Jump to content

Sven Golly

Members
  • Content Count

    37
  • Joined

  • Last visited

Everything posted by Sven Golly

  1. Somehow, this particular type of spam seems to confound Spamcop. I get a mailhost configuration problem when reporting via email. Reconfiguring my mailhosts does nothing to improve this. This spam seems pretty sophisticated in that it shows up with full pictures on my phone yet looks like weird text in Outlook preview (images disabled). The source IP appears to be: 82.147.70.59 which goes back to a Russian provider. https://www.spamcop.net/sc?id=z6640595520za6b456852b82bb903ea1937266b051bbz
  2. I just switched hosting providers which means that all the mail configs need to be updated. However, the test message from SpamCop is not being received. I've checked the logs and don't see any record of an incoming from Spamcop. Maybe this feature is borked?
  3. I use three mail services. Gmail, Roadrunner and my self-hosted accounts for our domain, geldner.com, at Stablehost. Effectively now, none of them are allowing email submissions to my submit @ spamcop address. They either get dumped without response (Roadrunner) or not sent due to spam content at Gmail and Stablehost. Gmail was getting through but now they've tightened things up. Stablehost says they have no good way of whitelisting spamcop for outbound mail. This will effectively end my Spamcop reporting unless I can find a solution. No I am NOT going to cut & paste spam emails. I MIGHT be able to host a mail exchanger on my home computer (Spectrum cable internet) with Dynamic DNS but I'm not sure how that would work. Any suggestions before I pull the plug on reporting?
  4. You'll note I've already tried reporting via Gmail and they are blocking perceived spam content (which is what a SpamCop report often looks like). My problem is not that my email accounts don't work for regular mail, they're fine. It's just that I can't use any of them now for reporting spam to SpamCop.
  5. SpamCop can't seem to deal with this. I never get a submit button. https://www.spamcop.net/sc?id=z6420840587ze41077f5166b70661ec211ec6da5db51z
  6. Sven Golly

    Report doesn't complete - can't submit

    Parser still not working. Alibaba originated spam doesn't parse. https://www.spamcop.net/sc?id=z6436471089z9ccd10bfd074e56c63131211326597ccz
  7. Sven Golly

    Report doesn't complete - can't submit

    Is it because the spammers have figured out a way to foul up the Spamcop parser deliberately? Since about 1 in 5 of my reports are hitting this parsing failure, I am increasingly disinclined to report spam. It would be good to know if Cisco / Spamcop intend to fix it or if this is whole project is simply on life support.
  8. SPAMCOP report results I have tried both manually processing this email AND as an emailed submission via my account. SpamCop chokes on both.
  9. Done. I'll report back if they say anything.
  10. All it would take is the first. My guess is that Spamcop reconfigs don't happen very often since Spamcop itself seems to be fading away. I mean look at the forum traffic here. The last message prior to mine was maybe 2 months ago? (Not that Spamcop makes it easy to find the forums.) I just tried again and still no email from the mailhost setup. I get spam report reply mails from Spamcop (which of course complain that my mailhost is not properly configured, duh).
  11. Sven Golly

    serverhub.com

    Not sure why SpamCop doesn't just DevNull everything going to [at]serverhub.com. Nothing over the last month has even remotely slowed down the amount of spam I get through them. http://www.spamcop.net/sc?id=z5885335158z1...b926158ec7d300z
  12. Sven Golly

    serverhub.com

    Interesting logic I guess. But they still never make it onto the SCBL. They are good at the snowshoe tapdance.
  13. Sven Golly

    serverhub.com

    Has it accomplished anything other than make it "look like" an ISP might be doing something?
  14. Sven Golly

    serverhub.com

    And here's a relatively rare serverhub.com spam that links to a site HOSTED by serverhub. Usually the links go elsewhere. http://www.spamcop.net/sc?id=z5888647343zf...2e24c8e93d1b92z
  15. Sven Golly

    serverhub.com

    Thanks for the info on getting the tracking link. I had never noticed the "Parse" link at the top. The FAQ is kind of arcane in many ways. I have dealt with whoever is behind the serverhub spam in the past since I recognize the writing / subject line style and what they usually promote. The spammer is active for anywhere from 1 month to as long as a year, eventually gets shut down, then starts all over again from a new spam-friendly ISP. Serverhub is going on 3 months now I think.
  16. Sven Golly

