Steve
-
Posts
127 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Steve
-
-
https://www.spamcop.net/sc?id=z6892951213zb63f6e4d8eab8744c73323c82d4deb01z
Manually reporting spam in above tracking link to abuse AT ttnet DOT net DOT tr (SC's parser determines this is one of the abuse POCs for this IP address) results in Gmail's mailer-daemon returning with this result:
QuoteAddress not found
Your message wasn't delivered to abuse@ttnet.net.tr because the domain ttnet.net.tr couldn't be found. Check for typos or unnecessary spaces and try again. The response was: DNS Error: DNS type 'mx' lookup of ttnet.net.tr responded with code SERVFAIL
Running a query through RIPE doesn't show that email address as a POC:
Refreshing the cache does nothing to remove this address from the parse. Can the Deputies remove this address (abuse AT ttnet DOT net DOT tr) as the domain is no longer active?
As determined by the RIPE query, abuse AT doruk DOT net DOT tr is the correct abuse POC for this IP address.
Steve
-
On 2/2/2024 at 4:50 PM, petzl said:
OK still trial not trail
I find that Microsoft do close spammers, but takes time, then it's easy for spammer to open another fake account to repeat.
There are plenty of free email account choices out there, Microsoft IP's are high volume so it takes a LOT of spam hits before the radar
SpamCop blocklist activate, The SEWR address I only see SpamCop using, I no longer report by SpamCop but do have a number of Microsoft abuse addresses to submit email as attachment to.
NANAE (usenet) many loved hating and criticizing (criticising) SpamCop for not having a abuse at address.
But logistically not practical to deal with the volume of mainly rubbish complaints, although it can or could be be done by WEB or the link in a spam report!
I would guess that Microsoft would have the same logistic problem, IMO the need to legitimize (legitimise) users.
Twitter/X tried to remove the BOT users seems to have worked a bit but still needs working on.Does anyone know if reports sent to sewr@senpluspluseop.onmicrosoft.com are read or ignored?
-
I use Last Pass for my password manager.
-
Upon manually reporting the email referenced in the tracking link (I received the same email twice today from the same email address and IP address), Gmail's mailer-daemon replies with this:
QuoteAddress not found
Your message wasn't delivered to gestion.ip@claro.com.pe because the address couldn't be found, or is unable to receive mail. The response from the remote server was: 550 #5.1.0 Address rejected.
Querying the IP address (200.62.229.190) on LACNIC Whois only displays the email address gestion.ip AT claro DOT com DOT pe. SC parses the email and determines that this is a last resort contact. Is there any way to contact LACNIC to get them to update the abuse POC?
Steve
-
SC's parser determined that abuse AT vividwireless DOT com DOT au is the responsible party for the above IP address. But when querying it on APNIC's site, it says that abuse AT optusnet DOT com DOT au is the abuse contact (and is an Optusnet IP address). For any of the Optusnet spam I've received, SC's parser would automatically deliver a result of abuse_sc AT optusnet DOT com DOT au.
Tracking URL:
https://www.spamcop.net/sc?id=z6883707653ze0a2ff6d67316ea0d5c8517df5690f95z
QuoteBounce message from Gmail's mailer-daemon when I attempted to manually report the spam:
Delivery incomplete
There was a temporary problem delivering your message to abuse@vividwireless.com.au. Gmail will retry for 47 more hours. You'll be notified if the delivery fails permanently. The response was: DNS Error: DNS type 'mx' lookup of vividwireless.com.au responded with code SERVFAIL
Steve
-
abuse AT sphere DOT ad DOT jp is the invalid contact (SC's parser determined this address to be one of several responsible for handling abuse reports for the above IP address. The others are abuse AT xrea DOT com, postmaster AT digi-rock DOT com, abuse AT sakura DOT ad DOT jp and abuse AT digi-rock DOT com)
Tracking URL:
https://www.spamcop.net/sc?id=z6883013206z2874abc91aba362e311dfbdb7d0e2341z
QuoteGmail's mailer-daemon came back with this:Address not found
Your message wasn't delivered to abuse@sphere.ad.jp because the address couldn't be found, or is unable to receive mail. The response from the remote server was: 550 sorry, no mailbox here by that name. (#5.1.1)
The other addresses I forwarded the report to didn't result in me receiving an email like the one above, so I'm assuming those addresses are valid.
