rconner

Memberp
  • Content count

    1,063
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rconner

  • Rank
    Been There

Contact Methods

  • Website URL
    http://www.rickconner.net/spamweb/

Profile Information

  • Location
    Maryland, USA
  1. Actually, very little of what is in the header is trustworthy, other than the relay information (and only those lines added after the message left the spammer's control). This is clearly gibberish. Actually, it does seem to be an IP address in a weird form (first octet decimal, second in hex, last two in octal). Not worth decoding it, though, since it is undoubtedly forged. This might be enough to get past any server that tries a basic sanity check on the return path. -- rick
  2. As nearly as I can tell, the contribution link seems to point to an actual Republican Party website (action.gop.com), and the name of the mail host mail3.action.gop.com does properly trace to the address 69.56.56.43 so on that basis I am assuming it is not some third-party scammer who wants $35.00 from you. You could call this a "mainsleaze" spam if you like, a "legitimate" organization brazenly using unsolicited e-mail for promotion. As you know, it's election season here in the U.S., and this sort of thing happens a lot. I wouldn't expect much response from the providers or even from the GOP itself, unfortunately. There is a removal link visible in the header you posted, you can try it if you like, but personally I would not use it myself. It might not be in full compliance with the CAN-spam law here in the U.S., but that doesn't mean much these days. The best thing you could do for now is to put the e-mail addresses email@gop.com and teamtrump@trump2016.com on a "blacklist" in your mail client so at least the messages will be discarded on your machine before you have to look at them. Or, like me, you could report them all through SpamCop with hopes that the provider will take some action.
  3. Oops, never mind again. See replies below. Oops, never mind, I found the info..."Preferences" -> "Add Fuel" I'm now on the other side of a decade or more of $30/yr Spamcop mail service. It occurs to me that I have no earthly idea how to pay for any of this now (or if I even have to). I see I've been "converted" to a "flat rate" account but I have no idea what this means. I see that I have some "fuel" left from the last big CES meltdown, and I recall in the dim and distant past paying for fuel. Is this still how things work? And, if so, where do I pay for it? I've looked around the site and darned if I can find any info anywhere about payment. Maybe I missed something obvious. Of course, I left nearly all of my July $30 payment on the table when CES withdrew, maybe I ought to somehow get that credited back to me (yeah, futile I suspect). -- rick
  4. Perhaps some observations from a grizzled old combatant might be of interest: They are not interested in whether you change your mind. They have zillion of e-mail addresses to spam, and they don't really care whether any of them responds except to place orders (which are handled elsewhere on a website, thus "disconnected" from the actual mail operation). These lists are so large that spammers can't be bothered to track their response or non-response individually (except for a few who engage in "list washing" of chronic complainers). To use an analogy, the guy who puts leaflets under your windshield at the shopping mall really doesn't care whether you read them or not, he just wants to pass them out and get paid for his efforts. Signing up in good faith for an e-mail account and then using it to send spam is not really the way it gets done (as you say, the spammer would then be easily detected). I think much or most of the spam sent to day goes by a technique known as "direct-to-MX" from subverted users' machines (hence all those viruses out there today). The spam is sent outside the ken of the ISPs mail facilities, so it becomes harder to detect. Pick one or more: (1) ignorance, (2) insufficient resources devoted to curing abuse problems, (3) incompetence, (4) apathy, (5) predisposition against "anti-spam zealots," (6) complaisance or even (7) willful collusion with spammers. The ISP is not under any obligation to do anything with repots it might get from SpamCop. I don't think SpamCop claims to be able to reduce your personal spam load; what it does do is to provide you with a means to report spam, and to join your reports with others to identify recalcitrant spam sources. As a SpamCop user, I don't submit my spam reports to reduce MY spam, I submit them to reduce EVERYONE'S spam (by identifying miscreant addresses so other ISPs can more easily detect and deal with incoming spam). After 15 or so years of educating myself on the spam problem, I've come to the conclusion that the best thing to do with the spam you get is to report it and move on. I don't reply to spam messages, and only in exceptional cases do I even talk to the "upstream" ISPs. I don't want to burn a bearing over every dick pill shill I get, because there will doubtless be many more coning in the future. -- rick
  5. Well, at least in that case the customer was offered a bus pass. That's more than I stand to get here. - rick
  6. Possibly the spammer forged your address into some of his outgoing messages. He does this to improve chances of delivery. Any bounces that result go to you and not to him, but he doesn't care about this. He doesn't need any information about you to do this, just your address. So, it shouldn't be terribly worrisome and is not by itself evidence that you have been "hacked" (or whatever the current term may be). This stuff happens from time to time, if you just sit it out then it will probably fade in a few days when the last mail server gives up trying to deliver the last of the forged messages. -- rick
  7. I also inquired after a refund (I renewed by sub back in May) and was also told that none would be provided. I’m disappointed but not surprised. Fortunately I’m not out a great deal of money on the deal. At least the folks who are approaching renewal may get a month or so of free service out of the deal, that’s something. I’ve been using the service since it was first started, I’m sorry to see it go (although less sorry than I would have been a year or two back before all the strange outages). Now on to figure out how the hell to untangle my mail chain. — rick
  8. Possibly the problem might be that the name server for this domain was a bit slow, and timed out the parser. This wouldn't be the case for a "manual" lookup, which probably tolerates much greater delay. Sometimes if you shift-reload the parser page (to force a new parse) then the site will show up. -- rick
