Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About MisterBill

  • Rank

Recent Profile Visitors

1,015 profile views
  1. MisterBill

    Spamcop not finding link in encoded message

    Except that I am not seeing that message, and there obviously is a link in my mail body. BTW after sending the URL thru Spamcop and getting the abuse address, I added it as the "Public standard report recipients" option in Spamcop. I selected that address to get a couple of reports of the spam sent to them (it's not checked by default) and included some comments in one of the reports. Knock on wood and all that, but it's been two days since the last piece of spam was received, and I was getting at least 5 per day. So maybe it did something to at least get my address removed (not sure if the URL was personalized and they would have known who the report came from, I guess it would have to be to be removed, unless they actually shut down the spammer).
  2. MisterBill

    Spamcop not finding link in encoded message

    Thanks for the info on decoding the message. And maybe it's not obfuscation in the strict definition of the word but it's not in clear text. And the bottom line is that Spamcop is not recognizing and reporting on it, for whatever reason that may be.
  3. MisterBill

    Spamcop not finding link in encoded message

    Couldn't you just cancel the processing and resubmit the email? What significance does clearing the browser cookies have? BTW I tried submitting it via e-mail figuring maybe it would take the time to process the body, same result.
  4. MisterBill

    Spamcop not finding link in encoded message

    I'm pretty sure it used to de-obfuscate hidden links like that. It was a way to beat spammers who resorted to stuff like that. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/bom-obfuscation-in-spam/ The good news is that AOL is still picking it up as spam. Bad news is that whenever I went to the spam folder previously, it was false positives. Now it's mostly this crap.
  5. MisterBill

    Spamcop not finding link in encoded message

    Good point, but if you try going to the site (without the stuff after the first slash) it actually is a valid address.
  6. MisterBill

    Spamcop not finding link in encoded message

    Good idea to include a SC link with the contents of the email. Here's one of mine so folks can see what the mail looks like. https://www.spamcop.net/sc?id=z6526542656z686e6200afbb5e1b095fea9160ee8108z
  7. I've recently managed to get one of my email addresses added to a spammer's list, getting several piece a day, generally for bogus medical cures. The emails always have an encoded body and it appears that Spamcop is not decoding it and finding the link that is part of it. When I opened a recent email (and obviously not showing the image), I saw Who knew you could regular blood sugar this easy You May Safely Display Content of Message and the second line is a link to http://131. 107.193.85joanny.info.boyman.space/205/3-2-2019-clickersin (space added after the first dot to break the link) Yet when I feed the email thru Spamcop, it doesn't find or report on the link. Has the spammer adjusted their behavior so that Spamcop cannot pick up and report the email to their host? In this case, the report is only going to network-abuse@google.com (where the email apparently originated from), which I'm assuming isn't doing anything about it.
  8. Sorry, here's the link: https://www.spamcop.net/sc?id=z6372706844z03952f3bb4595463ae09c956c7b4d131z I don't want it to be deleted automatically before I can view the messages but in normal cases where SC decides it is unable to send any reports, it takes it out of the queue. In this case, it just seems like it aborts processing rather than deciding that it cannot send reports. And this isn't the first time I've run into this.
  9. I tried to report spam, and apparently it's not reportable. However, the email doesn't get cleared from the queue, and when I go back to the site, it tells me "Unreported spam Saved: Report Now". It seems like Spamcop should be deleting this from my queue when it realizes that it can't send any reports. I should not have to remove it myself. Here is the end of the processing screen that I get. Suggestions? Bill Tracking link: http://www.fedex.com/?location=home No recent reports, no history available ISP does not wish to receive report regarding www.fedex.com Host www.fedex.com (checking ip) = Resolves to Routing details for [refresh/show] Cached whois for : ip-admin@akamai.com Using abuse net on ip-admin@akamai.com abuse net akamai.com = abuse@akamai.com Using best contacts abuse@akamai.com abuse@akamai.com redirects to abuse-spamcop@akamai.com ISP does not wish to receive reports regarding http://www.fedex.com/?location=home - no date available http://www.fedex.com/?location=home has been appealed previously. Tracking link: http://www.fedex..com/us/legal/ No recent reports, no history available Host www.fedex..com (checking ip)
  10. I have my own domain, and I use different email addresses at different sites (like starbucks[at]mydomain.us) so I can tell where my address came from if/when their mailing list gets stolen (I use wildcard forwarding so I don't need to define each address). It turns out that this happens a lot more often than you'd think and I've been getting emails at addresses used at only a single site for a while now. They seem to come in batches, typically it's some of the nasty stuff with attachments and thanks to Spamcop I've determined that it comes from different sites, so I'm guessing it's being sent by zombie machines. Interestingly, I rarely get this spam at addresses that I've never used, so this says to me that something is getting these addresses and I'd like to know how. I've always figured that it was various sites that got hacked. My email addresses from sites like Consumerist, Couponmom and Opentable that routinely get spam. Some of those that have been compromised for a while I've set up dummy forwarding for (to a non-existent address) so I don't get those anymore. I got a really huge batch of this spam today (it's been bad for the past week), and included in it was one sent to a "citi" address, which I've used for Citibank and nothing else (and this is the first time I've seen spam sent to it). So this means that either their database has been hacked, or else the spammers are getting my addresses from some other source. My mail is forwarded thru Namecheap's forwarding service to my Verizon mailbox. It seems like they'd be getting it from one of those sources, or from my machine, and I think that the latter is pretty unlikely. Fortunately all of this stuff ends up in my Verizon spam folder, but I would love to figure out how this is happening. Any ideas?
  11. MisterBill

    Errors encountered while reporting

    I'm also seeing this problem, and it's occurring with email sent by Mailwasher and the piece of mail being tossed likely had multiple pieces of spam in it, all of which are presumably lost. Are you still interested in receiving a copy of the email to investigate? Sadly, I don't think it contains what was sent, which would be useful.
  12. MisterBill

    IPv6 Routing Support

    This is still a problem. I got this spam reporting rejected today. Can someone tell me what the ipv6 header is? They look OK to me. http://www.spamcop.net/sc?id=z5246558407z8...;action=display
  13. MisterBill

    Should Mailto addresses get reported?

    Thanks for the link. I agree that reporting email addresses in the header is useless. But that page says that reporting the address where the spammer is expecting replies can be useful. yet it does not do it. I prefer to have something like Spamcop doing the reporting because it is anonymous. If I have to send it with my real email address and find out that the spammer also owns the domain I am reporting him to (i.e., he is getting the complaint), I will likely get much more spam as a result.
  14. I've recently started getting a lot of spam from a hosting company. There is no website to report but there is a mailto that they have responses going to. However, Spamcop is not sending any notice to that site. Is there a reason? Seems like an address that gets replies is going to be real, so definitely the site owner should be notified. http://www.spamcop.net/sc?id=z4996578016z3...7ff1799c84ceeaz
  15. Not to belabor the point, but the net result was the same. Changing the URL's so that enough of them were alike or deleting a bunch, both reduced the count of URL's to allow Spamcop to report on a number it considers acceptable. In both cases it changed the behavior of Spamcop because it would not have reported any URL's otherwise.