petzl
-
Posts
2,980 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by petzl
-
-
3 hours ago, Steve said:
Another Microsoft FREE trial this time using AZURE this was then relayed through Turkey
Been getting a few of this spam phishing asking to confirm your password?
Or a "new" technique for email marketers to validate email address
https://ibb.co/dDDLp43
https://ibb.co/1b33qYV
-
On 4/4/2024 at 7:52 PM, ninth said:
I received random spam from temu a new ultra cheap online superstore. I assumed it was legit but when I reported to SC it was forgery due to the popularity. I rarely get spam only scam these days and when I do get spammed I'm sus they were conned into buying my address because they stopped after I only get one email. What we should be more worried about if SC is not around to reduce spam, the blocklist users will just go to other blocklist services but if they disappear the increase in spam worldwide will be so astronomical that all networks will be clogged with junk messages and become unusable.
Doubt if it was TEMU?
TEMU are an American company trying to sell Chinese made quality (often at least) products at Chinese prices.
Takes the less than a week for me to get what I buy (mainly underpants. socks, etc), so far no complaints.
Scammers are using their name!
Security reminder (By TEMU)
Be wary of scam messages posing as customs or courier companies,
which usually tell you that your package cannot be delivered for some reason and that you need to pay a fee for it to be delivered.
TEMU do set a aggressive PUP on your Browser something Windows defender won't remove
Try this free Windows PUP remover Contains nagware!
-
On 3/30/2024 at 5:39 PM, ninth said:
It might seem like we get individual attention from the spammer
Now sendgrid are offering spammers delight forging Foxnews email!
don't recommending you use the bogus manual "add your email" to bogus optout
(yes they have your email anyhow)
But here you very likely get put on their spammer list (Pwned) and become
one of spammer genuine verified email addresses!
Which are then sold$$$ to other would be email "marketers"
this is 12 months ago seems started again
167.89.86.241 was last scam email (now on reporting to the FED's as well)
https://www.abuseipdb.com/check/167.89.86.241
before it was from
https://www.abuseipdb.com/check/159.183.224.10
So take care emails that appear legit may not be -
2 hours ago, frustrated nyker said:
yup. I had maybe 1500 spams a week before I started reporting. Now I am getting 2000 after 2 weeks of reporting. spamcop seems to tell the spammers that it's a monitored address, so it increases spam. It's a horrible place, this spamcop.net
Doubt if your email address has been gathered by reporting spam.
More likely it has been scraped from the Internet by a Bot Webspider
https://en.wikipedia.org/wiki/Web_crawler#Crawler_identificationWould help to see a SpamCop track URL
You best attack is report spam at lest your email address will be listwashed by spammers as poison -
12 hours ago, C2H5OH said:
Spamcop was going to use fbsoft01@yahoo.com, which seems likely to be the spammer's account.
Seems abuse address fixed now Spamhaus always send a abuse address every time they relist
https://check.spamhaus.org/listed/?searchterm=194.0.189.8
The machine using this IP is infected with malware that is emitting spam or is sharing a connection with an infected device.
Botnets I always report to the countries Cert as well
https://www.first.org/members/teams/kz-cert
you get the most of the worlds certs here
https://www.first.org/members/teams/
Just put the counties name in search box -
12 hours ago, Olly McGowan said:
Is there a way to add Safe IP addresses from Spamcop, or is it possible to remove ourselves from the Blocklist.
We are a B2B company. Our tech platform uses Mailgun, and it appears that the Mailgun IP is blocked so we are a little unsure how we can resolve this.
Any insight you can provide would be incredibly helpful to us. Below is the error we are finding in our Mailgun log reports...
IP addresses are unlikely to be whitelisted.
But just remembered there is away to get around SpamCop's blocklist That's to ask your clients to whitelist you email address.
Whitelisting bypasses all spam-blocklists, if there is no easy way to do this (there should be) they need to request their email provider to set it up
But can't see any evidence SpamCop has block your IP?
https://www.spamcop.net/w3m?action=checkblock&ip=69.72.43.5
-
On 3/5/2024 at 7:27 AM, DowntownScience said:
Any chance the block is related to an uptick in spam caused by the new DKIM/DMARC requirements for sending to AOL, Yahoo, Gmail, etc? I could see messages that weren't seen as spam prior, being seen as spam now and increasing the % of spam messages being sent from an individual IP.
DMARC Policy & Setup Requirements for Google & Yahoo Email | Proofpoint US
As a Microsoft Partner and 365 Admin let's not pretend that Microsoft 365 is the only offender here. We receive more spam from Gmail addresses than anything else. If Microsoft were to require this same thing you'd see Gmail email servers get shut down as well.
