Jump to content

petzl

Memberp
  • Content count

    1,879
  • Joined

  • Last visited

Everything posted by petzl

  1. petzl

    Spamcop cannot find source IP

    Works when you start copying headers at (this removes fake headers) ARC-Authentication-Results: i=1; mx.google.com; https://www.spamcop.net/sc?id=z6461382118z246c373109267c89072b487788ad4dcfz
  2. There needs to be a blank 2 line separation from headers and body of spam?
  3. Looks like a REAL mailhost problem you need to contact deputies https://mailsc.spamcop.net/fom-serve/cache/401.html
  4. petzl

    Spamcop cannot find source IP

    Some spammer is using spamware to fake headers (sometimes removing 2nd header works, not always). Anyhow it is giving Gmail a hernia, sometimes sending spam to ones sent folder. https://www.spamhaus.org/whitepapers/spamware/ Spamware is normally developed "by criminals for criminals" specifically for illegal use, often containing features such as the ability to falsify email headers to hide the true source of the spam, to insert fraudulent headers, to use dozens or hundreds of mail servers simultaneously, and to make use of proxies (trojan-infected computers). Features which no normal bulk email program would ever need and no legitimate buk email sender could ever use legally.
  5. petzl

    Spamcop cannot find source IP

    These are genuine Gmail headers https://www.spamcop.net/sc?id=z6461350211z4ef67168cec9b57a466a6e5a240b31c7z when fake headers are removed from your submission it parses OK https://www.spamcop.net/sc?id=z6461352945z1f2e49dc74fc18cb14dba3aa314795ddz
  6. petzl

    Spamcop cannot find source IP

    Thanks for link (but is rubbish 2002:a19:2203:0:0:0:0:0 is not a routable address) but I were getting these forged headers for a while only by reporting them and to Google abuse did they stop. To insert forged headers you simply rename (My Computer) your computer to ARC-Seal: i=1; a=rsa-sha256; t=1524487372; cv=none; d=google.com; s=arc-20160816; b=XvpHCp72Wirsv7guEqaJFpG5lGBXH0XQHx5t2Gb3Ajd9DpIFsuknOCSM2Ab2IntAXQ /qTmP76uAW0RvIBrR8ozGB4RvW5uNm4yKxl1DP8EF6jV+hrquvOb3QlbgXxM/78n6VN2 VgCvX+xQoajpB0yVLs7Vpw2WKvUmj31XUgb6Kv3ekRi482Uf74Worx0ayFVOCbH0C741 fvjaK3qt3qgC3rXA9MKqKxp4vThGXdpZ3KpenR5dh4IDWEttOmEGk5/BfYjkL2AsLJcI /Ab/FozgoKH62Vv8cETDvccVGuppvmus5jdPOY+sk65+CeKC3EPlj/jYQoSeJZNtWTwH QXyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:mime-version:subject:message-id:to:reply-to:from :date:dkim-signature:dkim-signature:arc-authentication-results; bh=3XGAO9t72kzYXZEHdxQCEi3LjBUqtSuDzaeNBgzlYXQ=; b=BHg7hIDgobGQ5CqYn9J7c3cd7jlENG6GrHfGZTcNxdZfO5d1iAc63GAQJTQzTUVTsU I/dnjBg3DjaZjKdSEhYSmehaQlBt/xaNZ/SjsP0tBTgpcPFlCC4l4tuB8L+JLB6ucOQT 2OSHWAWe3UmzZ3lGCUT/Q1+EEF9p17GunwrtNh041niEvnkzGODBE5bE/gSBGmB002Dh UeaVaK9x3LwcVSy8hzWlN4hsmPj+quFINVnjzIdXpHSg8I0ZcOyYKI3Lhil4ZtZpbOcg NzYn6QsmAe7Q8NtneNOPkX+2DlOe4PuYv+Lcz32n1RSWw+4h1fICiWUE+Q7edR0OHuJZ c8KQ== something like that?
  7. petzl

