Jump to content

gnarlymarley

Memberp
  • Content Count

    547
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    No source IP address found, cannot proceed!

    If it was a contact form, you should be able to look up the IP in the http logs. It would be good to have the form add some email headers, such as a "Received:" header that has the IP, hostname, and protocol, just like your email server does. Another header maybe something like "X-WebForm:". Also, I would expect the receiving email server to show the IP of the server with the contact form.
  2. gnarlymarley

    No source IP address found, cannot proceed!

    Maybe came from a web form?
  3. gnarlymarley

    No source IP address found, cannot proceed!

    The tracking URL seems to be missing an IP on the Received line. Without that IP, it cannot proceed to report such IP. Received: from esteemcom by elm.nocdirect.com with local (Exim 4.93) (envelope-from <info@domainregistrationcorp.com>) id 1lT0m1-0006Jl-Cb for x; Sun, 04 Apr 2021 07:18:33 -0400
  4. I don't see a refresh button on the page. After some research, it appears that this is plagued bu the whois "-B" bug. Refreshing is not going to bring it up. You will need want to contact the deputies[at]admin[dot]spamcop[dot]net or just submit it manually.
  5. Sounds like someone is attached 18 emails and sent to your reporting address. Yes, you can email the deputies[at]admin[dot]spamcop[dot]net and they can change it for you.
  6. gnarlymarley

    TLS support for SMTP host for spam submission

    Yeah, probably a good idea to send the link to this forum to the deputies at deputies[at]admin[dot[spamcop[dot]net.
  7. I believe that originally SpamCop was setup to report URLs to the ISP hosting the content. They did this to avoid reporting directly to the spammers, who at the time, would setup they own domain and abuse address. Reporting spam to the ISP, SpamCop appears to look up the IP the domain is pointing to at the time and report that IP to the ISP. If we can trust the abuse of the domainname such as in this case, SpamCop should be able to report to the domain's abuse address instead of to their hosting ISP.
  8. gnarlymarley

    SpamCop approving spam!

    This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin. The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.
  9. sounds to me, like you might be talking about the response email that would contain a tracking URL if it worked, but it is not working. A normal reply would be a subject line "[SpamCop] has accepted 1 email for processing". Reply emails with the subject line "[SpamCop] Errors encountered" usually indicate a problem with the attachment on the sending email. Even if I had mailhost problems, I would still get a sucessful reply with a tracking URL.
  10. gnarlymarley

    Google Groups spam

    Dennis, I think you might be right on the google groups. It sounds like someone signed up for you and set up their password while pointing it to your email account. I see a mailto that is not you that you might be able to try a password reset on any of the mailto addresses that are not yours to see if it is a forwarder address. If not, sounds like you might be up to the mercy of the google abuse address.
  11. Welcome back! Ooops, I am sure they might regret that.
  12. gnarlymarley

    SpamCop approving spam!

    I believe the option you are looking for is RBL check (realtime blacklist). This is also known as dnsbl.
  13. Me too. Also, sounds like you are probably having ISP issues again.
  14. This is because tinyurl[dot]com is hosting their services at cloudflare rather than at their own data center.
  15. From what I can see, it appears to start out with that, then the abuse.net moves it over. If this is not the case, then if you would have a track URL that shows it that you would be willing to share. whois: 193.27.228.0 - 193.27.228.255 = info@starcrecium.com Routing details for 193.27.228.255 Using abuse net on info@starcrecium.com No abuse net record for starcrecium.com Using default postmaster contacts postmaster@starcrecium.com postmaster@starcrecium.com bounces (31 sent : 16 bounces) Using postmaster#starcrecium.com@devnull.spamcop.net for statistical tracking.
  16. gnarlymarley

    TLS support for SMTP host for spam submission

    Probably would be a good feature to have. Is your system not capable of sending without SMTP encryption?
  17. gnarlymarley

    Received via a relay in bl.spamcop.net

    I checked out the site and this appears to be coming from the SpamAssassin section. It really means "IP listed in bl.spamcop.net". This means your outbound IP is/was listed in bl.spamcop.net. See what petzl said to look up your email server's IP on bl.spamcop.net.
  18. gnarlymarley

    spam Showing Up With Old Dates/Times

    It looks like your spammer has an old date in their spam but the email is being sent today. Your ISP received: Mon, 15 Mar 2021 15:43:46 -0600 Spammer trick Date: Thu, 11 Mar 2021 02:42:49 +0100 Seems the spammer is trying to trick you into thinking it is old, when it is new. Looking at the Received headers, I don't understand why the spammer would do this.
  19. gnarlymarley

    Response on reporting spam

    This could also be a form a listwashing where the spammer might be trying to figure out who is reporting. So they increase their spam on certain people until the figure out who is reporting them. Also could be some sort of retaliation if they know your address already.
  20. gnarlymarley

    About that announcement in the report window

    If I see the correct one, It is talking about the blacklist mirrors. I think I read the same, where this should not affect reporting. But it might affect blacklist look ups.
  21. That is a good question. I did find an abuse form at https: //www.cloudflare.com/abuse/form, but I also searched and found some articles saying that the abuse email doesn't work for some time. It maybe that they have abandoned the abuse email.
  22. Don't worry. One of my oldest email accounts had stopped receiving lots of spam years ago and now is back to receiving about four spams a day again and it seems to be going up. My guess is maybe the spammers are doing some listwashing to try to figure out who is reporting.
  23. gnarlymarley

    spam Showing Up With Old Dates/Times

    I went back and looked at this example and I do see why your email client has an old date. So the email client might be displaying an old date, but the spammer has added their old date. Stuff like this is all reportable, but maybe the spammer is banking your ISP has an issue and you don't report all the spam. Received: by cmsmtp; Sun, 14 Mar 2021 14:02:22 -0600 Date added by spammer: Date: Thu, 11 Mar 2021 02:42:49 +0100 P.S. Thank you for your help too!
  24. gnarlymarley

    spam Showing Up With Old Dates/Times

    Hmmm, the example says it is only 5 hours old and came in on 14 Mar 2021. I tried refreshing a couple of times. I wonder if it says it is old when you first go to report it? Tracking message source: 99.79.57.23: Routing details for 99.79.57.23 [refresh/show] Cached whois for 99.79.57.23 : abuse@amazonaws.com Using abuse net on abuse@amazonaws.com abuse net amazonaws.com = abuse@amazonaws.com Using best contacts abuse@amazonaws.com Reports disabled for abuse@amazonaws.com Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking. Message is 5 hours old How an email might possibly be old is for instance, the 10.0.153.220 server could have held it internally for a few days. SpamCop goes off the date on the Received line where it picks up the spammers IP. This means if your ISP hold an email for four days, SpamCop would call it old, even though it may have just barely arrived.
  25. gnarlymarley

    dot xyz dot com

    My dot-xyz spam has lasted a few months and now it has dropped. It could be list washing. Probably more like petzl said it could be working and the administrators turning off the sites. It is interesting that for me, yesterday the links changed to dot-im.
×