Jump to content
paulgj

ocn.ad.jp spam

Recommended Posts

...you are 10 ply, aren't ya bud?  For many years I've sent reports to abuse@ and have received that same canned response.  It means nothing.  Recently I started mailing NTT employees.  After getting in contact with an employee, my mailings were reduced to abuse_support, jpcert, and the employee.  Here's the email I opened TODAY:

Hi,

 

I’ve had feedback from a colleague in Japan, who has escalated this to NTT Com Security

I have made them aware of the facts that you have posted to me, about the routine spam you are receiving and explained your frustrations.

My contact, has asked that I ask you, in good faith, to remove your spam forwarding notification .. whilst we sort this problem out/reach a successful conclusion.

 

As I’ve said before, I do not mind being on your spam notification list.. but could you remove the other addresses from now on, as that probably causes more likelihood that your own address could be identified as a spam generator !! as already your notification mails started arriving in my “Junk” folder.. for example..  I have updated my filters, to trust the mail from your notification message … so I don’t miss them… 

 

Regards

X

Again, I was ONLY mailing to abuse_support, jpcert, and this guy.  I explained to the employee that SPAMCOP sends reports to abuse@, and abuse@ is where they can harvest millions of ocn spam reports.  Perhaps they will also harvest the thousands that have been sent to abuse_support.  I do not know.

 

All I can say for certain is that NTT Japan asked that I stop forwarding spam reports at a time when abuse_support@ocn was the only NTT email address for them to be concerned about.  So, by all means, continue doing what you do and getting your canned replies that we all know are useless and accomplish nothing.

Edited by its8up
Grammar, spelling, and clarification

Share this post


Link to post
Share on other sites

Salfordian:  I want to help you, but there's a few things about your gMail related complaints that I need to understand and/or that you must address.

After the first 'denied send' screenshot, I raised some concern about obvious spammer email addresses which imply some form of automated replying to spam.  The next denied send screenshot also has obvious spammer email addresses in it, which suggests that you still had filters set to automatically reply to spam.  PLEASE tell me you are not still automatically replying to spam.

Your latest denied send screenshot had a failed send to abuse@outlook.  How do your filters determine that abuse@outlook is the right place to send a complaint?

Considering the time frame of your denied sends, this seems to be an automated process.  How is it automated?  gMail filters?  Mail handling software? (what software?)  A scri_pt or some other program of your own creation?  (If a scri_pt, what language?)

According to gMail policy, one spam report sent to five recipients equals 5 spam reports.  Looking in your Sent folder, what is the number of spam reports that actually send in a 24 hour period?

Including OCN, Aruba, and the lesser offenders, how many daily SPAMs are you getting?  25?  35?  (My app sends them to the trash after reporting, so it is very easy to keep track.)

Share this post


Link to post
Share on other sites
11 hours ago, klappa said:

So you're saying report_spam at hotmail dot com doesn't work?

And what do you mean by typing it in? Where should i type it in?

The correct abuse address is now "abuse [ at ] microsoft  [ dot] com", not "report_spam [at] hotmail [dot ] com"

what do you mean by typing it in? Where should i type it in? already told and you replied you have that box

Share this post


Link to post
Share on other sites

I've just tried reporting two from this morning, I'm dropping Gmail for good now as they clearly don't like me reporting it but are happy to allow it through

 

spam.jpg

Share this post


Link to post
Share on other sites

@Salfordian, I don't know about you, but I have no problems reporting spam through gmail. (although I rather use SpamCop)

I'm with its8up, if we don't know what you're doing, we can't help you.

Gmail has a quota of how many messages (emails) you can send per day, depending on how you send them. I reached that limit once, but haven't run into that problem anymore, and I've had this account since I got an invite to gmail on Nov, 2005 :)

The only failures I get are the ones where the abuse mailbox is dead or the space for inflow on their side has run out. and then I nicely reach out to ARIN, RIPE ... or whoever handles their AS info and ask them to reach out to their registrant to fix their abuse contact. so far it (almost) always has worked for me.