Just remembered there is away to get around SpamCop's blocklist
That's to ask your clients to whitelist you email address.Whitelisting bypasses all spam-blocklists,
if there is no easy way to do this (there should be) they need to request their email provider to set it up
-
On 2/28/2024 at 9:12 AM, Foggy said:
haha thank you @petzl, appreciate your insights in this thread and I will keep them in mind organising clients in regards to the spam lists
Just remembered there is away to get around SpamCop's blocklist
That's to ask your clients to whitelist you email address.Whitelisting bypasses all spam-blocklists,
if there is no easy way to do this (there should be) they need to request their email provider to set it up
-
6 hours ago, olddog55 said:
Good luck with that. Last time I checked, Microsoft was using NetRange: 52.96.0.0 - 52.115.255.255 and NetRange: 40.74.0.0 - 40.125.127.255. With their MTA's scattered throughout.
What is really needed is for Microsoft to get rid of spammers hosted on their systems.
Any email provider worth their salt can whitelist a contact or email sender so it bypasses any and all blocklists they use.
Most blocklists hit the IP/s not a email address.
whitelisting puts a email address ahead of all IP blocklists. -
12 minutes ago, olddog55 said:
@Geeksultant & others: The party 'blocking' your mail is *your* email provider.
Any good eMail provider will use a weighting mechanism, combing multiple blocklists that, in the preponderance of evidence, results in an 'Accept', 'Warn', or 'Block'. The 'Warning' conditional acceptance is usually by either altering the Subject line (e.g. by adding 'Possible spam') or by sending the eMail to the spam folder.
It is up to each individual recipients (your) eMail provider to make this determination.
For any blocked messages, you might want to check the status of your current, Microsoft/Outlook eMail MTA:
https://whatismyipaddress.com/blacklist-check
And, just as a point of reference, here is a count of the 11 spams I have seen in the past half-day:
2 Listed at AUTHBL.dq.spamhaus.net
2 Listed at dnsbl.dronebl.org
3 Listed at b.barracudacentral.org
3 Listed at bl.spamcop.net
3 Listed at cbl.abuseat.org
3 Listed at iadb.isipp.com
4 Listed at SBL-XBL.dq.spamhaus.net
7 Listed at bl.mailspike.net
7 Listed at dnsbl-1.uceprotect.netYou will note that SpamCop is right in the middle of the hits count. So don't go blaming an individual BL provider. And that is why a good eMail provider uses multiple BL's in a weighted configuration. If it's only one hit, it's probably not true spam. But more, ???
Email receivers can easily whitelist any sender email address (sometimes a contact with email provider),
which will then bypass any and ALL blocklist that ISP uses. -
4 hours ago, atarspam said:
I just got some spam in an Outlook account, and so the links in the email had the safelinks.protection.outlook.com stuff that Microsoft adds.
I would have expected that SpamCop would ignore that bit, and work on the URL that is the final destination, but that doesn't seem to be the case as the Resolving link obfuscation section of the parser just did
https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0 Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0 Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0and then the Tracking link section did
https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0 No recent reports, no history available Unescaped: https://kor01.safelinks.protection.outlook.com/?url=http://twingirls.fc2web.com/f.html&data=05|02||af6894b1776842d009de08dc4d780dc8|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|638470425300444050|unknown|twfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0=|0|||&sdata=m6xtfdxrk4s1em/t8xai1kbssdk51zl6rnio1d0axz4=&reserved=0 Host kor01.safelinks.protection.outlook.com (checking ip) = 52.102.12.172 Resolves to 52.102.12.172 Routing details for 52.102.12.172 [refresh/show] Cached whois for 52.102.12.172 : abuse@microsoft.com Using best contacts sewr@senpluspluseop.onmicrosoft.comMicrosoft isn't responsible for the likely dodgy site twingirls[dot]fc2web[dot]com, so there doesn't seem to be much point telling them about it, so should I be reporting those links?
It would be much more sensible if SpamCop could report to the owner of twingirls[dot]fc2web[dot]com, so is there a reason why it's not doing that?
Thanks
sounds like porn spam. To attack such porn sites you need to find the registrar, SpamCop doesn't just finds the IP of the Website.
If there is no registrar then you need to tell the IP owner, otherwise they cannot act.
Also usually these porn sites are phishing for credit cards and blackmail.
You need to send a complaint to the Feds if the Site is registered in USA "phishing-report[AT]us-cert[DOT]gov"
in windows I use this free program to find a Registrar https://www.gena01.com/win32whois/
Also if porn report as Child abuse most do not have on file the the pictures are over 18 (legal requirement)
My boiler plate for Child porn is below, Don't worry about what the registrar may say, this is a matter for the FED's to decide
And you have notified the Registrar which means they are then compliant as pedophiles if and when the FED acts.Child porn phishing spammer spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS 2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction. "unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older." No working unsubscribe -
5 hours ago, Just Joe said:
SpamCop vs MS.. I see Spamcop losing this battle.
