Jump to content

Steve

Members
  • Content Count

    60
  • Joined

  • Last visited

Everything posted by Steve

  1. https://www.spamcop.net/sc?id=z6571118445z3f089fb00c95557d5b0557565f4701efz Why do reporting addresses for either an IP address associated with an email or a link in the email that SC finds an IP to associate with bounce and why does the ISP/host do nothing to fix it? Here's an example of a recent email below:
  2. https://www.spamcop.net/sc?id=z6563416674z69d183e3fd56b1d4637b0d9020b3cee0z Why are sendgrid reports dev'nulled? SC gives no reason for it when parsing spam email. If I report it manually to SG, I get an auto-reply. Auto reply: Steve
  3. https://www.spamcop.net/sc?id=z6566177613zbe9f03927879099214d104a432d8c2c0z But wait... Tracking message source: 203.188.252.24: Routing details for 203.188.252.24[refresh/show] Cached whois for 203.188.252.24 : faruque@bangla.netinfo@bangla.net bounces (10 sent : 6 bounces)Using best contacts I even tried refreshing but will it will not update. Steve
  4. Steve

    Sendgrid reports dev'nulled?

    Not sure exactly what you mean Steve
  5. Steve

    AWS spam source

    What address are you sending Amazon abuse reports to? abuse@amazonaws.com/ec2-abuse@amazon.com? If you do it through SC, they devnull the report as that address (abuse@amazonaws.com) is disabled for reports, but manually reporting it to abuse@amazonaws.com/ec2-abuse@amazon.com generates a confirmation email. Steve
  6. They also use rir-abuse@oath.com for spam sent from their groups as well as from Yahoo Mail.
  7. Ran an APNIC whois and cam up with these abuse contacts: Kagoya Japan, Inc/KAGOYA Network Administrator Group nss.ipadmin@kagoya.net & support.domain@kagoya.net Cached whois for 133.18.202.245 : search-apnic-not-arin@apnic.netI refuse to bother search-apnic-not-arin@apnic.net. Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking. Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net Tracking URL: https://www.spamcop.net/sc?id=z6530520464z62ab467a37e6b02a56ca327c58498ed7z
  8. https://www.spamcop.net/sc?id=z6537835098zc1ca5b874516eb753a41886a16915a4az Did a RIPE query and found the abuse address for this IP: ingenierie@serveurcom.com. I've tried refreshing the page and nothing happens is there any way for this to be resolved? TW, I reported Steve
  9. Steve

    amazonAWS reports sent to /dev/nul

    Has anyone gotten AmazonAWS spam originating from AAMC.org (American Association of Medical colleges) with the IP address 143.220.15.131? I've gotten several and when reporting this IP addy through SC, it parses the email and comes back with an abuse address of shammond@aamc.org. But if I perform a whois on the IP address, I get dnsadministrator@aamc.org. shammond@aamc.org does not appear anywhere in a whois query nor did I find it on the AAMC website. Here's tracking URL for one of those emails: https://www.spamcop.net/sc?id=z6530651814zff918c1118d7372ee13d0545ccf2e9d3z Reporting it through SC to shammond@aamc.org or manually to dnsadministrator@aamc.org yields no response back that they've received it and/or have taken action against this IP address to stop/mitigate spam being sent from it. clicking on Routing details for 143.220.15.131[refresh/show] reveals this info: Tracking details Display data:"whois 143.220.15.131@whois.arin.net" (Getting contact from whois.arin.net )Found AbuseEmail in whois dnsadministrator@aamc.org143.220.0.0 - 143.220.255.255:dnsadministrator@aamc.orgRouting details for 143.220.15.131Using abuse net on dnsadministrator@aamc.orgNo abuse net record for aamc.orgUsing default postmaster contacts postmaster@aamc.org If that's the case, why doesn't SC send reports to the postmaster address then?
  10. Steve

