gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
Apparently, there was a problem between the database and the email servers.
Works for me now. You will want to try your old tracking URLs.
-
13 hours ago, kolor said:
I think something is wrong with Spamcom submission form .Once see my header once not see the spam header .?????????? .
apparently, there was an issue between the database and one of the mail servers.
Your tracking URL seems to be working for me now.
-
5 hours ago, kolor said:
www.spamcop.net doesn't works .I put header but no data found .?????????????
Was intermittent for me and maybe was prod-sc-app007. It is working for me now and all my old links that were broken are fixed. You may need to note down if this was a different server than app007 and get the deputies to put in a trouble ticket.
-
17 hours ago, Lking said:
If your suggestion were correct you would think by now even the dumbest spammer/bot/cartel would have figured out to RED flag my domain; or at least some of the mailboxes they spam.
It was only a handful of spammers that tried to figure out who I was. They kept sending similar emails to my hotmail at the time while changing the To: header and a number at the bottom of the body. Been a while since I have seen their attempt to detect me.
7 hours ago, kolor said:Now reporting is more fast and convenient.(smile)
Awesome!
-
On 9/19/2019 at 12:33 PM, Lking said:
It does, hopefully, get the spammer shut down. The bad news is that spammers trade, sell their list of emails to each other.
The spammers will try to change headers or unique identifiers to try to figure out who is reporting. Hopefully they get shutdown first instead.
On 9/19/2019 at 12:42 PM, kolor said:Thank you but I remember spamcop before use only 5 sek .Now I see do longer term,break for waiting to submit header.
About two decades ago, I was seeing it jump from 5 to around 70 seconds. At that time there were factors such as DB speed and webservers and it would try to detect high loads and put in a higher time. The amount of reports would change that wait number.
The spamgraph might be good for you to check out to see if that is still happening with the number of reports and the wait time.
-
On 9/16/2019 at 7:06 PM, petzl said:
Go to the bogus unsubscribe and you will be asked to put email address in there put those that are amazon connected.
spammers like to make their stuff look legitimate.
On 9/16/2019 at 7:06 PM, petzl said:If gmail report them as "phishing" as I do. Gmail get enough phishing reports they will block amazon domains entirely, hopefully put them out of business
I believe gmail has fallen to the spammers level. If they are paid enough, they will probably continue to have the domain unblocked.
-
I wonder if this has something to do with mailhosts. It almost seems the parser might be dying on this line:
Received: from singlehosti.com (singlehosti.com. 216.244.76.116)Does it change if you remove only that one line?
-
2 hours ago, Morg2 said:
could I also copy my own ISP -- to give them a taste of exactly how badly they're doing in letting all this crap seep through to their customers?
When you add fuel to your account, there is a third party report option that shows up on each report that you can add your ISP's email. I am not sure I would use it as your ISP would probably just turn off the reports such as noted with sendgrid in this forum post.
-
Also, the (Notes) portion is a link to some text boxes further down on the page where you can add some information to the particular report that goes out. The group text box for is up by the "Send Reports" button, and the individual text boxes are below.
-
2 hours ago, nhraj700 said:
There might only be a two hour window to allow an edit to the post from what I found in another posted question on this website.
That edit button could also be based on either time signed up or amount of posts. I have the edit button for some posts of mine in this forum going back to before June 8th. I suspect a forum admin might be able to do it if you no longer have edit access when you are logged in.
-
On 9/7/2019 at 11:49 PM, RobiBue said:
hostmaster and postmaster addresses are AFAIR quite old (10+ years) and often not used anymore... therefore the bounces.
This is in part why I have to check my whois for my domain every few months to make sure it is correct. I am not sure if they have the same requirement for the whois for IP addresses.
-
On 9/5/2019 at 7:27 PM, RobiBue said:
On a certain date, sendgrid probably asked SC not to send spam reports. On that date, or soon after, somebody manually devnulled the sendgrid abuse address. That date would be interesting to know, as well as the reason the address was devnulled.
Might be good to have this as a new feature since most of these reports are not going any where any way.
-
On 9/5/2019 at 3:24 PM, shirayuki said:
whois 47.110.125.50 returns search-apnic-not-arin#apnic.net@devnull.spamcop.net
I am excited for the time when the whois portion gets fixed and properly redirects on its own.
-
On 9/2/2019 at 8:53 PM, petzl said:
The log-in IP is not a Bot';
Namecheap runs 1000's of Bot's from their domains, all with different IP's.
Domain blocklisting is now the most effective way of stopping forum spam.This is in part why I try to put a note for the reports going to legitimate hosters such as "You might want to work with your customer to clean up their compromised system."
