Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. I believe weduskabe is just a repeat person that keeps signing up for a new account. I am sure they are signed up with a different account that is being used to check when the emails come out and/or stop. These hits, seem to hit hard and then stop after a while, almost like throw away accounts. What gets me is I wonder if the moderators have thought about a reporting system and a IP blocklist. I mean other than the "report to moderator" at the bottom of each post. Probably do something like make their whole IP range report to a moderator when mulitple of us "mark" the entry as spam. Of course, one issue with that is they would try to hack our systems in order to get our IP range blocked too.
  2. gnarlymarley

    IPv6 or what ?

    Assuming that opaltelecom.net is a forwarder as it is part of your mailhosts, both and 2a01:111:f400:7c09:0:0:0:183 belong to hotmail/outlook.com (aka microsoft). So it would appear that the proper source is reporting correctly.
  3. You can also get this from the confirmation email once you register. Forward your spam to: submit.XXXXxxXXXXXxxx[at]spam.spamcop.net Add this to your address-book. You may forward spam to this addresses from any account. At least this is what i saw from many many years ago, but I believe they still have the opt-in email. Are you looking to fully automate, or just the submission? At one time I had automated it, and found that the automation caught a false positive. Anyway, I suggest to avoid full automation, but automation to the submit address is good, so you can check the submissions are okay.
  4. gnarlymarley

    Where to go next?

    Looks like you may have notified the necessary folks. If you feel gutsy, you may want to start blocking based on IP, envelope from, or email content from. With the blocking, maybe the sender will start to complain. The hardest part about blocking, is the chance you have a blocking legitimate folks, but sometimes a little bit of blocking is worth it. I would agree with Lking. Once you have reported it, there is not much you can do to get them to stop. My thoughts are if you own your own email server, you can put in a block. Otherwise, if not, you just have to deal with the stuff until they decide to take action on their side. Maybe you can convince your ISP to put in a blocklist if they own the email server.
  5. gnarlymarley

    open -Router

    From what i have seen, most Spammers/hackers try to login with http proxy, ssh or telnet. Once in with console access to the router, they can then initiate a port connection to someone else's smtp server. On my home web server, I have seen unsuccessful attempts at them trying to use http as a proxy for smtp. The Spammer does not care how, they just want to use your IP to make a SMTP connection to send spam. I am not familiar with the Open Router types specifically, but I have seen attempts for apache/squid connecting to send spam. The major issue with most routers, is that tracking of the "proxy" connections is very hard to track.
  6. gnarlymarley

    More Ripe access denied

    I believe this may be the same as http://forum.spamcop.net/forums/topic/14948-ripe-access-denied-host-has-been-permanently-denied-because-of-a-repeated-excessive-querying/
  7. appears to still be happening, and if I have it correctly, this is the same issue as http://forum.spamcop.net/forums/topic/14948-ripe-access-denied-host-has-been-permanently-denied-because-of-a-repeated-excessive-querying/.
  8. Has anyone else noticed that SpamCop hit one of the whois rate limits? https://www.spamcop.net/sc?action=showcmd;cmd=whois%2080.253.27.99%40whois.ripe.net $ whois[at]whois.ripe.net [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf %ERROR:201: access denied for % % Sorry, access from your host has been permanently % denied because of a repeated excessive querying. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied % This query was served by the RIPE Database Query Service version 1.79.2 (DB-1) I realize there is nothing we can do but to wait. I did find it interesting that if you are a proxy, they give you much more request per 24 hour period.
  9. My original though to this post was that you hit the daily limit of 500, however, https://www.spamcop.net/fom-serve/cache/350.html shows the limit as 3000. I believe you may need to follow the same instructions and work with Don at that service address to get your account reinstated. I typically report spam from hotmail, yahoo, mail.com, gmail, and other accounts using one account. However, you should have separate accounts if you have other humans sending to that spamcop[at]....com address. Chances are legitimate email was "accidentally" reported using your account and this is what caused your issue. It is also possible that a spammer is just trying to fight back and believe that their "drug" or "buy my stuff" email is legitimate. Don can explain the what, why, and how you can correct the situation. Chance are, you can get your reporting account back.
  10. gnarlymarley

    never ending story-spam

    Let me get this straight, are you meaning you want SpamCop to login to your firewall and update its rules for you? SpamCop works where it can. SpamCop does exactly the same as what you can to ovh.net. Personally, I am not giving my firewall login to any third party to update the rules for me. I work that on my own. What you can do, if you are not your own email administrator is to petition that email administrator to think about using some sort of block list. The SpamCop block list (https://www.spamcop.net/fom-serve/cache/291.html) is perfect for what you need. Also see https://www.spamcop.net/bl.shtml for more information. SpamCop has been around since at least 1997 and will be around for many more years. SpamCop provides an excellent service of what it can to us users. This service is helpful as it munges your email address in messages that could be sent to the spammers. That usually makes it harder for the spammers to find out who you are and to put them on the block list. It they do not cease sending spam, they will stay on the block list longer. Of course, there are abuse factors build in, that cannot allow us to abuse the black list. There is usually enough spam that comes from them to keep them listed on the black list. If you can use that, you will see your spam amount drop quite a bit. I am guessing that you replied to the spammer and tried to tell them "stop sending". What the spammer actually hears when you do that is "please send more spam and here is my email address that you can use to send it to".
  11. gnarlymarley

