Jump to content

petzl

Memberp
 View Profile  See their activity

  • Content Count

    2,416

  • Joined

  • Last visited

Posts posted by petzl

  3. Posted

    3 hours ago, DiverDoc said:

    RE: 167.89.80.93 (Administrator etc ...)

    To:abuse#sendgrid.com@devnull.spamcop.net

    Can one of you such bright people please advise me what this means and how I should proceed with future instances of spam from this sender?

     

    A few providers  do not accept SpamCop reports
    They only accept reports from the email account that received them!

  4. Posted · Edited by petzl

    6 hours ago, gnarlymarley said:

    There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.

    Yes if the IP shows as ever being blocked by SpamCop  it would lose it's GOOD TALOS reputation
    EMAIL REPUTATION Good
    Not uncommon for SpamCops blocklist to be falsely blamed
    However this IP has a malware infection, But never been reported by SpamCop
    195.225.38.17  abuse[at]gazprombank [dot]r u.
    https://www.abuseat.org/lookup.cgi?ip=195.225.38.17

  5. Posted

    10 hours ago, sergei_msk said:

    Hi,

    Thanks all for answers!

    There aren't mail in abuse[at]gazprombank[dot]ru.

    This (attached file) message received our users from recipient.

    SpamCop blocklist can be activated by a large number of emails hitting "SpamCop's spamtraps" .

    These email addresses are not public but can be scraped by "bots" from poisoned Web-sites.
     
    Records of such attacks are not recorded will be blocked for 24 hours from last spam.

    Two reasons for this is someone is not using a Virus scanner and a computer/device has been compromised
    or best practice for marketing is not being done "double opt-in confirmation"
    Minimum is
    https://en.wikipedia.org/wiki/Opt-in_email#Best_practice
    How easy is it to be put on a/your mail list? 
    Your competitors may well try to sabotage your mail list by loading it with poisoned email addresses?

  9. Posted

    8 hours ago, HasJuggled7 said:

    I probably should have posted something about Spamazon in the July/August timeframe after a mistake I made when preparing to send a report. I fat fingered the mouse and an empty message went to Spamazon (ec2-abuse@amazon.com). The bane of my existence at that time was Parsec Cloud (and still is - keep reading - I get *very* little spam from any other sources) as at times I was receiving their garbage every other hour on weekends (all weekend).  I received the standard response as an initial response almost immediately after I accidentally clicked [send]:
     

    I always forward my Amazon spam to abuse [AT] amazon [DOT] com which now has stopped from amazon 
    spammer has moved to India
    https://www.spamcop.net/sc?id=z6614613333z33924b4aa692bdb379203b970853f7efz
    Creep is using a number of Indian IP's but same fingerprint as Amazon spam
    "contact[AT]gyaneshwarcomputer[DOT]com"  "abuse[AT]alphainfonet[DOT]com"  "admin[AT]mukeshtech[DOT]com"
     

  10. Posted · Edited by petzl

    4 hours ago, Steve said:

    The "Show Original" option and then "Copy to clipboard" and then I paste into the submission field in SC and submit. Those emails are the only one I have problems with. All other emails go through fine.

    That's all I do with mine
    Seems though when spammer sends though gmail to gmail becomes a intranet SpamCop cannot parse
    Just report as phishing and gmail will deal with it
    Reported a while ago
    https://www.spamcop.net/sc?id=z6613089010zeca3f141148e65c17956cc77885b5331z

  12. Posted · Edited by petzl

    1 hour ago, Steve said:

    How do I correct that?

    Here is the tracking URL for said spam:

    https://www.spamcop.net/sc?id=z6612810826ze91817a6e8de425dff5c5f477fd46726z

    This seems posted from within Gmail to Gmail which means it is intranet spam,
    there is also no body in spam, Seems the headers are incomplete also.
    With full headers and no body, just under headers, hit enter twice and write "No body in spam" for SpamCop to work.
    Just mark it in Gmail as phishing

  13. Posted · Edited by petzl

    4 hours ago, Gingko said:

    I could eventually forward all of them to their respective senders, but does it worth the attempt?