Steve
-
Sent a report to both super AT plala DOT or DOT jp and postmaster AT plala DOT or DOT jp.
Steve
-
The last few spam email reports I sent (I manually report spam emails originating from Plala's network rather than through SC) regarding spam originating from Plala's network to super AT plala DOT or DOT jp have not resulted in replies from one of their agents informing me that the user had appropriate action taken against them. I've never not received a reply to a spam email I reported to them. I unfortunately no longer have any replies to a spam email I reported to them to provide.
Here is the tracking URL for the last email I reported to them through SC (12/27/23):
https://members.spamcop.net/mcgi?action=gettrack&reportid=7307895648
https://members.spamcop.net/mcgi?action=gettrack&reportid=7299159596 11/19/23 tracking url
https://members.spamcop.net/mcgi?action=gettrack&reportid=7298399113 11/16/23 tracking url
https://members.spamcop.net/mcgi?action=gettrack&reportid=7294994591 11/2/23 tracking url
Steve
-
On 1/16/2024 at 8:20 AM, sc_aswglo said:
For about the past week whenever I try to report a message that originates from Microsoft's Office365 handle it sends the message to some weird sewr [at] senpluspluseop.onmicrosoft.com
See: https://www.spamcop.net/sc?id=z6881814572z9bfd276bec188cdd562eea85191f1b37z
It seems almost like Microsoft is hijacked because if you do a whois on the IP 40.107.244.53 the address for reporting spam should be abuse@microsoft.com
Even SC's parser redirects reports from abuse AT microsoft DOT com to report_spam AT hotmail DOT com. Well, at least until it was recently changed to sewr [AT] senpluspluseop [DOT] onmicrosoft [DOT] com.
-
According to Gmail's mailer-daemon, malware AT mnemo DOT com doesn't exist, yet SC's parser dev/nulls this address.
https://www.spamcop.net/sc?id=z6877159915z6bfdd31b37f0c6be4d2b2f3fb9c2bc3e
QuoteAddress not found
Your message wasn't delivered to malware@mnemo.com because the address couldn't be found, or is unable to receive mail. LEARN MORE The response was: 550 5.1.1 The email account that you tried to reach does not exist.
-
5 hours ago, ninth said:
The sendgrid host/ISP Amazon don't want reports.
From SC, but if you report manually through email (for SG) or Amazon (via their report form or email to abuse AT amazonaws DOT com). They respond and take action as they see fit.
-
1 hour ago, petzl said:
Used to but rarely now!
SpamCop reporting is easily disabled.
It's not hard for ISP's to stop receiving SpamCop reports but guessing takes time for admin to log reason
Sendgrid are masive email platform unlikely to be ever blocked by SCBL
https://www.spamcop.net/fom-serve/cache/77.html
IMO free email need to be scrutinized or they are just overrun by spam bots
https://sendgrid.com/free/
Twitter/X is attempting to remove what was 90% full of bots I believe
Discourages people from signing up, I like a VPN so I always get confirmation messages
so I just read news links without signing inI'm not saying that SC's parser displayed that. I'm just confused as to why no explanation was given as to why the parser just dev/nulls the reports to Sendgrid's abuse address by default. Well, I did manually report the spam/unwanted email to abuse AT sendgrid DOT com and got this:
QuoteYou're receiving this email from Twilio in response to your report of unwanted activity to the Twilio SendGrid Compliance Team. We appreciate your proactive efforts in bringing this matter to our attention.
Upon reviewing the information you provided, we have successfully identified the account from which the unwanted email appears to have originated. We want to assure you that we have launched an immediate investigation into their sending practices and use of our services. Our team is committed to taking appropriate actions to address the issue and prevent any further instances of spam, suspicious, or unwanted emails.
As part of our security and privacy guidelines, we are unable to provide specific updates regarding punitive or enforcement measures taken on the sender's account. However, please know that your report has triggered a thorough investigation, and we are dedicated to maintaining the integrity of our platform and protecting our users.
We sincerely appreciate your ongoing support in submitting reports when necessary. Your active involvement and partnership are instrumental in helping us swiftly identify and cease this type of activity from our platform. Together, we can create a safer and more secure environment for all our users.
