[Emails are being registered as spam - Suddenlink]

14 minutes ago, gnarlymarley said:

The IP does appear to be listed.  https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71

I should also note, that this might be a good idea to have all devices (such as camera or refrigerators) that share that same IP to be checked for sending spam.  Hackers love abusing other people's computers so their IPs get listed instead of their own.  Once all the devices are secured, the IP will be automatically removed from the list.

[Reporting spam has no effect]

In my past, I would just block the whole range if I were to get a reply like that.  Now I just use SpamAssassin and mark the range as more likely spam.  With enough of their customer's emails being blocked, they will the give up and find another provider.

[Emails are being registered as spam - Suddenlink]

The IP does appear to be listed.  https://www.spamcop.net/w3m?action=blcheck&ip=208.180.40.71

208.180.40.71 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours.

It appears that enough reports were files to get 208.180.40.71 listed.  Since I am just a user, I am not able to look up much more.  I would suggest that you have your employee scan their computer for viruses and have them make sure they do not have malware or spyware.

[Azure.com spam: Ms replies to include Cert@Microsoft.com]

31 minutes ago, xebeche said:

SpamCop forwards them to abuse@microsoft.com. Usually, after a few days I get a message from cdoccm@microsoft.com saying:

Quote

There could be some old cache pointing to old information.  You might  want to try doing a "refresh/show" on the report to see if the address gets fixed.  If this does not help and if the deputies do not respond, I would suggest contacting the admins at deputies[at]admin[dot]spamcop[dot]net.

[Nothing to do is back]

Or if you have already submitted, you can click on past reports, click on the link by the IP, then Parse, and you should have the tracking URL.

44 minutes ago, petzl said:

Would help if you sent a SpamCop Track

BEFORE you click submit look at page TOP

 

[forwarded spam being returned]

On 12/29/2020 at 5:32 PM, randallw said:

For about a week much of my forwarded spam can't be delivered.

I don't currently have a problem submitting my forwarded spam all week.

Last time I had a problem with the forwarding, I was able to check out the reply and the headers to find it was my ISP that was blocking the forwarding.

[Google Network a Frequent Source of spam]

18 hours ago, emanmb said:

I guess in some ways I'm looking for patterns where none really exist but for the randomness of what methods my yahoo spammers send me stuff.  If I look in my gmail account it's stuff from all over the place.

I am not sure why, but for some reason, spammers do not send spam to my yahoo account any more.  I probably get two spams a year there and I don't know why so little.

I wonder if the difference between my experience with google is that with hotmail, my average reporting time is around 8 hours, but with gmail reporting through spamcop, my average reporting time is about 30 minutes.  I might need to speed up my hotmail reporting to see if that makes a difference.

[alsonmedia, maybe incorrect reporting address?]

On 12/23/2020 at 2:41 PM, petzl said:

I remember when it was postmaster@blal.blah that address got spammed to oblivion.

I remember when I used to submit tons of reports to the postmaster address.  Kind of interesting that if someone lets the spamming go on, they get spammed, no matter what their address is.  I find it easier to have my address and postmaster sharing the same box and then I can filter on the "To:".

[Google Network a Frequent Source of spam]

16 hours ago, emanmb said:

Wondering if it's just my flavour of spam coming to my Yahoo that tends to be 95% sourced from Google, or if anyone else has noticed this trend?

I see the same thing coming to my hotmail.  As near as I can tell, the spammers are spinning up and down cloud instances as fast as they can to prevent getting caught.  Either they reached a point where they gave up on my gmail, or else google sometimes deals with it.  With my hotmail seems to be a day or two in between the spam like this.

[Spammer Bcc'ing replies to himself?]

On 12/23/2020 at 4:45 PM, Maine Train said:

but assuming that any without a year are 2020, meaning there's still activity here

If you mouse over the "posted [date] at [time]", it should show the year with the time in GMT or UTC format.

On 12/24/2020 at 8:47 PM, Maine Train said:

My high school class has a Facebook group, and on Wednesday, the group organizer posted that the group had apparently been "hacked," because she and some other members of the group had received a strange email from another classmate, who is not a Facebook user.

I have had this happen a year or two ago where someone signed up with an impersonator acount on facebook and started trying to friend everyone.  Somehow the scammer/spammer must have got a list of contacts and is attempting each one until they find someone that will reply.  If it stays quiet enough, they will eventually give up.

On 12/25/2020 at 3:03 PM, Maine Train said:

I'll see if I can get a better track for those reports.

If you click the report links, they should come up with  the tracking URLs.  You might have to click a "parse" link at the top to find it.

[Ancient routing information.]

On 12/24/2020 at 2:58 PM, Claudio said:

Hello, does it make sense to keep routing information set up by a deputy more than ten years ago? Example:

Sure is old information.  If you don't see this updated soon, I would suggest you can also try contacting deputies[at]admin.spamcop.net.

abuse net endurance.com = abuse@websitewelcome.com, eig-abuse@endurance.com
Using best contacts eig-abuse@endurance.com abuse@websitewelcome.com

 

[alsonmedia, maybe incorrect reporting address?]

On 12/22/2020 at 9:01 AM, Jank1887 said:

Their spam/abuse page gives abuse@alsonmedia.com as the notification address. (https://alsonmedia.com/antispam_policy.html), and abuse.net lists both the alson@ and the abuse@ address.

Interesting they list the two addresses.  I have seen it where companies want different abuse addresses to track where it comes in from.  Would be nice if companies would keep their contact information up to date in whois.

I also noticed it is prefering the /23 over the /16.

