Jump to content

gnarlymarley

Memberp
  • Content Count

    486
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
    gn02020202
  • Yahoo
    gnarlymarley

Profile Information

  • Gender
    Male
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

3,413 profile views
  1. If these are replies to your reports, I see in my spamcop account preferences I have "Forward only replies from sentient people" under report handling selected. I don't get very many replies from the reports that I send. So far, I have no replies for anything I have sent to abuse@microsoft.com.
  2. Apparently, they don't have a contact directly, but they do have who added you to the list with a contact in the database file. Per http://drbl.gremlin.ru/en.html, it appears, you need to download the .tar.gz file and it has a contact person inside it. Currently at that FAQ page, the link is under the software section at "'Download drbl.tar.gz". Delisting requests are accepted only from network administrators according to the whois information. If you aren't the network administrator, don't try to "jump over a head": the effect will be null or even negative. Because of too many issues with blacklists, I have moved to a scoring system instead of straight up blocking. Meaning an IP would have to show up on more than one blacklist before I block the email.
  3. gnarlymarley

    Simple Instructions

    I see something on mine. Some have mentioned problems with chrome and other with firefox. It would be nice if the links were corrected, but I think they were broken some time back in one of the "upgrades".
  4. gnarlymarley

    Eonix.net helping spammers?

    Yeah, the domain expired on 1/14. Spammers like these domains since the registrars don't have a temporary SPF or DMARC record. Effectively it gives the spammers free reign of the domain. If it is only an IP or two and you have the ability to block them, I would suggest you put a block on there for a few days. One thing you can also do is to use a BGP looking glass and head to the upstream provider with your abuse logs. The bigger ISPs are usually good at fixing the problem with the smaller customer ISPs.
  5. The cause of listing section says that spam is being received by spamtraps and users coming from 208.180.40.71. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week I have seen where a virus, malware, spyware, or router can be remotely controlled and then the hacker uses the device to send spam. If that is an open MTA, then anyone can connect and use it it to send spam. I see the time is changing between 23 and 22 hours, so it would appear that the spam action is still going on. According to the neighborhood section of https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71, I do not see 208.180.40.68 listed. It would appear to be almost all is from 208.180.40.71. Securing that IP, and/or the router in front of it should help eliminate the spam that appears to be coming from it.
  6. I should also note, that this might be a good idea to have all devices (such as camera or refrigerators) that share that same IP to be checked for sending spam. Hackers love abusing other people's computers so their IPs get listed instead of their own. Once all the devices are secured, the IP will be automatically removed from the list.
  7. gnarlymarley

    Reporting spam has no effect

    In my past, I would just block the whole range if I were to get a reply like that. Now I just use SpamAssassin and mark the range as more likely spam. With enough of their customer's emails being blocked, they will the give up and find another provider.
  8. The IP does appear to be listed. https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71 208.180.40.71 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. It appears that enough reports were files to get 208.180.40.71 listed. Since I am just a user, I am not able to look up much more. I would suggest that you have your employee scan their computer for viruses and have them make sure they do not have malware or spyware.
  9. There could be some old cache pointing to old information. You might want to try doing a "refresh/show" on the report to see if the address gets fixed. If this does not help and if the deputies do not respond, I would suggest contacting the admins at deputies[at]admin[dot]spamcop[dot]net.
  10. gnarlymarley

    URL host links limit

    Here is another tracking URL that demonstrates what I mean by combining. In this example, we can see that it looks up two different hostnames. It would be nice if these could be grouped by server name so that it would only have to do two look ups instead of four. https://www.spamcop.net/sc?id=z6698611793zb63e53a6ab1d3867166620a089eae7a8z
  11. gnarlymarley

    URL host links limit

    I have noticed that sometimes spammers use too many URLs in their spam. Would it be possible to group links by hostname and processs them by that? When the report is sent, they combine there. Moving it to the hostname means if all the links share the same hostname, they can still be reported. This would also save on DNS look ups if the links are below the limit. https://www.spamcop.net/sc?id=z6698896959z37653b35adb76c14bc27cd5541f78a03z
  12. gnarlymarley

    Nothing to do is back

    Or if you have already submitted, you can click on past reports, click on the link by the IP, then Parse, and you should have the tracking URL.
  13. gnarlymarley

    forwarded spam being returned

    I don't currently have a problem submitting my forwarded spam all week. Last time I had a problem with the forwarding, I was able to check out the reply and the headers to find it was my ISP that was blocking the forwarding.
  14. gnarlymarley

    Google Network a Frequent Source of spam

    I am not sure why, but for some reason, spammers do not send spam to my yahoo account any more. I probably get two spams a year there and I don't know why so little. I wonder if the difference between my experience with google is that with hotmail, my average reporting time is around 8 hours, but with gmail reporting through spamcop, my average reporting time is about 30 minutes. I might need to speed up my hotmail reporting to see if that makes a difference.
  15. I remember when I used to submit tons of reports to the postmaster address. Kind of interesting that if someone lets the spamming go on, they get spammed, no matter what their address is. I find it easier to have my address and postmaster sharing the same box and then I can filter on the "To:".
×