Jump to content

gnarlymarley

Memberp
  • Content Count

    460
  • Joined

  • Last visited

Posts posted by gnarlymarley


  1. On 11/8/2019 at 12:14 PM, forrie said:

    I wonder if there is a similar tool available for Apple Mail that could do this?

    I have not used applescript since OS9, so I may not be of help, but this page (https://macscripter.net/viewtopic.php?id=30296) seems it looks a little bit familiar and may be of help.

    For me, what I do is to create a new email and then drag and drop all the messages I want to submit on that email.  (Yes, you can do more than one attachment to the email you submit to your submit address.)  Just make sure when you get the reply you can click all the links.


  2. 21 hours ago, Jeff2019 said:

    So how do I fix it each time?  I just saw the replies to my question tonight cause it got filtered into the Junk folder so I found it in there and marked it as Not Junk.

    Me too, so sorry about my late reply.  I also noticed that some of the messages are coming in without proper line endings.  How I am fixing it is to copy the message to notepad (on windows) and if I see no line wrapping, then I paste into word pad, then select all, and past into notepad.  Once done, I remove the space on the lines in front of the words (Received:, From:, X-, To:, Subject:, and Reply-To:).  The rest of the spaces should stay.  Once I cleaned up with the above header lines, I paste into spamcop and it accepts my submissions.


  3. 12 hours ago, petzl said:

    It's not SpamCop that's changed it's hotmail/outlook headers

    Jeff2019,

    i think I found the problem.  I got an email today from in my hotmail's outlook.com account where it seems that microsoft decided to add an extra space to some of the headers.  If you look at the below, the first received line is okay, but the second Received line has a space that is reserved for line wrapping.  I don't like it when companies refuse to follow RFCs.

    Received: from MW2NAM10HT110.eop-nam10.prod.protection.outlook.com
     (2603:10b6:5:190::40) by DM6PR14MB2170.namprd14.prod.outlook.com with HTTPS
     via DM6PR11CA0027.NAMPRD11.PROD.OUTLOOK.COM; Tue, 12 Nov 2019 12:00:39 +0000
     Received: from MW2NAM10FT066.eop-nam10.prod.protection.outlook.com
     (10.13.154.53) by MW2NAM10HT110.eop-nam10.prod.protection.outlook.com
     (10.13.154.254) with Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Tue, 12 Nov
     2019 12:00:38 +0000

    it should look like this as I had to remove the extra spaces from some of the lines:

    Received: from MW2NAM10HT110.eop-nam10.prod.protection.outlook.com
     (2603:10b6:5:190::40) by DM6PR14MB2170.namprd14.prod.outlook.com with HTTPS
     via DM6PR11CA0027.NAMPRD11.PROD.OUTLOOK.COM; Tue, 12 Nov 2019 12:00:39 +0000
    Received: from MW2NAM10FT066.eop-nam10.prod.protection.outlook.com
     (10.13.154.53) by MW2NAM10HT110.eop-nam10.prod.protection.outlook.com
     (10.13.154.254) with Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Tue, 12 Nov
     2019 12:00:38 +0000

     


  4. On 11/8/2019 at 9:19 AM, Lking said:

    Not to quibble over definitions, but given you participation over the last 15 years, the notifications are not spam.

    I suspect that on https://www.spamcop.net/fom-serve/cache/125.html, this is the part you are talking about: "If the recipient agreed to receive it, then it is not spam."  Even though the content of them is unwanted, unsolicited, and bulk, the notifications from the forum for legitamite posts might be desired and therefore the all notifications are not spam.


  5. 3 hours ago, Outernaut said:

    By reporting spam to SC, how does it 1*protect me from more spam? Do mail hosts have to subscribe (free or otherwise) to SC or CISCO mail servers in order to avoid the spam?

    By reporting spam through SC, it does two things:

    1. Alerts the administrators to do something about it or risk being put on the blocking list.
    2. After a certain amount of reports the offending IP is added to the blocking list.

    A lot of email service providers have used the SC blocking list.  If you control your own email server, you could use the SC blocking list to help slow down the spam.  If you use a spam filtering tool such as spamassassin, then this will most likely already be enabled.


