Jump to content

Steve

Members
  • Content Count

    47
  • Joined

  • Last visited

Everything posted by Steve

  1. Works great now! No more removing this: Received: by 2002:a0c:ad25:0:0:0:0:0 with SMTP id u34csp810943qvc; Sat, 12 Jan 2019 05:34:56 -0800 (PST)
  2. Is this a result of the outage? Feel free to move to the appropriate board if necessary Forbidden You don't have permission to access /sc on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
  3. Now I'm getting THESE BS emails. It seems the private Google Groups emails have stopped for now. Emails originate from the ikoula network. I've already received 3 of these emails today. Here's the tracking url for the latest one: https://www.spamcop.net/sc?id=z6505558234z3da0d3fc609eb83151c7d82976a38ba7z The emails are always formatted the same way each time: I still report the emails to abuse (at) ikoula.com even though SC dev/nulls them and says "abuse reports disabled for abuse (at) ikoula.com".
  4. Tried submitting this email multiple times, but I still get the same message. Tracking URL is below: https://www.spamcop.net/sc?id=z6505543951z6e9f673d70b3c103c95f5fc0c9a8967fz Steve Feel free to move this post to the correct board as you see fit.
  5. How are private Google Groups allowed to send these unsolicited emails and then include a bunch of shady email addresses that no one should think twice of sending emails to to get their email addy removed from said list that they were never on in the first place?!?!?!?!?
  6. https://www.spamcop.net/sc?id=z6500582411zb083caf96b377be2b7e96647e40d66d3z According to a RIPE whois query, admin@it.ua is the abuse contact for this IP address https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=91.200.74.13&source=RIPE#resultsSection
  7. https://www.spamcop.net/sc?id=z6499662004z6a4c2335c60773ff37fb0f7668385d6dz Parsing header: host 2001:12f0:601:a902:0:0:0:150 = turquesa.dcc.ufmg.br (cached)turquesa.dcc.ufmg.br is 2001:12f0:601:a902:0:0:0:150 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. [2001:12f0:601:a902::150]) by mx.google.com with ESMTP id a44si116985qvh.91.2018.11.11.09.04.47; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: turquesa.dcc.ufmg.brGmail/Postini received mail from sending system 2001:12f0:601:a902:0:0:0:150 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br [2001:12f0:601:a902::150]) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Tracking message source: 2001:12f0:601:a902:0:0:0:150: Display data:"whois 2001:12f0:601:a902:0:0:0:150@whois.lacnic.net" (Getting contact from whois.lacnic.net)Backup contact owner-c = rco217Using NS name gerencia.rede.ufmg.br to find domain and contact Display data: "whois rede.ufmg.br@whois.nic.br" (Getting contact from whois.nic.br) Backup contact owner-c = ura ura = r-admin@rede.ufmg.br urt = r-tecnic@rede.ufmg.br whois.nic.br rede.ufmg.br = r-admin@rede.ufmg.br, r-tecnic@rede.ufmg.br, mail-abuse@cert.brsic128 = cais@cais.rnp.brwhois.lacnic.net found abuse contacts for 2001:12f0:601:a902:0:0:0:150 = cais@cais.rnp.br Cannot find ip range in whois output No reporting addresses found for 2001:12f0:601:a902:0:0:0:150, using devnull for tracking. Yum, this spam is fresh! Message is 2 hours old2001:12f0:601:a902:0:0:0:150 not listed in cbl.abuseat.org2001:12f0:601:a902:0:0:0:150 not listed in dnsbl.sorbs.net2001:12f0:601:a902:0:0:0:150 not listed in accredit.habeas.com2001:12f0:601:a902:0:0:0:150 not listed in plus.bondedsender.org2001:12f0:601:a902:0:0:0:150 not listed in iadb.isipp.com Finding links in message body Parsing text partno links found Reports regarding this spam have already been sent: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) Reportid: 6876124444 To: nomaster@devnull.spamcop.net If reported today, reports would be sent