    Spamcop cannot find source IP

    The headers are faked by spammer Gmail has a problem, the top fake headers need removing Delivered-To: x Received: by 2002:a19:2203:0:0:0:0:0 with SMTP id i3-v6csp3807840lfi; Mon, 23 Apr 2018 05:42:52 -0700 (PDT) X-Google-Smtp-Source: AB8JxZouH9uRREqqQY6Qz0qd656nSgVYRkNeZiYTX86AabWnCx2ioL9i5Pdbw/FTvtjnCec0Ah6G X-Received: by 10.55.65.21 with SMTP id o21mr21204190qka.98.1524487372373; Mon, 23 Apr 2018 05:42:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524487372; cv=none; d=google.com; s=arc-20160816; b=XvpHCp72Wirsv7guEqaJFpG5lGBXH0XQHx5t2Gb3Ajd9DpIFsuknOCSM2Ab2IntAXQ /qTmP76uAW0RvIBrR8ozGB4RvW5uNm4yKxl1DP8EF6jV+hrquvOb3QlbgXxM/78n6VN2 VgCvX+xQoajpB0yVLs7Vpw2WKvUmj31XUgb6Kv3ekRi482Uf74Worx0ayFVOCbH0C741 fvjaK3qt3qgC3rXA9MKqKxp4vThGXdpZ3KpenR5dh4IDWEttOmEGk5/BfYjkL2AsLJcI /Ab/FozgoKH62Vv8cETDvccVGuppvmus5jdPOY+sk65+CeKC3EPlj/jYQoSeJZNtWTwH QXyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:mime-version:subject:message-id:to:reply-to:from :date:dkim-signature:dkim-signature:arc-authentication-results; bh=3XGAO9t72kzYXZEHdxQCEi3LjBUqtSuDzaeNBgzlYXQ=; b=BHg7hIDgobGQ5CqYn9J7c3cd7jlENG6GrHfGZTcNxdZfO5d1iAc63GAQJTQzTUVTsU I/dnjBg3DjaZjKdSEhYSmehaQlBt/xaNZ/SjsP0tBTgpcPFlCC4l4tuB8L+JLB6ucOQT 2OSHWAWe3UmzZ3lGCUT/Q1+EEF9p17GunwrtNh041niEvnkzGODBE5bE/gSBGmB002Dh UeaVaK9x3LwcVSy8hzWlN4hsmPj+quFINVnjzIdXpHSg8I0ZcOyYKI3Lhil4ZtZpbOcg NzYn6QsmAe7Q8NtneNOPkX+2DlOe4PuYv+Lcz32n1RSWw+4h1fICiWUE+Q7edR0OHuJZ c8KQ== once done it parses OK. the fake headers need to be put in "notes" if reported the spam stops was happening to me also send to gmail abuse https://www.spamcop.net/sc?id=z6461173975zb86c716f56397882d476e60f06009a9dz The network seems operated by criminal black-hat scumbags! https://www.spamcop.net/w3m?action=checkblock&ip=199.15.213.67 Other hosts in this "neighborhood" with spam reports 199.15.212.72 199.15.212.75 199.15.212.136 199.15.212.201 199.15.213.50 199.15.213.51 199.15.213.52 199.15.213.54 199.15.213.55 199.15.213.64 199.15.213.65199.15.213.69 199.15.213.90 199.15.213.92 199.15.213.112 199.15.213.118 199.15.213.121 199.15.213.125 199.15.213.132 199.15.213.139 199.15.213.140 199.15.213.175199.15.213.183 199.15.214.3 199.15.214.37 199.15.214.42 199.15.214.45 199.15.214.46 199.15.214.47 199.15.214.48 199.15.214.49
  8. petzl

    Spamcop cannot find source IP

    Check your sent mail there is was a problem with Gmail https://news.google.com/news/story/dU3PtG5ZecqtanM2Dctcba56KqrVM?ned=us&hl=en&gl=US
  9. It's a phishing scam I have got these on occasions. Make sure you have a WORKING malware/virus program going. Windows defender is a good one, Run a scan. Most Network operators are brainless, if you sent a SpamCop tracking URL you might get better advice
  10. All of those IP's are not routeable IP address's. You have some "network box" receiving your email removing headers then sending to you
  11. petzl

    Spamcop cannot find source IP

    Check your sent mail there is was a problem with Gmail https://news.google.com/news/story/dU3PtG5ZecqtanM2Dctcba56KqrVM?ned=us&hl=en&gl=US
  12. The headers are from a network and have been removed by that network. Useless for reporting spam
  13. SpamCop is just getting headers from a/your mail server (network)
  14. petzl

    me@rescam.org

    Try to find their FAQ - not sure where you got that "link" from? Below is a few links to pages from that FAQ https://www.rescam.org/faq/what-is-rescam.php https://www.rescam.org/faq/how-do-i-sign-up-to-rescam.php https://www.rescam.org/faq/how-do-i-unsubscribe.php
  15. petzl

