Jump to content

gnarlymarley

Memberp
  • Content Count

    523
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. Hmmm, seems there is a problem with the blocking list. I dropped a note to deputies[at]admin[dot]spamcop[dot]net and I hope it goes through. C:\>dig 444.333.222.111.bl.spamcop.net any ; <<>> DiG 9.7.3 <<>> 444.333.222.111.bl.spamcop.net any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37143 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;444.333.222.111.bl.spamcop.net. IN ANY ;; ANSWER SECTION: 444.333.222.111.bl.spamcop.net. 1493 IN A 91.195.240.87 ;; Query time: 27 msec ;; SERVER: 192.168.16.1#53(192.168.16.1) ;; WHEN: Sun Jan 31 08:53:18 2021 ;; MSG SIZE rcvd: 64 C:\> SpamCop always has returned an IP in the localhost range. My fear is something may have been cached for a period of time and I hope this doesn't take a few days to resolve.
  2. gnarlymarley

    IP not listed on bl.spamcop.net but IP blacklisted

    You say that your IP is not listed on the blocking list. There may have been some sort of DNS problem. Try checking your IP using dig or nslookup to see if that could be the issue. C:\>dig 444.333.222.111.bl.spamcop.net ; <<>> DiG 9.7.3 <<>> 444.333.222.111.bl.spamcop.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63152 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;444.333.222.111.bl.spamcop.net. IN A ;; ANSWER SECTION: 444.333.222.111.bl.spamcop.net. 1800 IN A 91.195.240.87 ;; Query time: 195 msec ;; SERVER: 192.168.16.1#53(192.168.16.1) ;; WHEN: Sun Jan 31 08:48:11 2021 ;; MSG SIZE rcvd: 64 C:\> yeah, the 444 is not a valid octet and spamcop is returning everything is on the blocking list. You may want to send an email to deputies[at]admin[dot]spamcop[dot]net.
  3. should be returning something in the 127.0.0.1/24 range. 91.195.240.87 appears to be tied to enom.com.
  4. gnarlymarley

    [Resolved] forum domain problems

    Working now. This post can be resolved.
  5. gnarlymarley

    Eonix.net helping spammers?

    I see different abused addresses on your list such as eonix, layerhost and heficed. 104.140.0.0/16 net-admin@eonix.net 104.140.84.0/23 net-admin@eonix.net 104.148.28.0/24 abusenoc@layerhost.com 104.206.117.32/27 net-admin@eonix.net 104.206.96.0/22 net-admin@eonix.net 104.223.153.0/24 abusenoc@layerhost.com 170.130.0.0/16 net-admin@eonix.net 191.101.128.0/21 abuse@heficed.com 23.228.64.0/18 abusenoc@layerhost.com 23.231.0.0/17 net-admin@eonix.net 50.2.0.0/15 net-admin@eonix.net 50.2.188.0/22 net-admin@eonix.net 50.2.212.0/22 net-admin@eonix.net
  6. gnarlymarley

    Google Network a Frequent Source of spam

    I noticed per the following post, it the google side appears to have been resolved.
  7. Yep, it is listed. I have also seen where some is using their own blocking list, but giving the message as coming from bl.spamcop.net which can be confusing. If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 19 hours. Must have had some spam go out as it appears to have restarted the counter about an hour after petzl posted.
  8. gnarlymarley

    Google refuses reports now?

    Normally people don't like abuse, but if they get bought out by their customer anything could be possible.
  9. gnarlymarley

    Google refuses reports now?

    I am not sure I would say google is a spammer's delight. We still have the blocking list. As long as we have enough people reporting. Hopefully this is temporary and the deputies might be putting in something that fills out the abuse web form.
  10. gnarlymarley

    Google refuses reports now?