  6. 21 hours ago, Outernaut said:

    I don't like to be insulted by CISCO/SC with nag screens prompting me to pay them to help them with their database. I've been feeding SC ONLY 1 maybe 3 spam reports a day for I don't know how long - lost count. But contrary to your point, I will NOT be assimilated because I don't mind helping, but refuse to pay to do so.

    The NAG screen was started around the turn of the century after lots of people started using the sevice.  The minimum time (If I remember correctly) was set to three seconds and only went higher if there were lots of people submitting their spam at the same time.  The highest I saw back in the day (Just before Cisco came on) was a over a minute.  What I would do at that time if I was not paying is to open up a second window/tab and submit more spam while I was waiting for the first window's nag to time out.


  7. I did notice on the source of spam page lately there are a lot of "ISP has indicated spam will cease" from IP ranges such as 89.34.26.0/24 and 195.29.0.0/16 where it appears that they are just marking the option to prevent reports from being submitted.  (It seems to be more than one IP in their range.)  It appears they have been doing this for more than 48 hours and marking this maybe every six hours as the time after the message seems to jump up by around six hours.  Could this be part of the why the spikes have changed?
     


  8. On 10/16/2019 at 4:07 AM, RobiBue said:

    I use Firefox, and if I open the tracking URL in a “private tab” even if I’m logged in, the private tab won’t be logged in — the Login credentials don’t carry over into new private tabs — and you can see the munged report right away without logging out first (but it has to be in a private tab)

    Some browsers might call this mode "incognito".

    And yes, I use it too.


  9. On 10/20/2019 at 2:50 AM, kolor said:

    I received spam where is link to nospammer.net

    I also find it interesting that they hid the real spam link in the visible text instead of making it a clickable link using the HTML tags like they did with the nopammer.net section.  Probably to hide it from parsers that report the links.


  10. On 10/6/2019 at 11:21 AM, Lking said:

    When you are logged in to SpamCop and follow a tracking URL to look at a report you see the un munged report.  If you log out and follow the tracking URL, you will see the munged report others see as RubiBue reported above.

    hank, it is a good idea to make sure it was munged before sending the reports to the admins.  (The admins that "could be" the actual spammers.)


  11. 1 hour ago, AJR said:

    I.e. on 25 September those addresses were listed as having been allocated to someone in Latvia on 10 April 2018, and become unallocated on the following day. There's no entry for these addresses in RIPE's published transfer records (https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/transfer-statistics), TL;DR: so those addresses don't currently belong to anyone, and if, as they appear to be, the previous holder is still routing them then they are now squatting on those addresses.

    Thanks, good to know.  Yeah, it was picked up by Media Land as an be seen in BGP tables, https://bgp.he.net/AS206728#_prefixes out of Russia.

    I had contacted RIPE and all I got is Media Land is what I currently know about it.  My contact at RIPE seems to think 185.254.121.0/24 has never been allocated to any organization (which leads me to believe they are only looking at what I can see and their front end support is not very helpful.)

    Hello,
    
    Thank you for coming back to us.
     
    The AS206728 belongs to MEDIALAND. However the range is not allocated.
    
    https://apps.db.ripe.net/db-web-ui/#/query?searchtext=AS206728
    
    So they are announcing a network with a range which is unassigned from their own servers.
    
    Hope to have informed you sufficiently at this stage.
    
    Kind Regards,

     


  12. 12 minutes ago, Hanco said:

    Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)

    A few ways to do this.  One is traceroute.  If they have a firewall, then this may not get you to their border servers.  The other way is to use a looking glass, such as http://lg.he.net.  I also use http://bgp.he.net to find the upstream AS number and then I can use it to find the peers.  It appears that hetzner.de is much larger than I though as they have 216 peers.  That would take way too much time to get their ISPs to chat with them about their spam hosting.  It is interesting that all their networks all point to 

    abuse[at]hetzner.de.

  13. Sounds to me like the IP registries are confused.  Seems to be that 185.254.121.237 is said by arin to be RIPE, but by everyone else to be IANA.  The IP is in use and is routable.  Does anyone else see what I am seeing returned from RIPE or is this just me?

    https://www.spamcop.net/sc?id=z6578180134z80ef26afa691a5047d301c474dcaaf8bz

    https://www.spamcop.net/sc?id=z6578095270z15fc50e4b2d4dad674d00394b23c6c24z

    https://www.spamcop.net/sc?action=rcache;ip=185.254.121.237

    $ whois 185.254.121.237@whois.ripe.net
    
    [whois.ripe.net]
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf
    
    % Note: this output has been filtered.
    %       To receive output for a database update, use the "-B" flag.
    
