Jump to content

gnarlymarley

Memberp
  • Content Count

    482
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
    gn02020202
  • Yahoo
    gnarlymarley

Profile Information

  • Gender
    Male
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

3,405 profile views
  1. The cause of listing section says that spam is being received by spamtraps and users coming from 208.180.40.71. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week I have seen where a virus, malware, spyware, or router can be remotely controlled and then the hacker uses the device to send spam. If that is an open MTA, then anyone can connect and use it it to send spam. I see the time is changing between 23 and 22 hours, so it would appear that the spam action is still going on. According to the neighborhood section of https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71, I do not see 208.180.40.68 listed. It would appear to be almost all is from 208.180.40.71. Securing that IP, and/or the router in front of it should help eliminate the spam that appears to be coming from it.
  2. I should also note, that this might be a good idea to have all devices (such as camera or refrigerators) that share that same IP to be checked for sending spam. Hackers love abusing other people's computers so their IPs get listed instead of their own. Once all the devices are secured, the IP will be automatically removed from the list.
  3. gnarlymarley

    Reporting spam has no effect

    In my past, I would just block the whole range if I were to get a reply like that. Now I just use SpamAssassin and mark the range as more likely spam. With enough of their customer's emails being blocked, they will the give up and find another provider.
  4. The IP does appear to be listed. https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71 208.180.40.71 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. It appears that enough reports were files to get 208.180.40.71 listed. Since I am just a user, I am not able to look up much more. I would suggest that you have your employee scan their computer for viruses and have them make sure they do not have malware or spyware.
  5. There could be some old cache pointing to old information. You might want to try doing a "refresh/show" on the report to see if the address gets fixed. If this does not help and if the deputies do not respond, I would suggest contacting the admins at deputies[at]admin[dot]spamcop[dot]net.
  6. gnarlymarley

    URL host links limit

    Here is another tracking URL that demonstrates what I mean by combining. In this example, we can see that it looks up two different hostnames. It would be nice if these could be grouped by server name so that it would only have to do two look ups instead of four. https://www.spamcop.net/sc?id=z6698611793zb63e53a6ab1d3867166620a089eae7a8z
  7. gnarlymarley

    URL host links limit

    I have noticed that sometimes spammers use too many URLs in their spam. Would it be possible to group links by hostname and processs them by that? When the report is sent, they combine there. Moving it to the hostname means if all the links share the same hostname, they can still be reported. This would also save on DNS look ups if the links are below the limit. https://www.spamcop.net/sc?id=z6698896959z37653b35adb76c14bc27cd5541f78a03z
  8. gnarlymarley

    Nothing to do is back

    Or if you have already submitted, you can click on past reports, click on the link by the IP, then Parse, and you should have the tracking URL.
  9. gnarlymarley

    forwarded spam being returned

    I don't currently have a problem submitting my forwarded spam all week. Last time I had a problem with the forwarding, I was able to check out the reply and the headers to find it was my ISP that was blocking the forwarding.
  10. gnarlymarley

    Google Network a Frequent Source of spam

    I am not sure why, but for some reason, spammers do not send spam to my yahoo account any more. I probably get two spams a year there and I don't know why so little. I wonder if the difference between my experience with google is that with hotmail, my average reporting time is around 8 hours, but with gmail reporting through spamcop, my average reporting time is about 30 minutes. I might need to speed up my hotmail reporting to see if that makes a difference.
  11. I remember when I used to submit tons of reports to the postmaster address. Kind of interesting that if someone lets the spamming go on, they get spammed, no matter what their address is. I find it easier to have my address and postmaster sharing the same box and then I can filter on the "To:".
  12. gnarlymarley

    Google Network a Frequent Source of spam

    I see the same thing coming to my hotmail. As near as I can tell, the spammers are spinning up and down cloud instances as fast as they can to prevent getting caught. Either they reached a point where they gave up on my gmail, or else google sometimes deals with it. With my hotmail seems to be a day or two in between the spam like this.
  13. gnarlymarley

    Spammer Bcc'ing replies to himself?

    If you mouse over the "posted [date] at [time]", it should show the year with the time in GMT or UTC format. I have had this happen a year or two ago where someone signed up with an impersonator acount on facebook and started trying to friend everyone. Somehow the scammer/spammer must have got a list of contacts and is attempting each one until they find someone that will reply. If it stays quiet enough, they will eventually give up. If you click the report links, they should come up with the tracking URLs. You might have to click a "parse" link at the top to find it.
  14. gnarlymarley

    Ancient routing information.

    Sure is old information. If you don't see this updated soon, I would suggest you can also try contacting deputies[at]admin.spamcop.net. abuse net endurance.com = abuse@websitewelcome.com, eig-abuse@endurance.com Using best contacts eig-abuse@endurance.com abuse@websitewelcome.com
  15. Interesting they list the two addresses. I have seen it where companies want different abuse addresses to track where it comes in from. Would be nice if companies would keep their contact information up to date in whois. I also noticed it is prefering the /23 over the /16. Using smaller IP block (/ 9 vs. / 16 ) Removing 1 larger (> / 9 ) route(s) from cache
×