Jump to content

gwelsh

Members
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About gwelsh

  • Rank
    Member
  1. gwelsh

    Cisco Ironport blocking

    I had this issue as well but it appears to have been fixed at some point this morning. I had been using SpamCop all along as (I thought) was required in the notification: one ISP-provided email address forwarding to SpamCop, which forwarded to a second ISP-provided mailbox, which is where I kept my mail. However, on Tuesday evening email to my [at]spamcop.net address started bouncing with "User unknown in virtual mailbox table" error. I panicked as I recalled a notice saying there would be no recovering/rescuing lost accounts. I did try one thing: I logged into www.spamcop.net and went to Preferences, Change Email address or name and saved my forwarding address (with no changes.) I don't know if this helped to correct the situation (it didn't seem to have an immediate effect) or whether the transition was proceeding anyway and it just happened to be my turn this morning. (It helped me a lot when the SpamCop home page mentioned that they were aware of a forwarding issue and were working on it. Thanks to whoever took the time to post that. I know when I'm trying to fix something urgent my instinct does not include taking time out to update a status page!) Hopefully everyone affected in this way has either been restored or will be soon; I don't know if saving your forwarding address helps or not (probably not) or whether a lot of people doing so unnecessarily might cause enough load to slow down the transition (again, probably not) but at least there's hope for anyone whose address is not yet working. However, I have to agree with everyone who has posted that anyone who has used their SpamCop address for anything but hidden purposes (given it to people or used it for any kind of registration) should be looking to update everyone/everything with a new address supported by an organization whose primary business is hosting email.
  2. Moderator Edit: Moved from the Reporting Forum ection to the E-mail Account Forum section, then merged it into the existing Topic on the same subject. Only get "Cannot log into IMAP mailserver as x[at]spamcop.net" (Can't get into webmail, either: "Could not connect to database for SQL SessionHandler.") Hasn't been this way for very long, but don't see any maintenance notices. Hopefully this has been noticed and someone's looking into it. Thanks.
  3. [sidebar: did APNIC request not to be disturbed or is SpamCop configured not to bother ARIN, RIPE, APNIC, LACNIC, etc. contact addresses (which is, in my not at all humble opinion, perfectly reasonable.)] The fundamental problem here is that SpamCop is not picking up on the proper WHOIS data. SpamCop's WHOIS for 124.42.123.69 shows only 124.0.0.0 - 124.255.255.255, but APNIC WHOIS (at http://wq.apnic.net/apnic-bin/whois.pl) returns a a more specific contact for 124.42.96.0 - 124.42.127.255 (see below.) I mention this only because I've requested report routing corrections in the past and have been told that the problem was with the lookup and that deputies can't possibly be expected to put in separate routing exceptions for every block allocated from the regional registry (which, again, I consider to be a reasonable position.) So, while it may be worth adding a report route for this particular block because it hosts so many spamvertised pages - which is also why it may not be worth reporting them since the operators are probably well aware of their activites - it would be worth far more to find out why SpamCop isn't getting the information it needs and updating the code if necessary. inetnum: 124.42.96.0 - 124.42.127.255 netname: SINNETHT descr: BEIJING GUANGHUAN HENGTONG DIGITAL TECHNOLOGY CO.,LTD. descr: Room506, Tower C, Hui Long Sen International Enterprises Technology Area, descr: No.18 Xi Hua Nan Lu, Beijing Economic Teconology Delopment Zone country: CN admin-c: WH271-CN tech-c: WH271-CN mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CN-SINNETHT status: ALLOCATED PORTABLE changed: ipas[at]cnnic.cn 20070903 source: CNNIC person: Wang Huijun nic-hdl: WH271-CN e-mail: chenbin[at]sinnet.com.cn address: Room506, Tower C, Hui Long Sen International Enterprises Technology Area, address: No.18 Xi Hua Nan Lu, Beijing Economic Teconology Delopment Zone. phone: +86-010-64181150 fax-no: +86-010-64181819 country: CN changed: ipas[at]cnnic.net.cn 20070807 mnt-by: MAINT-CNNIC-AP source: CNNIC
  4. It might not have been your fault: sometimes something in a message trips this warning. I've received "Message body parser requires full, accurate copy of message" errors even when the message was held by SpamCop and therefore had to be a full and accurate copy. If I was a spammer, I'd find out exactly what trips this exception and make sure that ALL of my spam included it. <grin> But then, if it happened a lot, SpamCoup would have to remove it. Nothing's perfect and I could live with the fact that SpamCop won't parse/report a message here and there but it bothers me that the explanation given if you click "More information on this error.." used to (may still; I haven't checked it lately) insist that the problem was human error even though in some cases it can't have been. The explanation is incomplete and frustrating to people who are trying to figure out what's happening.
  5. That's very unfortunate, since I believe that Yahoo! is responsive to complaints about GeoCities-hosted spam sites. You're not the first to say that but, that too, is very unfortunate since IIRC back in the days of prehistory SpamCop's philosophy was exactly the opposite: that reporting a compromised system after it has been hijacked to relay spam was too late, not to mention a neverending battle to exhaust a practically infinite resource. The real value was in taking down the spammer's web sites, interfering with their revenue. In some cases this is no longer true due to 'bulletproof' spam hosting but, where it's likely or even possible that the spammer may be shut down and may have to move on, I'll take a moment to contribute to that. You are not the first person to say that, either, and you may well be correct but if everyone in history had just decided to accept what was there or forget about it in stead of trying to help and improve things, we'd be living in a pretty crappy world. None of us would be here if Julian had ever accepted that e-mail was e-mail, like it or leave it. Maybe nothing that I will ever do will result in significant improvement, but I refuse to sit back and not try. I do like SpamCop, and shame on all you "like it or leave it" people for failing to recognize others' efforts to try to improve a good thing. On a more positive note, I see lots of info on how to contact JT, the deputies, and other fine folk who, unfortunately, have no control over the reporting mechanism. Does anyone have contact information for 'the powers that be'? Thanks to all who contribute, in whatever capacity.
  6. Just for fun, I put that address in the parsing window and got: ALL Geocities URLs have extreme trouble parsing, i.e. I haven't seen one work first time yet, and the average number of reloads (it varies) before SpamCop actually does something with the URL seems to be going up. this is very unfortunate, because it would seem that at least one prolific spammer is using Geocities as his host of choice. HOWEVER, "ca.geocities.com" parses first time both times I tried it. If anyone is looking into this bug, that might be a clue.
  7. gwelsh

