Jump to content

gnarlymarley

Memberp
  • Posts

    837
  • Joined

  • Last visited

Posts posted by gnarlymarley

  1. 6 hours ago, fliptop said:

    In that thread I asked of the reported IP addresses will become part of the SC block list, and was told any IPs reported via SC feed the SCBL.

    Any reported IPs help feed the SCBL, however, there are thresholds in the number for them to get onto the list.  If there are more reports, IPs seem to be listed longer.  I think it requlres reports from more than one person (probably at least four or five people) to be listed on the SCBL.

    6 hours ago, fliptop said:

    I'm guessing these IPs are getting blacklisted but only for a short period of time?  Are they automatically removed or does google have to request to be delisted?

    Any IP on the SCBL will automatically be delisted about 24 hours after the last reported spam.  I have seen it automatically delist after about 4 hours, so I suspect that different amounts of spam reports can change how long it will be listed.  I believe SpamCop did this because spammers were returning their burnt IP blocks back to the registrar and good people were acquiring IPs from these burnt blocks.

    6 hours ago, fliptop said:

    About 90% of the spam I receive comes from google IPs.  I'm getting tired of what seems to be them just thumbing their nose at our efforts to combat this problem.  Anyone have any ideas what's going on here?

    I suspect this is internal politics and the google admins could be tired of being forced to allow any business potential "test" sign-up.

  2. 33 minutes ago, sigma said:

    There is a correctly dated recieved by header put in by my ISP's server, but Spamcop seems to carry on processing past that, past more genuine headers until it gets to:

    Enabling mailhosts on your SpamCop account should prevent SpamCop from looking past your ISP's server with the correct date, as long as you do not have a outlook.com also on your mailhosts.  It is possible that an admin found a hung queue and released it.

  3. 33 minutes ago, sigma said:

    although the spam was sent and arrived yesterday 2nd Dec,2021, they have borged the header to include an August date as well which Spamcop manages to parse and then refuses to submit reports.

    SpamCop uses the date in the Received header, which is placed by my email server.  I enabled mailhosts so SpamCop would use the correct date.  Spammers have been adding other headers with bogus dates for a while.

  4. 17 hours ago, Foxie said:

    I have recently started receiving spam that has links that Spamcop can't parse.

    SpamCop uses RFC URL standards.  The links should work the same in SpamCop as they do in your browser.  Years ago, spammers started using invalid characters to attempt to avoid SpamCop.  People would see the characters and then naturally would manually change them to go to the links.

    13 hours ago, RobiBue said:

    Spamcop is correct saying that it isn't a routable address. the 。 code doesn't parse as a valid URL "period" even though in some browsers it does display like a period.

    in other words, the URL is invalid and will not parse.

    besides, many times, spammers place links and fake links in their spam to try to deceive automated systems and laypersons making them believe that it's a real address.

    As petzl suggested: parse the spam email and post the TRACKING URL. That way others can help you understand or direct you to the real culprit.

     

  5. On 12/1/2021 at 8:44 AM, Spamnophobic said:

    Run the Dutch through Google Translate if you need more convincing.

    yeah, looks like a direct translation from the stuff I have seen in the past.

    21 hours ago, Spamnophobic said:

    Are they winning?

    I don't think they are winning, but then I was able to block those ISPs because I run my own email server and should never get email from them.  As petzl suggests, you will need to contact your ISP directly if it is coming from them.  You might need to ask your ISP for possible solutions.

  6. 3 hours ago, biederstedt@spamcop.net said:

    Earlier this morning my submissions were working normally, but any submissions made after that return nothing.

    Not sure if this is related, but I got a bounce earlier from smtp16 where it is struggling at sending to the deputies.  And yes, my bounce showed a gmail address for the deputies.

    Diagnostic-Code: smtp; 5.4.7 - Delivery expired (message too old) 'DNS Soft Error looking up gmail.com (MX) while asking recursive_nameserver0.parent. Error was: unable to reach nameserver on any valid IP' (delivery attempts: 0)

     

  7. 14 hours ago, Tesseract said:

    SpamCop doesn't normally modify my headers either, but clearly did in this one case. The message as submitted has these Received headers (email addresses redacted but otherwise unmodified):

    I tried copying the missing headers in to my account and it doesn't seem to strip them out.

    https://www.spamcop.net/sc?id=z6731316407zb111e9d2cfa7f8b5c5d6236c6058460cz

    Hopefully the deputies can see this and figure out there the problem might exists.