Using smaller IP block (/ 9 vs. / 16 )
Removing 1 larger (> / 9 ) route(s) from cache

 

[Sorry, no reporting addresses found for 195.208.155.243. Nothing to do.]

interesting combination of manual entry and refuse to bother.

[sendmail woes]

On 12/16/2020 at 9:16 AM, hank said:

Suddenly my reporting of spam is rejected, password reset doesn't help, ping says it's an unknown host, sometimes, and other times gives very long delays, viz:

 

ping looks for an A record.  Email servers look for a MX record.

[Did Spamcop stop reporting spamvertised sites?]

I am not sure what you mean.  The links in my reports are sent out and some of mine get a response from AWS or CloudFlare.  I think there is a limit of around eight links that will get reported.  Maybe this post could be what you are talking about Linsk are not parsed when Return-Path is empty?

[If reports were sent today....]

That almost looks like something that has been reported already.  You can see if it was reported by going to your past history.

[Linsk are not parsed when Return-Path is empty]

On 11/30/2020 at 4:42 PM, EkriirkE said:

Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6690533908ze72fd31a4dff786edaf29eccae16c308z

I think this may have caused some confusion as the above tracking URL is missing the body.  See below for verification test.

On 12/1/2020 at 5:09 PM, EkriirkE said:

This is a failed parse https://www.spamcop.net/sc?id=z6693341449z0778223c9998b219a4bda561ffbc4addz 

So I took your link that failed to parse and I added something in the return-path.  The links would parse again.  So I submitted it as is and it fails to parse.  Clearly, it appears you have caught a problem or bug here where SpamCop is broken.

Working (changed return-path): https://www.spamcop.net/sc?id=z6693978467z3560f51112de7e9fcadc539b521ce73bz

Not working: https://www.spamcop.net/sc?id=z6693978389zca5cee5269c5f353471c599d70e7c266z

As you can see by comparing, I submitted the same thing twice, except I added an email in the return path.

[Linsk are not parsed when Return-Path is empty]

On 11/30/2020 at 2:12 PM, EkriirkE said:

Occasionally I will get an email where the body is not parsed/ignored and I got another today that I did some poking around, and I found that if the Return-Path  header exists and is empty (`Return-Path: <>`), the body is ignored.   Removing or populating it resolve the issue.

I have seen this a while ago, but I didn't have time to do any research on it.  I will have to pay attention for the next time I get a spam that has links, but they get ignored.  (I think mine were August or July, so they are probably past the 90 days so I will not be able to get tracking URLs.)

[No data / Too much data]

Does this post help?

http://forum.spamcop.net/topic/9324-unable-to-process-message-hearders-in-reporting-tab/?do=findComment&comment=63654

If I click "Process spam" without having the textbox above filled out, I get a similar message.  Try going to https://www.spamcop.net/, without the sc at the end of the URL.

[mail hosts does not recogize all mailchannels hosts]

40 minutes ago, petzl said:

Try sending message to SpamCop  service
https://mailsc.spamcop.net/fom-serve/cache/401.html
"Mailhosts" in "reason for contact"
In dialogue box next page :

Petzl, your link required authentication.  Did you mean https://www.spamcop.net/fom-serve/cache/401.html?

[mail hosts does not recogize all mailchannels hosts]

8 hours ago, ewv said:

Another example:

https://www.spamcop.net/sc?id=z6690587707z0afbb907bf385a3a5839c4d16a400f48z

This has not been reported so as to not duplicate.

Hmmm, I noticed your second line does not properly match the first one.  Specifically the "by 0.0.0.0:2500" section does not match a mailchannels line of "inbound-egress-6.mailchannels.net".  Something is strange where the headers do not see to match up.  If nothing was lost, then this would be from an internal mailchannels user.

1: Received: from TrololoVPN ([UNAVAILABLE]. [163.172.137.93]) by 0.0.0.0:2500 (trex/5.18.10); Thu, 12 Nov 2020 21:07:09 +0000
No unique hostname found for source: 163.172.137.93
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

 

[mail hosts does not recogize all mailchannels hosts]

You can try adding the same email address to your mailhosts again and then go back to the previous tracking URL to see if it picks it up.  I don't think the mailhosts updates itself automatically.

[MTA version parsed as IP address]

6 minutes ago, petzl said:

?
process_milters-daemon.rn-mailsvcp-relay-lapp04.rno.apple.com

--- 11/06/20 10:59:48 AUS Eastern Summer Time
--- reading URL process_milters-daemon.rn-mailsvcp-relay-lapp04.rno.apple.com
--- error: Host not found

I wonder if it is considered an "internal IP".  It is interesting that it picks up the 8.1.0.6 IP from what appears to be a software version number.

Server 8.1.0.6.20200729 64bit

Probably a regex border issue seeing the period as an end of sentence?

[Any point in reporting spam from AMAZONAWS?]

1 hour ago, Thorin said:

Isn't there a way to make reports go to the damned dnsadministrator@aamc.org or jbartell@aamc.org which is another contact reported by whois?

I believe this is what the forum subsection for reporting address issues is for.

http://forum.spamcop.net/forum/39-routing-report-address-issues/

[Unblock my IP?]

5 hours ago, Andrew Axe said:

rbl.websitewelcome.com, see Blocked - see 550 http://www.spamcop.net/w3m?action=checkblock&ip=201.28.14.210"

The RBL from your message seems to be for rbl.websitewelcome.com, but yet they tried to give you a link to spamcop.net.  I don't like it when people give the wrong rejection message for their RBLs.