gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
I still have the ability to report. Last time I lost the ability to report was because google has blocked the email from spamcop. I just had to create a rule to never mark as spam and select that the issue was resolved to get my reporting back.
-
On 6/26/2022 at 10:21 AM, Hanco said:
The problem I have with the listed email addresses is that most servers don't verify the from or the mail envelope. They only "assume" the from being used is the actual spammer. This allows some of the spammers to use "revenge" campaigns by using a non-spammer email addresses in the from. If admins have the checks in place to verify the emails are valid, they blocking based on the emails is a good thing. (This is the intent of SPF version 1.)
-
On 6/26/2022 at 9:57 AM, Hanco said:
I wish they would accept the Spamcop reports but at least they help.
I suspect that newbies see spam in the domain name and have made rules to block it. (Most spammers don't like to announce themselves as spam so they can hide.)
-
On 6/10/2022 at 6:23 PM, petzl said:
Mail gun not accepting SpamCop abuse reports seems stupid?
This was/is the reason for the blocking list. When folks stopped accepting reports, they would be unable to send email. (Meaning, deal with the reported spam issues....)
-
On 6/14/2022 at 10:08 AM, Nocturno said:
for my Uncle's company, it seems like
You might want to suggest to your Uncle to have the SPF carefully changed from ~all to -all. I say carefully because it should stop most of the abuse but could also block any IPs that you may not have added to the record. The softfail might still allow other IPs to use the domain. The fail will put an end to them using it for any server that is checking for SPF.
-
On 6/15/2022 at 2:55 AM, Nuddy said:
it is not a good idea to use spamcop - when I do, shortly afterwards, and for ever it would seem, I get at least three times
I had been getting the spam increase with my reports a few years back. Then I managed to report faster and the s[cp]ammers backed off.
-
Looks like when I follow the links to https://www.spamcop.net/w3m?action=blcheck&ip=143.55.232.12, it says email has been sent to spam traps. Either that IP is being shared with a spammer or else your list is not double-opt-in. Double Opt-In means I would not be able to add any email address in retaliation, but that an email is sent to the address to with the link to be added.
143.55.232.12 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.
Causes of listing- System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
- SpamCop users have reported system as a source of spam less than 10 times in the past week
-
What you have received is interesting. Looks like spammers might be getting desperate.
-
I used to get a lot of spam and report it all. Then it appears they stopped spamming me. I think mine slowed down too when began reporting faster.
If DigitalOcean is a proper organization, they will quickly implement a double-opt-in when adding addresses to their list.
-
On 5/16/2022 at 8:15 PM, petzl said:
Well Elon Musk claims 90% of Twitter user are bots or fake.
Probably Facebook similar?I am curious how companies can really tell the difference between real users and bots. My personal facebook account was labeled as fake until I went in and verified added my phone. I know others that just left facebook when their accounts were called "fake" and have never gone back. There are some accounts that are obviously bots. There are others that steal/share abandoned accounts. I do not believe that everyone can distinguish the line between bots and us as easy as I would hope. Most bots have some sort of human control and the reporting of those can sometimes slow the bots.
-
12 hours ago, petzl said:
unfortunately spammer will just use another free/or compromised account
I wonder who is going to spin up the next cloud to offer a try before you buy account. Most of the cloud offerings such as Azure offer free incentives to get new customers and spammers abuse that. Block the spammers and they block their advertising to get new customers.....
-
13 hours ago, maxman said:
by saying that I was previously a user and that I had agreed to receive mail.
Sometimes I ask them for the double-opt-in proof that I had agreed to become spammed by their mailing list. Usually soon after, the legitimate ones quickly remove me from their list.
4 hours ago, Lking said:Spammer Rules, #2, Crissman's Corollary: A spammer, when caught, blames his victims.
Yep.
-
On 5/11/2022 at 7:38 PM, hank said:
Received: from d.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145])
by b.local-delivery (8.14.7/8.14.7) with ESMTP id 24BHxOUk006899
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
for <xxxxxxxx@lds.sonic.net>; Wed, 11 May 2022 10:59:24 -0700
Received: from vmx.spamcop.net (vmx.spamcop.net [184.94.240.112])
by d.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 24BHxNqN107202
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
for <xxxxxxxx@sonic.net>; Wed, 11 May 2022 10:59:24 -0700I will trust that the sonic Received: header is okay. Looking at the second header, I would be cautious at reporting this. I get my legitimate SpamCop email from 184.94.240.112 which appears to be the same as what you have in your email. If the sonic section can be trusted, I would say this is a good email.
A word of caution, if you try to report something like this, before you send the reports pay attention to the address. If it says something like don[at]spamcop, sending the report could automatically have your reporting account disabled.
From what I can see that you have posted, I try to login to your reporting account and see if it is waiting on anything special. You may also want to try to contact the deputies to verify exactly what this is.