    amazonAWS reports sent to /dev/nul

    I just manually report those emails to abuse(at)amazonaws.com and ec2-abuse(at)amazon.com I do get replies back once they've received the spam report and when they've taken action or mitigated the activity of their subscriber/customer.
  11. When trying to submit the below email for reporting, I get this result (bold text at bottom): How can this be fixed so that the emails get reported correctly? BTW, this address (2002:a17:902:2468:0:0:0:0), is registered to IANA. Steve
  12. https://www.spamcop.net/sc?id=z6519956282z3287af6539a13394828b32aaa4e4b1a7z Tracking message source: 103.1.12.91: Routing details for 103.1.12.91[refresh/show] Cached whois for 103.1.12.91 : iptech@readyspace.com.sginfo@readyspace.com.hk bounces (31 sent : 16 bounces)Using best contacts No reporting addresses found for 103.1.12.91, using devnull for tracking. Message is X hours old103.1.12.91 not listed in cbl.abuseat.org103.1.12.91 not listed in dnsbl.sorbs.net103.1.12.91 not listed in accredit.habeas.com103.1.12.91 not listed in plus.bondedsender.org103.1.12.91 not listed in iadb.isipp.com I have tried refreshing the page with no change in result. I went ahead and manually reported the spam to the ISP.
  13. Reporting the IP address results in this address coming up: abuse@wowrack.com I have tried reporting this IP address several times last year and a few times an employee said they will "Null-route" the IP address. But it still shows up in spam.
  14. https://www.spamcop.net/sc?id=z6519982075zb6dffaaf6c4dde062e506799464432dez Tracking message source: 188.40.69.215: Routing details for 188.40.69.215[refresh/show] Cached whois for 188.40.69.215 : pioklo@serveradmin.plUsing last resort contacts pioklo@serveradmin.pl Why when SC parses the IP Address, does it come up with a result for a Polish IP (pioklo@serveradmin.pl) as a last resort address? But when I query it through whois.ripe.net does it come up registered to: Responsible organisation: Hetzner Online GmbH Abuse contact info: abuse@hetzner.de inetnum: 188.40.69.192 - 188.40.69.255 netname: HETZNER-fsn1-dc13 descr: Hetzner Online GmbH descr: Datacenter fsn1-dc13 country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: HOS-GUN mnt-lower: HOS-GUN mnt-routes: HOS-GUN created: 2010-08-13T08:35:37Z last-modified: 2018-03-15T14:01:30Z source: RIPE role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 e-mail: ripe@hetzner.de abuse-mailbox: abuse@hetzner.de remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * abuse@hetzner.de, not this address. * remarks: * The contents of your abuse email will be * remarks: * forwarded directly on to our client for * remarks: * handling. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * peering@hetzner.de * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE
  15. Works great now! No more removing this: Received: by 2002:a0c:ad25:0:0:0:0:0 with SMTP id u34csp810943qvc; Sat, 12 Jan 2019 05:34:56 -0800 (PST)
  16. Is this a result of the outage? Feel free to move to the appropriate board if necessary Forbidden You don't have permission to access /sc on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
  17. Now I'm getting THESE BS emails. It seems the private Google Groups emails have stopped for now. Emails originate from the ikoula network. I've already received 3 of these emails today. Here's the tracking url for the latest one: https://www.spamcop.net/sc?id=z6505558234z3da0d3fc609eb83151c7d82976a38ba7z The emails are always formatted the same way each time: I still report the emails to abuse (at) ikoula.com even though SC dev/nulls them and says "abuse reports disabled for abuse (at) ikoula.com".
  18. Tried submitting this email multiple times, but I still get the same message. Tracking URL is below: https://www.spamcop.net/sc?id=z6505543951z6e9f673d70b3c103c95f5fc0c9a8967fz Steve Feel free to move this post to the correct board as you see fit.
  19. How are private Google Groups allowed to send these unsolicited emails and then include a bunch of shady email addresses that no one should think twice of sending emails to to get their email addy removed from said list that they were never on in the first place?!?!?!?!?
  20. https://www.spamcop.net/sc?id=z6500582411zb083caf96b377be2b7e96647e40d66d3z According to a RIPE whois query, admin@it.ua is the abuse contact for this IP address https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=91.200.74.13&source=RIPE#resultsSection
