gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
The only way I know of to get an IP added to the blacklist is to submit a spam report. Now if you know which internal Received: lines are inaccurate, you can trim those off when you submit so that your mailhosts works as expected. (For my hotmail, it was the top two Received: lines.)
-
I believe I know the how this works. I am sure you probably already checked for a webmail to be able to access it. I have a forwarder email address I setup in 1997 that soon after I was no longer able to login, now being stuck permanently as is. Normally I would try to find a webmail or an old link that might allow the password change. As others have suggested, sign up for the free reporting account and report every one. If you enable mailhosts, for both your email accounts, it should report the spammer's IP.
-
Do they actually have your password? If you look at the Received headers of the emails closely, they will usually be coming from a different server that is not your actual server. You should verify if the emails are actually coming from your account or if they are forged and fake. Knowing where they are coming from should tell you where you will need to change your password at.
If it is the CES mail password, I would suggest you start here:
https://www.spamcop.net/fom-serve/cache/66.html -
Since I own my own server, I was able to use SpamAssassin to filter for those emails. Now the scammers/spammers try to send me this junk three or four times from each IP. I would get the attempts from about a dozen IPs and then they would stop for a few weeks. I report every one that makes it through my spam filter and they stop soon afterward.
-
Sounds like this might be the case of somebody misconfiguring their RBL setup.
This is probably what they have:
FEATURE(`dnsbl', `spamcop.mimecast.org', `"spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
This is what it really should be:
FEATURE(`dnsbl', `spamcop.mimecast.org', `"spam blocked see: http://mimecast.org/bl.shtml?"$&{client_addr}')dnl
https://www.spamcop.net/fom-serve/cache/294.html -
For the "Nothing to do" messsage, some of the ISPs have thousands of servers, but SpamCop mailhosts only remember just a handful of them. Rather than just removing, you can try resending the setup email for that mailhosts and see if revisting the same tracking URL changes.
-
Like RobiBue says sometimes admins setup their server to blame the SpamCop blocklist by pointing their line to another blocklist, but then have the message return something else.
FEATURE(`dnsbl', `bl.SomeOtherGroup.com', `"spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
https://www.spamcop.net/fom-serve/cache/294.html
This would appear to be the case, so you would need to contact the particular admin for the server you are trying to send to and ask them why they are blocking. -
I did notice I got two orginal emails for jodell's post, so I would say the issue would probably have been the forum login. Jan 17th was the only day I got two emails. Everything else before and after were one single email per post.
EDIT: I can see the two different post numbers. Thanks for the reminder. -
I have seen the "Cannot find ip range in whois output" with the IPv6 whois for LACNIC, but not with IPv4. I think this question is something else like petzl says "The site involved may not want reports from SpamCop.":
Reports disabled for abuse@a2webhosting.com
Reports disabled for support@a2hosting.com
Reports disabled for abuse@a2hosting.com -
You may need to split the headers and body into the separate boxes if it is not taking them in the single box.
-
I get these lies a couple of times a week. They had got my linkin password. Because I didn't share it with other accounts, they do not have the ability to truly hack me. Having separate password also lets me know which company got hacked.
-
I have had the listed names change when I added mailhosts. I have also seen some of my mailhosts show up on another one I had already added because the providers had merged.
-
The two Received header lines don't seem to line up. Usually they don't use an IP after the "by". What is after the by below should match before the "by" one the line above. My guess would be 10.206.128.73 is actually the atlas yahoo server. They should be using the domain and not a 10.0.0.0/8 IP. It might be good if you were to login with a webmail to see if the headers are the outlook client or if it is a yahoo/aol server issue.
Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-69c878588f-lqv2b.gq1.yahoo.com with HTTP; Sat, 31 Dec 2022 03:34:10 +0000
Received: from 93.115.96.156 (EHLO uness5.liveisgood.shop) by 10.206.128.73 with SMTP; Sat, 31 Dec 2022 03:34:10 +0000
-
Mailhosts can work with internal servers with a 127.0.0.1 IP, but it is meant to determine your ISP's border mail server.
-
Twenty years ago, they used to sign up like that to take advantage of the "free trial" period for domains. It also would allow them to get past the spam filters by having a new DNS name.
-
One quick note is that you might need to resend the setup email if your mailhosts had any changes.
-
Ummmm, I checked a previous reported tracking URL and it says:
Sorry, this email is too old to file a spam report. You must report spam within 2 days of receipt.
Does that mean we are back to 48 hours? -
Sure seems they keep going with a lower and lower time. I believe the 72 hours to 48 hours jump was due to a large database. I can't image that there is this much spam reported that they had to drop it again.
-
Good to know you are making a difference! I don't think those emails would bother me. I had most of mine stop and it would just be something else I could report.
-
Mine says that too. (It also comes up for previously reported reports that are older than a day.) I remember when it was 72 hours (to accomodate the weekend) and they dropped it to 48 hours. It was 48 hours in October, so not sure if this is one thing they changed during the server "upgrade" on 18 Oct 2022.
-
As long as it assembles the headers in the original order, should be no issue.
-
I think the most I have attached to one email to forward to my submit address was 17 email attachments.
-
Good luck on the fix. Looks like the second link has a temporary solution.
https://forum.spamcop.net/topic/45578-broken-captcha-in-signup-page/
https://forum.spamcop.net/topic/29780-captcha-problem-on-registering/ -
I myself have added multiple hosts, but only one email per host. I have seen that SpamCop munges the To: field for emails that I have not added. I don't believe you need to add all email addresses.
Yahoo - "nothing to do" why make the effort to report
in SpamCop Reporting Help
Posted