    serverhub.com

    Yeah I didn't save the tracking URLs for those -- so I just went to Recent Reports to snag what I could. Would be nice if SC presented the tracking URL in Recent Reports. Anyway here are two of today's serverhub.com spams by tracking URL. http://www.spamcop.net/sc?id=z5888418267z5...1b97b6d3fc9bbbz http://www.spamcop.net/sc?id=z5888418191z6...11bde60310273bz These spams are just goofy with weird keywords. I don't know if they are to get past spam filters or if they are a form of reverse tracking. Report the spam and they know you did because they see what was reported and can track it back to the reporter / recipient. All serverhub.com spam gets copied to spam[at]uce.gov and knujon.
  17. Sven Golly

    serverhub.com

    Well it would seem to me that because serverhub has setup a special abuse address just for Spamcop (spamcop[at]serverhub.com) and since they allow this spammer to continue (we get about 10 - 20 per day on one address alone), the special spamcop address is simply being ignored. So assuming there's a special arrangement for between SC and Serverhub to support that address, why does SC continue to do so? All it looks like to me is a way for them to monitor how much spam they can crank out before running afoul of the SCBL. Am I missing something? These are all sample Serverhub spams reported to SC. I don't report every single one I get. http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851586 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851514 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851673 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851511 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851508 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129851507 http://www.spamcop.net/mcgi?action=gettrac...rtid=6129632531 <- Black Lotus + Serverhub http://www.spamcop.net/mcgi?action=gettrac...rtid=6129632544 <- Black Lotus + Serverhub
  18. Sven Golly

    spam from: singlehop & blacklotus

    I'm seeing the same spam here -- singlehop / black lotus. I also saw a crossover spam from serverhub.com that was spamvertising a black lotus site. Right now 75% of my spam is from serverhub.com but they STILL haven't made it to the SpamCop's own RBL. Which is why I'm getting more and more disappointed with SpamCop.
  19. Sven Golly

    serverhub.com

    serverhub's IP space is still sending major amounts of spam. Some 60 reports later and they STILL don't even show up on SpamCop's own RBL! I'm really beginning to think SpamCop itself is becoming irrelevant.
  20. Sven Golly

    Is Spamcop reporting doing any good anymore?

    I seem to have noticed a drop in the correlation between SC reports and action by ISPs too. One ISP in particular, serverhub, is currently responsible for 1/2 the spam my domain is getting yet, in spite of continued reports to Spamcop, none of the IPs I've reported show on Spamcop's own RBL. EXAMPLE: http://www.spamcop.net/sc?id=z5887218933z9...3cbfde6b6aeccfz http://mxtoolbox.com/SuperTool.aspx?action...p;run=toolpage# In another thread, I jokingly referred to the abuse address for serverhub (spamcop[at]serverhub.com) as really being routed to devnull by serverhub.
  21. Sven Golly

    serverhub.com

    My comment was semi-tongue-in-cheek. ;-) I suspect serverhub.com devnulls SpamCop reports. Just in the last hour I got 2 more spams originating from serverhub.com.
  22. It's probably NOT SpamCop bouncing but rather your own ISP. My mailhost recently made a change to their SMTP service where they run everything through a third party spam/virus service (SpamExperts). I have seen them reject even simple phishing reports sent as attachments to SpamCop. It makes reporting to SpamCop a real challenge -- but I also see why the ISP wants to do it -- they don't want to be on the wrong side of a RBL. Not sure what the solution is. --SG
  23. And yet: https://apps.db.ripe.net/search/lookup.html...amp;type=person Shows the abuse contact. Original SpamCop report: http://www.spamcop.net/sc?id=z5881011582zf...8e67b2b3e8f029z
  24. I am wondering about what happens with all the reports I send in that reference "volumedrive.com" as the abuse reporting address. For some reason, the IPs reported (they jump around but all are in volumedrive.com's netblocks) don't make it onto SpamCop's own BL but they do show up occasionally on Barracuda and Spamhaus. The spam is clearly originating from one spammer (they have a consistent "style") to their emails. We get about 2 - 4 day and who knows how many may get dumped via SpamAssassin at the server level. Yet this spammer is allowed to continue to operate by what appears to be a spam-friendly host. Here's a recent example: http://www.spamcop.net/sc?id=z5498280528zf...33c670f9b97310z
  25. Sven Golly

    spam originating from volumedrive.com

    Yeah Volumedrive keeps on spamming here too. Their IPs show in Barracuda but not in the SCBL. 199.19.110.222 - 5954885819, 5954885820 199.19.110.233 - 5954885846, 5954885847 199.19.110.218 - 5954886002, 5954886001
×