Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by petzl

  1. 18 minutes ago, Tesseract said:


    The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

    this going through a internal network/intranet?

    Through email server Ecuador needs password change (no TLS) no abuse address  try CERT https://www.first.org/members/teams/#Ecuador
    From Botnet in India  

  2. 46 minutes ago, Sven Golly said:

    For some reason, I could not change my mailhosts to accommodate my provider. A SpamCop admin gave me an exemption which worked for a bit but now I'm faced with a new problem. Again, I think it's probably due to the number of different servers our webhost uses. "Mailhost configuration problem, identified internal IP as source" yet reading the headers, it seems to come from outlook.com (aka Microsoft / hotmail /365)/)

    I noticed that they frogged my domain (geldner.com).


    2a01:111:e400:7ebd:0:0:0:51 abuse[AT]microsoft[dot]com
    If your email is going through a internal network it's hard to report?

  3. 6 hours ago, LaserMoon said:

    My question is, has anyone put together a guide for how to best target spam based on origin?

    Each country has a "Computer emergency response team" (CERT) which can override abuse desks. 
    They often give a ISP a "hurry-up" order to get things fixed
    The problem is a lot of these addresses are run by companies just for their company,
    This creates confusion because many are not English and hard to differentiate between business and Government!

  4. 4 hours ago, LaserMoon said:


    I have an email sample that makes the SpamCop web form freeze (and crash) on Google Chrome as soon as the text is pasted in the form (Mozilla Firefox doesn't have this issue, but Chromium-based Microsoft Edge does).

    By the looks of it, it has to do with specially-crafted HTML attributes. (Does SpamCop try to to any client-side parsing, other than to check the length?)

    Is there a technical contact where I can send the file for analysis?


    Probably email is too large, learn to truncate below the spam headers
    look at the bottom of spam shown in link below for word "Truncated"

  5. 9 hours ago, Ricardo_63 said:

    Well, that is difficult to explain to ISP, I have claim about spam emails and they told it have spam protection against to spam mails, but clearly spammers can override ISP spam protection.

    That’s reason why I report each spam mail to SpamCop.

    Well I don't see the "received by"  line 
    Which should be followed with the
    "Received: from" vedicisland.com (vedicisland.com. [])
    As with this example (Gmail)

  6. 3 hours ago, Ricardo_63 said:

    after done it appeared on the MailHosts list, but it showing nine hosts

    thats normal
    you need to contact your ISP to get it to stamp  it's own IP "received: by"?
    example below


    Delivered-To: x
    Received: by 2002:a0c:9b89:0:0:0:0:0 with SMTP id o9csp1186644qve;


  7. 4 hours ago, Ricardo_63 said:

    I presume my mail server use one of them.

    SpamCop has them ALL whitelisted/won't report them. So your mailhosts seem ok. 
    Assuming you clicked add new hosts and received a email, to which you clicked the embedded link?

    Your ISP has not stamped it's own IP "received: by"? example below

  8. 7 hours ago, jprogram said:

    OHV makes up about half of the website links in the message.

    I certainly have tons of work on relorting to the following:

    #1. e-mail server; #2. web server (based on e-mail's domain name); #3. Google (**trk.com); #4. DigitalOcean (end-of-the-redirect-chain website); #5. Whoever is hosting bogus unsubscribe forms.... Then you got the DNS providers for each server.

    Don't do them all just a few to website the rest via SpamCop
    handling abuse try their website
    put in notes something like
    Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS

    In windows to find registar  of websiteI use this freeware program

    Registrar Abuse Contact Email:  mailto:abuse[AT]nameking[DOT]com

  9. 9 hours ago, Ricardo_63 said:

    Return-path: <investor@bit.com>
    Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>)
            id 1hYpA1-0003xK-Q2

    Came from  abuse[AT]corp.mail[DOT]ru
    Not seeing your received IP your receiving email server?
    Add/edit your mailhost configuration  log in to SpamCop click TAB  Mailhosts
    Before you Submit a spam Top of page is tracking URL - example

  10. 2 hours ago, jprogram said:

    Who do I go after from the chain? All of them? DNS severs too?

    Looks like OVH are dead at the wheel in handling abuse. might try their website
    put in notes something like
    Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS
    The site I was redirected to is listed a malicious

  11. 8 hours ago, jprogram said:

    Apparently, those are all owned by Google. So how do they work and what are those sites called?

    The redirection is immediately stopped if a Gmail user reports the spam as phishing just requires a click to do this.
    To save redirection to Google Cloud is done by anyone with a Gmail account which are free.
    A SpamCop tracking URL is always more helpful 
    SpamCop will report it to Google but not sure how quick Google react on reports?

  12. 9 hours ago, EkriirkE said:

    Spammers are tracking back who reports them by including the emails that get back to them via spamcop reports in the subject and body, example: 

    encoded and segmented subject:  https://www.spamcop.net/sc?id=z6641797254z619187ae372c6cec5509fadaf926d2baz

    segmented body: https://www.spamcop.net/sc?id=z6641801254z40077f70be652e542cfe9e7deb51e5faz

    My email is still visible.  Note the first example is targeted at me directly for reporting them subject "You make compliant on Spamcorp my.visible.email erville?..." with a confusing body that pieces together a personalized message:


    Report them again cost them another $5
    They have your email address anyhow
    Online criminals continue to distribute spam and carry out scams - even with the Chinese government involved. 

  13. 11 hours ago, gnarlymarley said:

    I wonder if the off button is not working since it appears to only work for a little bit on restart.  I wonder if you would be able to do something like a traceroute through the VPN.  Here is my thought, back in May I experience an ISP issue on IPV4 where this forum became an island.  During that same time, other people on this topic were able to get to the forum just fine.  It maybe possible that verizon or some other ISP is still having issues, but ones that only affect certain internet destinations.  I imagine it works on startup until the opera VPN has a chance to connect.  If you could do a traceroute both through the opera VPN and also when it is disabled, you might be able to see where the problem is.  (When I had my problem for a few weeks, I did notice that there was a 15 min time window during the day when it would work normally.)

    I did nothing this started happening by itself (have now "fixed it") had do go through the myriad of options to find it.

    A while ago were getting DNS leak seems Opera had put in/disclosed my ISP's DNS IP had do go through the myriad of options to find it.
    Getting old and blind, I'm afraid.

    There is a problem with the utterly stupid believing that a Virus/Malware detector is not needed!
    My VPN has "3285+ servers in 48 countries" I like using the Sydney servers but they are becoming blocked because of malware infections by the useless
    Gozi malware to be exact
    not using protection. Windows Defender, one has already paid for. presently second to none. just requires turning it on!
    But any would do than just nothing

  14. 7 hours ago, gnarlymarley said:

    maybe not the problem, but a possibility.  If I recall correctly, there used to be a setting in opera that would allow bidirectional usage of other people's internet.  I think it was there to enable a faster download of other people on your same ISP to use their cache to download webpages faster.  If this option was enabled, maybe it could have contributed to the issue.

    Opera is still doing this but comes right mystically?
    Turning VPN off has no effect
    Possibly another WIN10 feature,
    Goes back to normal by closing browser and restarting?

    K found ADBlocker (extension) has had a ''genius" annoying downgrade!
    Top right hand corner small "x" has appeared 
    One has to click that to so site will open
    You have to do this almost every web page you now visit

    Found how to turn this feature off un-check
    Block ads and surf the web up to three times faster "Learn more"