Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

2,734 profile views
  1. gnarlymarley

    spam with no sender source? How is that?

    The mailhost update may be why both seem to be reportable now. Tracking message source: Tracking message source: I have not noticed any delays when I update my mailhosts.
  2. gnarlymarley

    spam with no sender source? How is that?

    Outernaut, I expect to see an IP somewhere in the Received line such as the following. Received: from oksupp ([IP.add.re.ss]) by elm.nocdirect.com Without the IP address in the Received line, I would have to assume this came from the internal site directly. Which is probably what SpamCop is doing.
  3. gnarlymarley

    SpamCop on cPanel - do-able?

    I was reading on https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WhitelistingEverybody and see that one should be able to match the IP using the following: header LOCAL_RCVD Received =~ /from .*\[173\./ describe LOCAL_RCVD Received from a local machine score LOCAL_RCVD 50 This will depend on how your mail server formats the Received: line.
  4. I wonder if SpamCop might be having problems with the IP of the receiving server too. If you change it to the follow, it will probably work. It may only want one entry for the receiving host. by www.enchanter.net with esmtps
  5. gnarlymarley

    Spamcop says email possible forgery

    Spammers use the unicode and base64 to try to hide from spam filters. (Most spam filters can be plain text.) If your filtering can do regular expressions then you can look for UTF-8. Some filtering programs will let you filter for the "raw" headers or the decoded headers. From: "=?eq7rzAaUmUTF-8?B? I suspect this might be a mix, but I do see a UTF-8 in the middle. Usually that start the unicode section.
  6. You can try reporting to deputies[at]admin[dot]spamcop[dot]net, or by requesting a feature in the New feature forum. Many have mentioned a similar problem in the past Microsoft mailhosts missing IP addresses. LaserMoon, I believe the issue to be that microsoft opened themselves up to using around 5,192,296,858,534,827,628,530,496,329,220,096 IP addresses when they moved to using IPv6 public addresses and spamcop might not be able to store them all.
  7. gnarlymarley

    "Sorry, SpamCop has encountered errors"

    mgolden, I am not sure if this could be your problem but last time I saw this message, it turned out to be one email of mine was forwarding to another. If you have multiple emails involved in a chain then you might need to report them in a backwards order, such as under the "how" section of https://www.spamcop.net/fom-serve/cache/397.html.
  8. gnarlymarley

    hetzner.de spam source

    I noticed my reports seem to be going through now to abuse[at]hetzner.de. (https://www.spamcop.net/sc?id=z6647053450zec936806eef4e1db9b66291bdb6b3a51z) Maybe something has changed and they are ready to take action?
  9. gnarlymarley

    Eonix.net helping spammers?

    fritz2cat, The link you gave seems to be only accessible by you or SpamCop deputies. However, you can find an accessible link with munged information if you click on that link and then click on "Parse". That page should have your Tracking URL near the top. (As a side note, if you view that while logged out, you should see the munged information on it.) Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net
  10. gnarlymarley

    Eonix.net helping spammers?

    I automated this using cron scri_pt and a firewall. The problem I saw is the scri_pt happened to catch some legitimate emails and blocked those hosts until it was too late for me to get them back. (There is a grey area of false positives and false negatives where something will be missed and legitimate stuff will be caught. This is why I prefer filtering the emails rather than straight blocking.)
  11. gnarlymarley

    How to know who is spam my IP address?

    Hopefully your website uses something like a confirmed opt-in. There are spammers that have been going around to websites and signing up other people's email addresses in order to get revenge for being reported for actual spam. The reports don't seem to be enough to make it onto the blocklist: https://www.spamcop.net/w3m?action=checkblock&ip=
  12. gnarlymarley

    OVH.Net spam ?

    I don't get auto-acks from OVH. I am guessing that was an IP OVH (such as a router) that they didn't lease out because the spam stopped so fast. https://www.spamcop.net/sc?id=z6645272240z11289f59c30f6cd5bc6b75151bc01042z Maybe that is why OVH might takes action on some and no action on others.
  13. gnarlymarley

    OVH.Net spam ?

    I did want to make a note that last night some spam scri_pt started sending me spam from a OVH.net server and about three minutes after I reported it, the spam stopped. I am not sure if I lucked out or if I happened to report at the time someone was in their office.
  14. gnarlymarley

    SpamCop says it's too old, it's not

    Outernaut, Lking is talking bout the search box on http://forum.spamcop.net in the top right of the page that you can use to search for "Tracking URL". This limits the search to just forum.spamcop.net. As a side note, the "Tracking URL" can be found at the top of the report page or in the reply email (if you submitted via email). The tracking URL happens to be the same link as URL itself before you submit the page. Incidentally, you can also find this from your past reports if you were able to submit them.
  15. gnarlymarley

    SpamCop on cPanel - do-able?

    For TLD, I use the blacklist_from annd it works for me. blacklist_from *.su blacklist_from *.ga blacklist_from *.cn For the IP, it maybe it doesn't like too many wildcards, so you might want to try: blacklist_from 170.* blacklist_from 173.*