Manos

Dozens of chinese spam emails per day

36 posts in this topic

For the last month I've been spammed by dozens of chinese spam emails every day. The total number of emails has reached about 100 in some days.

I own a gaming website and that's the first time in my life that I experience such thing! How can these guys bombard our emails? Their ISP must be one of the worst in China.

I have reported the emails that I received by forwarding them directly to the spamcop email. I've even clicked the spam report validation links and everything ok.

These are the email addresses as an outcome. I hope I didn't miss anything.

abuse[at]12321.cn
spam[at]ccert.edu.cn
anti-spam[at]mail.sc.cninfo.net
abuse[at]newworldtel.com
abuse[at]jaguarpc.com
abuse[at]chinanet.cn.net
ip-admin[at]mail.online.sh.cn
gd123[at]126.com
2430829707[at]qq.com
abuse[at]cnc-noc.net
tao.li[at]yun-idc.com
dongchen.shi[at]yun-idc.com
abuse[at]chinamobile.com
postmaster[at]jsinfo.net
abuse[at]jsinfo.net
anti-spam[at]ns-chinanet.cn.net
spam[at]jsinfo.net
abuse[at]pa18.com
abuse_gdnoc[at]189.cn
abuse[at]pingan.com.cn
webtuzgabg[at]21cb.cin
ljq[at]263.net
abuse[at]pa18.com
wengwq[at]online.sh.cn
Can Spamcop.net help with this or do I have to install your filter? Will any ISP block these guys? Iam not familiar with those and it would be a disaster for me If I lose any emails. Imagine that some emails have to do with sponsorships so they keep my site living.
Thank you.

Share this post


Link to post
Share on other sites

It is a common misconception that reporting spam to SC will directly stop/reduce you spam. It will not, directly.

However, reporting spam to SC does feed the SpamCop block list which does help everyone. Everyone that does use the block list to filter their email that is.

One way you or your email ISP can use the SC block list is by installing spamassassin and configuring it to use the SC block list.

Share this post


Link to post
Share on other sites

None for me.

But I got my first Hebrew spam last week.

Share this post


Link to post
Share on other sites

Over the last couple of weeks I've gotten HUNDREDS (really!) of spams, all from addresses hosted by B2Netsolutions.com. I've been reporting them all. Still the spams continue. I see from the above comments that I too was under the misconception that using SC would directly stop/reduce the spam. SIGH

I'll have to check out Spamassassin as suggested above. But I use MailWasher Pro on my PC to pre-filter incoming emails and also to report spam to SC. I hope Spamassassin will work with that.

Obviously whoever is running B2Netsolutions.com doesn't care at all about the spam reports he gets.

Share this post


Link to post
Share on other sites

I think I remember reading that MailWasher can be configured to use the SpamCop blacklist.

Share this post


Link to post
Share on other sites

As far as I can see, my Mailwasher Pro is already configured to use the SpamCop blacklist. But how should it be working? I'm getting a ton of spams from addresses hosted by B2Netsolutions.com and have been using SpamCop (via MailWasher) to report them. Yet I keep on getting them. When I report them are they being added to SpamCop's blacklist? Should I continue to receive them and need to keep reporting them?

With other spams I've reported I've often seen a message something along the lines of telling me that the host has acknowledged the problem and that it would be fixed by a certain date/time. And as far as I can tell, it was fixed and I don't get messages from them anymore. But in spite of reporting B2Netsolutions over and over (well over 100 times now) I keep on getting those.

I think I remember reading that MailWasher can be configured to use the SpamCop blacklist.

Share this post


Link to post
Share on other sites

&nbsp &nbsp&nbsp&nbsp&nbsp You may be aware of this already but in case someone reading this does not, the SC blacklist does not contain networks (for example, B2Netsolutions.com) but, rather, individual IP addresses. You can tell whether an IP address is on the CL BL by using the form here.

Share this post


Link to post
Share on other sites

For the last month I've been spammed by dozens of chinese spam emails every day. The total number of emails has reached about 100 in some days.

I own a gaming website and that's the first time in my life that I experience such thing! How can these guys bombard our emails? Their ISP must be one of the worst in China.

I have reported the emails that I received by forwarding them directly to the spamcop email. I've even clicked the spam report validation links and everything ok.

Can Spamcop.net help with this or do I have to install your filter? Will any ISP block these guys? Iam not familiar with those and it would be a disaster for me If I lose any emails. Imagine that some emails have to do with sponsorships so they keep my site living.
Thank you.

SpamCop can make it easier to report spam which will reduce spam attacks

Suggest yo have Gmail POP your email account (LEAVE EMAIL ON SERVER OPTION) and they (for me anyhow) accurately separate spam from ham.

I use Thunderbird as a POP client but Gmails webmail is easy to check!

When reporting try to get better than SpamCop check spamcops abuse address

I use WIN10 and use this program to look for abuse addresses

http://www.nirsoft.net/utils/ip_country_info_offline.html

When reporting come back here if any difuculties and include the "tracking URL"

Share this post


Link to post
Share on other sites

Posted (edited)

qq.com has started hitting me with several spams every hour, for the past few days.

