Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

2,244 profile views
  1. Rainer, This appears to be only the URL specified and not coming directly from your server. Running it through google translate, it appears to be the normal whois email address testing. Sounds like they are sending out spam to attempt to send a bill to random domains to try to extort money. Been a while since I got one of those. (I think what petzl is talking about is where I have seen IP cameras and routers get hacked and the spam sent from there, but this does not appear to be coming directly from your server. If it was coming directly from your server, I would check the server and any devices that might be sharing the same IP for possible intrusions.)
  2. gnarlymarley

    Invalid certificate of forum.spamcop.net

    Seems to still be the same. Maybe you can submit something to the new features to get it fixed. http://forum.spamcop.net/forum/10-new-feature-request/
  3. gnarlymarley

    Bad Certificate for SpamCop

    It would appear that the forum only does http. From what I can tell, the hosting is done on cloudflare.net. So as long as that is the SSL cert, then you can login using https. I would advise against sharing this password with other places. I found the following, so I am not sure if there are plans in the works to fix this. Maybe submit a new feature request?
  4. gnarlymarley

    New spammer trick?

    Okay, I am confused with the tracking URL. It seems to be the message you tried to report is one that was sent directly to your submit address. I see the vmx and the app009. Are you trying to report a spam from someone that sent it directly to your submit address? (I am glad your submit address was replaced by an x in here as I don't want to know what it is.) If your submit address is in the wild, I would suggest you contact deputies[at]admin[dot]spamcop[dot]net.
  5. I had a similar situation happen to me about two decades ago with an admin from a well known education institution confusing the internal links of the spam as the source of the spam. This is why I prefer to report just the source instead of the links inside. If I see any on my reports that might be valid (innocents caught in the crossfire), I uncheck those.
  6. gnarlymarley

    No Headers

    For me, if I copy the message to notepad first and maximize the window and then copy all again, I don't seem to have a problem. There appears to be a really long line added that has weird line breaks if copied straight across.
  7. Forwarding as an attachment contains some hidden lines that track message source. When forwarding (not as attachment) those tracking lines are lost. This is why SpamCop requires it to be an attachment. The lines that get lost when forwarding not as an attachment are the "Recevied:" lines as defined by RFC2076.
  8. gnarlymarley

    Spamcop captcha is not loading

    Cristian, The IP will be automatically delisted once the problem is resolved, and may have been already. I ran across the follow post about the captcha. I have not been able to duplicate the issue with the captcha not loading. If you are still having the issue, maybe you can try hitting the refresh button to the right of the circle to see if it will allow the captcha to load.
  9. gnarlymarley

    Unable to register - Invalid CAPTCHA

    Interesting, I ran across the following post about maybe the captcha could be a java scri_pt issue. Might be something to check out if you are still seeing the problem.
  10. gnarlymarley

    SpamCop says it's too old, it's not

    Without seeing a Tracking URL. ´╗┐ Sometimes a server is turned off when it is found spewing spam´╗┐ When turned on again it spews out remaining spam. ~o~, A tracking URL would be able to help us debug the issue. What you will be looking for is there is a "Date:" header and a "Received:" header. SpamCop does not look at the "Date:" header. It gets it time from the "Received:" headers. If you do not have mailhosts enabled, SpamCop will attempt to find your border server. The age of an email comes from the time gathered at the border email server.
  11. gnarlymarley

    Identified internal IP as source

    That sure is a lot of received lines. From what I can see, the source appears to be a fastmail user. SpamCop is really good at detecting company to company connections, but RFC9181 IPs can be assigned to every company. The source of will need to be looked at by a fasthost admin, which is why SpamCop gives you the message "identified internal IP as source".
  12. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Lets see if this helps. Spamassassin is a computer application that integrates with the email server for parsing spam at the time it is being received. For example, someone using a hotmail account could send email to my email account. My email server and spamassassin check the email for spamminess and either will accept or reject it. This happens while hotmail still has a connection to my server still open. The rejection notice will come from hotmail's servers as it is will not be able to send. As near as I can tell yahoo does not do any spam filtering, just address blocking. The filters only seem to be able to move spam to non-spam folders.
  13. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Will not be possible with yahoo. Hmmm, spamassassin plugs into the border email server. I know with my yahoo account they don't do much good for spam filtering. I think yahoo's only option is to block email address, but I am not sure the asterisk is working for me. This is why I went with my own domain and email server so I could do better filtering.
  14. gnarlymarley

    Eonix.net helping spammers?

    Some ISP do this and then return the old block and poor folks might get a spammy block when they request a new range. Years ago, I started blocking at the firewall level. Then I started blocking using a SMTP blocking list. Now I just use spamassassin and it makes the decision to block or not at the SMTP edge. This is the reason why I use spamassassin now is because clean emails can be on the block list and still be accepted, while spammy emails with the block lists it can tell the SMTP mailer to reject it. Spamassassin also lets me do some custom parsing rules which can single out ISPs such as eonix (either via headers, message body, or just connecting host).
  15. I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable. Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.