Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. Forwarding as an attachment contains some hidden lines that track message source. When forwarding (not as attachment) those tracking lines are lost. This is why SpamCop requires it to be an attachment. The lines that get lost when forwarding not as an attachment are the "Recevied:" lines as defined by RFC2076.
  2. gnarlymarley

    Spamcop captcha is not loading

    Cristian, The IP will be automatically delisted once the problem is resolved, and may have been already. I ran across the follow post about the captcha. I have not been able to duplicate the issue with the captcha not loading. If you are still having the issue, maybe you can try hitting the refresh button to the right of the circle to see if it will allow the captcha to load.
  3. gnarlymarley

    Unable to register - Invalid CAPTCHA

    Interesting, I ran across the following post about maybe the captcha could be a java scri_pt issue. Might be something to check out if you are still seeing the problem.
  4. gnarlymarley

    SpamCop says it's too old, it's not

    Without seeing a Tracking URL.  Sometimes a server is turned off when it is found spewing spam When turned on again it spews out remaining spam. ~o~, A tracking URL would be able to help us debug the issue. What you will be looking for is there is a "Date:" header and a "Received:" header. SpamCop does not look at the "Date:" header. It gets it time from the "Received:" headers. If you do not have mailhosts enabled, SpamCop will attempt to find your border server. The age of an email comes from the time gathered at the border email server.
  5. gnarlymarley

    Identified internal IP as source

    That sure is a lot of received lines. From what I can see, the source appears to be a fastmail user. SpamCop is really good at detecting company to company connections, but RFC9181 IPs can be assigned to every company. The source of will need to be looked at by a fasthost admin, which is why SpamCop gives you the message "identified internal IP as source".
  6. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Lets see if this helps. Spamassassin is a computer application that integrates with the email server for parsing spam at the time it is being received. For example, someone using a hotmail account could send email to my email account. My email server and spamassassin check the email for spamminess and either will accept or reject it. This happens while hotmail still has a connection to my server still open. The rejection notice will come from hotmail's servers as it is will not be able to send. As near as I can tell yahoo does not do any spam filtering, just address blocking. The filters only seem to be able to move spam to non-spam folders.
  7. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Will not be possible with yahoo. Hmmm, spamassassin plugs into the border email server. I know with my yahoo account they don't do much good for spam filtering. I think yahoo's only option is to block email address, but I am not sure the asterisk is working for me. This is why I went with my own domain and email server so I could do better filtering.
  8. gnarlymarley

    Eonix.net helping spammers?

    Some ISP do this and then return the old block and poor folks might get a spammy block when they request a new range. Years ago, I started blocking at the firewall level. Then I started blocking using a SMTP blocking list. Now I just use spamassassin and it makes the decision to block or not at the SMTP edge. This is the reason why I use spamassassin now is because clean emails can be on the block list and still be accepted, while spammy emails with the block lists it can tell the SMTP mailer to reject it. Spamassassin also lets me do some custom parsing rules which can single out ISPs such as eonix (either via headers, message body, or just connecting host).
  9. I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable. Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.
  10. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I use exim and spamassassin for that bouncing spam during the SMTP connection. Once an email is sent on the SMTP communication it is scanned by spamassassin and if good, the SMTP accept command is sent. This way, the sending server has to deal with the spam. If the sending server wrongfully accept to relay the email and didn't verify the address, then it will be bounced to the server admin so they can fix the hole.
  11. Ooops. Sorry, by "opt-in check" I meant single or double opt-in. Some of the big social media sites are not even doing the single opt-in. Yeah, some picked it up and starting doing the double opt-in, but only took a few years and they all forgot about it. Sometimes I wish people didn't have a short memory. In one spam report, I put a note that they should delete their email list and should be using "double opt-in" and then the spam stopped very quickly.
  12. That is why I prefer imap/ssl when possible because thunderbird always seems to work for me. Maybe a webmail version of outlook might work for you, if you have one.
  13. Bob, I am getting the reporting noticed that it accepted my attachments as normal. Are you still having issues with this?
  14.  yeah, sure Rule #1 Sounds like a business might not know about the double-opt-ins. If they don't have any opt-in check, they they really should change their wording to "some subscribed using your email address to....."
  15. gnarlymarley