Google translate suggests they're just emailing word salad:

 

Quote

You <I praise yourself is tantamount to praise you,> good <soil is like this, you naturally grow ordinary. > <Light grass weaving machine in vain trouble machine> I <standing on the shore to see overturned see death is not saved> is the ideal of the world. > Australia. > The door of the big girl's lottery pattern more> permanent <grass if no heart does not sprout, if people inadvertently underdeveloped. You want to spend on your flower Invite the breath of the earth. I never dreamed of something that could not be achieved. Please tell the truth, no matter how sharp it is. In the same way, you are ignorant and ignorant. Take the radio to listen to the hearing heard the sound of people, "the bottle of the flies no way out; no way out> network <to others Of happiness as their own happiness, the flowers dedicated to others, the thorns to their own! Valdez "but should not be subject to their domination, and in our poor minds, it must be a" land of the Buddha in the temple did not see the big incense "3 <because that all the makeup Your beauty> 3 <is dissatisfied with the status quo, but the means to break the status quo is different: First, innovation, one is retro. Lu Xun> 2 <ten in recognition, Barry clothes. >


One of them, when I searched for some of the strings, turned out to be pages from Shakespeare's sonnets that had been godawfully translated from and back to English via Chinese and posted on a website.

It's a denial-of-sanity attack.

 

Edited by hank

Share this post


Link to post
Share on other sites

So as a Spamcop email customer, do I have a block list somewhere?

I'd like to block everything from qq.com, obviously.

Share this post


Link to post
Share on other sites

Posted (edited)

P.S.:   for example:

 

Quote

<In the early years of the morning of the morning of the morning of the morning, But also the general taste in the heart, but also in the heart, but also in the heart of the heart, <I want to return to the wind>, "remember the wine seeking Fang Department" each <green swine in the swing> day <lonely Boshan mountain Wang Temple> in the "also know Fang Si can not help> Worry about the chicken

That's Google Translate of what the original said:
 

Quote

ⅵ<记曾共>р<惊粉重>享<丑媳妇总得见公婆>:<彩扇红牙今都在>天<雾里看花>天<二客东南名胜>高<差池欲住>达<鬓边觑>3<春将半>‰<莫衷一是>反<难兄难弟>水<歌扇轻约飞花>,<哀筝一弄湘江曲>手<勿谓言之不预也>拵<凤弦常下>餸<峰回路转>2<小鹿触心头>O<来者不善善者不来><在人矮檐下怎敢不低头>3<会少离多看两鬓>O<中庸之道><促织儿>5<波面铜花冷不收>O<断桥鸥鹭>‰<迷途知返>专<灯火扬州路>员<逐鹿中原>Q<但忆临官道>:<断肠马上曾闻>3<旧心情>1<旧心情>9<点石成金>2<教君恣意怜>7<不管人愁独自圆>6<循循善诱>8<龙凤呈祥>1<神龙见首不见尾>8<匆匆未识>

开<乍过清明早觉伤春暮>奖<绛河清浅>快<臣子憾>快<悔匆匆>快<落花犹在>逢<悔不早荆钗>8<可怜无数山>必<宫里吴王沉醉>发<欹枕舻声边>特<当时宋玉悲感>碼<章台路>4<闲穿径竹>9<便胜却>倍<别是一般滋味在心头>,<我欲乘风归去>,<记唤酒寻芳处>每<绿杨影里秋千>日<独宿博山王氏庵>中<也知芳思难禁>中<翻成雨恨云愁>中<只鸡斗酒聚比邻>


Maybe an AI has just woken up in the Chinese network and this is baby babbling ....
 

Edited by hank

Share this post


Link to post
Share on other sites

I was getting several qq.com spams every day for a while a few weeks back. I was wondering where they disappeared to. :( Sadly my ISP didn't accept qq.com as a valid domain to add to its user-defined blacklist settings, but I did manage to report most of them.

Share this post


Link to post
Share on other sites

Fifty more in the past 8 hours.

They are all sent to my userid@spamcop.net

So Spamcop is the targeted email provider for this deluge.

Surely Spamcop provides a blocklist feature somewhere for this sort of spamming?

I've reported all of them so far and will continue to do so, hoping there's an automated system counting them at Spamcop even if nobody there is alert to this stuff.

 

Share this post


Link to post
Share on other sites

Well, no.  The reporting address from which I send Spamcop reports isn't properly munged by Spamcop, as noted in other threads -- the spammers hide it inside the text of the message as well as in the headers, so they can find out where reports come from.

And that address (not a spamcop address) is also being targeted now -- several hundred spams accumulated in their spam filter overnight.

Share this post


Link to post
Share on other sites

Hm.  My outgoing mail server logged me off:  "exceeded maximum number of messages per connection"  -- too many reports, I guess that looks like a spambot at work.

 

And the Chinese spams are coming in as fast as I can report them.  I must have pissed someone off.

They're all the same kind of word salad.