If you encounter any similar incidents in the future, please do not hesitate to reach out to the Twilio SendGrid Abuse Team. We are here to assist you and uphold the integrity of our services.
Sincerely,
Onboarding & Compliance Operations -
Why is is SC dev/nulling reports to Sendgrid? There's no explanation when parsing emails sent from a Sendgrid customer.
https://www.spamcop.net/sc?id=z6864665553z76b4173c8cadf5ce84d01efaa688126ez
QuoteTracking message source: 149.72.149.187:Routing details for 149.72.149.187
[refresh/show] Cached whois for 149.72.149.187 : abuse AT sendgrid DOT com
Using best contacts abuse#sendgrid DOT com AT devnull DOT spamcop DOT net
Message is 24 hours old
149.72.149.187 not listed in cbl.abuseat.org
149.72.149.187 not listed in dnsbl.sorbs.net
149.72.149.187 not listed in accredit.habeas.com
149.72.149.187 not listed in plus.bondedsender.org
149.72.149.187 not listed in iadb.isipp.comIt usually says something to the effect of "Reports disabled for abuse AT x DOT com/net, etc. ("x" referring to the domain the email was sent from), for emails, (not specifically Sendgrid) but no explanation by the parser is given.
-
Now that the parser has been updated to reflect the correct abuse POC (irt AT nic DOT or DOT kr), SC's parser refuses to forward spam to that address?🤔😑🤨😡🤬
https://www.spamcop.net/sc?id=z6857548165z7e7c70a47f487652bf4ce763cf932b91z
QuoteFinding IP block owner:Routing details for 115.71.14.193
Report routing for 115.71.14.193: irt@nic.or.kr
I refuse to bother irt@nic.or.krSorry, no reporting addresses found for 115.71.14.193.Nothing to do.Having said that, was there any reason for me to even contact the Deputies to have them update the address in the first place?!?!?!? -
17 hours ago, ninth said:
If you ran the report through SC they would get the bounce response.
But they don't, so I'm not sure why that address shows up as the POC for abuse reports when irt AT nic DOT or DOT kr is the correct POC for abuse reports.
-
SC's parser for this IP address (115.71.14.193) determined that tech AT daouidc DOT com is the responsible party to deal with spam reports but Gmail is unable to connect to their server when I manually attempt to report the spam to that address:
QuoteDelivery incomplete
There was a temporary problem delivering your message to tech@daouidc.com. Gmail will retry for 45 more hours. You'll be notified if the delivery fails permanently. LEARN MORE The response was:
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [mail.daouidc.com. 115.71.4.32: FAILED_PRECONDITION: connect error (113): No route to host]
Tracking URL:
https://www.spamcop.net/sc?id=z6857143701z88958ab2f99e8a67e0cb58bf69907cacz
I have also queried the IP address myself and got these addresses: irt AT nic DOT or DOT kr, infra-tech AT daou DOT co DOT kr and hostmaster AT nic DOT or DOT kr and also forwarded said spam email TO those addresses. No option is available on SC's report form to refresh the cache for this address (tech AT daouidc DOT com) to show the correct abuse POC for the above IP address which is: irt AT nic DOT or DOT kr.
-
https://www.spamcop.net/sc?id=z6844998451z8a3e57d09628b5f5968d0180733cc8aaz
SC's parser is sending spam reports to search-apnic-not-arin AT apnic DOT net (search-apnic-not-arin#apnic DOT net AT devnull DOT spamcop DOT net) for IP address 43.229.13.202 when abuse AT bcc DOT gov DOT bd is the correct abuse POC?
