Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

1,630 profile views
  1. Interesting that the cached whois says it is from the mirror and the format of it is slightly different. Also interesting that APNIC and RIPE seem to have abandoned the separate abuse handle in favor of the following line: % Abuse contact for ' -' is 'nayon.isn@bangla.net.bd' If I recall correctly, everyone used to use something similar to the following: OrgAbuseEmail: abuse@example.com
  2. The link still forwards. Apparently, the link is a search where it clicks the "I feel lucky button" and forwards directly to the first returned google search result. The "I feel lucky" button as being part of the URL: btnI=bQm4
  3. gnarlymarley

    AWS spam source

    Though, I believe you have some good addresses, I am not sure it will help. After me seeing the joke of the do not call list for the past decade (more than the current administration), I would suspect that amazon.AWS thinks these addresses would be nothing more than an external rating system. I do not believe they would actually stop the spam. I use the SpamCop blocking list for that. Each time you report, it feeds the algorithm behind the block list.
  4. gnarlymarley

    godaddy spam source

    I don't think I have ever got any spam from godaddy. If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  5. gnarlymarley

    ovh.net spam source

    If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  6. gnarlymarley

    hetzner.de spam source

    If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  7. The address matches the cached entry returned from RIPE. I am not sure I would trust the other RIPE email any more than the gmail address either. SpamCop RIPE cached: % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to ' -' % Abuse contact for ' -' is 'vvsg180@gmail.com' New RIPE query: e-mail: vigorv@mail.ru e-mail: hawk@diamondc.ru upd-to: stell_hawk@mail.ru abuse: hawk@diamondc.ru One quick note that you may not be aware of is that thanks to GDPR there might be times where the "-B" gets in the way and someone has performed a manual add. SpamCop: Reports routes for routeid: 78192297 - to: vvsg180@gmail.com Administrator interested in all reports 7/17/2019, 9:45:55 AM -0600 [Note added by (no name)] Route added without comment
  8. gnarlymarley

    No links, but wait, there is!

    I don't know why they are not showing either. I keep thinking it has something to do with the multipart boundary lines, but Nothing is standing out. If I recall correctly, I think it used to say under the "Finding links in message body" something about parsing text/plain and also parsing text/html. Lately, I have only noticed it seems to parse the links from one multipart section.
  9. Appleseed, As a user like you, I am not able to see the any spam you may have reported. So I second Lking's request for a tracking link. Appleseed, what I suspect you are seeing is some users have signed up for an IP range, but then don't use an abuse address. Those seem to be using a personal address instead.
  10. gnarlymarley

    forum spam handling

    interesting, I have wondered if the spammers had a hidden account that was only created to verify that they the emails the forum sends out has their spam. Though, I would lean more toward an account they created about two years ago for that.
  11. gnarlymarley

    forum spam handling

    I am not even sure how the coders would detect how old an email is. I am not even sure this information is available. From what I recall, the forum is double opt-in. I don't think it lets them post until they verify their email. That verification could be why it takes 3 to 20 minutes between the post and the sign up. Spammers are grabbing both domains and abandoned email addresses and have been caught using those in their spams. What is there to stop them from using what is considered an old email address when they sign up? That does not leave any good way to block them.
  12. gnarlymarley

    forum spam handling

    What an interesting thought. Though I wonder if they have a stash of thousands of stolen accounts they have to use or if they might be using their hundred domains (like the ones I see in the URLs) for their signup email.
  13. gnarlymarley

    forum spam handling

    Richard had said he did this with the captcha on May 19, but I don't think I saw any change. I believe this entirely posted by humans. If it was a robot, the account creation would be around Sounds like they might be jumping around (if one person) the internet to avoid detection like they are with email spam. Also could be that someone is using a VPN service. I am fairly certain that it is at least two people posting the junk, but could be more. (The language style seems to be only two different types.) The source code of HMTL (from http://forum.spamcop.net/profile/46580-hhhmax85/ on Rob's original example) seems to offer a datetime that appears the spammer is returning back later. <h4 class='ipsType_minorHeading'>Joined</h4><time datetime='2019-07-18T09:51:20Z' title='07/18/2019 03:51 AM' data-short='Jul 18'>July 18</time> <h4 class='ipsType_minorHeading'>Last visited</h4><time datetime='2019-07-18T09:55:53Z' title='07/18/2019 03:55 AM' data-short='Jul 18'>July 18</time> I am not sure if the account has someone returning about four minutes later is robot. Other users I have looked at can be "returning" as much as 16 minutes later. They either have a good randomizer, or else this is surely human.
  14. gnarlymarley

    forum spam handling

    I don't like the forum spam because as soon as it is posted, gmail has all forum emails marked with spam reputation. At this point, I personally would prefer to thwart the spammers similar to bl.spamcop.net if possible. Ah, so maybe something automated. If this were possible, I am all for automating any part of it so to limit human mistakes. Seems like maybe some of the admins might be burning the candle at both ends at times. I have seen more than one person make mistakes when it comes to cleaning up the spam in the forums. Anything that might help out would be a plus. I am tempted to suggest that something similar to the SpamCop BL, where enough bad report and a user cannot post or sign up with a new account for 48 hours.
  15. Black Tiger, I see the period at the start of the domain name on the following line. The parser in the past has had problems with that if you have mailhosts enabled. If you submit it without the period (or put something in front or the period) or just remove that worthless Received line, it should submit. Received: from localhost ( by .jlU2KPHsGNpygo@Brief.me id IoLDL6FfG7GE