Edited by RobiBue
added more details

Share this post


Link to post
Share on other sites

Oh I used to use Spamcop all the time but recently has started miss-reporting Hotmail as the sender more and more plus became a farce as they still haven't got the correct email report addresses for Hotmail or OCN

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

Share this post


Link to post
Share on other sites

@salfordian  Since you won't answer the other questions or address any of the other concerns, here's a couple guesses as to the root of your problem:

1)  For each spam, you have been sending spam reports to multiple wrong email addresses, or to at least one wrong email address.  The guess of sending to multiple wrong email addresses is based on your having said you tried sending two today, but the failed send list has 3 google-related contact email addresses -- that is, both of of the contact email addresses from whois and the abuse@ address which was not in the whois, for some reason.  Why?  DId you not learn that over reporting spam is bad?  Did you think these people would fail to notice that you incessantly spam your spam reports to the wrong email addresses?

2) You've been auto replying to spam and Google damn well should be blocking that stupidity by default.  Autoreplies introduce a few problems.  First, it allows the spammer to report you for spam.  Second, reply addresses can be spoofed so occasionally your autoreplies could be broadcasting that crap to the inboxes of many innocent people who can also report you for sending spam.  There's certainly more issues than just that, but those are the ones pertaining to this issue.

How long have you been doing this?  Long enough to have gotten you labelled as a spammer because, by definition, you are a spammer.  You're a cup of baby carrots, aren't ya bud?  How does it feel to know you are the thing that you hate?

 

NOBODY is on here typing walls of text at you because they like to hear the sound of their fingers whacking on a keyboard.  If you are just here to vent your frustration, that's great.  Go for it.  Just don't act like you want help when you clearly have no intention of paying attention, answering pertinent questions, or taking advice.

Good luck with your new email address.  Once the spammers get it and the spam starts flooding in, feel free to come back to vent about it.  All I ask is that you keep the same username so if I happen to be here I'll know better than to waste any time trying to help.

Share this post


Link to post
Share on other sites
7 hours ago, salfordian said:

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

So what are you doing? I in Gmail select "original message" then download save it to "Download" folder which is saved as "original_msg.txt" open that and remove 2nd line "Received: by 2002:a81:2f14:0:0:0:0:0 with SMTP id v20-v6csp1840286ywv;" do not leave a space. Copy and past that to your SpamCop processing box. and click "Process spam" button. That simple. Always click "report phishing" option for Gmail spam.

Edited by petzl

Share this post


Link to post
Share on other sites
22 hours ago, salfordian said:

Oh I used to use Spamcop all the time but recently has started miss-reporting Hotmail as the sender more and more plus became a farce as they still haven't got the correct email report addresses for Hotmail or OCN

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

Every spam i get on Hotmail Spamcop wants me to report to abuse at microsoft dot com. I thought it worked as intended? Spamcop will always report to the last known source which it can trust?

Share this post


Link to post
Share on other sites

Like I said OCN is broken

 

"Received: from VI1EUR04HT037.eop-eur04.prod.protection.outlook.com (2603:10a6:4:8f::13) by DB5PR10MB1496.EURPRD10.PROD.OUTLOOK.COM with HTTPS via DB6PR0501CA0003.EURPRD05.PROD.OUTLOOK.COM; Thu, 27 Sep 2018 13:57:13 +0000 Received: from VI1EUR04FT011.eop-eur04.prod.protection.outlook.com (10.152.28.58) by VI1EUR04HT037.eop-eur04.prod.protection.outlook.com (10.152.28.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Thu, 27 Sep 2018 13:57:13 +0000 Authentication-Results: spf=pass (sender IP is 66.163.189.146) smtp.mailfrom=yahoo.com; hotmail.co.uk; dkim=pass (signature was verified) header.d=yahoo.com;hotmail.co.uk; dmarc=pass action=none header.from=yahoo.com; Received-SPF: Pass (protection.outlook.com: domain of yahoo.com designates 66.163.189.146 as permitted sender) receiver=protection.outlook.com; client-ip=66.163.189.146; helo=sonic314-20.consmr.mail.ne1.yahoo.com; Received: from sonic314-20.consmr.mail.ne1.yahoo.com (66.163.189.146) by VI1EUR04FT011.mail.protection.outlook.com (10.152.28.67) with Microsoft SMTP Server (version=TLS1_2, "

hot.jpg

Share this post


Link to post
Share on other sites

It would be so much easier if instead of a screenshot, only the URL would be provided...

https://www.spamcop.net/sc?id=z6488956777z48d6c277dfcfacb57994880635860105z

Anyway, it is clear why this and probably all hotmail emails are reported to Microsoft...

the topmost Received: line contains the IP address 2603:10a6:4:8f::13 which is allocated to MSFT...

now the next Received: line contains the following private network address: 10.152.28.58

and this breaks the chain, therefore SC reports the message to the last valid provider: Microsoft.

now why in Sam Hill isn’t it actually being reported to abuse@microsoft.com is probably because some “looong” time ago, abuse@outlook.com was the place to report to and SpamCop had a special “report desk” there... problem is, by breaking the chain, Microsoft alongside google et al. put SpamCop in a precarious position where spam isn’t being reported correctly anymore.

