Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by gnarlymarley

  1. On 3/20/2020 at 8:29 PM, petzl said:

    Gmail/other throwaway accounts, need to confirm email accounts say a week later aside from their auto-ack and remove anything in their "cloud accounts"

    The problem with the week delay will be a similar reason why people complain about being on the blocking list.  Spammers will use it to somehow deny real legitimate customers access.  There will be some fine line somewhere where they could get it to work, but I don't know where that line is.  It is interesting that spamassassin has three sections, not spam, spam, and an overlapping area.  As a real person, I wouldn't want to wait a week but I do agree that spammers should wait.  (But then with enough money, the spammers would probably sign up as a business and they would probably bypass the delay.)

  2. On 3/9/2020 at 11:00 AM, Lking said:

    Keep in mind that the links in the body of the spam are the lowest priority for the parser.

    I think there is a reason behind this policy.  I had a report head to an administrator about two decades ago under this policy and the administrator confused a link as the originator of the spam rather than to look at the headers.  The link happened to be my work's website at the time, so they kept blaming me for the spam.  That administrator was for a prominent university and I would have thought they knew better.  Before that, I also wanted the links to be reported, but after I realized that some links could be friendlies added by the spammer to get into trouble.  As an administrator I would like to know about people using my site in their spam, but I also realized that some of these administrators might not know how to read email or even understand spam reports.

    I believe the original reason they stopped reporting when too many links was resources because each report could create many new emails to each administrator.

  3. On 3/8/2020 at 3:31 PM, ArtmakersWorlds said:

    BUT lately, just about EVERY piece after running through spamcop shows up as google as the source. 

    I had a spammer try to use the google cloud, but they sent it to my spamtrap.  Mysteriously everything got reported and they appears to be kicked off the google cloud.

    On 3/9/2020 at 11:36 AM, ArtmakersWorlds said:

    Now?   ALL GOOGLE and some 9 or more a day.  Almost all with similar messages.  Something medical.  Burn fat, keto diet, pills.... like that.  I got on someones spam list and that spammer just happens to be abusing google.  I would hope after they got enough complaints they might track it down.

    My guess is if we keep up reporting it, the spammers will give up on using google's systems.  The speed of reporting seems to have a great effect on causing the spammers to no longer want to waste their time setting up a google cloud server.

  4. 14 hours ago, its8up said:

    Received: from user-PC..home ([]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655;

    The issue is the double dot in the Received line.  The two dots make this an invalid record.  If you change it to a single dot, it should submit.

  5. 14 hours ago, ArtmakersWorlds said:

    Does google even care about spamcop complaints?  Cause they sure don't care about user complaints directly, (about ANYTHING.)

    From my experience, google seems to better to external people than to their own users.  From the spam I reported that came from the google cloud, it seems mine stopped in about two weeks.  Sure is much faster than amazon's two months...

  6. 13 hours ago, fliptop said:

    the last header is as mentioned, then there's a blank line, and the first line of text from the message reads:

    The body of yours seems missing, so I resubmitted with a new body and I get the same thing.  There seems to be a problem somewhere else in the headers that is confusing.  If you look at my completely changed message ID line as below, then you can see that the message body (from the View entire message link) seems to be put onto the end of the messageID line (from the tracking URL).  There seems to be something else than just the $nul that is going on here.

    with $nul: https://www.spamcop.net/sc?id=z6620984216z1309884122860acc9adaeae9dbe67578z

    without $nul: https://www.spamcop.net/sc?id=z6620984773z5d37101fab5fd6f6b535b8b6f8eca868z

    Completely changed message line: https://www.spamcop.net/sc?id=z6620985295z6cd84be9d2a4f3f7ab69843964529431z

  7. 47 minutes ago, mike20878 said:

    I am sending the spam FROM my work email and normally receive the reports to my gmail.  It's possible my work email is blocking them.

    I so sent in spam reports from a different email and I do currently get it going back to my email like you expect.  I did have a recently time where I tried to forward a spam using gmail to amazon and google blocked it.  This is one of those situations where I like to see the bounce.  (However, I do not like the bounce after accept when it is from externally.)  If it is being blocked by your work there might be an option where you can go into the sent item and see a sending status there.

