Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender

Recent Profile Visitors

1,364 profile views
  1. I have been using IMAP with hotmail for about two decades to get this, but in the current setup, you have the three dots in the upper right corner. Click those and then you should see "message source". It should pop up in the window for you with the source.
  2. gnarlymarley

    Details of update to Spamcop 5.0 coming tomorrow?

    One thing I have noticed is better whois parsing. https://www.spamcop.net/sc?id=z6506971100z5bbf5782126fab6d9454281867af1419z Hopefully, no more attempts to use search-apnic-not-arin@apnic.net as an abuse address.
  3. gnarlymarley

    leaseweb spam

    RobiBue, I just tried your tracking URL and it seems to be pointing properly to a leaseweb abuse address. I think the 5.0 upgrade may have solved this issue.
  4. gnarlymarley

    SC parser report distribution question

    yes, but I had to click the "Show how SpamCop traced this message" to find it. It does kinda get the same results. The issue is it also gives me access to a menu item that I normally do not see as a spamcop user, but only as a provider. The link you sent will allow me to respond as you to the report back to the original submitter. i am not comfortable with such a link. The spammers do have access to this form, and they could select the option that "it was not spam" on your behalf. I understand why petzl only wants the tracking URL.
  5. gnarlymarley

    SC parser report distribution question

    Like all business owners, they get their money from somewhere. Either they have investors, or they people that keep buying into the spams (either by entering banking information or by clicking an advertisement link). My guess is the mostly latter. ANGEL, The tracking link would have the "sc?id=" in the middle of it. This would be your tracking link: Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6512755812z8ee73d74322c131f8ca885cc287a03fcz
  6. gnarlymarley

    SC parser report distribution question

    SC reports are directed to the administrator listed as the abuse contact for that network. Most networks are gathered from the whois data for the IP range as appears to be the case when I browse down to your tracking URL. I see that this report was sent to both an outlook.com address and a user defined hotmail.com address. The IP address in question seems to be assigned to an ISP called CoreIP. Rather than provide a real abuse address the CoreISP internet provider appears to be using one at outlook.com. Now you ask, if the reports are ever directed to the "source" of the spam. There have been a number of spammers that appear to purchase a whole entire network range just so they can be the abuse contact listed in the whois. As soon as those are found out, the deputies can block the reports from going to those addresses and/or redirect them to their upstream provider.
  7. There have been a few different passwords used. However, the one today has a unique password that was used back in November. It is similar to the format of the October scams, but not similar to the early December copycat scams. Of course with a spamtrap account that has never had a password of its own and likewise does not have its own browser. I did not that this scam did not talk about the webcam, unlike the ones back in November. If it was a different person, then I would expect that I would be able to find some sort of link to the so called password somewhere on the internet. Though, this could be a darkweb link that I know nothing of.
  8. Ha, I thought this guy has given up, but seems he came back for another try. Been a long while since I have seen this come into my "spamtrap" account. I though they had given up on it. Amazing how an account could have a password without an /etc/password entry. http://www.spamcop.net/sc?id=z6508576087z8ae70bcdece03f0236640dc90110bceaz
  9. Sounds like they might be morphing now. I got the following sent to an address that has not has this stuff yet. More phishing... Urgent : Someone has your password http://www.spamcop.net/sc?id=z6506112137zb5e259ccf80b3b62fcb7a72e9509c841z I have to chuckle at these liars how seem to be getting desperate. I hope it means they are losing the battle.......
  10. gnarlymarley

    leaseweb spam

    I heard from the deputies, that there might be a fix in the works for this. Hopefully it will solve the issues.
  11. gnarlymarley

    Reporting spam Send From My Own Address?

     Are you talking about the visible FROM: line which is easily forged, or the chain of Received lines in the complete header?   If they also used the hidden FROM: line, you might want to have your provider look at implementing SPF and/or some sort of check there. If you look closely at the headers, the clown will have used an IP address other than one belonging to your ISP and will see the report heading in a different direction and this should keep you safe.
  12. gnarlymarley

    Reporting spam Send From My Own Address?

    I would suggest you report it. These spammers have used my previous linkedin password, which was from the hack a year ago. Lucky I had already changed it by the time they started their scams. Also, I do not visit porn, nor do I have a camera on my computer, but yet their scam still says it caught me and they "know it is me". Ha. Probably the only way to get them to go away is for folks to stop paying them. Another post on the subject: http://forum.spamcop.net/topic/29542-help-with-a-mail-received-few-times-saying-my-email-is-hacked/
  13. gnarlymarley

    Need Help Asap

    There must be more then what Constant Contact is telling you. From what I have seen, a lot of providers give a warning before a full shutdown. dn18, There would have been some emails with a tracking URL sent to Constant Contact with more information on it regarding your three reports. The tracking link is the information that would help us as users of spamcop to figure out what and why. As Lking specified, it takes more than three reports to put the sending IP address on the blacklist, so I do not think this is what you are asking about. Constant Contact will know why with three "reports" as to why they "shutdown" your account.
  14. gnarlymarley

    support for DKIM-Signature

    I believe it is still being developed. I have occasional chat with the deputies where they are working with the developers. I did run across this report that seems to have a DKIM in it and it seems to have parsed just fine. https://www.spamcop.net/sc?id=z6505637534zf5ee6366a44d8e4afea7141b95ecf3a8z
  15. gnarlymarley

    ISP has indicated spam will cease

    I decided to watch one on Friday and Saturday. Seems the date kept updating every eight hours, where the ISP. Well, got another one, but this one seems to have the date changing about near daily. I figure it is just interesting to track and see what happens to the date. One thing I will note is that once it hits the 48 hour period, it no longer has this message. https://www.spamcop.net/sc?id=z6505705431z1770fb4b8944a1f906c29039ff622d7fz I wonder if this should be some sort of timed ban where the ISP is not able to repeatedly select this option just to ignore the spam. I know it is a courteous, but sometimes it feels like the ISP is doing nothing while just selecting this to stop the reports.