-
On 5/13/2022 at 6:16 PM, dennis12 said:Report spam to:
Re: 2603:10a6:20b:41c:0:0:0:11 (Administrator of network where email originates)
To: report_spam@hotmail.com (Notes)Re: 2a01:111:f400:7d00:0:0:0:613 (Administrator interested in intermediary handling of spam)
To: report_spam@hotmail.com (Notes)Much of what I have seen of 2603:10a6::/32 seems to be an internal hotmail relay. I am not sure that SpamCop has the mailhosts properly detecting the millions of IPs they are using for mail movement.
-
Hmmmm.... If it had a https://www.spamcop.net/mcgi?action=mhreturn or a mhconf.xxxxxxxxxx@cmds.spamcop.net, I would say this would be a mailhosts setup email. Could this be a CES forwarding redirection request?
-
2 hours ago, Spamnophobic said:
used to show me an extra field in the report form which I could use to send an extra report. Typically I would use this to send a report to postmaster@[whatever gmail or hotmail account spammer used]
That extra report field is tied to the fuel in your account. Your old account will still have it until it runs out of fuel. Then the new account will have it. For me, I just use the old reporting account and add any new email addresses to mailhosts tab.
-
14 hours ago, Lodewijk said:
I did that scan because I first got a warning from Malwarebytes Browser Guard when accessing the SpamCop website. Supposedly a Trojan was detected by the latter.
Now that is funny. They are calling the list of IP spammy ranges as trojans?
-
I have not used Mailwasher. My solution was to setup my own smtp server years ago to get around ISP outbound filtering of spam being sent to abuse mailboxes.
-
On 4/16/2022 at 7:46 PM, RobiBue said:
The people who run your ISP must have lost their thinking cap or misplaced it somewhere...
Oddly enough, and sadly enough, they are right about "spam created and sent from your computer": someone created the spam you received, and you sent it from your computer as an attachment to spamcop.
The sad part is, that their neurons are misfiring and not relaying the correct messages between the frontal, parietal, and temporal lobes while completely keeping the hippocampus and prefrontal cortex out of the loop.
In other words: Reasoning, comprehension, and understanding are not being used, which in the end leaves them with no context to effectively make the right decisions...
The "forwarded" spam might count under technicalities, but I think you nailed this when combined with the whois-abuse issue. Gone are they days when someone could forward ISP abuse issues back to that ISP. Europe even legislated to hide the abuse emailboxes. Email administrators are trying to stop the forwarding to abuse boxes.
-
1 hour ago, KarlB said:
The ISP contends that email I report to SpamCop is spam created and sent from my computer.
Interesting how some ISPs place a higher standard on outbound email than they do on inbound email. Because my ISP used to block outbound to SpamCop, I stopped forwarding through my ISP and setup my own email server to forward for me. Since then, I have had no issues sending forwarding spam because I am now my own ISP when it comes to SpamCop. Some ISPs don't trust anyone with spam in the name, but most of the spammers don't have spam in their name.
-
You can also use a meta rule that combines other rules with "and" (&&), "or" (||), and "not" (!) tests.
meta LOCAL_GMAIL2 LOCAL_GMAILAPI && LOCAL_GMAIL3 && ( __LOCAL_RULE6 || __LOCAL_RULE7 ) && ! __LOCAL_GOOD_RULEThe double underscore allows you to make hidden rules that won't show up on the email, but can be used with meta groups. If you use this, you only need to add the score as in our example on the rule LOCAL_GMAIL2.
-
On 3/17/2022 at 8:22 PM, petzl said:
Pushed refresh cache and seem correct now?
That is what I usually do too to fix it.
-
On 3/9/2022 at 7:04 PM, phatman said:
We have emailed drbl-gy7g4s@gremlin.ru but gotten no response.
Probably try looking up the blocked IP as 1.2.3.4 as follows:
nslookup -type=any 4.3.2.1.vote.drbl.gremlin.ruto see if it might offer other contact emails. Or you can try this and replace the vote.drbl with the list where your IP was found.
-
7 hours ago, satz said:
Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further.
Keep in mind that spam usually will hit multiple rules and you wouldn't want to block non-spam email. I would probably put the following into spamassassin/local.cf:
header LOCAL_SPAMMY_FROM_GMAIL From =~ /gmail.com/i describe LOCAL_SPAMMY_FROM_GMAIL spammy google domain tflags LOCAL_SPAMMY_FROM_GMAIL net reuse LOCAL_SPAMMY_FROM_GMAIL score LOCAL_SPAMMY_FROM_GMAIL 1.558Now if you are feeling adventurous you may want to try something like a score of 6, but with multiple rules usually triggering you could also block legitimate email.
header LOCAL_EMAIL_GMAIL Received =~ /google.com/iYou can also use Received instead of From in your rule if you want to trigger on the Received headers.
Keep in mind, that the default is anything above a 5 will temporary block. Anything above a 12 will permanently block.
SpamCop is not effective for me
in SpamCop Lounge
Posted
I have been using SpamCop since the logo and background were yellow instead of blue. One thing I noticed, is there was a period of time where spammers would end up figuring out my address and do "revenge spamming" to me. One day I got about 400 and got worried I was going to hit the 500/day limit. Since I was persistent, I won out and now I only get about one spam seven spams a week.