QuoteTracking message source: 43.229.13.202:Routing details for 43.229.13.202
[refresh/show] Cached whois for 43.229.13.202 : search-apnic-not-arin AT apnic DOT net
I refuse to bother search-apnic-not-arin AT apnic DOT net.Using search-apnic-not-arin#apnic DOT net AT devnull DOT spamcop DOT net for statistical tracking.Using last resort contacts search-apnic-not-arin#apnic DOT net AT devnull DOT spamcop DOT net
APNIC QueryQuoterole: ABUSE BCCBD address: E-14/X, BCC Bhaban, Agargaon, Sher-e- bangla nagor, Dhaka 1207 country: ZZ phone:+000000000e-mail:tarique.barkatullah@bcc.net.bdadmin-c:BCCA2-APtech-c:BCCA2-APnic-hdl:AB1189-APremarks:Generated from irt object IRT-BCC-BDremarks:tarique.barkatullah@bcc.net.bd was validated on 2022-11-15remarks: abuse AT bcc DOT gov DOT bd was validated on 2023-03-27 abuse-mailbox: abuse AT bcc DOT gov DOT bd mnt-by: APNIC-ABUSE last-modified: 2023-04-16T03:02:09Z source: APNIC -
https://www.spamcop.net/sc?id=z6806908673z04b1a724626bf46fe4806f1e9634969fz
Abuse POC for above IP address is invalid. Gmail is unable to forward reports when reporting manually to abuse AT ipplanet DOT com. This is the mailer-daemon response:
QuoteDelivery incomplete
There was a temporary problem delivering your message to abuse@ipplanet.com. Gmail will retry for 45 more hours. You'll be notified if the delivery fails permanently. LEARN MORE The response was: The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [ipplanet.com 3.33.152.147: timed out] [ipplanet.com 15.197.142.173: timed out]
QuoteDelivery incomplete
There was a temporary problem delivering your message to abuse@ipplanet.com. Gmail will retry for 21 more hours. You'll be notified if the delivery fails permanently. LEARN MORE The response was: The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [ipplanet.com 3.33.152.147: timed out] [ipplanet.com 15.197.142.173: timed out]
It seems the domain no longer exists as referenced here:
All that's there is this link (https://www.moneyquestions.com/contact.html which redirects to http://www.cddz.com/contact-us when you click on the Contact Owner link below) and a copyright message
QuoteRouting details for said IP address
QuoteReports routes for 217.21.74.101:routeid: 15467304 217.21.64.0 - 217.21.95.255 to: abuse@ipplanet.net
Administrator interested in all reports8/22/2005, 6:46:55 AM -0400
[Note added by 68.158.22.55 (adsl-158-22-55.asm.bellsouth.net)]
ipplanet bought by gilatCan the deputies modify the parser to have reports sent to abuse AT terratransit DOT de and noc AT hostinger DOT com as that's what RIPE determines? TerraTransit AG is the responsible party to handle abuse reports for this IP address.
-
Message not delivered
There was a problem delivering your message to abuse@ipplanet.com. See the technical details below. LEARN MORE The response was:
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [ipplanet.com 15.197.142.173: timed out] [ipplanet.com 3.33.152.147: timed out]
-
11 hours ago, petzl said:
This abuse address was set in 8/22/2005 by abuse[AT]ipplanet[DOT]net which no longer exists
This is now a common issue SpamCop made these change permanent instead of 12 monthly
The now abuse address is
abuse[AT]terratransit[DOT]deSo can the deputies modify the parser to have reports sent to abuse AT terratransit DOT de?
-
https://www.spamcop.net/sc?id=z6806908673z04b1a724626bf46fe4806f1e9634969fz
Abuse POC for above IP address is invalid. Gmail is unable to forward reports when reporting manually to abuse AT ipplanet DOT com. This is the mailer-daemon response:
QuoteDelivery incomplete
There was a temporary problem delivering your message to abuse@ipplanet.com. Gmail will retry for 45 more hours. You'll be notified if the delivery fails permanently. LEARN MORE The response was: The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [ipplanet.com 3.33.152.147: timed out] [ipplanet.com 15.197.142.173: timed out]
QuoteDelivery incomplete
There was a temporary problem delivering your message to abuse@ipplanet.com. Gmail will retry for 21 more hours. You'll be notified if the delivery fails permanently. LEARN MORE The response was: The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [ipplanet.com 3.33.152.147: timed out] [ipplanet.com 15.197.142.173: timed out]
It seems the domain no longer exists as referenced here:
All that's there is this link (https://www.moneyquestions.com/contact.html which redirects to http://www.cddz.com/contact-us when you click on the Contact Owner link below) and a copyright message
QuoteRouting details for said IP address
QuoteReports routes for 217.21.74.101:routeid: 15467304 217.21.64.0 - 217.21.95.255 to: abuse@ipplanet.net
Administrator interested in all reports8/22/2005, 6:46:55 AM -0400
[Note added by 68.158.22.55 (adsl-158-22-55.asm.bellsouth.net)]
ipplanet bought by gilatCan the deputies modify the parser to have reports sent to abuse AT terratransit DOT de and noc AT hostinger DOT com as that's what RIPE determines? TerraTransit AG is the responsible party to handle abuse reports for this IP address.