to: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) nomaster@devnull.spamcop.net 2nd report using 3rd Rcvd line in header: https://www.spamcop.net/sc?id=z6499662490z5bdb0567e14f44de3e07c2fbad0f6158z Parsing header: 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. [150.164.0.133]) by mx.google.com with ESMTP id a44si116985qvh.91.2018.11.11.09.04.47; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: xisto.dcc.ufmg.brGmail/Postini received mail from sending system 150.164.0.133 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br [150.164.0.133]) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Cached whois for 150.164.0.133 : search-apnic-not-arin@apnic.netI refuse to bother search-apnic-not-arin@apnic.net. Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking. Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net
  8. Short of writing Google a letter to get them to stop these emails being sent from IP address 209.85.220.69, what can I do to get them to take appropriate action against this and blacklist it so it can't be used for spam anymore? I have reported 13 emails to Google's abuse address about this in the last 2 days and 39 in total (I get 3-4 a day). They came from several different email addresses, usually the 1st one: Unsubscribe-me132 <unsubscribe-me132@mitindrhm.cf>, "Please Confirm <strapgr_213@hapt01cn.ml>" or variants/variations of it, such as this one: ("Please Confirm <strapgr_142@michellelafosse.ml>" or this one: "congratulations <strapgr_241@moriyama.ml>"), "Unsubscribe-me132 <unsubscribe-me132@denamarke.tk>" Attempting to access any of the Group URLs (such as the one below and its variants/variations) in the emails results in the url redirecting to this 2nd link as well displaying this when clicking on the 2nd link: https://groups.google.com/a/mitindrhm.cf/group/unsubscribe-me132 Google Groups Authorization Failed This group is on a private domain. Please sign in with an authorized account to view this content. ---------------------------------------------------------------------------------------------------------------- Here's tracking URL for one of the emails https://www.spamcop.net/sc?id=z6497296422zc7cd4be6fe49cdb5a13994e922e19258z
  9. Just reported several more today. At some point Google's gonna have to take action against this IP address.
  10. Nope. The unsubscribe link is a bunch of shady email addresses that I wouldn’t think twice of sending emails to! I received several more in my spam folder today. I have yet to do anything with them. Should I do something with them?
  11. When SC parses an IP address in this range (37.49.230.0 - 37.49.230.255) the abuse contact that comes up is abuse (at) estroweb.in. Meanwhile, if I run a RIPE query, the abuse contact comes up as abuse (at) cloudstar.is. Wonder why that is?
  12. Not sure why SC "dev/null"s this email address, but when I manually report emails to the address, within a few minutes I get an auto-reply back from Ikoula Support. Is SC refusing to send the emails to that address? https://www.spamcop.net/sc?id=z6466514536zb80506f981ff3477ff6381ec10110636z
  13. Just checked here and that email addres is already there:
  14. It seems from the auto-reply emails (and whois lookups) that they're a French ISP.
  15. So then how do the spam reports that are dev/nulled get handled?
  16. Ok, so when SC "dev/null"s the reporting addresses, does the ISP still receive and process/handle the reports?