    % Information related to '0.0.0.0 - 255.255.255.255'
    
    % No abuse contact registered for 0.0.0.0 - 255.255.255.255
    
    inetnum:        0.0.0.0 - 255.255.255.255
    netname:        IANA-BLK
    descr:          The whole IPv4 address space

     


  14. On 9/28/2019 at 10:08 AM, oZoneCapHill said:

    I went to report this domain and saw it tries to report to Hotmail?

    This is because the abuse address of the domain itself is usually the spammer themselves.  So SpamCop reports it to the abuse address where the content is stored, which is on the IP.

    On 9/28/2019 at 3:14 PM, petzl said:

    IP:        40.71.252.90

    The domain is pointed to an IP that seems to be in a Microsoft data center.

    Host hipmie.com (checking ip) = 40.71.252.90
    Routing details for 40.71.252.90
    [refresh/show] Cached whois for 40.71.252.90 : abuse@microsoft.com


  15. 13 hours ago, kolor said:

    I think something is wrong with  Spamcom submission form .Once see my header once not see the spam header .?????????? .

    apparently, there was an issue between the database and one of the mail servers.  

     

    Your tracking URL seems to be working for me now.


  16. 17 hours ago, Lking said:

    If your suggestion were correct you would think by now even the dumbest spammer/bot/cartel would have figured out to RED flag my domain; or at least some of the mailboxes they spam.

    It was only a handful of spammers that tried to figure out who I was.  They kept sending similar emails to my hotmail at the time while changing the To: header and a number at the bottom of the body.  Been a while since I have seen their attempt to detect me.

    7 hours ago, kolor said:

    Now reporting is more fast and convenient.(smile)

    Awesome!


  17. On 9/19/2019 at 12:33 PM, Lking said:

    It does, hopefully, get the spammer shut down.  The bad news is that spammers trade, sell their list of emails to each other.

    The spammers will try to change headers or unique identifiers to try to figure out who is reporting.  Hopefully they get shutdown first instead.

     

    On 9/19/2019 at 12:42 PM, kolor said:

    Thank you but I remember spamcop before use only 5 sek .Now I see do longer term,break for waiting to submit header.

    About two decades ago, I was seeing it jump from 5 to around 70 seconds.  At that time there were factors such as DB speed and webservers and it would try to detect high loads and put in a higher time.  The amount of reports would change that wait number.

    The spamgraph might be good for you to check out to see if that is still happening with the number of reports and the wait time.

    https://www.spamcop.net/spamgraph.shtml?spamstats


  18. On 9/16/2019 at 7:06 PM, petzl said:

    Go to the bogus unsubscribe and you will be asked to put email address in there put those that are amazon connected.

    spammers like to make their stuff look legitimate.

    On 9/16/2019 at 7:06 PM, petzl said:

    If gmail report them as "phishing" as I do. Gmail get enough phishing reports they will block amazon domains entirely, hopefully put them out of business

    I believe gmail has fallen to the spammers level.  If they are paid enough, they will probably continue to have the domain unblocked.


  19. 2 hours ago, Morg2 said:

    could I also copy my own ISP -- to give them a taste of exactly how badly they're doing in letting all this crap seep through to their customers?

    When you add fuel to your account, there is a third party report option that shows up on each report that you can add your ISP's email.  I am not sure I would use it as your ISP would probably just turn off the reports such as noted with sendgrid in this forum post.

     


  20. Also, the (Notes) portion is a link to some text boxes further down on the page where you can add some information to the particular report that goes out.  The group text box for is up by the "Send Reports" button, and the individual text boxes are below.


  21. 2 hours ago, nhraj700 said:

    There might only be a two hour window to allow an edit to the post from what I found in another posted question on this website.

    That edit button could also be based on either time signed up or amount of posts.  I have the edit button for some posts of mine in this forum going back to before June 8th.  I suspect a forum admin might be able to do it if you no longer have edit access when you are logged in.

×