Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Recent Profile Visitors

1,307 profile views
  1. Sounds like they might be morphing now. I got the following sent to an address that has not has this stuff yet. More phishing... Urgent : Someone has your password http://www.spamcop.net/sc?id=z6506112137zb5e259ccf80b3b62fcb7a72e9509c841z I have to chuckle at these liars how seem to be getting desperate. I hope it means they are losing the battle.......
  2. gnarlymarley

    leaseweb spam

    I heard from the deputies, that there might be a fix in for this. Hopefully it will solve the issues.
  3. gnarlymarley

    Reporting spam Send From My Own Address?

     Are you talking about the visible FROM: line which is easily forged, or the chain of Received lines in the complete header?   If they also used the hidden FROM: line, you might want to have your provider look at implementing SPF and/or some sort of check there. If you look closely at the headers, the clown will have used an IP address other than one belonging to your ISP and will see the report heading in a different direction and this should keep you safe.
  4. gnarlymarley

    Reporting spam Send From My Own Address?

    I would suggest you report it. These spammers have used my previous linkedin password, which was from the hack a year ago. Lucky I had already changed it by the time they started their scams. Also, I do not visit porn, nor do I have a camera on my computer, but yet their scam still says it caught me and they "know it is me". Ha. Probably the only way to get them to go away is for folks to stop paying them. Another post on the subject: http://forum.spamcop.net/topic/29542-help-with-a-mail-received-few-times-saying-my-email-is-hacked/
  5. gnarlymarley

    Need Help Asap

    There must be more then what Constant Contact is telling you. From what I have seen, a lot of providers give a warning before a full shutdown. dn18, There would have been some emails with a tracking URL sent to Constant Contact with more information on it regarding your three reports. The tracking link is the information that would help us as users of spamcop to figure out what and why. As Lking specified, it takes more than three reports to put the sending IP address on the blacklist, so I do not think this is what you are asking about. Constant Contact will know why with three "reports" as to why they "shutdown" your account.
  6. gnarlymarley

    support for DKIM-Signature

    I believe it is still being developed. I have occasional chat with the deputies where they are working with the developers. I did run across this report that seems to have a DKIM in it and it seems to have parsed just fine. https://www.spamcop.net/sc?id=z6505637534zf5ee6366a44d8e4afea7141b95ecf3a8z
  7. gnarlymarley

    ISP has indicated spam will cease

    I decided to watch one on Friday and Saturday. Seems the date kept updating every eight hours, where the ISP. Well, got another one, but this one seems to have the date changing about near daily. I figure it is just interesting to track and see what happens to the date. One thing I will note is that once it hits the 48 hour period, it no longer has this message. https://www.spamcop.net/sc?id=z6505705431z1770fb4b8944a1f906c29039ff622d7fz I wonder if this should be some sort of timed ban where the ISP is not able to repeatedly select this option just to ignore the spam. I know it is a courteous, but sometimes it feels like the ISP is doing nothing while just selecting this to stop the reports.
  8. gnarlymarley

    Google gmail not reportable again !!!!!

    The problem I see with IPv6 is for it to do away with NAT, it has opened up for hundreds of internal networks. SpamCop seems to remember only a select set of IP addresses with mailhosts. This means that there could be 2^72 hosts hiding behind a network. When some people scale up their data centers, they just add more servers instead of fixing the quality of the servers.
  9. I am not sure ikoula cares, which is probably why the reports were disabled. Though, I have to chuckle as I get a "final notice" email from them almost ten times a day, every day since July. https://www.spamcop.net/sc?id=z6505729959z7686637ff5e0bb14b6eed012ef6febc2z
  10. gnarlymarley

    Something wrong with Outlook reporting

    yep, I do remove the top line, just like I do with gmail. I think this is a mailhosts problem where the mailhost section probably records every address. It seems to be too many address for it the parser to be able to detect that any address for 2603:1000::/24 is a valid mailhosts. I think the problem becomes that 20,282,409,603,651,670,423,947,251,286,016 (2^104) is just too many addresses for the mailhosts entry to record.
  11. gnarlymarley

    support for DKIM-Signature

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viverelavela.com; s=turbo-smtp; x=1544178043; h=DomainKey-Signature: Received:Received:MIME-Version:From:Reply-To:To:Subject: Content-Type:Content-Transfer-Encoding:Date:Message-ID; bh=K3Oe1 kiUPrPyJIlOVf2MjQxxIABLTrz3/oGMMhm7Dfc=; b=Penr5h12pXZlZ4bS0rJDX Hmmmm, I notice there is not a space or a tab in front of the received or content-type lines. Per the RFCs that indicates it is not tied to the above, but is a new line. Did those come that way in the original email, or is that from a line wrapping?
  12. gnarlymarley

    wondering about efficiency of reporting spams

    This is in part why I prefer double-opt-in lists. Because single-opt-in lists, anyone can use your email address and sign you up or something. Some lists are legitimate, but the admins do not care. A common practice two decades ago was for a the first list would sometimes unsubscribe you and at the same time find other lists they could put your address on with the intent of getting you in trouble. Always a good reminder to have a double-opt-in list for when someone wants "revenge".
  13. gnarlymarley

    Something wrong with Outlook reporting

    I use hotmail and I do not see any problems with spamcop, if I strip off the top broken piece.
  14. Clive, this idea might help if you own access to your email server. If their hostname is always *.local, then you might be able to block it based on the hostname or the IP, or else firewall it. The emails will fill up and their sysadmin will have to deal with the space. I had put in the following check (below is exim for my server) years ago which would straight up block those emails. # Helo can't be localhost, *.local, *.localdomain or *.lan # defer deny message = HELO can't be $sender_helo_name. Please contact your ISP. local_parts = !postmaster condition = ${if match\ {$sender_helo_name}\ {\N(localhost|\.local(domain)?|\.lan)$\N}\ {yes}{no}}
  15. SenderID was to protect the "from". However, the original folks that worked with Microsoft to on senderID said it was a mistake, and that protecting the mfrom was better. This is why I have a senderID record that says don't check the from, but in your case, it may have saved you if they were sending to hotmail or exchange server. This is probably a good time to verify your record if you need more information about how it works. The limit was raised if you wanted to report more. See this page: https://www.spamcop.net/fom-serve/cache/350.html. If you are attaching then to emails (for forward-as-attachment, you can attach more than one bounce to the same email and get back more than one tracking URL in the reply email. This might help you report them faster. I am not sure if there is a limit on how many attachments may be on one forwarding email, but I have done as much as three in the past. SpamCop has a special algorithm that would mean it would prefer it coming into a spamtrap for it to get onto the blacklist. I believe you might be able to do it yourself, but it could take a while. I think this whole thing is someone didn't check your email address for SPF and tried to use it in their scam and that is why it has bounced. I do not think you are wasting your time reporting them.