  8. 2 hours ago, homeboy said:

        550 an RBL: Blocked - see https://www.spamcop.net/bl.shtml?173.231.200.200"

    The IP 173.231.200.200 is listed in the block list.  Looking at https://www.spamcop.net/w3m?action=checkblock&ip=173.231.200.200, it appears that there maybe spam in the surrounding area.  As a user like you, I would would suggest you scan the device using 173.231.200.200 for malware and patch it to prevent other people from abusing it.  Once it is secured, it should automatically be unlisted.

  9. On 11/19/2021 at 11:37 AM, Tesseract said:

    The Received headers have been modified by SpamCop

    SpamCop doesn't modify my headers.  I do find it strange that your tracking URL does not contain a connection between the transcrow.online and the macports.org.

    Received: from localhost [127.0.0.1] by braeburn.macports.org
    ........something is missing here........
    Received: from localhost [127.0.0.1] by m.transcrow.online

    That tracking URL does have the IP on a Received-SPF line, but there should also be a Received line.

    Received: from [80.208.228.181] (m.transcrow.online [80.208.228.181])
     by braeburn.macports.org

    I did run across this and it maybe that braeburn.macports.org is always adding the correct headers.

     

  10. A few problems with their blocking of an entire subnet is that by the time it is being blocked, the spammer has already moved on and someone else tries to honestly use it.  Sometimes it has to be the honest people that need to get the attention of the ISP for them to start cracking down on spammers.

  11. On 11/3/2021 at 9:44 AM, lisali said:

    This only happens with SOME emails and the mailihosts are all configured correctly.

    I am not having problems with mine.  This could be caused by the addition of IPv6 by your ISP, or by a possible mail loop where the message happened to go through an extra internal server, or the source is the same as your ISP.  A tracking URL would be helpful if you were comfortable with sharing.

  12. On 4/23/2021 at 7:25 AM, Snowbat said:

    is Microsoft but SpamCop reports 20.90.82.75 directly to the spammer

    I suspect the reason for this is Microsoft thinks the cloud issues need to be sent to the company's administrator.  This could be a problem of cloud computing where a large company who wants to deal with their spam from their own employees want to get it directly.  The downside is that smaller companies of say one individual that is the sole sender then also gets the reports.

  13. On 10/24/2021 at 9:04 AM, RobiBue said:

    Lately, all spams I have been getting are phishing spams containing an attachment which is encoded in base64 (mostly short)

    Spammers have been using base64 for a few decades to get their spam hidden by MTA rules and SpamCop.  Maybe they found out that SpamCop does decode most base64 stuff, or maybe they are looking for a new rule method to be able to hide the links or spam text.

  14. Can't send report: smtpEnvelope (7149294267.ac9698ec@bounces.spamcop.net, abuse@telefonica.com.pe): smtpFrom: mail From 7149294267.ac9698ec@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) )
    Can't send report: smtpEnvelope (7149294268.e181ae33@bounces.spamcop.net, teris@tp.com.pe): smtpFrom: mail From 7149294268.e181ae33@bounces.spamcop.net: error (550 No expected reply from SMTP)

  15. 50 minutes ago, LaserMoon said:

    The vast majority of spam that I get uses domains registered by Namecheap to both send the spam (from @domain), and to link to content and tracking scripts.

    Most of mine come from a cnnic.cn registrar.  Namecheap is probably third or fourth on my list.

  16. Can't send report: smtpEnvelope (7147898744.aaac941f@bounces.spamcop.net, abuse@airtel.com): smtpFrom: mail From 7147898744.aaac941f@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) )
    Can't send report: smtpEnvelope (7147898749.7bceb539@bounces.spamcop.net, dsltac2north.unoc@airtel.com): smtpFrom: mail From 7147898749.7bceb539@bounces.spamcop.net: error (550 No expected reply from SMTP)
    Can't send report: smtpEnvelope (7147898750.41f87c90@bounces.spamcop.net, kenechukwu.mba@ng.airtel.com): smtpFrom: mail From 7147898750.41f87c90@bounces.spamcop.net: error (550 No expected reply from SMTP)
×
×
  • Create New...