    never ending story-spam

    I made my own blocklist for stuff like ovh.net. For a while I used the bl.spamcop.net, but by blocking every host that was a *.ovh.net worked for me. Of course, you would need to decide if you might have valid users from there. I will never expect email from there and therefore, this worked for me. Of course, it looks like they finally gave up on sending to me in January 2014. One thing to keep in mind when you start using a block list you are at the mercy of other folks where you might risk blocking legitimate email. I have been turning off the blocklists on my server because both spam is down for me and also there was one legitimate message that was blocked. One option might be something like SpamAssassin where a blocklisting can count as negative points.
  12. gnarlymarley

    never ending story-spam

    Actually, after 18 years of fighting spam, I have noticed that after a period of time the spammers will actually give up. I keep thinking there is hope that i might get more spam to report, but the wait for unsolicited spam can be horrendous. Last week, I only had three spam messages all week, but this yesterday I got four in one day. Maybe the spam will pick up and start coming in again. Too bad I have to wait as it has to be unsolicited.
  13. I had a similar issue with a forwarder that was pointing to gmail. gmail started some strict SPF checking sometime around August and that caused the submission responses to bounce when attempted to send to me. For my solution, I could have used SRS, however, I found it just easier to repoint my spamcop address directly to my gmail. I tend to wonder if you might be using a forwarder. I even used gmail as a forwarder to another gmail and it did the same thing. gmail is probably not always using SRS when forwarding.
  14. gnarlymarley

    Null'ing Email Addresses

    actually, there are a few solutions when the ISP is supportive of the spammer. One is you can find out who the upstream is and report to them. Another solution is you can use the spamcop blocking list if you own the mail server. The block list is cool because both you and hidden detectors are adding IPs to it. I changed from about 50 a day to only around 3 when I used the block list.
  15. I have seen this before where I had a forwarder pointing to gmail. I have since moved the spamcop to point directly to gmail and it seems okay for me. If you have a forwarder, you might be seeing a similar thing where the SPF record is randomly checked.
  16. I get the 500 errors on the reporting site, but it seems to be around two out of three attempts.
  17. gnarlymarley

    Medic Canada

    Changing addresses only temporarily stops it until they figure out your new address. What I did to stop those was to stop any direct replying, cause the mail server to check the spamcop blacklist, and submit all reports. If you have control over your email server, the blacklist was probably the most beneficial one I did because it would stop emails repeat IP addresses. The blacklist does have some hidden email addresses that can cause some IP addresses to appear on the blacklist before your turn comes around. That said, if a email does get past the blacklist, then your submission might be the one to cause the IP address to be listed. After time of server rejections (usually a few years), the spammers will give up on your email address.
  18. The submit address can only have the email submitted as an attachment. You would need to forward as an attachment to get it to work.
  19. gnarlymarley

    [Resolved] /dev/null'ing report for ...

    Ah, /dev/null comes from the UNIX world which can also mean the bitbucket, or the trash can. It basically means a report does not go anywhere. Please see http://forum.spamcop.net/dict/dev_null.html for more information.
  20. Ah, the empty body message I see with your tracking URL. When I get these, I have to paste them in and add a blank line after the header alone with a note such as "[no body]". If the message has no bodyt, you will need to do this. See http://forum.spamcop.net/forums/index.php?...hl=body+missing for that.
  21. The submit address is supposed to be a hidden address where you forward email as an attachment. The attached email is expected to be sent to the administrators of the IP address. Submitting spam through SpamCop is only able to do some small stuff to stop spam. They cannot hack into your email. They prevent the spam by using the block list of bl.spamcop.net and they also prevent repeat spam by notifying the proper authorities who will take appropriate action.
  22. As lisati mentioned, that a misdirected bounce is spam. This is because you are sent the email without sending a related email first. See http://forum.spamcop.net/scwik/Bounce for more information.
  23. The tracking link you provided is perfect. Though, I do find it interesting that the message appears to have started inside of google? Most definitely not something I would have sent and it is not showing as coming from the everything.net server. I would call this a misdirected bounce.
  24. The purpose of http://www.spamcop.net/mcgi?action=mhreturn is to submit your mailhost emails that are sent out on a test. Anyone who has ever setup mailhosts has used this link. I believe what Don was mentioning was to try and manually separate the header and body and see if it works.
  25. From what I see, the blank line between the headers and bodyis missing. Is your email client showing this as well? This: Message-ID: <2014___________________v468[at]pcrjtdxgcpwzrtx> <html> Should be this: Message-ID: <2014___________________v468[at]pcrjtdxgcpwzrtx> <html>