gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
Refresh your tracking URL. I think I show it as abuse@ocn.ad.jp
whois: 60.32.0.0 - 60.47.255.255 = abuse@ocn.ad.jp
Routing details for 60.36.166.29
Using abuse net on abuse@ocn.ad.jp
abuse net ocn.ad.jp = abuse@ocn.ad.jp
Using best contacts abuse@ocn.ad.jp -
I prefer downloading my emails using either html raw or an imap client to get the original email that doesn't change all the links to the "outlook protection".
-
One thing to note is that the email was voluntarily blocked by the recipient's server. The people receiving the email setup SpamCop's block list on their server. SpamCop didn't directly block the email from O365. If SpamCop were to remove the entry from the block list, the recipient would then add their own that bypasses the Spamcop block list.
-
anyone8, as per Lking mentioned some of these domains are flaky.
What I do is to keep the tracking URL and then go back to it a few minutes later to see if SpamCop would pick up the IP. Sometimes waiting and refreshing works for flaky domains. -
@Brendon, could this be what you might be talking about?
;; ANSWER SECTION:
spamcop.net. 251 IN NS ns1-11.akam.net.
spamcop.net. 251 IN NS ns1-90.akam.net.
spamcop.net. 251 IN NS ns1-109.akam.net.
spamcop.net. 251 IN NS ns1-73.akam.net.
spamcop.net. 251 IN NS use1.akam.net.
spamcop.net. 251 IN NS asia3.akam.net.
spamcop.net. 251 IN NS ns1-93.akam.net.
spamcop.net. 251 IN NS ns1-117.akam.net.
$ dig vmx.spamcop.net @use1.akam.net
; <<>> DiG 9.18.20 <<>> vmx.spamcop.net @use1.akam.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43587
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vmx.spamcop.net. IN A
;; ANSWER SECTION:
vmx.spamcop.net. 300 IN A 184.94.240.112
;; Query time: 18 msec
;; SERVER: 72.246.46.64#53(use1.akam.net) (UDP)
;; WHEN: Sat Mar 09 07:06:23 MST 2024
;; MSG SIZE rcvd: 60
$
-
One possible alternate to the SpamCop blocking list could be SpamAssassin. You can tie weights to SpamCop such that it would take more than one Blocking list to block spam. You can also whitelist email addresses or make rules that override the SpamCop blocking list. if certain keywords show up in that email.
-
I changed from using RBLs to using SpamAssassin. Now using SpamAssassin for me, I can do "and/or" rules where just because something might be on the SpamCop blocking list, it is not blocked unless it is also on another RBL as well. (And I can add a weight percentage to each RBL.)
-
I get that mailhosts forgery message if my ISP changes or I try to submit an email for an address not on my mailhosts. You might need to resend the mailhosts email setup without deleting the mailhosts entry to have the mailhost entry refreshed.
-
Are you using a shared IP?
https://www.spamcop.net/w3m?action=checkblock&ip=40.107.94.90
Looking at the blocking list entry, it looks like someone maybe reporting emails as spam to SpamCop.
Some things to note, you might want to check that your email list is using double opt-in or else anyone can add an email address. You might also need to check routers and cameras have not been hacked. -
Most of my recent reports have a "Cache/Refresh" link I can click to have it update from the whois listing.
-
You know you are irritating a spammer if they are trying to retaliate. The only real way to make a spammer think your account is dead is to reject the email at the border server. You might be able to accomplish this by "blocking" the user and sending it to the spam folder, but most of the spammers will just try a different address to get past your filters.
Since Gmail and Microsoft don't let me control the border server, I setup my own email server and use SpamAssassin to filter out the spammers. A few fine tuned rules and it blocks the spammer. In watching the rejections, I noticed that some spammers retry more often when it rejects. -
A few notes to add to Lking;s post. You might want to check that your IP cameras and routers are secure. You might also be sharing an IP with someone who is sending email that is causing it to show up on multiple blocking lists.
-
You do have to click each link in the mail for every spam. I believe SpamCop did this so that you would double check that the message is actually spam (because we don't want to accidentally report good messages).
Now if the email address was never used for legitimate email, then I believe you might be able to work out using the quick.xxxx8888xxxx8888xxxx@spam.spamcop.net address. (I believe you might have to work with the deputies to have this turned on.) -
Wow, they finally got blocked. One thing to note is that Microsoft was warned numerous times before their inaction allowed the IP to show up on the blocklist. I have been getting abuse from their IP with a few messages a day from a .shop address trying to immitate some paypal links.
-
Could it be an issue with the HTML formatting? I see the first link doesn't have the closing tag. The third link has the tag formatted wrong. The second link has a IMG in the middle.
Also, the content boundaries seem a little strange. -
I setup my own mail server for this reason years ago. I try to avoid forwarding as an attachment directly through one of the "free email accounts" because they seem to flag them quicker if they are an attachment heading to a spamcop submit address.
-
fe80:: is the local interface address and is not to be used on the internet. It is used to dynamically acquire an actual IPv6 address.
More likely that one of the server's IPv4 address is on the blacklist and resending the email went through a different outbound server. I have heard that a lot of people get spam from outlook.com/onMicrosoft.com. So I wouldn't be surprised if they had a server on the black list.
Because of this kind of issues with the random blocks, I now lean toward using SpamAssassin instead of just a single blacklist. It takes a combination of various keywords and multiple blacklists in order for me to block inbound email in my server. -
So, I believe in the forums that there are two types of Microsoft spams. One is from the IPv6 issue where Microsoft is using millions of addresses internally, but I believe SpamCop mailhosts only remembers fifteen. The other, is where they are actually coming from microsoft as you have listed. I believe the *.onmicrosoft.com might be their cloud setup. For some reason, I seem to have very little spam the past week for some reason. The only suggestion I have (after you are attempted the reporting to them) is to report as many as you can to feed the blocking list.
-
Seems to be working good for me today.
-
I noticed it got better, but then yesterday the issue came back.
-
For me, I see the issue about two out of three refreshes.
-
The SpamCop blocking list is not tied to emails, but it is based on the IP 54.240.27.58. I currrently do not see that entry in the block list, but it possibly could have been when they tried to send you the email. The receiving server should have an entry for "dnsbl/bl.spamcop.net" and would have sent a response with the following link.
https://www.spamcop.net/w3m?action=checkblock&ip=54.240.27.58
54.240.27.58 not listed in bl.spamcop.net -
The SpamCop blocking list has a special formula where it takes multiple people over some time for it to be listed. I believe they have this so that a spammer cannot get revenge and just start adding random servers to the blocking list. That said if other people are not reporting all of their spam, then it is not likely to be listed.
-
I believe spammers started doing that around the turn of the century to get past the SpamCop reporting. Be nice if the links could be consolidated.
No blank line delineating headers from body - abort; No source IP address found, cannot proceed; etc
in SpamCop Reporting Help
Posted