The email system is broken and spammers are having a free pass fest. It’s not SpamCop’s fault, but SpamCop/Cisco is not taking the problem seriously either. Sad days in the anti-spam community.

Share this post


Link to post
Share on other sites

Nice partial header, spammer.

How do you know it was sent from Yahoo?  Did you send it to yourself?  Was this sent to your account at outlook.com?  ......are you using an infected outlook express or some other crappy emailing software that is also virus prone?  If so, do you keep your antivirus subscriptions up to date as well as running extra measures for anti malware, such as malwarebytes?

Anyone ever seen "smtp.mailfrom=yahoo.com; hotmail.co.uk;" in their headers?  I know I haven't.  Forgery?

Edited by its8up
clarification - outlook express IS virus prone

Share this post


Link to post
Share on other sites

Indeed common sense says "look at the whois for the IP address", but common sense also tells me that rather than keeping up with tons of regular expressions to represent the tons of IP ranges for every major company and even for the ever morphing interweb where every day companies are born or die, spamcop is searching for domain names.  A shortcoming, but I don't pay for the service so I'm not complaining.

To my untrained eye that will probably never get trained with regard to your email provider, your header looks forged.  Here's a report for Yahoo to gMail spam that does not have a forged header:

https://www.spamcop.net/mcgi?action=gettrack&reportid=6857496981

 

Do you ever plan to come off a link for a full spam report of one of your Yahotmail SPAMs?

Do you have a legit email from yahoo in that inbox?  If so, does its header have "smtp.mailfrom=yahoo.com; hotmail.co.uk;"??   Do ANY of the emails in that inbox have a "smtp.mailfrom" with TWO mail providers listed after it?

Are you using mail handling software, such as Outlook Express?   <---- That one did it.  There I go typing a question again because you were too inconsiderate to type a short answer.

 

When people come on here with a complaint, there is no way for anybody to know the level of technical expertise the complaining person has.  Questions must be asked AND ANSWERED in order to diagnose/solve the issue.  Perhaps you think my questions are below you?  Well, your refusal to acknowledge pertinent issues that are raised or to answer important questions, which has caused me to repeat myself on multiple occasions, has lowered your complaints to the realm of intelligible autistic screeching as far as I am concerned.  

Answer the questions so others can help, or go play Minecraft for all I care.  You are spare parts. 

Abandoning thread.

Share this post


Link to post
Share on other sites

Most of the spam I receive at my hotmail/outlook accounts gets flagged for reporting to report_spam@..... as well.

There are a couple of options. If you've done the "add fuel to your account" thing you might want to consider looking for the abuse address for the apparent sending server/device, and adding that as a user defined report.

Share this post


Link to post
Share on other sites

"I won't bother doing things that would actually help anyone diagnose my problem so it can be resolved, but this service that works for ALL of you will not work for me so I'll complain about it more."  Some people just cannot be helped.

Share this post


Link to post
Share on other sites

Another example of SpamCop being broke

"Received: from SN1NAM02HT067.eop-nam02.prod.protection.outlook.com (2603:10a6:802::48) by VI1PR0102MB3295.eurprd01.prod.exchangelabs.com with HTTPS via VI1PR0102CA0035.EURPRD01.PROD.EXCHANGELABS.COM; Fri, 28 Sep 2018 08:26:00 +0000 Received: from SN1NAM02FT044.eop-nam02.prod.protection.outlook.com (10.152.72.59) by SN1NAM02HT067.eop-nam02.prod.protection.outlook.com (10.152.72.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1185.13; Fri, 28 Sep 2018 08:26:00 +0000 Authentication-Results: spf=softfail (sender IP is 192.99.127.109) smtp.mailfrom=kp.org; hotmail.com; dkim=none (message not signed) "


Yes its that large spam network OVH

 

spamcop.jpg

Share this post


Link to post
Share on other sites

From @salfordian:

...smtp.mailfrom=kp.org; hotmail.com; dkim=none...