    Would like some IP numbers a few track urls

    But if SpamCop is not working in stopping spam you need to do this yourself

    Just pick say five spams or more to report, All probably from same spammer

    This should give results on all 158 spams
    Learn which is the IP YOUR  email server receives email from then the IP that sent it. 
    Just report that IP by forwarding from your email
    The best defense is attack!

  15. Posted

    12 hours ago, Gingko said:

    I don't understand.

    Where should I forward this if it is not to Spamcop?
    I hope you are not telling me to forward directly to the spammer or to some hosting service related to it?

    Gingko

    SpamCop cannot report these spams, but it does tell you the IP address from whence they came.
    Also the URL in body of message
    With SpamCop, a "BOT", one sometimes need to step in to do spam reports more effectively.
    By showing you where I would of sent them, were just letting you see example

  16. Posted

    3 hours ago, Gingko said:

    For the quoted headers above, the tracking URL is https://www.spamcop.net/sc?id=z6611133626z038eafa006f7aed4232b8a0c6617a97az

    You need to forward from your email account with this preamble at top of report
    http://173.240.15.12
    Name:   lebis.disians.com
    IP:        173.240.15.12
    Domain:    disians.com\
    Registrar Abuse Contact Email:  mailto:abuse[AT]web.com

    EMAIL IP 173.240.15.12   abuse[AT]bigboxhost.com SpamCop has this wrong

    http://b.link/E-Leclerc-fr 
    IP  18.208.23.249  abuse[AT]amazonaws.com

    Then paste headers and text body as you did for SpamCop

  17. Posted · Edited by petzl

    3 hours ago, Gingko said:

    Ahem… Of course, yes, but…
    What are you calling “A tracking URL”, and how could it be useful, especially in this case?

    When some email server or Botnet starts spewing spam, occasionally they are taken offline. but when started up again it finishes the out of date spew!
    When you parse spam at top of page before you submit there is a tracking URL posting this, one can look up IP's to see when spam was happening and when it stopped and if it restarts
    For instance 35.182.184.76 couple of sites I use to check, was a Botnet, but it now seems a malware scan was done and has fixed it.
    https://talosintelligence.com/reputation_center/lookup?search=35.182.184.76
    https://www.abuseat.org/lookup.cgi?ip=35.182.184.76

  18. Posted

    2 hours ago, gnarlymarley said:

    Interesting that my amazon spam has nearly all stopped after I had submitted ten reports in a four day period.

    Nearly all stopped for me also after forwarding their spam back at them with a nerdy note!
    That said I still get the odd multiple spam splurge at once all from different IP's 
    Something wrong with their security. Possibly one of their home connected WiFi gadgets?

  19. Posted

    22 hours ago, HeatherReid43 said:

    any idea how do take care of this and stop the spam source ?

    You need to report to abuse[AT]amazonaws[DOT]com from Gmails WebPage

    Click "Show original" on your gmail WebMail page.
    you will see the IP that sent it to Gmail
    SPF:    PASS with IP 52.54.105.63 Learn more
    Forward it to AmazonAWS paste the IP above the text you paste into forwarded message.

    I paste this above headers and body text
      

    Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS 
Banned all Amazon and subsidiaries purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks 

It looks to me Amazon should block port 25 to prevent viruses and spam tools managing to connect directly from infected machines through your NAT? All those who have access to your network need to scan for malware. If detected change password

injection  
52.54.105.63  abuseXamazonawsXcom


     

  22. Posted · Edited by petzl

    2 hours ago, gnarlymarley said:

    Ah, but it appears that one can request port 25 to be unblocked.  I am not sure if there is a related fee or if it is free.

    These are Amazon IP's so it is up to Amazon to fix or not their spam problem.
    I assume it is from inside Amazon Corp.

  23. Posted

    6 minutes ago, klappa said:

    I don't get it I only get the sender IP. Is that the injection?

    167.89.8.98 is often in headers but probbaly spoofed
    Gmail tell you the IP they recieved email from
    Someone working for Amazon have a infected computer

    Everyone in Amazon simply have to run a malware scan to fix it blocking port 25 would stop it as well.

  24. Posted

    18 minutes ago, gnarlymarley said:

     I wish that they would just enable IPv6 and stop with the NAT stuff.

    It looks to me Amazon must block port 25 to prevent viruses and spam tools managing to connect directly from infected machines through their NAT?
     

×