-
On 9/1/2019 at 1:39 AM, ZapZombie said:
I noticed that my mailaddress is obscured in the header, but not in base64 coded content.
I guess I have a scri_pt to do this for me before the spam gets submitted for reporting. Probably a good idea to have.
-
On 8/27/2019 at 2:49 PM, petzl said:
These links produce a "Gateway Timeout" message for me.
Interesting. I still see the same thing too with both of your links, but all mine work fine.
On 8/27/2019 at 2:49 PM, petzl said:parsing is working? Check text not word-wrapped, spam size (truncate) etc
If you have not had any luck figuring this out, I would suggest to contact the deputies:
-
On 8/20/2019 at 1:00 AM, Appleseed said:
is it legit or not?
I have had much thought on this, and I no longer trust much of the addresses that are called abuse or postmaster anymore. I figure that as long as my address is munged in the report and I give out the minimal headers in the report (meaning the spam gets pulled from my border server and reported), they I am not sure it matters as they already have that information from when they connected to my email server. I myself have not seen any repeat spam to be reported to vvsg180@gmail.com, so it very well could be legit.
-
On 8/14/2019 at 2:33 PM, Black Tiger said:
Seemed that these messages arrived in the gmail spambox and I just moved to gmail and I don't use imap. So I did not see the spam folder.
Yep, the admins are trying to resolve that issue by curbing some spam that seems to be affecting gmail's rules.
On 8/14/2019 at 2:33 PM, Black Tiger said:I will try next time if this happens to pass this report. I just use the headers from Outlook 2013 and paste them in the box. This was the only time I had issues with reporting spam, and only with this message.
This thread appears to be related to:
-
On 9/8/2019 at 12:58 PM, nh905 said:
Received: from localhost (127.0.0.1) by .yu57f1N5JknNfW@expressdeal.world id YnC0jEIIBD7P for <x>; Sun, 08 Sep 2019 00:07:39 +0100 (envelope-from <contact@expressdeal.world>)
I see a dot at the beginning of the domain at right after the "by".
-
On 8/17/2019 at 7:38 PM, petzl said:
Used to be postmaster@ then as that address spammed to oblivion became abuse@ that also is now spammed to oblivion,
when abuse.net can't find a abuse address they use abuse@ as default. Wish SpamCop would stop using Abuse.netIt has been a long time since I got spam at my abuse address. With mine being an alias, I still like the ability to know what address the email was sent to.
It sure would be nice if the whois cache could be sync'ed and be more accurate.
-
On 8/5/2019 at 11:04 PM, petzl said:
spam reporting started in 1998 and had some hiccups, some providers believed SpamCop was buggy so did not want reports they couldn't rely on.
Yes. Also, if I remember correctly, some ISPs were not happy about the munged reports and turned it off because of that.
-
On 8/26/2019 at 6:39 PM, Lking said:
If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.
I can cut and paste from wordpad almost faster than running a scri_pt anymore these days. A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http". So if a bot is posting it, would the bot randomly add a space in the title? (Either at the beginning or the middle.)
On 8/26/2019 at 9:02 PM, Lking said:(15min - hr between join and spam)
I think the quickest one I saw a few months ago was between three and four minutes. If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate. Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt. I expect that if I were to do this, the posts would show around the first 10 seconds of every minute. (It could be they do a randomized sleep, but cron starts at the top of the minute.)
-
31 minutes ago, petzl said:
Not working it seems?
Nope, the capcha is not working. I think it was only about two months ago that Richard increased the capcha challenge level. Due to the typos and spaces, I don't think this is done by computer. I think it is done by one or two humans. If it is humans and you try to stop them with a capcha, you will also stop legitimate forum users.
But then they have already developed AI on computers that can read any capcha more accurately than humans, so maybe it is a computer. The "typos" as I call them appear to be when copying from a microsoft product where a space is sometimes added at the beginning or end.
-
Maybe better yet is to have all posts that have a URL, but it is not a spamcop URL (forum or tracking URL) all go to be moderated if it is supported.
Domain abuse reporting contact
in SpamCop Reporting Help
Posted
This is because the abuse address of the domain itself is usually the spammer themselves. So SpamCop reports it to the abuse address where the content is stored, which is on the IP.
The domain is pointed to an IP that seems to be in a Microsoft data center.
Host hipmie.com (checking ip) = 40.71.252.90
Routing details for 40.71.252.90
[refresh/show] Cached whois for 40.71.252.90 : abuse@microsoft.com