Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Steve

  1. https://www.spamcop.net/sc?id=z6695661322zbb963a3e6166ab06c375b2a272b2fbb8z This is the result I get from the SC parser upon trying to parse the email to report: I went ahead and manually reported the email to the abuse address since SC basically refused to. Steve
  2. Steve

    Spam by SMS?

    Yep, I do that every time I get a spam text. I also block the number it came from.
  3. https://www.spamcop.net/sc?id=z6563416674z69d183e3fd56b1d4637b0d9020b3cee0z Why are sendgrid reports dev'nulled? SC gives no reason for it when parsing spam email. If I report it manually to SG, I get an auto-reply. Auto reply: Steve
  4. https://www.spamcop.net/sc?id=z6629778003z5e644dc4a48c7fddcdc37d472089d0f5z Tried refreshing the page several times and nothing worked to bring up the abuse contact for this IP Address. Upon running a check at whois.nic.ad.jp, I got this result: Let's see what happens when I manually report it to densan@town.bihoro.hokkaido.jp.
  5. Just forward the email with full headers to abuse AT sendgrid DOT com (replace AT with @ and DOT with "."). They usually send an auto-reply email back letting you know they've received it and someone will handle the abuse report. Whether they actually take action, we'll never know. Steve
  6. When submitting spam sent from gmail, I get this message: How do I correct that? Here is the tracking URL for said spam: https://www.spamcop.net/sc?id=z6612810826ze91817a6e8de425dff5c5f477fd46726z Steve
  7. The "Show Original" option and then "Copy to clipboard" and then I paste into the submission field in SC and submit. Those emails are the only one I have problems with. All other emails go through fine.
  8. Yeah, there's a body. This has happened in the past when trying to report spam from Gmail.
  9. Tried that and got the same result as when I originally tried submitting the spam.
  10. Steve

    Any point in reporting spam from AMAZONAWS?

    I've also been getting amazonaws spam. It seems another IP address is included in the spam. It's and registered to the Association of Medical Colleges (AAMC). I have tried reporting the IP address via SC to AAMC to both the dns AT aamc DOT org (which the SC parser forwards to postmaster AT aamc DOT org) and the postmaster address postmaster AT aamc DOT org on several occasions. with no response/effect. I was almost tempted a few times to write a letter and send it to them asking why their IP address appears in AmazonAWS spam. It's also ALWAYS the same content with the SAME links that aren't valid such as {spam link removed} (which the parser doesn't pick up. It only detects t.co/bit.ly links which even those get redirected and dev/nulled to twitterdoesntcareaboutspamreports@devnull.spamcop.net) or in the case of bit.ly links, sent to abuse AT bitly DOT com. Previous emails were coming from Parsec Cloud, Inc. Citrix is now being used as the bottom of the emails. Here's the original tracking url: https://www.spamcop.net/sc?id=z6585617008z355af39de650b47648e218409deb1a46z {Quote of spam Deleted} -- To view the deleted material follow the tracking URL above. Here's the parsing results for the AAMC IP address and the tracking URL: https://www.spamcop.net/sc?id=z6585618727zdf96eb88f2edb7ba97b2dad603fed48ez Tracking message source: Routing details for[refresh/show] Cached whois for : dnsadministrator@aamc.orgUsing abuse net on dnsadministrator@aamc.orgNo abuse net record for aamc.orgUsing default postmaster contacts postmaster@aamc.org Clicking on the calendly link results in this: with the links being reported to abuse AT cloudflare DOT com. Not that CF can do anything to take down the link. Steve
  11. Same here. I have had problems with reporting gmail users sending spam to SC and getting the "No body text provided, check format of submission. spam must have body text."
  12. https://www.spamcop.net/sc?id=z6571118445z3f089fb00c95557d5b0557565f4701efz Why do reporting addresses for either an IP address associated with an email or a link in the email that SC finds an IP to associate with bounce and why does the ISP/host do nothing to fix it? Here's an example of a recent email below:
  13. https://www.spamcop.net/sc?id=z6566177613zbe9f03927879099214d104a432d8c2c0z But wait... Tracking message source: Routing details for[refresh/show] Cached whois for : faruque@bangla.netinfo@bangla.net bounces (10 sent : 6 bounces)Using best contacts I even tried refreshing but will it will not update. Steve
  14. Steve

    Sendgrid reports dev'nulled?