  21. https://www.spamcop.net/sc?id=z6499662004z6a4c2335c60773ff37fb0f7668385d6dz Parsing header: host 2001:12f0:601:a902:0:0:0:150 = turquesa.dcc.ufmg.br (cached)turquesa.dcc.ufmg.br is 2001:12f0:601:a902:0:0:0:150 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. [2001:12f0:601:a902::150]) by mx.google.com with ESMTP id a44si116985qvh.91.2018.11.11.09.04.47; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: turquesa.dcc.ufmg.brGmail/Postini received mail from sending system 2001:12f0:601:a902:0:0:0:150 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br [2001:12f0:601:a902::150]) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Tracking message source: 2001:12f0:601:a902:0:0:0:150: Display data:"whois 2001:12f0:601:a902:0:0:0:150@whois.lacnic.net" (Getting contact from whois.lacnic.net)Backup contact owner-c = rco217Using NS name gerencia.rede.ufmg.br to find domain and contact Display data: "whois rede.ufmg.br@whois.nic.br" (Getting contact from whois.nic.br) Backup contact owner-c = ura ura = r-admin@rede.ufmg.br urt = r-tecnic@rede.ufmg.br whois.nic.br rede.ufmg.br = r-admin@rede.ufmg.br, r-tecnic@rede.ufmg.br, mail-abuse@cert.brsic128 = cais@cais.rnp.brwhois.lacnic.net found abuse contacts for 2001:12f0:601:a902:0:0:0:150 = cais@cais.rnp.br Cannot find ip range in whois output No reporting addresses found for 2001:12f0:601:a902:0:0:0:150, using devnull for tracking. Yum, this spam is fresh! Message is 2 hours old2001:12f0:601:a902:0:0:0:150 not listed in cbl.abuseat.org2001:12f0:601:a902:0:0:0:150 not listed in dnsbl.sorbs.net2001:12f0:601:a902:0:0:0:150 not listed in accredit.habeas.com2001:12f0:601:a902:0:0:0:150 not listed in plus.bondedsender.org2001:12f0:601:a902:0:0:0:150 not listed in iadb.isipp.com Finding links in message body Parsing text partno links found Reports regarding this spam have already been sent: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) Reportid: 6876124444 To: nomaster@devnull.spamcop.net If reported today, reports would be sent to: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) nomaster@devnull.spamcop.net 2nd report using 3rd Rcvd line in header: https://www.spamcop.net/sc?id=z6499662490z5bdb0567e14f44de3e07c2fbad0f6158z Parsing header: 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. [150.164.0.133]) by mx.google.com with ESMTP id a44si116985qvh.91.2018.11.11.09.04.47; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: xisto.dcc.ufmg.brGmail/Postini received mail from sending system 150.164.0.133 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br [150.164.0.133]) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Cached whois for 150.164.0.133 : search-apnic-not-arin@apnic.netI refuse to bother search-apnic-not-arin@apnic.net. Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking. Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net
  22. Just reported several more today. At some point Google's gonna have to take action against this IP address.
  23. Nope. The unsubscribe link is a bunch of shady email addresses that I wouldn’t think twice of sending emails to! I received several more in my spam folder today. I have yet to do anything with them. Should I do something with them?
  24. Short of writing Google a letter to get them to stop these emails being sent from IP address 209.85.220.69, what can I do to get them to take appropriate action against this and blacklist it so it can't be used for spam anymore? I have reported 13 emails to Google's abuse address about this in the last 2 days and 39 in total (I get 3-4 a day). They came from several different email addresses, usually the 1st one: Unsubscribe-me132 <unsubscribe-me132@mitindrhm.cf>, "Please Confirm <strapgr_213@hapt01cn.ml>" or variants/variations of it, such as this one: ("Please Confirm <strapgr_142@michellelafosse.ml>" or this one: "congratulations <strapgr_241@moriyama.ml>"), "Unsubscribe-me132 <unsubscribe-me132@denamarke.tk>" Attempting to access any of the Group URLs (such as the one below and its variants/variations) in the emails results in the url redirecting to this 2nd link as well displaying this when clicking on the 2nd link: https://groups.google.com/a/mitindrhm.cf/group/unsubscribe-me132 Google Groups Authorization Failed This group is on a private domain. Please sign in with an authorized account to view this content. ---------------------------------------------------------------------------------------------------------------- Here's tracking URL for one of the emails https://www.spamcop.net/sc?id=z6497296422zc7cd4be6fe49cdb5a13994e922e19258z
  25. When SC parses an IP address in this range (37.49.230.0 - 37.49.230.255) the abuse contact that comes up is abuse (at) estroweb.in. Meanwhile, if I run a RIPE query, the abuse contact comes up as abuse (at) cloudstar.is. Wonder why that is?
×