-
https://www.spamcop.net/mcgi?action=gettrack&reportid=7254298430
Petzl, I used the app you suggested for determining the registrar for a given IP address. This is result of querying 45.156.27.61:
QuoteChecking IP: 45.156.27.61...
Failed Domain Lookup.
IP: 45.156.27.61Querying whois.arin.net for 45.156.27.61...
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2023, American Registry for Internet Numbers, Ltd.
#
#
# Query terms are ambiguous. The query is assumed to be:
# "n 45.156.27.61"
#
# Use "?" to get help.
#NetRange: 45.154.220.0 - 45.157.167.255
CIDR: 45.157.160.0/21, 45.157.0.0/17, 45.154.220.0/22, 45.154.224.0/19, 45.157.128.0/19, 45.155.0.0/16, 45.156.0.0/16
NetName: RIPE
NetHandle: NET-45-154-220-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2014-05-22
Updated: 2022-12-29
Ref: https://rdap.arin.net/registry/ip/45.154.220.0ResourceLink: https://apps.db.ripe.net/search/query.html
ResourceLink: whois.ripe.net
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPEReferralServer: whois://whois.ripe.net
ResourceLink: https://apps.db.ripe.net/search/query.htmlOrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: mailto:abuse AT ripe DOT net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARINOrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: mailto:hostmaster AT ripe DOT net
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARINBut when I query the above IP address on the ripe database site: I get abuse AT cloudbackbone DOT net as the responsible POC (the responsible ORGANIZATION is listed as CGI GLOBAL LIMITED)? Meanwhile, if I try to send a test email to noc AT cloudbackbone DOT net, Gmail's mailer-daemon tells me that the mailbox is full.
QuoteRecipient inbox full
Your message couldn't be delivered to noc AT cloudbackbone DOT net. Their inbox is full, or it's getting too much mail right now. The response from the remote server was: 552 5.2.2 Mailbox size limit exceeded 1681181837-GvKD4TbYSeA0-3pSQWAEs
I tried sending the spam to noc AT cloudbackbone DOT net and got an auto reply back from yandex's mailer-daemon with the subject Undelivered Mail Returned to Sender:
QuoteThis is the mail system at host yandex.ru.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
Please, do not reply to this message. -
On 4/9/2023 at 2:39 AM, petzl said:
Checking IP: 104.149.94.155...
Name: tr-acosh.aeskelly.com
IP: 104.149.94.155
Domain: aeskelly.com
Registrar Abuse Contact Email: mailto:abuse[AT]namecheap[DOT]comSent it there/filled out the abuse form on their site. Is there a way for the deputies to fix this so that the parser displays the correct POC (abuse AT namecheap DOT com)?
-
https://www.spamcop.net/sc?id=z6806535550z579ecc3525f12541f3b77e0a47c005d7z
Upon manually reporting a spam email (tracking link above) to postmaster AT psychz DOT net, Yahoo's mailer-daemon replied with this:
QuoteSorry, we were unable to deliver your message to the following address.550: No such person at this address'Also, upon querying the IP address via ARIN, in the Note field of the POC section of the query, this was written:
QuoteARIN has attempted to validate the data for this POC, but has received no response from the POC since 2022-09-01
abuse@timbrasil.com.br not accepting abuse reports?
in Routing / Report Address Issues
Posted
https://www.spamcop.net/sc?id=z6894784019z32eae73f09e4cd0e3dfd9e5bf8da549ez
I manually reported the spam to abuse AT timbrasil DOT com DOT br with the IP address 177.30.108.45 as Amazon determined that's where the email originated from (SC parses the email and uses 35.89.44.37 as the IP address to report spam with to abuse AT amazonaws DOT com)
This is the reply when I manually report the email to Amazon using 35.89.44.37:
Reply from timbrasil postmaster address: