gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
7 hours ago, mdsimon2 said:
I opened a case with the BBB. Not only did spam nearly completely stop shortly thereafter, I received a human response from an "investigator" on Amazon's team telling me that they will find out where they dropped the ball and correct the problem. I suggest others' file an online complaint with the BBB.
Hopefully, this keeps working out for you. The last BBB case I opened, the provider just laughed at me and the BBB didn't do anything about it.
-
On 2/3/2020 at 8:04 AM, styncer said:
From my experience, Gmail is adding a header line "Bcc: <email@domain.com>" if the message was only sent with you in the "Bcc" field. This header is added at the bottom of the headers below the "Content-Type:". This breaks the SpamCop parser. If I move the Bcc line above the Content-Type line, SpamCop is able to parse the message properly. Is this similar to what you see?
After me going back through my stuff, I was not able to locate a spam that had a BCC to me. I believe I have had one, but I download the spam over imap/ssl and it probably doesn't keep the BCC on the imap side. Since the field is an added by the receiver mail program, I would probably just remove the header before submitting.
-
26 minutes ago, Keats said:
While amazonaws are certainly slime for refusing to accept reports from SpamCop, and refusing to act on spam reported directly to them, Google are no better: all the amazonaws spam I receive is coming from the same sender
Agreed. As for action, I believe all we can do at this point is to feed the Blocking List and if capable, use the Blocking List on your email server.
Also, from what I can tell, the directory in the googleapis URL seems to be unique to the receiver email account. I have two email addresses that are getting the spam and each account seems to have their own google links.
-
On 2/3/2020 at 8:04 AM, styncer said:
How does one report a bug in SpamCop's parser?
I usually sent a note to the deputies about bugs at deputies[at]admin[dot]spamcop[dot]net. I try to include helpful information such as the link to this forum post or tracking URLs. The deputies have an internal bug tracker.
-
On 1/27/2020 at 10:54 AM, FabioMartins said:
After adding a host (diz.ind.br), other 2 hosts appeared (cm.ind.br and ind.br) in the Hosts/Domain tab, as well as an unknow "Relaying IPsv4" - 66.132.129.65.
I had some other hosts appear when I setup mine when I originally setup hotmail, but they all appeared under the one entry. I believe mine came from other people who had previously setup mailhosts. Yours could be the same. If the mailhosts does not work for you, there is an option in a dropdown list to delete any entries you do not like and you can try adding again.
-
Seems to work for me. Ostap, are you getting a spinning circle to the left of the blue "try another captcha" button?
-
12 hours ago, Steve said:
Yeah, there's a body. This has happened in the past when trying to report spam from Gmail.
Gmail works for my reports, but then I am using fetchmail (over ssl) and an scri_pt that encapsulates the spam in an attachment. Are you using something like thunderbird or another mail client or the "Show Original" option found in the webmail? When I click the Show Original, my emails seem intact.
-
22 hours ago, Gingko said:
You can see that the spam was sent on January 20th at 20:29 CET, but I received it today 13:59 CET.
Yep, looking at the headers I see a jump from smtp26.services.sfr.fr to filter.sfr.fr for the two days. It appears that sfr.fr is internally delaying the emails (since they are coming from a 10.x.x.x private address).
7 hours ago, Gingko said:lthough it is difficult to completely verify, I have some reasons to think that some of these spams, received once by SFR, could have be handled internally by SFR and distributed more than once to the recipient at random intervals.
This appears to be the case. Looking at the "Received:" lines the border server seems to be catching the spam on time, but for some reason there is a delay going to the next internal server. It appears to be a problem on the SFR servers.
7 hours ago, Gingko said:Where should I forward this if it is not to Spamcop?
I hope you are not telling me to forward directly to the spammer or to some hosting service related to it?I think what petzl is trying to say is currently SpamCop thinks 173.240.15.12 should go to abuse[at]dacentec[dot]com but the whois.arin.net (where people in North America gets their IPs from) says the IP should be reported to abuse[at]bigboxhost.com. As long as abuse[at]dacentec[dot]com keeps rejecting spamcop reports, manual sending may be required. Looking at the routing details, it does appear that spamcop does not want to send to abuse[at]bigboxhost[dot]com, but would prefer dacentec even though it bounces.
-
On 9/26/2016 at 9:48 AM, simbalion said:
While abuse reports are certainly unsolicited, they aren't bulk. And therefore they aren't spam. Further, why should the negligent administrators get a free pass from having to deal with the headaches caused by spammers they are permitting to operate? For every 1 email their spammers send, they should have to read at least 1 email themselves, preferably more, until the problem is dealt with.
I can agree on this, however my recent troubleshooting appears that the person/people that are managing the abuse mailbox do not seem capable of clicking on the tracking URL. Also, they do not accept attachments either. I found that I have to copy out the spam email to the body of a message when I manually send to the abuse mailbox. It would be nice if this could be automated such as appears with the level3, but amazon seems to keep changing the reporting rules.
-
On 12/5/2019 at 4:53 AM, +BFsej@2n said:
Why not?
My guess is that when the forum was setup not very many people were using https. At that time, the FBI and NSA had the capability to decrypt https trafffic. The place where encryption should be is on the login page.
In my own opinion (completely my own opinion and not anyone else's) a public accessible forum (that does not require a login to read) should not need TLS or https encryption on the pages that anyone can read.
-
Back on v4, I thought I remembered that spamcop use to do this with some URL forwarders. I ran across another post (shown below) before the V5 upgrade and I suspect they took out the unobfuscation section.
-
On 12/22/2019 at 10:58 AM, RobiBue said:On 12/21/2019 at 6:49 AM, gnarlymarley said:
My understanding is that the from address on each report changes as it appears to be the number is the report ID. Some ISPs like this authorize only the full address. The deputies might be able to work something out with the ISP. Under the circumstances, might just be an autoresponder that sends it to the bit bucket. Like Lking says, that this may be added to the blocklist.
Hetzner.de is basically the same.
I meant to say the from address that would be sent to the ISP when you click the send spam reports button is unique and contains the report ID that goes to the ISP. It should would be nice if the ISPs could setup a unique address or method to accept spamcop all reports without the requiring their users to sign up.
-
On 1/19/2020 at 5:00 PM, Lodewijk said:
"Bounce error
Your email address, (xxx) has returned a bounce:
Subject: Delivery Status Notification (Failure)
Reason: 5.1.0 - Unknown address error 550-'Sorry, we do not accept connections from="I had this happen with my account on gmail. I had to find all the related message in my spam folder and mark them as "not spam" in order to get their spam rules to stop rejecting it. For me, it all started when google changed their rule system and needed every thing to be setup again. So far I have all seems good for me. Hopefully this might help you.
-
6 hours ago, Gingko said:
Most of the received messages are already outdated, meaning that if I use Spamcop for reporting them, they are rejected because they are more than 2 days old, despite the fact that I submit them as soon as they are received.
A tracking URL would be useful. Also if you look at the headers, is your border server putting on an old date? Spammers have been known to put in faked headers with old dates to try to confuse the SpamCop parser. This is why the mailhosts setup now exists is to cause the parser to stop at your border server. This is so that the correct IP and date can be picked up by the parser.
-
23 hours ago, petzl said:
That said I still get the odd multiple spam splurge at once all from different IP's
I do find it interesting that I still get the occasional spam from a specific "claimed" helo name and from. Seems like the spammer is able to stand up new EC2 instances almost as soon as amazon "claims" they are resolved the issue.
-
4 hours ago, Asha Kanta Sharma said:
I get hundreds of spam emails daily and it is cumbersome to forward each emails to spam reporting. Can I forward all such spam mails as attachments ?
Will the system recognize and extract/check necessary data from such emails ?
Yes, just attach the spams to an email that is heading to your submit address. The parser only recognizes them as an attachment.
-
On 1/18/2020 at 9:32 PM, petzl said:
Just got a couple today from Amazon
Interesting that my amazon spam has nearly all stopped after I had submitted ten reports in a four day period.
On 11/28/2018 at 2:33 PM, its8up said:You could manually forward spam reports, but the people in the abuse@amazonaws department are USELESS. Try sending a copy of the full header/email to stop-spoofing@amazon dot com.
What I also find is interesting is that I had one come back where the tech support person was not familiar with the date/time format in email headers and they needed it defined separately.
* Complete, accurate timestamps of the activity including: - Date - Time - Time Zone * Full e-mail header and HTML content of the spam message
-
11 hours ago, HeatherReid43 said:
any idea how do take care of this and stop the spam source ?
Heather, I have been getting that and it is coming from all over amazon's ip ranges. Google seems to have no interest, and neither does amazon. I setup my email server to reject it and they still try to send it. At this point, I am not sure there is a way to stop it without a firewall that can drop the tcp connection before it connects. Right now, I am mainly feeding the blocking list, but the spammer changes to a new IP every few minutes, so blocking based on a single IP seems pointless. If I hear of anything that works, then I can post it here.
-
13 hours ago, petzl said:
These are Amazon IP's so it is up to Amazon to fix or not their spam problem.
And hopefully they would revoke the port 25 being open if they previous opened it and close it back down. Yes, it is up to them to fix.
-
On 1/15/2020 at 10:12 AM, jprogram said:
So, my question is: what to do next?
Is there anything different I need to know about once I got Mailhost set up? Anything I should be looking for?
Like Lking said just start reporting. Somethings to note is that your Mailhost setup is effective for previous submitted spam, so if you go to any of those to report them they should properly detect the correct spammer.
Without the mailhost setup, spamcop would try to guess the IP that sent your email spam. With it, it will detect the spammer's IP that connected to your border email server.
-
On 1/14/2020 at 3:16 PM, petzl said:
It looks to me Amazon must block port 25 to prevent viruses and spam tools managing to connect directly from infected machines through their NAT?
Ah, but it appears that one can request port 25 to be unblocked. I am not sure if there is a related fee or if it is free.
-
25 minutes ago, petzl said:
spam [at] uce dot org
If they are converting this into a sandbox, should be still be munging the address in these forums?
-
9 hours ago, klappa said:
since they ask for addition information, apparently send the whole spam e-mail and the send IP isn't enough for them.
I am guessing this is because amazon appears to be rotating public IPs every minute. They seem to want to know the minute and since I have NTP enabled, it should make just fine into their systems. I wish that they would just enable IPv6 and stop with the NAT stuff.
-
On 1/5/2020 at 1:54 PM, Dracosse said:
I don't know for sure but I believe that something is going on at SpamCop. I even paid $15.00 thinking that they might be wanting to be paid for the service and CPU time I was using. Nope, no change.
Both of my paid and non-paid SpamCop accounts work fine for me. The only advice I think I can add is maybe it is a formatting issue.
Maybe this will help: The first space when reading down the email that you encounter is between your headers and the body as well as the "Received:" lines should have start at the beginning of the line. The "Received:" line will have lines below it and those should be indented with a space or a tab.
Any point in reporting spam from AMAZONAWS?
in SpamCop Lounge
Posted
I have not got that. Mine has only said "This is a follow up regarding the abusive content or activity report that you submitted to AWS. We have investigated this report, and have taken steps to mitigate the reported abusive content or activity." Which I wonder if they are taking down the correct customer or are just sending a stock reply.
I am not sure amazon is doing anything on this or else maybe the spammers themselves are running support.
Amen.