gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
On 3/1/2022 at 2:18 PM, mschmitt said:
When I revisit your tracking original tracking URL, I still see the RFC6598 problem. Once the programmers can fix it, revisiting this URL should show properly.
On 3/6/2022 at 2:33 PM, mschmitt said:ALSO: For some strange reason, even through this problem has been going on for months, it stopped right after I posted this forum thread! I have since received spams that were forwarded through iCloud but they no longer have the 100.x.x.x. address.
My guess is you happened to have hit a different internal address and it just worked. If you get an email with a RFC6598, you may still see the problem.
-
5 hours ago, Spamnophobic said:
How do I contact the deputies these days?
per the following, email deputies[at]admin.spamcop.net.
-
On 1/28/2022 at 7:37 PM, DDR said:
I've tried contacting EuroDNS (the dns host for the parent domains), but those domains are (technically) not (directly) sending or linked to in the spam, so they won't do anything without "blatant proofs".
The problem with links in the body is that they can be added by a malicious spammer. The only item that you can trust as coming from the spammer is the IP address they used to contact your border email server. Everything else in the email could be intentionally added to damage a third party.
-
15 hours ago, Spamnophobic said:
Has someone been spoofing my account?
They may have acquired your special secret submit.xxxxxx@spam.spamcop.net address, which doesn't need a password. You may want to contact the deputies to and have them track where they came from.
-
14 hours ago, mschmitt said:
So, we can see that the 100.108.117.178 header is within iCloud, and should be skipped over on the way to finding the real spam source.
My understanding is that RFC6598 addresses are supposed to be treated exactly like RFC1918 addresses. SpamCop probably needs to update their code.
After reading your tracking URL, it seems that there may a disconnect between the two Received lines. I don't know how it gets from "p28-mailgateway-smtp-5c9bd88869-f6mrw" to "unknown".
Received: from unknown (unknown [100.106.114.12]) by .... Received: from pv33p00im-smtpin013.me.com by p28-mailgateway-smtp-5c9bd88869-f6mrw (mailgateway 2209B259)
-
4 hours ago, Spamnophobic said:
All contain links to emails which on the website give "Nothing to do" messages, due to "identified internal IP as source" and similar errors.
I have not seen any issues with reporting. Could be held mail in someone's queue.
-
On 2/24/2022 at 6:52 AM, postcd said:
to see how well SA will work then i may consider let it automatically delete the mail.
I prefer to use the spamassassin defaults when ever possible because years ago, I had signed up for an online game emails and their server showed up on the SCBL. Some people report things through SpamCop that they forgot they signed up for. That said, it would be probably better to change the score of the SpamCop rule in spamassassin.
score RCVD_IN_BL_SPAMCOP_NET 0 1.246 0 1.347 # n=0 n=2The score temporarily rejects at 5.0. It permanently rejects at 12.0. The reason why spamcop is low around 1.246, is because it will add with other rules for a total count to trigger the rejects. I would suggest keeping this below 5 because you could have email you want be caught by this rule.
-
On 2/24/2022 at 6:39 AM, KNERD said:
There used to be an additional field for sending the report to another interested party.
My third party box would disappear when I would run out of fuel. Adding more fuel would bring it back.
-
On 2/21/2022 at 5:56 PM, petzl said:
Once listed it is also added to SpamAssassin score
The score is smaller than the blocking and you usually have multiple items add up to the trigger point. You can adjust these scores in the spamassassin/local.cf file so upgrading doesn't lose your settings.
10 hours ago, Rohan said:I just want to get rid of the manual reporting action and have Spamassassin trigger the forward of the email to Spamcop.
I did find the following talking about the plugin too.
-
On 2/21/2022 at 8:55 AM, Rohan said:
Can you tell how to automate spam reporting to spamcop.net when using Spamassassin?
I remember something about it years ago when there was a place you could put your submit.xxxx@spam.spamcop.net address. Looks like they have a plugin for it:
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_SpamCop.html
-
1 hour ago, sam_nospam said:
Each time, another IP from that group is beeing used - abuse contact for all used servers is ralfnoack1982@gmail.com. I suppose, this could be the spammer himself, since reporting is beeing ignored.
That address is coming from the whois at ripe. Because Europeans tend to do that lately, they tried to limit what can be seen by a query. I would prefer they use an abuse@ address too.
-
On 1/24/2022 at 3:00 PM, cwg said:
That's from how I file IP address's in a workbook that I use to keep track of spammers, to avoid entering each (a.b.c.d) D in the workbook, I set it to 0.
There's over 18,000 entries in the book, including abuse address's, if any.
I made my own blacklist and use the DNS wildcard. such as *.c.b.a.dnsbl.example.com. I even did a few that go to the class B /16.
-
12 hours ago, efa said:
I need to suspend the redirection links
Might be good to get something that can parse the spam during the smtp connection such as spamassassin. Then you can have your mail server reject the email and you are not the one sending the bounce.
-
2 hours ago, cwg said:
And am wondering if this is kin to devnull.
