Jump to content

gnarlymarley

Memberp
  • Content Count

    410
  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
    gn02020202
  • Yahoo
    gnarlymarley

Profile Information

  • Gender
    Male
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

2,584 profile views
  1. gnarlymarley

    SpamCop on cPanel - do-able?

    For TLD, I use the blacklist_from annd it works for me. blacklist_from *.su blacklist_from *.ga blacklist_from *.cn For the IP, it maybe it doesn't like too many wildcards, so you might want to try: blacklist_from 170.* blacklist_from 173.*
  2. gnarlymarley

    SpamCop says it's too old, it's not

    Hmmmm, are you saying the bitcoin email is too old? When I copied it to my account and cancelled the report, it says it is new enough to report it. https://www.spamcop.net/sc?id=z6644990035z0e890411edb1e0e0d2060b4fd4260904z By tracking URL, they mean the one at the top of the SpamCop report page where it says the email is too old.
  3. gnarlymarley

    SpamCop on cPanel - do-able?

    I suspect you might be able to do that with the following but the manual is not completely clear on how: blacklist_from [170.0.0.0/8] Since I run my own name server, I setup my own black list there such as: *.170.blacklist.local. IN A 127.0.0.1 *.170.blacklist.local. IN TXT "blocked whole range 20200802"
  4. gnarlymarley

    Three Ways to Report spam

    SCBL means SpamCop Blocking List or SpamCop Black List. Also, for me google says it is "Southern Collegiate Baseball League".
  5. gnarlymarley

    Parsing truncated

    Interesting, I had submitted a copy to my account without mailhosts and it appears to have worked. https://www.spamcop.net/sc?id=z6644191965z228c8ee5751b9ef3fba5a127fdc8818fz When I try to submit with mailhosts, I get the same pause (yes, I know I don't have your mail hosts.) https://www.spamcop.net/sc?id=z6644192306zf677ca6824be06de2a49d01b38114656z This would almost indicate maybe the double dot hostname problem. Hang on, maybe try changing the two dots as below to a single and try submitting again. Received: from DESKTOP-JQ04P8P..home
  6. gnarlymarley

    Parsing truncated

    Nothing immediately stands out for me, but I do see an IPv6 address: whois.ripe.net found abuse contacts for 2a01:4f8:211:2c54::2 = abuse@hetzner.de Might be good to get the deputies looking at this at deputies[at]admin[dot]spamcop[dot]net.
  7. gnarlymarley

    OVH.Net spam ?

    Nope, I am saying that it came from 51.79.145.214 is the source, but user/owner of the computer tied to that IP probably didn't send the message themselves. They "let" someone else use their computer because they didn't patch it. Spammers love it when they can use someone else's cameras, routers, computer, refrigerator, or other IOT device to send their stuff so they don't get caught. Keep reporting these as we at least need to get them to patch or fix the problem. If it is a person that has let someone else use their machine, they need to deal with the problem.
  8. gnarlymarley

    OVH.Net spam ?

    Nope, I am saying that OVH customers were probably hacked. The spammer is just using the Newegg hostname to try to get past spam filters. (Some people who get a spam report that supposedly came from their discount it and ignore it because they "didn't send it".)
  9. gnarlymarley

    OVH.Net spam ?

    Two decades ago, spammers were advertising the wrong hostname to get past blocking filters. When spam filtering kept getting them, some of them went to using their real hostname of the computer they had hacked. I think most of the OVH spammers might be the "fly by night" salesman, where the OVH computers are not patched. I think that by the time we file a report, they may have already abandoned the machine.
  10. gnarlymarley

    Russian spam can't be reported

    I am not sure if this is the issue because I have a juno account on my mailhosts with 179 webhosts and I don't have any problems with it. Looking at your tracking URL, the Received: lines appear to be out of order. Received: from outlook by outlook Received: from exhangelabs by reliablemail Received: from exhangelabs by exchangelabs Received: from exhangelabs by outlook Received: from reliablemail by reliabledns Received: from reliableedns by reliabledns In searching the forums, the first thing that popped up was an outlook issue: https://www.spamcop.net/fom-serve/cache/122.html Are you using outlook? (Apparently there don't have issues with outlook express, only outlook.)
  11. I would suggest you start with deputies[at]admin[dot[spamcop[dot]net. They will be able to analyze it.
  12. Ricardo_63, this "Received:" line should be added by the receiving email server. And should not be disabled by any spammer. Though RFC2882 might be confusing, RFC5321 explains this well in section 3.7.2, where your ISP should be adding that line. 3.7.2. Received Lines in Gatewaying When forwarding a message into or out of the Internet environment, a gateway MUST prepend a Received: line, but it MUST NOT alter in any way a Received: line that is already in the header section. Another way to think of it, is if your ISP refused to put this line on your email, then they must provide another way for you to get the information via a phone call or log access. If they refused to tell you the sending IP and helo hostname, then the offending email must be counted as spam send "by your email provider".
  13. gnarlymarley

    Is there a SpamCop Outage

    This is the problem with internet islands where you can travel from your house to either island, but you cannot travel directly from one island to another. This is where your ISP is working, but your VPN's ISP would not have been talking to SpamCop's ISP. When someone at those ISP found out there was a problem, they could fix it. This is why the problem started happening by itself and would have fixed itself. (Most of my internet traffic goes through about five different ISPs between my computer and the server.)
  14. I do find it interesting that the whois entry says "ArubaCloud UK Cloud Services" based out of London, UK. If the email address doesn't work for you, then you might want to try https://www.aruba.it/en/report-abuse.aspx.
  15. gnarlymarley

    SpamCop on cPanel - do-able?

    I am not familiar with cPanel, but I am with SpamAssassin. I currently have version 3.4 and there is a a rule in it called RCVD_IN_BL_SPAMCOP_NET that brings in block list functionality. I was looking at and the version 2.6 appears to have the rule in it. Later versions all seem to have it. Is this the type of integration you are looking for? I am not sure if you have a special score for it or would be using the default score.
×