    URLs not reported

    But, when I copy the URL and paste it into the SpamCop reporting window, SpamCop resolves it fine. OK, so the DNS servers were slow but now SpamCop knows the answer... so I go back to the spam in the reporting queue, it still doesn't report them. Also, whenever SpamCop is inable to resolve a URL, it reports that fact. It does not do so in these cases. I therefore believe that the problem is not that SpamCop cannot resolve the URL.
  8. gwelsh

    URLs not reported

    OK, here's a URL that won't be recognized no matter how many times I reload... and, since I can't get at the rest of my queued spam until I give up on this one. http://www.spamcop.net/sc?id=z801601960zb5...67868c2715a2d9z Finding links in message body Parsing text part Resolving link obfuscation http://uneaten.net/cs/?ronn http://uneaten.net/rm.php?ronn Please make sure this email IS spam: ... etc. BUT... parse http://uneaten.net/cs/?ronn on its own and I get: Parsing input: http://uneaten.net/cs/?ronn [report history] Routing details for 221.11.133.82 Report routing for 221.11.133.82: abuse[at]cnc-noc.net Statistics: 221.11.133.82 not listed in bl.spamcop.net More Information.. 221.11.133.82 not listed in dnsbl.njabl.org 221.11.133.82 not listed in dnsbl.njabl.org 221.11.133.82 not listed in cbl.abuseat.org 221.11.133.82 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 221.11.133.82 not listed in relays.ordb.org. Reporting addresses: abuse[at]cnc-noc.net ... no problem. But I can reload the original spam and it still does nothing with the URL. Maybe there's a reason why SpamCop is declining to report, but it would be nice to know what that reason is.
  9. gwelsh

    URLs not reported

    The reason the tracking URL I provided might have indicated that reports were sent is that, like someone else who posted here, I keep reloading the page (or going back to the "Unreported spam Saved: Report Now" link) until SpamCop decides to stop ignoring the URLs. Yeah, I hate spammers that much. But it's frustrating to me and, almost certainly more important, generating a lot of useless load on SpamCop if multiple people have to re-analyze their spam 10, 20, or 30 times before SpamCop works properly.
  10. gwelsh