Share this post


Link to post
Share on other sites
23 minutes ago, hank said:

Surely Spamcop provides a blocklist feature somewhere for this sort of spamming?

Well, no SpamCop does not, anymore.  Back in, Sep 2014, when the spamcop.net email was discontinued as a service to users the some services were continued, but over time all services discontinued after giving users time to arrange for other email services.  Providing blocklist service was one of the first things to go.

Share this post


Link to post
Share on other sites

My ISP uses Spamcop's blocklist and has held more than 1300 spams from qq.com -- I've only been seeing those that got past that and other ISPs into my combined home mailbox.

The China spammer is also now using my home ISP's email address in the Sender line of the spams (presumably harvested from my spam reports)

Poking around for strings from the spam headers with Google finds suggestions this may be a known spambot malware trying to distribute itself.

Share this post


Link to post
Share on other sites
4 minutes ago, hank said:

too many reports, I guess that looks like a spambot at work.

Are you reporting individual spam or are you sending several at a time?  depending on the size of each spam you can attach "many" to each reporting email you send. I have found around 20 works well for me. This gets under the limits and is easy to attach with the email app I use.

Share this post


Link to post
Share on other sites

Well, reporting seems to have gotten through to the blocklist from Spamcop that my ISP uses.

I've accumulated about 450 graymail filtered posts in Chinese from qq.com -- and no new qq.com spam passed on to my inbox -- since today mid-morning.

Whew.

For a while there the spam was coming in faster than I could report it.

 

Thanks for the tip about forwarding multiple attachments in a single report, that was a sanity-saver.

Share this post


Link to post
Share on other sites

Yep, when you piss someone off it can get ugly. My experience with a DOS attack peaked at 1.7K on the third day. These were the Indian variety with lots of big jpg files. Had to have a talk to my ISP to not cut me off reporting (most of) them. 

hang in there.

Share this post


Link to post
Share on other sites

Still getting the occasional spam through to my home inbox, so they're varying their approach.

Whoever or whatever the source is.

Share this post


Link to post
Share on other sites
2 hours ago, Lking said:

Had to have a talk to my ISP to not cut me off reporting (most of) them. 

hang in there.

The filtering used by ISPs can be a little tricky to navigate at times. I've had a couple of weird discussions with mine over the years.

Share this post


Link to post
Share on other sites

Posted (edited)

Still pouring in, 450 caught in graymail overnight, about one spam per minute now hitting my inbox.
All sent to my userid@spamcop.net  (you'd think they'd get a clue from the company name, but no)

Contents are still all word salad, according to Google Translate.

[%最新]

 奥菛永利331458点C0M邀您注冊嶺⑤8瀛5⒏0提,专员Q319276818嶺

[%标题]

[<[%农业词库]>%<[%农业词库]>第<[%农业词库]>一<[%农业词库]>句<[%农业词库]>]<[%农业词库]>网<[%农业词库]>址<[%农业词库]> <[%农业词库]>[<[%农业词库]>%<[%农业词库]>网<[%农业词库]>址<[%农业词库]>]<[%农业词库]>

[<[%成语]>%<[%成语]>第<[%成语]>二<[%成语]>句<[%成语]>]<[%成语]>专<[%成语]>员<[%成语]>Q<[%成语]>:<[%成语]>[<[%成语]>%<[%成语]>Q<[%成语]>Q<[%成语]>]<[%成语]>

[<[%农业词库]>%<[%农业词库]>第<[%农业词库]>三<[%农业词库]>句<[%农业词库]>]


Somewhere in China, a computer has gone mad ....

Edited by hank

Share this post


Link to post
Share on other sites

So, reporting seems like it's just increasing the spam; 450 per hour now, all addresed to my userid@spamcop.net

Spamcop forwards this spam to my ISP, which uses the Spamcop blocklist, so that it's getting filtered by my ISP.

But quoting from the Preferences at Spamcop:
 

------quote follows------------------------------------------------------

Become a "mole" - Don't even send reports (mostly pointless)
...    

It has become painfully obvious that spammers are able to identify your email address by using tracking codes - even after
SpamCop's attempts to munge them. It has also become plain that even the largest and most well-respected ISPs forward complaints intact to the accused.

In response, we now offer the ability to send reports silently. These reports are not emailed and are not available to anyone
but SpamCop administrators and will not be shared (except as aggregate counts).

----end quote---------------------------------------------------

So -- Spamcop administrators -- why is this called "mostly pointless" -- won't silent reports continue to inform your blocklist?

Because as you say, the reports are just informing the spammers that userid@spamcop.net is valid.

And the spam generation tool is using some kind of randomizer to slip spam past the blocklist, only 3 or 4 per hour now out of the hundreds they're sending.

So I'm ready to switch to "mole" setting -- hoping I can trust Spamcop will keep adjusting the blocklist from "mole" reports.

Can anyone verify this will work?

 

Share this post


Link to post
Share on other sites

PS:  "qq.com" is identified as the source of all the spams to myuserid@spamcop.net, but qq.com isn't blocklisted by Spamcop.  That business has multiple IP addresses which it's using.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now