FORGED HEADER

 

 

From https://www.mailjet.com/blog/news/how-to-read-email-headers/

...smtp.mailfrom = mail@interactive.smartphoto.be; dkim = pass...

 

From https://www.agari.com/identity-intelligence-blog/understanding-email-header-information/

...smtp.mailfrom=account-security-noreply@account.microsoft.com; dkim=none...

 

From https://www.lifewire.com/see-full-email-headers-outlook-hotmail-1174272

...smtp.mailfrom=delivery@bounce.about.com; dkim=pass...

 

YOU DO NOT ANSWER QUESTIONS.   YOU CANNOT BE HELPED.

Share this post


Link to post
Share on other sites

Is that so, so why would the networks I report them to acknowledge them and get back to me stating they've taken action, you should stop trolling and admit Spamcop is broken

Another example. just got this

"Received: from VE1EUR01HT035.eop-EUR01.prod.protection.outlook.com (2603:10a6:7:15::40) by HE1PR10MB1498.EURPRD10.PROD.OUTLOOK.COM with HTTPS via HE1PR0902CA0051.EURPRD09.PROD.OUTLOOK.COM; Fri, 28 Sep 2018 15:53:18 +0000 Received: from VE1EUR01FT012.eop-EUR01.prod.protection.outlook.com (10.152.2.58) by VE1EUR01HT035.eop-EUR01.prod.protection.outlook.com (10.152.3.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.1185.13; Fri, 28 Sep 2018 15:53:15 +0000 Authentication-Results: spf=permerror (sender IP is 210.188.229.9) smtp.mailfrom=loyotech.com; hotmail.co.uk; dkim=none (message not signed) header.d=none;hotmail.co.uk; dmarc=none action=none "

spam.jpg

 

Why do I feel like I've got my own stalker and not a clued up one either

Edited by salfordian

Share this post


Link to post
Share on other sites

Trolling?  Ha!  I have not said Spamcop is without fault, but it sure seems to work well enough for everyone but you.  I apologize for having lost my composure earlier, but I am very accustomed to dealing with people who have the ability to grasp concepts more quickly.

 

One concept you seem unable to grasp is that information in a forged header is fake.  The Yahoo IP addresses you keep making boldface, as if that should give it merit, comes just before a bit of data that is obviously fake.  This is my third attempt to help you grasp that the structure of the data in "...smtp.mailfrom=loyotech.com; hotmail.co.uk; dkim=none..." proves it to be fake data.  That should be a single email address, not two domain names.  Confirm that fact by looking at a legit email header, or go play Minecraft.

 

Granted, I'm not saying Yahoo is not the source of these spam messages.  However, it seems you cannot grasp the concept that nobody will be able to help you without more information.  Complete headers are much more useful for diagnosis than bits and pieces.  You provided enough bits to diagnose that the header is forged, but that's it.  You can find a complete header (stripped of personal info) in Past Reports.  Are you familiar with the gMail IPv6 reporting workaround?  Perhaps there is a workaround for your forged headers.  Provide a complete header, or go play Minecraft.

 

 A Spamcop Tracking URL would also be useful, but you seem to think a screenshot is useful.  Do you really think any of us will type that entire jumble of letters and numbers in addition to the walls of text that you repeatedly ignore or otherwise fail to give adequate response?  Highlight the link, copy it, paste it, and post it. .....or go play Minecraft.

Edited by its8up
Was a bit too.....condescending. My bad.

Share this post


Link to post
Share on other sites
On 9/26/2018 at 4:40 AM, petzl said:

The correct abuse address is now "abuse [ at ] microsoft  [ dot] com", not "report_spam [at] hotmail [dot ] com"

what do you mean by typing it in? Where should i type it in? already told and you replied you have that box

Shouldn't report_spam [at] hotmail [dot] com work? Spamcop uses that abuse address all the time.

Share this post


Link to post
Share on other sites

Those involved in this thread need to keep in mind that the SpamCop forum is different than many other forums.  The objective here is to oppose spam, help others use the tool provided by SpamCop and provide others help in their efforts to keep spam out of their inbox and off the internet in general.

Meeting those purposes can be aided by keeping the level of civility high.  Please review your future post with civility in mind.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×