  17. Of course it's an ocn.ne/ad.jp email. I don't bother reporting to them anymore because I find it pointless. I also reported it to netabuse (at) mtn.bj, but as you all know, they're notorious for not dealing with spam very well. I tried reporting to UBA's security email that I found doing a Google search and this is the result Gmail's mailer-daemon sent back: Original email: Delivered-To: x Received: by 10.55.27.222 with SMTP id m20-v6csp390695lfi; Tue, 22 May 2018 04:17:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpYbvb6tOhQ+iZm9i/WTdteOSq3c4khjtYYTyC0U88eDbOBeooA888yF+t/0UxRT/np7P7W X-Received: by 2002:a63:7c0b:: with SMTP id x11-v6mr18459486pgc.384.1526987856201; Tue, 22 May 2018 04:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526987856; cv=none; d=google.com; s=arc-20160816; b=jotNUqh782Or1fxX2A+r16K8REfifvVQHUFk5z9gyfBJuv9fVGAP0qgRPnjo4mlJlm 5YHfAR2j+kzg//ih9YB/fNpUmB729kKKSfQ5xmy85c9ocuiieMz1ecmflWftDgmq0zZt ua3SRaWu+/U51hn2R73K/de9iT02t1D57414RVDakaMz2x2Ff/mf+JjI+1+HSBH4ks0c Mt/Ch7XCfglJUNJl2qNlsBwzd2es8/8rWynsVjdv6BfyYMYTWc5Vda9xPSfUfZJZRTwM IoSDNFFFcgvewA9H8VXA04Cwoz9NY2SAysTZj9TyYRNJjI1C8zilRSMwrDytlSbZ9WoN 7bpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:subject:message-id:reply-to :from:date:arc-authentication-results; bh=LpXfDxdLzWxwHrFw1Qk9sqc0koHX4eJzLDY8tHHwhoo=; b=hOlAaQ8hWmtbEqeXcXlD0sYdvmdc30qlaSZMbFzJ+6d2giVZqBMmbmBVpMHj4KoQiO RLPsiMKUgcmBnHz8CeqGeJIjU+Zx78n91u+2hJRwIlmsVz7DXdXoWouGMvFNVwdU0LQZ 6GQehGfouDlQGGKOHI+XO4IvcWjgt94jseISgkqAPFx351PaFRYBpFlvnaOtYr8yD1Lc GYzktMwi0v9FVN1HZyX9lojZgz5fnqsJ0D/d1FjPiAdHQekp5QrcLfT1ehd161lEYL0P 7IxJLb8dgGDSG+1BNCrAJffzoPYGyTsD+l7Qyl16mqbM9hNktalB1qTiXvluMpBaSpcj 815Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of www.@miracle.ocn.ne.jp designates 153.149.233.15 as permitted sender) smtp.mailfrom=www.@miracle.ocn.ne.jp Return-Path: <www.@miracle.ocn.ne.jp> Received: from mbkd0214.ocn.ad.jp (mbkd0214.ocn.ad.jp. [153.149.233.15]) by mx.google.com with ESMTP id z18-v6si16038914pfd.357.2018.05.22.04.17.23; Tue, 22 May 2018 04:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of www.@miracle.ocn.ne.jp designates 153.149.233.15 as permitted sender) client-ip=153.149.233.15; Authentication-Results: mx.google.com; spf=pass (google.com: domain of www.@miracle.ocn.ne.jp designates 153.149.233.15 as permitted sender) smtp.mailfrom=www.@miracle.ocn.ne.jp Received: from mf-smf-ucb035c3 (mf-smf-ucb035c3.ocn.ad.jp [153.153.66.232]) by mbkd0214.ocn.ad.jp (Postfix) with ESMTP id 0E1A418D8F6; Tue, 22 May 2018 20:17:23 +0900 (JST) Received: from ntt.pod01.mv-mta-ucb022 ([153.149.142.85]) by mf-smf-ucb035c3 with ESMTP id L5IAfKI3F3vLcL5IAf4CBa; Tue, 22 May 2018 20:17:23 +0900 Received: from vcwebmail.ocn.ad.jp ([153.149.227.167]) by ntt.pod01.mv-mta-ucb022 with id pPHN1x00F3dLKTM01PHNBl; Tue, 22 May 2018 11:17:22 +0000 Received: from mzcstore202.ocn.ad.jp (mz-cb202p.ocn.ad.jp [180.8.111.9]) by vcwebmail.ocn.ad.jp (Postfix) with ESMTP; Tue, 22 May 2018 20:17:22 +0900 (JST) Date: Tue, 22 May 2018 20:17:22 +0900 (JST) From: "Mr.Emanuela Guidobaldi" <www.@miracle.ocn.ne.jp> Reply-To: "Mr.Emanuela Guidobaldi" <ubabnk0012@live.fr> Message-ID: <114857748.28834412.1526987842427.JavaMail.root@miracle.ocn.ne.jp> Subject: Attention:My dear MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Originating-IP: [197.234.221.192] Attention:My dear I waited for your message as you told me with none received. Remember, i supposed to have traveled last night but the weather is too bad. I will be leaving to Paraguay tomorrow. Meanwhile, contact the Bank manager with below address, i have kept the cheque with them at amount of USD4.5Million. They will either mail it to you or remit it for transfer depending on how you want it; Mr.Emanuela Guidobaldi united bank for Africa -(UBA) E-EMAIL US:ubabnk0012@live.fr
  18. Are emails with this string of IP addresses originating from Benin and OCN is just used to send the emails?
  19. Why is it only blacklisted at abuseat and nowhere else? Is there a reason for that?
  20. ? Here's the Tracking URL. Feel free to remove what you need from the URL after examining the report: https://www.spamcop.net/sc?id=z6466108812zeb3430e28af1b6f93be3ffdc98bf48c7z
  21. Steve