    A tracking URL would be helpful. From what I can see from https://www.spamcop.net/sc?track=8.8.8.8, it would appear that there might be a manual entry put in by deputies[at]admin[dot]spamcop[dot]net.
  11. gnarlymarley

    Help for tracking spammer

    Probably a good idea, but SpamCop doesn't prioritize body links. Apparently they only catch "a href" links and not "img src" tags.
  12. You may want to strip off the "bad" received record and then submit. That should get you past the point where SpamCop has the problem.
  13. If these are replies to your reports, I see in my spamcop account preferences I have "Forward only replies from sentient people" under report handling selected. I don't get very many replies from the reports that I send. So far, I have no replies for anything I have sent to abuse@microsoft.com.
  14. Apparently, they don't have a contact directly, but they do have who added you to the list with a contact in the database file. Per http://drbl.gremlin.ru/en.html, it appears, you need to download the .tar.gz file and it has a contact person inside it. Currently at that FAQ page, the link is under the software section at "'Download drbl.tar.gz". Delisting requests are accepted only from network administrators according to the whois information. If you aren't the network administrator, don't try to "jump over a head": the effect will be null or even negative. Because of too many issues with blacklists, I have moved to a scoring system instead of straight up blocking. Meaning an IP would have to show up on more than one blacklist before I block the email.
  15. gnarlymarley

    Simple Instructions

    I see something on mine. Some have mentioned problems with chrome and other with firefox. It would be nice if the links were corrected, but I think they were broken some time back in one of the "upgrades".
  16. gnarlymarley

    Eonix.net helping spammers?

    Yeah, the domain expired on 1/14. Spammers like these domains since the registrars don't have a temporary SPF or DMARC record. Effectively it gives the spammers free reign of the domain. If it is only an IP or two and you have the ability to block them, I would suggest you put a block on there for a few days. One thing you can also do is to use a BGP looking glass and head to the upstream provider with your abuse logs. The bigger ISPs are usually good at fixing the problem with the smaller customer ISPs.
  17. The cause of listing section says that spam is being received by spamtraps and users coming from 208.180.40.71. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week I have seen where a virus, malware, spyware, or router can be remotely controlled and then the hacker uses the device to send spam. If that is an open MTA, then anyone can connect and use it it to send spam. I see the time is changing between 23 and 22 hours, so it would appear that the spam action is still going on. According to the neighborhood section of https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71, I do not see 208.180.40.68 listed. It would appear to be almost all is from 208.180.40.71. Securing that IP, and/or the router in front of it should help eliminate the spam that appears to be coming from it.
  18. I should also note, that this might be a good idea to have all devices (such as camera or refrigerators) that share that same IP to be checked for sending spam. Hackers love abusing other people's computers so their IPs get listed instead of their own. Once all the devices are secured, the IP will be automatically removed from the list.
  19. gnarlymarley

    Reporting spam has no effect

    In my past, I would just block the whole range if I were to get a reply like that. Now I just use SpamAssassin and mark the range as more likely spam. With enough of their customer's emails being blocked, they will the give up and find another provider.
  20. The IP does appear to be listed. https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71 208.180.40.71 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. It appears that enough reports were files to get 208.180.40.71 listed. Since I am just a user, I am not able to look up much more. I would suggest that you have your employee scan their computer for viruses and have them make sure they do not have malware or spyware.
  21. There could be some old cache pointing to old information. You might want to try doing a "refresh/show" on the report to see if the address gets fixed. If this does not help and if the deputies do not respond, I would suggest contacting the admins at deputies[at]admin[dot]spamcop[dot]net.
  22. gnarlymarley

    URL host links limit

    I have noticed that sometimes spammers use too many URLs in their spam. Would it be possible to group links by hostname and processs them by that? When the report is sent, they combine there. Moving it to the hostname means if all the links share the same hostname, they can still be reported. This would also save on DNS look ups if the links are below the limit. https://www.spamcop.net/sc?id=z6698896959z37653b35adb76c14bc27cd5541f78a03z
  23. gnarlymarley

    URL host links limit

    Here is another tracking URL that demonstrates what I mean by combining. In this example, we can see that it looks up two different hostnames. It would be nice if these could be grouped by server name so that it would only have to do two look ups instead of four. https://www.spamcop.net/sc?id=z6698611793zb63e53a6ab1d3867166620a089eae7a8z
  24. gnarlymarley

    Nothing to do is back

    Or if you have already submitted, you can click on past reports, click on the link by the IP, then Parse, and you should have the tracking URL.
  25. gnarlymarley

    forwarded spam being returned

    I don't currently have a problem submitting my forwarded spam all week. Last time I had a problem with the forwarding, I was able to check out the reply and the headers to find it was my ISP that was blocking the forwarding.
×