    Spamcop cannot find source IP

    Afraid the headers are junk (to me) but will work if junk removed, track https://www.spamcop.net/sc?id=z6460699162zdabd939844b7514b24bbbd6395adb11az seems to be Indian spammer using twitter as a relay Claims to be a "unsubsribe" Indian site "They" have your email address anyhow your choice to try it? http://night-mare.org/unsub/?a1b2c3d4e5/682534/0/12859#55711 Or try forwarding spam to "me[at]rescam.org" .Rescam only works for/with a scammers REAL email addresses. If it bounces rescam stops sending. Rescam will only reply to emails that respond. They do use artificial intelligent BOT for replies If your submission is accepted they/it will give you a reply with links to nonsensical conversation. bit like the BOT Lenny for nuisance call
  16. petzl

    me@rescam.org

    Rescam only works for/with a scammers REAL email addresses. If it bounces rescam stops sending. Rescam will only reply to emails that respond. They do use artificial intelligent BOT for replies If your submission is accepted they/it will give you a reply with links to conversation
  17. petzl

    Spamcop cannot find source IP

    Send a tracking URL, seemed to of been fixed. The main problem I believe was Gmail setting headers wrong?
  18. Sounds like your ISP has not configured their email server? http://www.postfix.org/SMTPUTF8_README.html#detecting
  19. possibly different IP's are run by different owners?
  20. 74.202.231.63 seems level3 have been playing games Routing details for 74.202.231.63[refresh/show] Cached whois for 74.202.231.63 : abuse@level3.comUsing best contacts abuse@level3.comI know this ISP's abuse address:level3@admin.spamcop.netReports disabled for level3@admin.spamcop.net Using level3#admin.spamcop.net@devnull.spamcop.net for statistical tracking.
  21. spam needs submitting report_spam address has been requested by hotmail for SpamCop reports There is a problem that a lot of these are legacy issues and just go to a bit-bin. You can submit spam to "abuse [ at ] microsoft [ dot ] com" from your email account where you actually received that spam
  22. petzl

    ocn.ad.jp spam

    AFAIK Gmail just sort spam not block it??
  23. petzl

    ocn.ad.jp spam

    Gmail use their own spam sorting methods they do not block spam you can add "email addies" to block https://support.google.com/a/answer/2368132?hl=en If you get too much spam they do block you
  24. petzl

    KnujOn

    Thanks for your patience. This has been quite a uphill climb. When my father passed away last year KnujOn faced a number of challenges. Most specifically was the merging of two processes that had been working independently. With much effort we now a single process, in a single code set with a single database on one platform. Our entire operation is now running more smoothly and we are ready to push forward. If you are new to the project, welcome, you may have not been aware of the difficulties we have had. If you have not seen the refreshed website, please take a moment to that now: http://www.knujon.com. While some content and data is still being migrated and updated your reports should now be in the new format: http://www.knujon.com/kcreports/hr24140.html If you have sent us questions, we will do our best to answer them as soon as possible. We are currently preparing to release a major report along with some very specific complaints against abusive service providers. On policy, the At-Large Advisory Council received a response from the ICANN CEO to the letter I drafted on Consumer Trust. The response is woefully inadequate, but not unexpected. In the letter ICANN does not exactly admit mistakes, but comes as close to that a possible. The response confirms many things we suspected which is generally that ICANN does not have a plan for safeguarding consumers on the Internet. Read more here: http://www.knujon.com/index.html#blog However, there is some good news. ICANNs embattled CEO is leaving and a replacement has been selected. We are looking forward to beginning a new relationship with this CEO and continuing our work to fix broken Internet abuse policies. Also, Wiley has published my book, WHOIS Running the Internet, which covers heavily the work done by KnujOn to address the issue of restoring trust in communication through identification and accountability. The book has a dedicated site which explains much of the background for the book: http://whois.knujon.com. Purchasing a copy of the book or informing others will help this project. #################################################### Report index: http://www.knujon.com/kcreports/hr24140.html TEST LOCATION: http://bob.knujon.net/kcreports/hr24140.html Receipts: http://www.knujon.com/kcreports/hr24140_R.html Account Management: http://www.knujon.com/kcreports/hr24140.html#acctmgt Be sure to use your unique reporting address: hr24140[at]knujon.net Report Frequency Preference: NA Opt-out Preference: NA ------------------ Submission options: http://www.knujon.com/sendusspam.html Twitter: [at] KnujOn Buy WHOIS Running The Internet?: http://www.amazon.com/gp/product/1118679555/ KnujOn is an all volunteer, unfunded initiative. We need to raise about $5000 to cover our yearly basic project expenses. We are committed to this solution and appreciate your patience while we work our way through the maze of Internet bureaucracy to reduce illicit traffic and spam. Reply with UNSUBSCRIBE to be removed Thank you for your continued support!
×