Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Change your password in this Forum

    I can say it was weird that both spotify and pinterest had weird interests picked, but I didn't pay attention to netflix. I can verify that my gmail accounts were not accessed as at the bottom of webmail there is a details button to tell me where the last logins came from. Spotify and pinterest ask me to confirm only once, while the acounts were being used, but netflix spammed me daily to confirm. So I can say that noone of mine had emails that were confirmed (I know this when I opened up the confirm email the link said it was still waiting for me to confirm), but clearly the accounts were being used. Interesting that netflix didn't care about me reporting all their confirm email notices through SpamCop. With pinterest I got a human on real quick.
  2. gnarlymarley

    Change your password in this Forum

    After linkedin got hacked a few years back, I went to unique passwords so I could tell who and where the hack occurred. I had this happen to me recently but it was spotify, instragram, pinterest, and netflix. What I found was interesting with netflix is they appeared to be using the account to get a free month since they did not verify the email before allowing services. I am not a fan of single-opt-in services nor have I been for over two decades.
  3. I did have see some delays this morning, but you said it happened this past year. Last time I had this happen to me (where all inbound emails were lost) I had a "SMTP disabled" with a button to reenable on the reporting page. If you do not have this button, I would suggest you contact the deputies at deputies[at]admin[dot]spamcop[dot]net as per https://www.spamcop.net/fom-serve/cache/12.html. I believe they have the ability to look at mail servers logs to help in the research.
  4. gnarlymarley

    Unable to register - Invalid CAPTCHA

    I am not sure what I was thinking either. I went back to look at Ostap's post and he has the image with the spinning wheel. I think I was just asking for confirmation. Interesting. I have tried this with this on edge, internet explorer, chrome, and firefox on win10, win vista, and win 7 and it seems to work for me. I also tried it with chrome on android and works. I have both AVG and avast, but web http filter is turned off for me. (My win10 is a work computer and uses the work's proxy filter, so I might not be able to duplicate the issue on my win10.)
  5. Sounds like the administrator of the server you were trying to send to has mistakenly put "https://www.spamcop.net/bl.shtml?" in their reject message. You might need to contact them to see why they think it is on the blacklist when it is not.
  6. gnarlymarley

    Multiple spam redirecting to TopOnlineBargins

    I found a term for this called snowshoe spamming. http://forum.spamcop.net/topic/43662-spam-from-91192400-9119243255-and-21761730-2176173255/?do=findComment&comment=151467
  7. gnarlymarley

    Multiple spam redirecting to TopOnlineBargins

    They sent it from different ISP to limit how quickly their IP is put into a blocklist. If they can jump around enough, their can keep sending out their spam for days. Now if everyone who got it reported it, we could get them on the block lists faster. This is why they like to remotely use routers and IP cameras to send their spam as they don't care if good people get blocked. SpamCop does have requirements to be added to the blocking list. My guess is what you saw for the change from Mivocloud to Psychz is that either they wanted to change, or Mivocloud turned off their service and the spammer moved on. (In my opinion, the faster we inconvience the spammer, they less they will desire to spam.)
  8. If the administrator doesn't care (or is even supportive of the spammer's actions), then that it will continue. What I did in the past (because they kept jumping around on IPs) was to block the whole IP range first in a firewall, then I did my own block list. This got their attention and they moved on to another ISP. This might be an issue as if you have the block list enable, then the reports stop and the IP falls off the list quicker. Hopefully, they run across a spamtrap which I believe it will continue to accept spam while it is on the block list.
  9. Being on a BL is only as useful if your email server/spam filter is configured to use it. A lot of providers discount BLs these days because some honest people can be blocked. Some admins have got overwhelmed by spam reports and just blocked all of SpamCop. Having a report sent by other means might cause the admin to ignore and block reports those too. I would prefer if the admins would just take action quicker rather than to just hit the delete all button.
  10. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    The problem with the week delay will be a similar reason why people complain about being on the blocking list. Spammers will use it to somehow deny real legitimate customers access. There will be some fine line somewhere where they could get it to work, but I don't know where that line is. It is interesting that spamassassin has three sections, not spam, spam, and an overlapping area. As a real person, I wouldn't want to wait a week but I do agree that spammers should wait. (But then with enough money, the spammers would probably sign up as a business and they would probably bypass the delay.)
  11. The only problem I have been able to think of with this feature is looping, where ARIN may think an IP is APNIC and APNIC thinks the IP is ARIN. So maybe need a local tracking variable along side it so once an IP is looked up, it does not go back to that same whois server.
  12. You can check if an IP hit enough spam criteria by putting the IP into the box by "Numeric IP address" and clicking the button at https://www.spamcop.net/bl.shtml (which is found http://spamcop.net and clicking on blocking list).
  13. gnarlymarley

    Link obfuscation flaw?