    URLs not reported

    My two cents ($CDN; that's about a penny and a half American): From http://www.spamcop.net/sc?id=z800050261z9e...471dce20cd4346z ----- Resolving link obfuscation http://grudgingly.net/rm.php?sash99 http://grudgingly.net/cs/?sash99 Please make sure this email IS spam: ----- ... BUT... if I just paste the URL into a SpamCop reporting window, SpamCop evaluates it just fine: ----- Parsing input: http://grudgingly.net/cs/?sash99 [report history] Routing details for 211.147.228.108 De-referencing gddc.com.cn[at]abuse.net abuse net gddc.com.cn = ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net Report routing for 211.147.228.108: ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net abuse[at]gddc.com.cn bounces (19 sent : 10 bounces) Using abuse#gddc.com.cn[at]devnull.spamcop.net for statistical tracking. anti-spam[at]ns.chinanet.cn.net bounces (102 sent : 23203 bounces) Using anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. Routing details for 211.147.228.108 Statistics: 211.147.228.108 not listed in bl.spamcop.net More Information.. 211.147.228.108 not listed in dnsbl.njabl.org 211.147.228.108 not listed in dnsbl.njabl.org 211.147.228.108 not listed in cbl.abuseat.org 211.147.228.108 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 211.147.228.108 not listed in relays.ordb.org. Reporting addresses: ct-abuse[at]abuse.sprint.net Third parties interested in reports: abuse[at]gzidc.com ----- OK, bad example as this LART would likely be ignored anyway. But the URL exists and SpamCop knows it exists... so why isn't it offering to report it? Moderator:Removed munge of Tracking URL
  11. gwelsh

    How clueless can I b?

    For Betsy & Derek: Outlook Web Access is not Outlook, it is an ASP-based web application meant to approximate the basic functions of Outlook, allowing people to access MS Exchange mailboxes using a web browser in stead of a mail client such as Outlook. It is very useful when people are out of the office or their laptops are fried and they still need to access their e-mail. I suppose one could also use it in place of the more expensive MS Outlook program itself. For Candie: I use a 5.5-based OWA and I'm pretty sure that I cannot obtain the kind of header information required by SpamCop; version 2000 or 2003 may be different. If there's some way you could POP a copy of your mail with Outlook Express or access it with Outlook (either way, you'll have to talk to the mail administrator), then you should be able to access the headers no problem. I recommend OE first because it doesn't require you to use the 'workaround' form that outlook may require, but be sure to check the box that says "leave mail on server" when configuring it or you'llfind your Exchange mailbox emptied!
  12. gwelsh

    Is SpamCop Working?

    Yes, absolutely, though how much obviously varies. One proof is the lawsuit filed against SpamCop. Many SpamCop users are discouraged because the amount of spam they get increases in stead of decreasing or even stopping, but that is the natural way of spammers: once one of them has your address, more and more will get it. However, I am certain that SpamCop does slow the rate at which spam increases and helps to inconvenience spammers. As I like (probably too much) to say, we fight spam for the same reason we fight crime: not because we really believe that we'll ever completely eliminate it, but because we don't want to live in a world where either goes unopposed.
  13. gwelsh

    Forum configuration

    Actually, my only gripe is that there is much ambiguity between the fourm and the newgroups. I used the newsgroups for years but, earlier this year, I had a problem and asked about it in the newsgroups but never got an answer; I came to the forum because someone suggested that it had replaced the newsgroups. Then I had a comment on routing and put it on the forum, but was told that it didn't belong there and I should have used the newsgroups! It's great that the SpamCop folk want to improve the forum, but maybe they should start by deciding what things belong exclusively to one place and put that information right up front where even a fool like me can't possibly ignore it.
  14. Thank you all for your replies, but... I think we're talking apples & oranges. I'm not blaming the Chinese for having lots of exploited systems used to distribute spam, a la Comcast. However, the vast majority of the spam I get advertises web pages hosted in China, and the reports go and go and go but the spam continues and the LARTs seem to have no effect. I know that there have been other black hat ISPs, but I have never seen so many spamvertised sites remain seemingly unaffected for so long before, not when the spammers hosted in Costa Rica, not when they hosted in Romania, and not when they started hosting in Russia. I get very frustrated when I see news items about the Chinese governemnt cracking down on spam by blocking mail from this spam source or that spam source but apparently ignoring the fact that many if not most of the web sites advertised are hosted in their own country and that, by permitting this, they are making life very cozy for the spammers.
  15. I'd really like to hear if anyone knows of any evidence that the Chinese admins take action against spammers' web sites. Thanks...
×