Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. Rainer, This appears to be only the URL specified and not coming directly from your server. Running it through google translate, it appears to be the normal whois email address testing. Sounds like they are sending out spam to attempt to send a bill to random domains to try to extort money. Been a while since I got one of those. (I think what petzl is talking about is where I have seen IP cameras and routers get hacked and the spam sent from there, but this does not appear to be coming directly from your server. If it was coming directly from your server, I would check the server and any devices that might be sharing the same IP for possible intrusions.)
  2. gnarlymarley

    Invalid certificate of forum.spamcop.net

    Seems to still be the same. Maybe you can submit something to the new features to get it fixed. http://forum.spamcop.net/forum/10-new-feature-request/
  3. gnarlymarley

    Bad Certificate for SpamCop

    It would appear that the forum only does http. From what I can tell, the hosting is done on cloudflare.net. So as long as that is the SSL cert, then you can login using https. I would advise against sharing this password with other places. I found the following, so I am not sure if there are plans in the works to fix this. Maybe submit a new feature request?
  4. gnarlymarley

    New spammer trick?

    Okay, I am confused with the tracking URL. It seems to be the message you tried to report is one that was sent directly to your submit address. I see the vmx and the app009. Are you trying to report a spam from someone that sent it directly to your submit address? (I am glad your submit address was replaced by an x in here as I don't want to know what it is.) If your submit address is in the wild, I would suggest you contact deputies[at]admin[dot]spamcop[dot]net.
  5. I had a similar situation happen to me about two decades ago with an admin from a well known education institution confusing the internal links of the spam as the source of the spam. This is why I prefer to report just the source instead of the links inside. If I see any on my reports that might be valid (innocents caught in the crossfire), I uncheck those.
  6. gnarlymarley

    No Headers

    For me, if I copy the message to notepad first and maximize the window and then copy all again, I don't seem to have a problem. There appears to be a really long line added that has weird line breaks if copied straight across.
  7. Forwarding as an attachment contains some hidden lines that track message source. When forwarding (not as attachment) those tracking lines are lost. This is why SpamCop requires it to be an attachment. The lines that get lost when forwarding not as an attachment are the "Recevied:" lines as defined by RFC2076.
  8. gnarlymarley

    Spamcop captcha is not loading

    Cristian, The IP will be automatically delisted once the problem is resolved, and may have been already. I ran across the follow post about the captcha. I have not been able to duplicate the issue with the captcha not loading. If you are still having the issue, maybe you can try hitting the refresh button to the right of the circle to see if it will allow the captcha to load.
  9. gnarlymarley

    Unable to register - Invalid CAPTCHA

    Interesting, I ran across the following post about maybe the captcha could be a java scri_pt issue. Might be something to check out if you are still seeing the problem.
  10. gnarlymarley

    SpamCop says it's too old, it's not

    Without seeing a Tracking URL.  Sometimes a server is turned off when it is found spewing spam When turned on again it spews out remaining spam. ~o~, A tracking URL would be able to help us debug the issue. What you will be looking for is there is a "Date:" header and a "Received:" header. SpamCop does not look at the "Date:" header. It gets it time from the "Received:" headers. If you do not have mailhosts enabled, SpamCop will attempt to find your border server. The age of an email comes from the time gathered at the border email server.
  11. gnarlymarley

    Identified internal IP as source

    That sure is a lot of received lines. From what I can see, the source appears to be a fastmail user. SpamCop is really good at detecting company to company connections, but RFC9181 IPs can be assigned to every company. The source of will need to be looked at by a fasthost admin, which is why SpamCop gives you the message "identified internal IP as source".
  12. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Lets see if this helps. Spamassassin is a computer application that integrates with the email server for parsing spam at the time it is being received. For example, someone using a hotmail account could send email to my email account. My email server and spamassassin check the email for spamminess and either will accept or reject it. This happens while hotmail still has a connection to my server still open. The rejection notice will come from hotmail's servers as it is will not be able to send. As near as I can tell yahoo does not do any spam filtering, just address blocking. The filters only seem to be able to move spam to non-spam folders.
  13. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Will not be possible with yahoo. Hmmm, spamassassin plugs into the border email server. I know with my yahoo account they don't do much good for spam filtering. I think yahoo's only option is to block email address, but I am not sure the asterisk is working for me. This is why I went with my own domain and email server so I could do better filtering.
  14. gnarlymarley

    Eonix.net helping spammers?

    Some ISP do this and then return the old block and poor folks might get a spammy block when they request a new range. Years ago, I started blocking at the firewall level. Then I started blocking using a SMTP blocking list. Now I just use spamassassin and it makes the decision to block or not at the SMTP edge. This is the reason why I use spamassassin now is because clean emails can be on the block list and still be accepted, while spammy emails with the block lists it can tell the SMTP mailer to reject it. Spamassassin also lets me do some custom parsing rules which can single out ISPs such as eonix (either via headers, message body, or just connecting host).
  15. I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable. Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.
  16. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I use exim and spamassassin for that bouncing spam during the SMTP connection. Once an email is sent on the SMTP communication it is scanned by spamassassin and if good, the SMTP accept command is sent. This way, the sending server has to deal with the spam. If the sending server wrongfully accept to relay the email and didn't verify the address, then it will be bounced to the server admin so they can fix the hole.
  17. Ooops. Sorry, by "opt-in check" I meant single or double opt-in. Some of the big social media sites are not even doing the single opt-in. Yeah, some picked it up and starting doing the double opt-in, but only took a few years and they all forgot about it. Sometimes I wish people didn't have a short memory. In one spam report, I put a note that they should delete their email list and should be using "double opt-in" and then the spam stopped very quickly.
  18. That is why I prefer imap/ssl when possible because thunderbird always seems to work for me. Maybe a webmail version of outlook might work for you, if you have one.
  19. Bob, I am getting the reporting noticed that it accepted my attachments as normal. Are you still having issues with this?
  20.  yeah, sure Rule #1 Sounds like a business might not know about the double-opt-ins. If they don't have any opt-in check, they they really should change their wording to "some subscribed using your email address to....."
  21. gnarlymarley

    Unable to Register Mailhost

    It also might take the email address in each received line and try to compare it. If your ISP adds something like .local to the host that might be something that could make the parser think it is a completely different domain/email address. Might be able to make sure that email is the same for every received line. We can hope your solution works.
  22. gnarlymarley

    SpamCop says it's too old, it's not

    ~o~, I have seen it where the spammers inject a Received line with an old date. It might be good to check that you have mailhosts enabled too where spamcop will only trust the header added by your ISP. If it is getting to that header, then the spammer should not be able to affect your ISP's date. I have also seen some ISP border servers "hold" the emails for more than two days, which will make them old.
  23. gnarlymarley


    I don't think it is useless either. In researching the whole /24, it does appear this might be some snowshow spamming. Hopefully other people will report their spam soon too so it can be listed. Too bad they haven't sent any to me. I agree. It may take some time for this to be listed.
  24. If I remember correctly, this bounce flag button was very noticeable. It had replaced the field where you can paste in your spam. I think this is something you would have noticed. If it is still not working for you, you might want to try the deputies[at]admin.spamcop.net as I believe the have access to the mail server logs.
  25. gnarlymarley

    Link obfuscation flaw?

    One benefit of snowshoe spam that I can see, is the spammer is not able to put in a single IP where the "ISP has resolved this issue". This means that I am able to report every spam. I have seen where the ISP/spammer marks "The issue is resolved" and by the time I go to report the spam, SpamCop doesn't let me further report as the issue has been "resolved". (Mole reporting just changes the resolution time to the current time.) This also prevents me from adding to the block list statistics.