Simply put I have clients that have reached out and I have spoken with the clients using Spamcop and most are looking at removing spamcop. When your spamfilter blocks your business emails because it uses a outdated flawed method to block spam it becomes useless.
Spamcop is basically making itself useless
Good luck with that, what you going to do about the spam-traps that don't let you know and just bit-bin the listed IP's for maybe months.
Also your "clients" can easily whitelist your sender email address, which will bypass any blocklist that ISP uses.
Strange that your "clients" are not doing that don't you think? Have you even asked them to?
Simple process for a ISP email provider to setup their own spam-trap, a lot more horrifying than SpamCop's SCBL.
Already I have a pwned Gmail account which was being flooded by office365, just pushing the "PHISHING" in spam folder and now nothing, Gmail not told anyone but Ofice365 IP are now not even now seen hitting my spam folder. And I don't report them through SpamCop. -
14 hours ago, Geeksultant said:
"You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list"
That's a ridiculous statement. Why? Because those of us that are having this issue, of inbound emails that are legitimate from O365, we are not complaining about "Free Throwaway Account Users", but longtime, legitimate O365 corporate users. Many of the emails being blocked, are coming from multi-billion dollar clients and partners of mine, that have thousands, and even tens of thousands of O365 email users/accounts under their domain. They are the ones being blocked by SpamCop because they block entire IPs and subnets, not individual spam emails. I use a product called spam Reader that integrates with my Outlook and filters spam. It does a great job. 99% efficient. It does, once in a while, filter out a legitimate email. But guess what? I can review the spam folder contents, find that email and unblock it. With SpamCop, I have no such ability. It either all or nothing.
Why is it my or for that matter SpamCop's problem that Microsoft365 are allowing masses of fraudster spammers, as well as naïve users to bomb email accounts out of existence?
Otherwise known as a DoS attacks most accounts are shut down by the receiving ISP, this has happened to numerous people often destroying their business and income.
As I said SpamCop has no control over who uses their BlockList
There are other blocklists that are less forgiving than SCBL and won't let the sender know they are blocked.
That is what you are complaining about,
CISCO and others like I suspect Gmail, Hotmail, Yahoo will not even tell the sender, they just bit-bin their IP/s
Most companies selling email accounts set up protection against IP's that DoS attack sometimes whole countries, infact some allow one to block whole countries IP range. -
3 hours ago, stepbystep3d said:
I love reading all about the spam and prevention techniques. (I'm a geek) We work hard to implement and monitor our email delivery i.e. dkim,sft, delivery reports. and if we were to do any email at scale I would probably setup a subdomain for my campaigns so as to not effect the primary domain rank and primary intake email delivery . but in this case it's our main intake email only that's flagged by spancop. that's what has me puzzled.
Thanks for the input.
As Lking suggest you are using a Microsoft shared IP for Office365 a spam-trap should not ever confirm or deny that it is being hit!
SpamCop AFAIK is the only one that does the vast number of others will not, So it will not be listed only by SpamCop.
SpamCop only blocks for 24 hours after spam stops hitting SCBL, the others probably bit-bin after tripped for weeks if not months.
You need to make sure your email list is not full of poisoned/spam-trap email addresses.
But even if your email address is clean, does not mean others using Office365 shared IP's are
Ideally you need to send from a dedicated IP -
2 hours ago, stepbystep3d said:
mail.rewebdesign.net gave this error:
Decision Engine classified the mail item was rejected because of IP Block (from outbound normal IP pools) -> 554 5.7.1 Service unavailable; Client host [40.107.220.133] blocked using bl.spamcop.net; Blocked - see https://www.spamcop.net/bl.shtml?40.107.220.133https://www.spamcop.net/w3m?action=checkblock&ip=40.107.220.133
Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week
photo https://ibb.co/0FTk6PQ
Microsoft is giving free trials for Microsoft365
Not sure if its spammers using it or naïve beginners learning email marketing?
There are numerous "spam traps" out there, SpamCop is the only one that allows one to know its blocked until the spam flood stops.
Most Major email providers have their own blocklists generated by placing poisoned email address's on websites, newsgroups, etc.
Poisoned email address are obtained/gathered by web BOT's called web spiders scraping off email addresses!
They just don't tell you, you are blocked, Bit-Binning or spam bucketing them instead.
Don't buy email addresses, learn about double opt-in (MailChimp) and create your own!