    Not sure exactly what you mean Steve
  15. Steve

    AWS spam source

    What address are you sending Amazon abuse reports to? abuse@amazonaws.com/ec2-abuse@amazon.com? If you do it through SC, they devnull the report as that address (abuse@amazonaws.com) is disabled for reports, but manually reporting it to abuse@amazonaws.com/ec2-abuse@amazon.com generates a confirmation email. Steve
  16. They also use rir-abuse@oath.com for spam sent from their groups as well as from Yahoo Mail.
  17. Ran an APNIC whois and cam up with these abuse contacts: Kagoya Japan, Inc/KAGOYA Network Administrator Group nss.ipadmin@kagoya.net & support.domain@kagoya.net Cached whois for : search-apnic-not-arin@apnic.netI refuse to bother search-apnic-not-arin@apnic.net. Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking. Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net Tracking URL: https://www.spamcop.net/sc?id=z6530520464z62ab467a37e6b02a56ca327c58498ed7z
  18. https://www.spamcop.net/sc?id=z6537835098zc1ca5b874516eb753a41886a16915a4az Did a RIPE query and found the abuse address for this IP: ingenierie@serveurcom.com. I've tried refreshing the page and nothing happens is there any way for this to be resolved? TW, I reported Steve
  19. Steve

    amazonAWS reports sent to /dev/nul

    Has anyone gotten AmazonAWS spam originating from AAMC.org (American Association of Medical colleges) with the IP address I've gotten several and when reporting this IP addy through SC, it parses the email and comes back with an abuse address of shammond@aamc.org. But if I perform a whois on the IP address, I get dnsadministrator@aamc.org. shammond@aamc.org does not appear anywhere in a whois query nor did I find it on the AAMC website. Here's tracking URL for one of those emails: https://www.spamcop.net/sc?id=z6530651814zff918c1118d7372ee13d0545ccf2e9d3z Reporting it through SC to shammond@aamc.org or manually to dnsadministrator@aamc.org yields no response back that they've received it and/or have taken action against this IP address to stop/mitigate spam being sent from it. clicking on Routing details for[refresh/show] reveals this info: Tracking details Display data:"whois" (Getting contact from whois.arin.net )Found AbuseEmail in whois dnsadministrator@aamc.org143.220.0.0 - details for abuse net on dnsadministrator@aamc.orgNo abuse net record for aamc.orgUsing default postmaster contacts postmaster@aamc.org If that's the case, why doesn't SC send reports to the postmaster address then?
  20. Steve

    amazonAWS reports sent to /dev/nul

    I just manually report those emails to abuse(at)amazonaws.com and ec2-abuse(at)amazon.com I do get replies back once they've received the spam report and when they've taken action or mitigated the activity of their subscriber/customer.
  21. When trying to submit the below email for reporting, I get this result (bold text at bottom): How can this be fixed so that the emails get reported correctly? BTW, this address (2002:a17:902:2468:0:0:0:0), is registered to IANA. Steve
  22. https://www.spamcop.net/sc?id=z6519956282z3287af6539a13394828b32aaa4e4b1a7z Tracking message source: Routing details for[refresh/show] Cached whois for : iptech@readyspace.com.sginfo@readyspace.com.hk bounces (31 sent : 16 bounces)Using best contacts No reporting addresses found for, using devnull for tracking. Message is X hours old103.1.12.91 not listed in cbl.abuseat.org103.1.12.91 not listed in dnsbl.sorbs.net103.1.12.91 not listed in accredit.habeas.com103.1.12.91 not listed in plus.bondedsender.org103.1.12.91 not listed in iadb.isipp.com I have tried refreshing the page with no change in result. I went ahead and manually reported the spam to the ISP.
  23. Reporting the IP address results in this address coming up: abuse@wowrack.com I have tried reporting this IP address several times last year and a few times an employee said they will "Null-route" the IP address. But it still shows up in spam.
  24. https://www.spamcop.net/sc?id=z6519982075zb6dffaaf6c4dde062e506799464432dez Tracking message source: Routing details for[refresh/show] Cached whois for : pioklo@serveradmin.plUsing last resort contacts pioklo@serveradmin.pl Why when SC parses the IP Address, does it come up with a result for a Polish IP (pioklo@serveradmin.pl) as a last resort address? But when I query it through whois.ripe.net does it come up registered to: Responsible organisation: Hetzner Online GmbH Abuse contact info: abuse@hetzner.de inetnum: - netname: HETZNER-fsn1-dc13 descr: Hetzner Online GmbH descr: Datacenter fsn1-dc13 country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: HOS-GUN mnt-lower: HOS-GUN mnt-routes: HOS-GUN created: 2010-08-13T08:35:37Z last-modified: 2018-03-15T14:01:30Z source: RIPE role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 e-mail: ripe@hetzner.de abuse-mailbox: abuse@hetzner.de remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * abuse@hetzner.de, not this address. * remarks: * The contents of your abuse email will be * remarks: * forwarded directly on to our client for * remarks: * handling. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * peering@hetzner.de * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE
  25. Works great now! No more removing this: Received: by 2002:a0c:ad25:0:0:0:0:0 with SMTP id u34csp810943qvc; Sat, 12 Jan 2019 05:34:56 -0800 (PST)