC says the origin is 65.254.225.169 and wants to complain to abuse(@)hostingexpress.com and abuse(@)nwrks.net according to information set up by a deputy in 2004:
https://www.spamcop.net/sc?action=showroute;ip=65.254.225.169;typecodes=16
However, arin.net says:
https://search.arin.net/rdap/?query=65.254.225.169 = eig-abuse(@)endurance.comI preferred this email but there's no way to dispute or flag a route as needing attention. Should I notify someone? Maybe there's a reason the NIC information is not used. Thanks.
Claudio.
Gets annoying to everyone, suggest once a year SpamCop year send a double opt-in requirement to keep address active?
-
3 hours ago, Maine Train said:I haven't been on the forum for a long time, so I'm trying to get familiar with it again. I'm seeing threads from 2007 and earlier, but assuming that any without a year are 2020, meaning there's still activity here. I hope so, because I've got a weird situation involving a spammer/scammer trying to impersonate one of my high school classmates.
In the "old days," most of the people here were way more savvy about the Interwebz in general and spam in particular than I was, so I'm pretty sure someone will have some useful insight on the situation. Would anyone like to hear the whole story?
Learn how to send a SpamCop track at top of submitted spam BEFORE you report, this helps look at one's reasoning.
sample below
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6695988901z9aca68918bc112341fac8a2833c6993dz
Skip to Reports -
1 hour ago, gnarlymarley said:Would be nice if companies would keep their contact information up to date in whois.
I remember when it was postmaster@blal.blah that address got spammed to oblivion.
Many now want spam reports done on secret web pages. Gmail give a reply to abuse page/form now
Quotef you would like to report suspected spam, Malware, Phishing, or other abuse on Google Cloud, please fill out the form at the following link:
https://support.google.com/code/contact/cloud_platform_report -
14 hours ago, Steve said:I went ahead and manually reported the email to the abuse address since SC basically refused to.Steveabuse[AT]mega-com[DOT]ru = 195.208.155.243
Routing details for 195.208.155.243
Report routing for 195.208.155.243: ip-box[AT]ripn[DOT]net
I refuse to bother ip-box[AT]ripn[DOT]net
Another hard coded (2016) "abuse" address -
5 hours ago, hank said:How about "mail.spamcop.net" -- shouldn't that be a good address?
Suddenly my reporting of spam is rejected, password reset doesn't help, ping says it's an unknown host, sometimes, and other times gives very long delays, viz:
30 packets transmitted, 29 packets received, 3.3% packet loss
round-trip min/avg/max/stddev = 201.782/228.961/292.230/29.676 msmail.spamcop.net is not a routeable IP addressCannot resolve mail.spamcop.net
SpamCop email addresses are a legacy, all mail to your Spamcop email are just forwarded to the email address in your preferences -
8 hours ago, showker said:Has Spamcop stopped reporting the spamvertised site
Not for me, but does have some links it cannot reach so dismisses them as fake, when I can access them on my browser.
But cannot with my text only browser (NetDemon) a text browser is what SpamCop would use in lookup
You perhaps need to try a few by manual spam reporting you will get a more effective result IMO.
You can also work out how to make the BOT SpamCop work better for you.
You need for windows two FreeWare programs.IPNetInfo v1.95 (IPv4 lookup abuse contact, for IPv6 addresses I use SpamCop)
http://www.nirsoft.net/utils/ipnetinfo_setup.exe (direct download link)Win32Whois (website registra abuse contact)
http://www.gena01.com/win32whois/ -
2 hours ago, showker said:for the last several months, spamcop reports do NOT reveal or report the spamvertised site.
Everyone knows it's no use reporting the SENDER of the email, and if it's AmazonAWS, CloudFlare, Google or DigitalOcean, it's no use reporting them anyway because they ignore reports.
It's the benefactor of the spam that needs to be reported and get blocked.
Why did Spamcop stop doing that ????
AmazonAWS won't accept SpamCop reports for starters. Possibly AmazonAWS is also where the links are?
Forward your spam to abuse[AT]amazonaws[DOT]com and paste headers and body as text as wellNeed a Tracking URL to see
-
1 hour ago, EkriirkE said:This is a failed parse https://www.spamcop.net/sc?id=z6693341449z0778223c9998b219a4bda561ffbc4addz
this version parsed https://www.spamcop.net/sc?id=z6693545149z7a985f0f94faa3a5d9a2fa784fd2555bz
The only difference is I removed the Return-Path header
194.150.215.174 (Bounce)
so SpamCop does not lookup links
Possibly your email addy is on the reply address -
1 hour ago, EkriirkE said:What are you going on about? You can't get a tracking link for a spam you haven't submitted yet. That's a catch 22. And I'm not trying to report spamcop report links
Unless headers are shown safest way is by a Tracking URL
,Without one or headers have no idea what you are on about either?
If you paste headers replace your email address with a x
Car history checker app
in SpamCop Lounge
Posted · Edited by petzl
It was spam Both (the same?) just trying to troll IMO!