    Unable to Register Mailhost

    It also might take the email address in each received line and try to compare it. If your ISP adds something like .local to the host that might be something that could make the parser think it is a completely different domain/email address. Might be able to make sure that email is the same for every received line. We can hope your solution works.
  16. gnarlymarley

    SpamCop says it's too old, it's not

    ~o~, I have seen it where the spammers inject a Received line with an old date. It might be good to check that you have mailhosts enabled too where spamcop will only trust the header added by your ISP. If it is getting to that header, then the spammer should not be able to affect your ISP's date. I have also seen some ISP border servers "hold" the emails for more than two days, which will make them old.
  17. gnarlymarley


    I don't think it is useless either. In researching the whole /24, it does appear this might be some snowshow spamming. Hopefully other people will report their spam soon too so it can be listed. Too bad they haven't sent any to me. I agree. It may take some time for this to be listed.
  18. If I remember correctly, this bounce flag button was very noticeable. It had replaced the field where you can paste in your spam. I think this is something you would have noticed. If it is still not working for you, you might want to try the deputies[at]admin.spamcop.net as I believe the have access to the mail server logs.
  19. gnarlymarley

    Link obfuscation flaw?

    One benefit of snowshoe spam that I can see, is the spammer is not able to put in a single IP where the "ISP has resolved this issue". This means that I am able to report every spam. I have seen where the ISP/spammer marks "The issue is resolved" and by the time I go to report the spam, SpamCop doesn't let me further report as the issue has been "resolved". (Mole reporting just changes the resolution time to the current time.) This also prevents me from adding to the block list statistics.
  20. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Looks like they are striking back with a new set of links for me. (Google is not the source of the email, but the links inside point there.) I am starting to see a number of links in the body where one of the following domains appears multiple times with a different four character alpha numeric code. https://kolw.page.link/4_digit_alpha_numeric https://lopw.page.link/4_digit_alpha_numeric https://johr.page.link/4_digit_alpha_numeric I will see how long it takes to for google to respond. With each message containing 10+ unique links it would appear that they can sign up faster than we would ever be able to shut them down.
  21. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    That time can be damaging. Amazon is four days and I think theirs is too long. By the time a week goes by a spammer could have already moved on anyway, so the account could be abandoned by the time they shut it down. For me, I would make it no longer economically viable. If I could speed up the disable process, then the captcha alone would deter them. It may be they figured out who I was and dropped me off their list, but not likely. Probably what is more likely is mine was different spammer.
  22. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I think my reports were successful. All my spam coming from the google cloud seems to have stopped.
  23. I have seen this a few times in the reply email after I forwarded something to my submit address. As near as I can tell, the submitted spam seemed intact and I was able to report it. Judging how it moved the subject line of line up to between when vmx.spamcop.net got it from me and sent it onto the next node, I would guess this was done by the external vmx.spamcop.net node. Received: from vmx.spamcop.net (prod-sc-smtp8.sv4.ironport.com []) by prod-sc-app010.sv4.ironport.com (Postfix) with ESMTP id B579451B67 for <submit.xxxxxxxxxxxxxx@spam.spamcop.net>; Mon, 6 Apr 2020 20:02:23 -0700 (PDT) Subject: [WARNING: UNSCANNABLE EXTRACTION FAILED](Ma
  24. gnarlymarley

    Change your password in this Forum

    I can say it was weird that both spotify and pinterest had weird interests picked, but I didn't pay attention to netflix. I can verify that my gmail accounts were not accessed as at the bottom of webmail there is a details button to tell me where the last logins came from. Spotify and pinterest ask me to confirm only once, while the acounts were being used, but netflix spammed me daily to confirm. So I can say that noone of mine had emails that were confirmed (I know this when I opened up the confirm email the link said it was still waiting for me to confirm), but clearly the accounts were being used. Interesting that netflix didn't care about me reporting all their confirm email notices through SpamCop. With pinterest I got a human on real quick.
  25. gnarlymarley

    Change your password in this Forum

    After linkedin got hacked a few years back, I went to unique passwords so I could tell who and where the hack occurred. I had this happen to me recently but it was spotify, instragram, pinterest, and netflix. What I found was interesting with netflix is they appeared to be using the account to get a free month since they did not verify the email before allowing services. I am not a fan of single-opt-in services nor have I been for over two decades.