    Why does abuse@amazonaws.com get /dev/null?

    Unfortunately, you can no longer use KnujOn to submit spam:
  22. I am able to parse said spam (Headers below), but it stops at Parsing header: How can I correct that? Headers are included. I did a whois and found the ISP responsible and reported it to them manually. Let's see if they take action against their subscriber. Steve Delivered-To: x Received: by 10.55.27.222 with SMTP id m29-v6csp8801729lfi; Thu, 17 May 2018 13:33:58 -0700 (PDT) X-Google-Smtp-Source: AB8JxZp8zZ9h1HZvIRXLiwYIHrWbByUwIg/wb8cVmHln27j3U2TCnavq4fOFUD4KrE66YfvhxZee X-Received: by 10.55.27.222 with SMTP id l70-v6mr2894860wma.96.1526589238124; Thu, 17 May 2018 13:33:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526589238; cv=none; d=google.com; s=arc-20160816; b=OWW4pBTW4xIeQT4z+ENfKQ41+sxZs3kIgUSmTXoq1lZxWcb4cV63c8FdgW2gqn1UIx H0SRHSUx7/qcEc5NPdOWJRL9jTT/vFHbWYiadjBstEIpZJHcE87JvPdGXRpuEwQB6vyA 3yLdeVuX3nNN/VOEunMRmU1Wqa61wazTEKL88U8S2QgUhw6p0aRJkdwmI9it15q5jgb8 qOGfNj9w9lpzlpeTmEwPxMrzoGj6H9GC05RjybSPhOAVPvbXnSVt5NygDiRb8Rue5Ml7 13mnTKPX6c/vZIFtESSXBShfXm44UiYGzz2BUHNJGZmGg59uGH2/OQ+LcGfYUD/Ywoe4 +sOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=reply-to:date:from:to:subject:content-description :content-transfer-encoding:mime-version:message-id :arc-authentication-results; bh=L5uQ3847lKTJi/kJp19g4fX3RH2jLJb88lusCo/eV7c=; b=LlkKcGOIU4wFoyk3oWaF+cfeAJA/fPUmp2klnW4laDVutyd8n2RzIfMFlYPtZlIBzE rfybGJb+F1Rm5nXfYAlwchWc0g1mbHH4kmbLNmWXBkU6Bb+5DOf0H+TznKhGnXJJpLzq Jmjx53BIhiep9bXKCUgbsEhYpvhmPBb5sJejfz+cbx9O5T5lCVibiQnZQBWvVYqCz9id DSkWl6KlEIMgS9WPvuLbBetV7V/45Gd2TOm+fW9ctA6obJPFAgH10+mydaEEQYL5aSbJ G93euR9PfdPBO6ulgHkahdC2Pwhe66OWsxZb/vLGJss3AXnJ/oOJk5zrfb8ZVy5EMBkO 4QTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=fail (google.com: domain of info@lee.com does not designate 62.138.219.247 as permitted sender) smtp.mailfrom=info@lee.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=lee.com Return-Path: <info@lee.com> Received: from mail.desync001.de (mail.desync001.de. [62.138.219.247]) by mx.google.com with ESMTP id v1-v6si4975708wrm.195.2018.05.17.13.33.57 for <x>; Thu, 17 May 2018 13:33:58 -0700 (PDT) Received-SPF: fail (google.com: domain of info@lee.com does not designate 62.138.219.247 as permitted sender) client-ip=62.138.219.247; Authentication-Results: mx.google.com; spf=fail (google.com: domain of info@lee.com does not designate 62.138.219.247 as permitted sender) smtp.mailfrom=info@lee.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=lee.com Message-Id: <5afd________________________________________SING@mx.google.com> Received: from .desync001.de ([192.168.1.190]) by desync001.de.de with MailEnable ESMTP; Thu, 17 May 2018 22:28:51 +0200 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Re:STOP CONTACTING THE WRONG OFFICE FOR YOUR FUND (EFCC RECOVERY FUND UNIT) To: x From: "Mr. Ibrahim Magu" <info@lee.com> Date: Thu, 17 May 2018 22:28:51 +0200 Reply-To: mrfrey_h.nelson@outlook.com X-ME-Bayesian: 0.000000
  23. Tracking URL: https://members.spamcop.net/sc?id=z6465604558z5ab95166bf3bae4516ce1f776a969a26z ARC-Authentication-Results: i=1; mx.google.com; spf=fail (google.com: domain of info@lee.com does not designate 62.138.219.247 as permitted sender) smtp.mailfrom=info@lee.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=lee.com I tried parsing the email with the above omitted and got this: Parsing header: This header is incomplete. Please supply the full headers of the spam you're trying to report. No source IP address found, cannot proceed.
×