Learn about spam-traps
-
Suggest you get a browser app that blocks java maybe that is why my browser couldn't connect?
Java can be dangerous and load malware/virus
For Opera I use extension "java scri_pt Switch" with ON|OFF"
One time you could select "notify before allowing Java"?
SpamCop URL check would not have java either
-
1 hour ago, anyone8 said:
Yeah it tracks the source fine, and a couple Facebook links I didn't think I should report. But there's one it doesn't:
Tracking link: http://www.[removed].com/ No recent reports, no history available Host www.[removed].com (checking ip) IP not found ; www.[removed].com discarded as fake. www.[removed].com is not a routeable IP address Cannot resolve http://www.[removed].com/I [removed] the domain here so the forum wouldn't possibly link to them, but the full URL is in the tracking, at least when I run it.
Site appears to of already been removed can't be found
This site can’t be reached -
21 minutes ago, anyone8 said:
I guess I don't quite understand, as (after reading your reply) both the tracking URL and simply feeding the questionable link to the parser give me the error I started the thread with ("not routable..."). Are we getting different results from the parser, like maybe I have a bad setting somewhere? Thanks!
just means that the cache was refreshed
Tracking message source: 2603:10a6:20b:3ae:0:0:0:22:
Routing details for 2603:10a6:20b:3ae:0:0:0:22
[refresh/show] Cached whois for 2603:10a6:20b:3ae:0:0:0:22 : abuse@microsoft.com
Using best contacts sewr@senpluspluseop.onmicrosoft.com -
4 hours ago, ninth said:
What happens if the links host is aceville and reg/cert gname are scammer friendly...PTE LTD?
Cloudflare ns brad and anita are hosting gname but they always reckon they are providing security and network services so not responsible for content and bad behavior...all care and no responsibility.
If they don't have a registrar, then the IP owner needs to react, would help if you showed who the registrar is.
Cloudflare though requires a web report for abuse
https://www.cloudflare.com/trust-hub/reporting-abuse/
Also what type of spam, porn/Phishing/no working unsubscribe or all three.
Then consider adding the countries CERT email to complaint.
https://www.first.org/members/teams/ -
6 hours ago, Brendon said:
Looks like something is wrong with spamcop's configuration. I can't receive emails because spamcop's DNS isn't setup properly.
I can and do to a Gmail account?
Received: from vmx.spamcop.net (HELO vmx5.spamcop.net) ([184.94.240.100]) -
On 3/9/2024 at 3:33 AM, A Beachy said:
We are seeing this issue and our staff are getting very annoyed as numerous valid emails are being blocked. I realize this is a MS issue, but does anyone have an alternative to SpamCop Block list?
You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list. SpamCop never asked them to.
While your at it tell Gmail to stop using their secret block list, at lest I suspect they do. as I'm not now getting Microsoft 365 spam not even in spam folder? And this address is PWNED
(love pulling wings off spammers and if possible facing the courts)
https://www.microsoft.com/en-au/microsoft-365/try
Try Microsoft 365 for free
Sign up for free. Cancel at any time. -
9 hours ago, spamkiller said:
What can be done to make this stop?
You need to find out the Registrar of URL link in spam
I use a free Windows APP to find Registrar.
Whois program SpamCop only sends to WEB IP which is often ignored unless it's criminal
https://www.gena01.com/win32whois/
Would also help if you could send a SpamCop track, found at top of submission page BEFORE you submit report. -
Have your "customers" signed up with Double-Opt-IN?
Or are you using bought email addresses which has obtained poisoned email addresses by scraping them off the internet?
SpamCop Blocklist (SCBL) is the choice made by Email providers who choose to use it, SpamCop have never asked them to.
Just used by word of mouth, not from SpamCop owners.
Most Major email providers have their own blocklists generated by placing poisoned email address's on websites, newsgroups, etc.
They just don't tell you, you are blocked, Bit-Binning or spam bucketing them instead.
SpamCop Blocklist does tell the recipient that the IP is been blocked and what for.
https://www.spamcop.net/bl.shtml -
1 hour ago, DowntownScience said:
Any chance the block is related to an uptick in spam caused by the new DKIM/DMARC requirements for sending to AOL, Yahoo, Gmail, etc?
Not when they have been tripped only by SpamCop's blocklist (SCBL) with only the spamtrap!
SpamCop spam-traps being hit means they are using poisoned email addresses with no owner but the SCBL.
Obtained by scraping Internet web pages for email address's.
scraping websites with a "web spider" for email addresses
Not only SpamCop has poisoned email addresses on WebSites suspect Gmail and others do also
Spamcop Redirect
in SpamCop Email System & Accounts
Posted
works for me,
Still use it