    I think there is a reason behind this policy. I had a report head to an administrator about two decades ago under this policy and the administrator confused a link as the originator of the spam rather than to look at the headers. The link happened to be my work's website at the time, so they kept blaming me for the spam. That administrator was for a prominent university and I would have thought they knew better. Before that, I also wanted the links to be reported, but after I realized that some links could be friendlies added by the spammer to get into trouble. As an administrator I would like to know about people using my site in their spam, but I also realized that some of these administrators might not know how to read email or even understand spam reports. I believe the original reason they stopped reporting when too many links was resources because each report could create many new emails to each administrator.
  14. gnarlymarley

    spam from

    Interesting. I see the cached whois has both a remark and a "abuse-mailbox" entry. Does spamcop prefer one over the other? abuse-mailbox: abuse@hostslick.de
  15. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I had a spammer try to use the google cloud, but they sent it to my spamtrap. Mysteriously everything got reported and they appears to be kicked off the google cloud. My guess is if we keep up reporting it, the spammers will give up on using google's systems. The speed of reporting seems to have a great effect on causing the spammers to no longer want to waste their time setting up a google cloud server.
  16. gnarlymarley

    Straight to tracking URL?

    The issue is the double dot in the Received line. The two dots make this an invalid record. If you change it to a single dot, it should submit.
  17. gnarlymarley

    spam from Google Mail Groups

    This is your logged link to which we do not have access. The link I would be able to access is called the tracking URL on the page.
  18. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    From my experience, google seems to better to external people than to their own users. From the spam I reported that came from the google cloud, it seems mine stopped in about two weeks. Sure is much faster than amazon's two months...
  19. The body of yours seems missing, so I resubmitted with a new body and I get the same thing. There seems to be a problem somewhere else in the headers that is confusing. If you look at my completely changed message ID line as below, then you can see that the message body (from the View entire message link) seems to be put onto the end of the messageID line (from the tracking URL). There seems to be something else than just the $nul that is going on here. with $nul: https://www.spamcop.net/sc?id=z6620984216z1309884122860acc9adaeae9dbe67578z without $nul: https://www.spamcop.net/sc?id=z6620984773z5d37101fab5fd6f6b535b8b6f8eca868z Completely changed message line: https://www.spamcop.net/sc?id=z6620985295z6cd84be9d2a4f3f7ab69843964529431z
  20. I so sent in spam reports from a different email and I do currently get it going back to my email like you expect. I did have a recently time where I tried to forward a spam using gmail to amazon and google blocked it. This is one of those situations where I like to see the bounce. (However, I do not like the bounce after accept when it is from externally.) If it is being blocked by your work there might be an option where you can go into the sent item and see a sending status there.
  21. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Mine has switched to using a new shortener of http ://owl.li/**********.
  22. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Yep, it did come from google. I guess having one recipient is too much for them. I submitted it to amazon using a different account and it went through. Funny how the original email is not blocked, but attempts to report it are.
  23. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Well, now this is new. I just got a bounce from amazon. Hard to tell if gmail rejected my report to amazon or if amazon did. Final-Recipient: rfc822; ec2-abuse@amazon.com Action: failed Status: 5.0.0 Diagnostic-Code: smtp; Message rejected. See https://support.google.com/mail/answer/69585 for more information. Last-Attempt-Date: Sun, 16 Feb 2020 15:23:11 -0800 (PST)
  24. gnarlymarley

    Why organisation ip Blacklsited?

    Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries. There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop. If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus. Another thing you might want to try is one of the following commands around the time an email is blocked. If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop. dig any nslookup -type=any