gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
2 hours ago, MisterBill said:
But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.
About 20 years ago, some of the sites would have a selected checkbox that there they would "share your address with third party companies". Though I am not sure if they are still using such a checkbox upon sign up, maybe the practice is still going on? If the places where you did share your addresses are not sharing it, then I would have to believe they were compromised.
-
Some SMTP mailers could try to send it to the A record if no MX. But then it appears there is no A record either.
C:\>nslookup confiraseusdescontosepontos.com Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find confiraseusdescontosepontos.com: NXDOMAIN C:\>
-
On 4/23/2021 at 7:41 AM, Snowbat said:
40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.83.112.59 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
Even though it appears it wants to send directly to the spammer, I don't see the domain and being valid, so this should bounce.
C:\>nslookup confiraseusdescontosepontos.com Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find confiraseusdescontosepontos.com: NXDOMAIN C:\>
-
On 4/22/2021 at 4:11 PM, petzl said:
The link is dead so maybe the spammer is to?
First link connect but the "Clicca su questo link!" (Click on this link! ) is deadWhen the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying.
-
4 hours ago, Telboy said:
So I am unable to forward spam as I get :
149.255.60.65 is not a SpamCop IP. I think this might be your ISP that is rejecting the emails. Sounds like they accept spam, but don't let you forward it to SpamCop?
-
15 hours ago, MisterBill said:
Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain.
If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject.
15 hours ago, MisterBill said:I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids.
I have noticed this too and my first email addresses to starting getting spam were hotmail and yahoo. I believe that some of the "free" address are sold to third party. Now I have my own domain too and I setup separate email address for each one, to use as a throwaway and also so I know which idiot may have shared it with the spammers.
-
On 4/16/2021 at 2:59 PM, Harry Adams said:
I don't know man. Do you really think this could be a good solution to the issue described?
The deputies have some sort of bug tracking/new feature database. Since this is in the New Request forum section, hopefully someone will see it.
-
56 minutes ago, franklin said:
From the looks of the emails, at the very least Sendgrid doesn't enforce double-opt-in for their customers.
I agree that they don't enforce double-opt-in. Someone signed up one of my spamtraps to a bando list and there was no double-opt-in.
-
Century link installed a new pedestal in my area. It serves the next neighborhood over. The problem with it is they didn't install a battery backup and it is fed by fiber. So when my power goes out, they lose internet. I am not sure if they will ever fix that.
-
On 4/14/2021 at 4:58 AM, karl said:
the latest 2 are clearly marked as local (LMTP) and should be ignored, the earliest has a private address and is correctly discarded . there is one single relevant received header which states 149.148.224.72 is the receiving MX
81.95.160.44 is the sending smtp client (MSA). but the sender is discarded as a forgery and the edge server is used for reporting.I don't see mailhosts enabled on this. Mailhosts was setup as a way for SpamCop to find the border server. The LMTP lines seem to look normal.
19 hours ago, petzl said:Just looked seems working
Could have also been a temporary look up issue that may have caused SpamCop processing confusion.
-
I would suggest putting your super secret submit address into the bcc, except some email servers could leave that in the email as it goes out. It would be good to know your email server before trying even the bcc. Probably the only safe way is to forward separate emails.
-
1 hour ago, Outernaut said:
After reviewing @gnarlymarley and checking again, it may be they used a contact form.
If it was a contact form, you should be able to look up the IP in the http logs. It would be good to have the form add some email headers, such as a "Received:" header that has the IP, hostname, and protocol, just like your email server does. Another header maybe something like "X-WebForm:".
Also, I would expect the receiving email server to show the IP of the server with the contact form.
-
1 hour ago, petzl said:
Seem to be from Outernaut's internal network?
Maybe came from a web form?
-
2 hours ago, Outernaut said:
https://www.spamcop.net/sc?id=z6708342598za3c1a7e1620502b088a404a350ad0835z
The tracking URL seems to be missing an IP on the Received line. Without that IP, it cannot proceed to report such IP.
Received: from esteemcom by elm.nocdirect.com with local (Exim 4.93) (envelope-from <info@domainregistrationcorp.com>) id 1lT0m1-0006Jl-Cb for x; Sun, 04 Apr 2021 07:18:33 -0400
-
7 hours ago, Steve said:
Refreshed the page and nothing changed.
I don't see a refresh button on the page. After some research, it appears that this is plagued bu the whois "-B" bug. Refreshing is not going to bring it up. You will need want to contact the deputies[at]admin[dot]spamcop[dot]net or just submit it manually.
-
1 hour ago, Gingko said:
I received another one (with 18 messages inside !!!).
Sounds like someone is attached 18 emails and sent to your reporting address.
1 hour ago, Gingko said:Is there a way to change my submitting email address (the one like submit.XXXXXXXXXX@spam.spamcop.net) without having to create a new account and delete the old one ?
Yes, you can email the deputies[at]admin[dot]spamcop[dot]net and they can change it for you.
-
6 minutes ago, Harry Adams said:
I think that you could send a message to Spamcop in order to describe this issue and get it solved quickly. A friend of mine did it a couple of months ago and it worked.
Yeah, probably a good idea to send the link to this forum to the deputies at deputies[at]admin[dot[spamcop[dot]net.
-
On 4/1/2021 at 10:34 AM, lartingyou said:
Shouldn't SpamCop's default address be abuse@tinyurl.com for those links?
I believe that originally SpamCop was setup to report URLs to the ISP hosting the content. They did this to avoid reporting directly to the spammers, who at the time, would setup they own domain and abuse address. Reporting spam to the ISP, SpamCop appears to look up the IP the domain is pointing to at the time and report that IP to the ISP.
If we can trust the abuse of the domainname such as in this case, SpamCop should be able to report to the domain's abuse address instead of to their hosting ISP.
-
1 hour ago, KNERD said:
At this point, I just do not believe in those block lists anymore.
This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin. The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.
-
4 hours ago, Gingko said:
Along with quite long mail with subject "[SpamCop] Errors encountered" and beginning with :
Quotesounds to me, like you might be talking about the response email that would contain a tracking URL if it worked, but it is not working. A normal reply would be a subject line "[SpamCop] has accepted 1 email for processing".
Reply emails with the subject line "[SpamCop] Errors encountered" usually indicate a problem with the attachment on the sending email. Even if I had mailhost problems, I would still get a sucessful reply with a tracking URL.
-
10 hours ago, dlongnecker said:
When I report, it just goes to abuse@google.com and I doubt they do anything. Any suggestions on how to curb this?
Dennis, I think you might be right on the google groups. It sounds like someone signed up for you and set up their password while pointing it to your email account. I see a mailto that is not you that you might be able to try a password reset on any of the mailto addresses that are not yours to see if it is a forwarder address. If not, sounds like you might be up to the mercy of the google abuse address.
-
Welcome back!
3 hours ago, Lking said:drove through town with their bucket up
Ooops, I am sure they might regret that.
-
9 hours ago, Outernaut said:
I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them?
I believe the option you are looking for is RBL check (realtime blacklist). This is also known as dnsbl.
-
5 hours ago, RobiBue said:
I hope it'll get sorted out soon!
Me too. Also, sounds like you are probably having ISP issues again.
abuse@gtt.net for IP 67.200.116.254, NOT abuse@brookstonenetworks.com
in Routing / Report Address Issues
Posted
Do you have a tracking URL? I show abuse@gtt.net as the reporting address when I try a look up.
Parsing input: 67.200.116.254 More Information. Reporting addresses: abuse@gtt.net