In the IPv4 world, the bottom, 0, should be the network address and the top, 255, is the broadcast address. It is using a devnull, but seems like it may be a trap.
-
18 hours ago, Mariano said:
No source IP address found, cannot proceed.
Add/edit your mailhost configuration
Finding full email headersI would get that if they report comes from my ISP that I have configured on mailhosts. They I would go to my ISP with the abuse and let them know they need to deal with a spammer.
15 hours ago, petzl said:WHEN did you configure your mailhost today a year ago?
You may have to delete the configured mailhost and resend, sometimes your ISP change their IP's (shift servers)
Unless you send a SpamCop tracking URL to see what's happening those that can help will be in the dark
At TOP of reporting page BEFORE you submit spamNow Mariano, if you pull up the tracking URL while being logged out, all the vital parts of the spam should be munged. No personal data should be visible. If you feel comfortable with how it munged, you can post the link here.
-
On 1/14/2022 at 7:59 PM, john6528 said:
In fact when I send a report it responds by sending a massive amount of spam to me. So much so that I'm canceling that email. I went silent for awhile and it's spam died down. Then I reported one spam and In 10 minutes got 23 spams sent to me.
When they would do that to me I would report all 23. They soon realized the only way to stop the reports was to stop spamming me. At times I have temporarily abandoned some accounts, but I still have most of my accounts so I can report the one spam each account gets every week.
-
On 1/12/2022 at 4:49 PM, Foxie said:
I tried clicking it (against my better judgement) and my browser (Brave) did correctly parse and open it. Every link in the email is identical.
I wonder if this was a Brave search to URL redirect such as the "I feel lucky" button that google used to have. I tried five browsers with your link and all of them either couldn't the 。 as a valid part of the hostname or else they took me to their related search page thinking it was a search term.
I suspect SpamCop is ignoring it because 。 is not a valid hostname as per the RFCs.
-
On 1/3/2022 at 8:14 PM, petzl said:
Serverion IP's are known for Snowshoe spam and not responding to abuse complaints
That is one of the reasons why I built and host my own blocklist and added some ISP's entire range. If they don't send me any valid email, then it might get blocked.
-
On 1/6/2022 at 5:00 AM, postcd said:
Several months later it seems that their spam@ mailbox still not being read or paid attention to reports.
That is part of the reason I use a block list and a firewall. If their ISP doesn't want to play nice, then I sometimes block the whole range. (Of course, I try to figure out if there might be any legitimate email from those IPs before blocking.)
-
On 1/2/2022 at 9:23 AM, Morg2 said:
Other than continuing to spend my hours reporting them all to Spamcop, does anyone have other thoughts on how I can make this headache stop?
Maybe you can convince your hosting service to add some sort of filtering option. I have filtering turned on in my account and so far, I only get about one spam from serverion once every two months. Filtering such as SpamAssassin can work based on keywords in the body or headers, so even if they change IP address ranges, it can still be blocked. One thing I like about SpamAssassin is that if someone accidentally lists the wrong IP address on their block list, it could still make it through. Once SpamAssassin adds up multiple filters and gets to a limit, it will block it at the SMTP level (which means the server doesn't accept it and also doesn't sent a bounce later).
Another filter option is similar to Yahoo or gmail's filter rules, which are based only on a keyword.
-
I had seen other sites, which tells me a possible intermittent internet issue. Though I seem to not have gotten hardly any spam during that time so I was not able to test it.
-
On 12/20/2021 at 4:50 PM, sigma said:
I'm still having problems with these. Here's one I reported earlier. https://www.spamcop.net/sc?id=z6734521748z31344c1b98ac107ec335fc366cc181e2z
Is it possible to unpick where it's really comming from?
If the Received: lines can be trusted, then you can look at the "from" of the Received: line and trace it back. I think the issue of unpicking it is technically difficult as you can only trust the Received: lines that are placed by your ISP or your mail server. You would only be able to trace it back to the specific server that sent it to your mail server.
-
4 hours ago, RobiBue said:
edit: dang! I had completely forgot that I was involved in that thread.... (I blame that on my age!)
Sometimes it is good to see a new post so that somebody sees it. I had forgotten about it too.
-
On 12/22/2021 at 3:46 PM, RobiBue said:
SpamCop shouldn't stop there, but follow the whois path given!
Why SC doesn't now continue checking on whois.apnic.net but instead stops, I don't know. I suppose whois.arin.net changed something and SC never got updated to the new format.
If I do a whois in my cygwin terminal, whois automatically continues to the new referral:
I keep hoping that someone at SpamCop might pick up the following request and to implement this. From what I currently understand, SpamCop only follows certain whois referral entries. Be nice if they could follow all of them. This was noticed around 2012 when Apnic and RipeNCC ran out of IPv4 addresses and started exchanging then with the other RIRs. Richard was having to manually update all the entries to sort them out. Manual changes take too long and it would be better to automate it.
index multi-level spam domain structure
in New Feature Request
Posted
I have found a few hacked cameras and routers. And sometimes the business doesn't believe the spam came from their camera. Once the find it and fix it, it is better for us all.