  9. I suspect you are the victim of a coincidence. I followed the link in your post and found that the client 65.55.116.21 is a hotmail outgoing mail host. If you are using a hotmail address, or a domain that uses Hotmail services, then this will make sense. What Spamcop has blocklisted is not you personally, but the hotmail host that tried to deliver the mail on your behalf. There are of course zillions of hotmail users who share the same set of outgoing mail hosts, and this now likely includes you. Some of them, apparently, have been trying to send mail to "secret" spam trap addresses maintained by SpamCop, and this seems to be a speedy shortcut to getting that address listed in SpamCop's block list (i.e., no one but a spammer has any reason to try communicating with an unknown, unused address). I suspect that these entries disappear automatically if there is no further abuse, but they likely get replaced by other Hotmail hosts. For your rude correspondent to have engineered this state of affairs just to avoid hearing from you seems pretty far fetched. You might try sending the message again from the same address, or using another (non-hotmail) address you might have. Or, you might wait to see whether the condition clears after a couple of days or so. -- rick
  10. I got a lot of spam once from an outfit that made the mistake of using the same forged from-addresses or domains over and over. I got sick of their nonsense, so I set up a filter on my provider's webmail site that would route them straight to the bit bucket on receipt. Mind you, I did examine a lot of these messages and developed a fairly well targeted Regular Expression to catch them, and I had to tweak it once afterward. Still, it did accomplish the goal of keeping them out of my inbox (though it did not stop them from sending, I am sure). Also, on reflection, I'm not sure I shouldn't have received the messages anyway and then reported them (that's what I'd tend to do now). -- rick
  11. "Blacklisting" mail based on any e-mail addresses that appear in it (like the return path) is seldom effective for any length of lime. This is because these addresses are easily forged and do not have to correspond to the actual origins of the message. Nor do these addresses really tell you where a message came from in most cases. What you need are the IP addresses of the services that allowed the spam to be sent, and for this you need to look elsewhere in the message. This is what SpamCop does when you give it a spam message to trace. If you have some of these messages laying around, you might consider submitting a couple to get a tracking URL and then post this URL here so that folks can get a better look at the header. -- rick
  12. Indeed. I gotta think that the time needed to set up something like this, and the inherent unreliability of such a chain, would overwhelm any possible profit gained thereby. However, that's why spammers are spammers and not IT executives. It seems to me (it's been awhile) that in HTTP there was a max number of redirects that the browser would be subjected to before it could give up. However, this limit may not apply to redirects that don't happen in the HTTP header (i.e. those in the HTTP-refresh line or in JavaScripts, etc.). -- rick
  13. Unfortunate that BSD doesn't show up there -- it has a reputation of being very solid. -- rick
  14. SpamCop really doesn't help you very much with your own personal spam problems; what it does is to take the information that you and I and all the other reports provide and put it into a real-time blocking list so that future spamming may be detected and dealt with. As one of our late friends here often said, using SpamCop is a bit altruistic because you are helping others (maybe also yourself) in the future more than getting immediate action now. SpamCop also forwards reports to the responsible providers that turn up in your reports. They can, if they wish, use this information to deal with the spamming within their domains. If the providers don't care whether they end up on a blocking list, and don't want to be bothered refusing service to spammers, there isn't that much more that SpamCop can do about it. You are running into the reality of the spam industry: it is full of crooks who don't care much about complaints until the the complaints start to eat into their bottom line. Outside of complaining to ICANN, I'm not sure. And, we have seen that ICANN can't or won't do anything about crooked registrars except in the most flagrant cases. Unless you know where they live and have some big friends who can help you, I'm not sure. On the other hand, these waves do eventually ebb. If you are just sick of seeing the messages, you may be able to construct a content filter of some sort that can exclude them from your mailbox. I finally did this a couple years back with a particularly persistent spammer. -- rick
  15. If nothing else, this sad vignette brings out the following points: It is unwise to depend for your business' health on the delivery of any given SMTP message. E-mail is not and has never been a public utility or a secure, guaranteed-delivery service. You simply don't know from whom the messages come from and to whom your replies will go. Messages are exchanged among thousands of individual domains, each of which has a right to set its own polices for the sending and receiving of mail. At best, the sender may get a bounce notice to alert him to delivery problems, but don't count on it. Doctors don't use SMTP mail for sensitive customer data, neither do banks. Get an alternate e-mail address from a different provider, use web-based communications, or just use a damn telephone. The assertion was made that a mail provider can't tell bulk users from spammers. This is simply untrue. First of all, no one here to my knowledge has conflated "bulk mail" with "spam." It is the "unsolicitedness" that makes spam, not merely the fact that it was delivered in bulk. Competent mail providers should be keeping outgoing mail logs and address lease info (at least for a short time after transmission), and if you hand them a spam message they should be able to track it down to a specific user at a specific time and date. Yes, there is a potential for false positives in which an innocent sender's mail is blocked just because he happens to share an outgoing MTA with a drive-by spammer. The SMTP protocol is notoriously lacking in means to validate the origins of messages, and provides no verifiable means to distinguish one user of the domain from another. One issue not taken up here is the fact that many spams (if not most of them) come from botnets rather than actual outgoing MTA hosts; these represent abusive attempts to get around a provider's outgoing mail security. SpamCop is very good at identifying these "spewing IPs" so they can be dealt with, and these cases have little potential for false positives.