  8. 9 minutes ago, goodnerd said:

    I occasionally get similar bounces.  Gmail occasionally flags the account as being a spammer, even though we are actually trying to send spam complaints.  I was told it was because I had too many addresses in the Cc section of the email.

    Yep, it did come from google.  I guess having one recipient is too much for them.  I submitted it to amazon using a different account and it went through.  Funny how the original email is not blocked, but attempts to report it are.

  9. Well, now this is new.  I just got a bounce from amazon.  Hard to tell if gmail rejected my report to amazon or if amazon did.


    Final-Recipient: rfc822; ec2-abuse@amazon.com
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: smtp; Message rejected.  See https://support.google.com/mail/answer/69585 for more information.
    Last-Attempt-Date: Sun, 16 Feb 2020 15:23:11 -0800 (PST)


  10. 14 hours ago, sergei_msk said:

    This (attached file) message received our users from recipient.

    Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries.  There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.  If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus.

    Another thing you might want to try is one of the following commands around the time an email is blocked.  If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop.

    dig any
    nslookup -type=any


  11. I don't see this listed in the blocking list. not listed in bl.spamcop.net

    Being a user as yourself, I also don't have access to view email addresses that may have caused any listing.  From https://www.spamcop.net/sc?track=, it looks like abuse[at]gazprombank[dot]ru should have all the reports.  It takes more than one user or email address to be listed on the blocking list.  The abuse address should have most of those reports.

  12. 8 hours ago, Hanco said:

    I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work.

    So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs?

  13. 1 hour ago, Keats said:

    We have reached out to our customer to determine the nature and cause of this activity or content in your report"

    I have not got that.  Mine has only said "This is a follow up regarding the abusive content or activity report that you submitted to AWS. We have investigated this report, and have taken steps to mitigate the reported abusive content or activity."  Which I wonder if they are taking down the correct customer or are just sending a stock reply.

    55 minutes ago, Hanco said:

    They’ve done that before. It didn’t stop their customer continuing to spew out endless repetitive emails multiple times a day with

    I am not sure amazon is doing anything on this or else maybe the spammers themselves are running support.

    56 minutes ago, Hanco said:

    In short, useless of Amazon to claim they are doing anything.


  14. 7 hours ago, mdsimon2 said:

    I opened a case with the BBB.  Not only did spam nearly completely stop shortly thereafter, I received a human response from an "investigator" on Amazon's team telling me that they will find out where they dropped the ball and correct the problem.  I suggest others' file an online complaint with the BBB.

    Hopefully, this keeps working out for you.  The last BBB case I opened, the provider just laughed at me and the BBB didn't do anything about it.

  15. On 2/3/2020 at 8:04 AM, styncer said:

    From my experience, Gmail is adding a header line "Bcc: <email@domain.com>" if the message was only sent with you in the "Bcc" field.  This header is added at the bottom of the headers below the "Content-Type:".  This breaks the SpamCop parser.  If I move the Bcc line above the Content-Type line, SpamCop is able to parse the message properly.  Is this similar to what you see?

    After me going back through my stuff, I was not able to locate a spam that had a BCC to me.  I believe I have had one, but I download the spam over imap/ssl and it probably doesn't keep the BCC on the imap side.  Since the field is an added by the receiver mail program, I would probably just remove the header before submitting.

  16. 26 minutes ago, Keats said:

    While amazonaws are certainly slime for refusing to accept reports from SpamCop, and refusing to act on spam reported directly to them, Google are no better: all the amazonaws spam I receive is coming from the same sender

    Agreed.  As for action, I believe all we can do at this point is to feed the Blocking List and if capable, use the Blocking List on your email server.

    Also, from what I can tell, the directory in the googleapis URL seems to be unique to the receiver email account.  I have two email addresses that are getting the spam and each account seems to have their own google links.

  17. On 1/27/2020 at 10:54 AM, FabioMartins said:

    After adding a host (diz.ind.br), other 2 hosts appeared (cm.ind.br and ind.br) in the Hosts/Domain tab, as well as an unknow "Relaying IPsv4" -

    I had some other hosts appear when I setup mine when I originally setup hotmail, but they all appeared under the one entry.  I believe mine came from other people who had previously setup mailhosts.  Yours could be the same.  If the mailhosts does not work for you, there is an option in a dropdown list to delete any entries you do not like and you can try adding again.