Jump to content

ocn.ad.jp spam

paulgj

By paulgj
in SpamCop Reporting Help

 Share

Recommended Posts

its8up Member

its8up

Posted
Posted (edited)

...you are 10 ply, aren't ya bud?  For many years I've sent reports to abuse@ and have received that same canned response.  It means nothing.  Recently I started mailing NTT employees.  After getting in contact with an employee, my mailings were reduced to abuse_support, jpcert, and the employee.  Here's the email I opened TODAY:

Hi,

 

I’ve had feedback from a colleague in Japan, who has escalated this to NTT Com Security

I have made them aware of the facts that you have posted to me, about the routine spam you are receiving and explained your frustrations.

My contact, has asked that I ask you, in good faith, to remove your spam forwarding notification .. whilst we sort this problem out/reach a successful conclusion.

 

As I’ve said before, I do not mind being on your spam notification list.. but could you remove the other addresses from now on, as that probably causes more likelihood that your own address could be identified as a spam generator !! as already your notification mails started arriving in my “Junk” folder.. for example..  I have updated my filters, to trust the mail from your notification message … so I don’t miss them… 

 

Regards

X

Again, I was ONLY mailing to abuse_support, jpcert, and this guy.  I explained to the employee that SPAMCOP sends reports to abuse@, and abuse@ is where they can harvest millions of ocn spam reports.  Perhaps they will also harvest the thousands that have been sent to abuse_support.  I do not know.

 

All I can say for certain is that NTT Japan asked that I stop forwarding spam reports at a time when abuse_support@ocn was the only NTT email address for them to be concerned about.  So, by all means, continue doing what you do and getting your canned replies that we all know are useless and accomplish nothing.

Edited by its8up
Grammar, spelling, and clarification
Link to comment
Share on other sites
  • Replies 110
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

its8up Member

its8up

Posted
Posted

Salfordian:  I want to help you, but there's a few things about your gMail related complaints that I need to understand and/or that you must address.

After the first 'denied send' screenshot, I raised some concern about obvious spammer email addresses which imply some form of automated replying to spam.  The next denied send screenshot also has obvious spammer email addresses in it, which suggests that you still had filters set to automatically reply to spam.  PLEASE tell me you are not still automatically replying to spam.

Your latest denied send screenshot had a failed send to abuse@outlook.  How do your filters determine that abuse@outlook is the right place to send a complaint?

Considering the time frame of your denied sends, this seems to be an automated process.  How is it automated?  gMail filters?  Mail handling software? (what software?)  A scri_pt or some other program of your own creation?  (If a scri_pt, what language?)

According to gMail policy, one spam report sent to five recipients equals 5 spam reports.  Looking in your Sent folder, what is the number of spam reports that actually send in a 24 hour period?

Including OCN, Aruba, and the lesser offenders, how many daily SPAMs are you getting?  25?  35?  (My app sends them to the trash after reporting, so it is very easy to keep track.)

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted
11 hours ago, klappa said:

So you're saying report_spam at hotmail dot com doesn't work?

And what do you mean by typing it in? Where should i type it in?

The correct abuse address is now "abuse [ at ] microsoft  [ dot] com", not "report_spam [at] hotmail [dot ] com"

what do you mean by typing it in? Where should i type it in? already told and you replied you have that box

Link to comment
Share on other sites
RobiBue Advanced Member

RobiBue

Posted
Posted (edited)

@Salfordian, I don't know about you, but I have no problems reporting spam through gmail. (although I rather use SpamCop)

I'm with its8up, if we don't know what you're doing, we can't help you.

Gmail has a quota of how many messages (emails) you can send per day, depending on how you send them. I reached that limit once, but haven't run into that problem anymore, and I've had this account since I got an invite to gmail on Nov, 2005 :)

The only failures I get are the ones where the abuse mailbox is dead or the space for inflow on their side has run out. and then I nicely reach out to ARIN, RIPE ... or whoever handles their AS info and ask them to reach out to their registrant to fix their abuse contact. so far it (almost) always has worked for me.

Edited by RobiBue
added more details
Link to comment
Share on other sites
salfordian Member

salfordian

Posted
Posted

Oh I used to use Spamcop all the time but recently has started miss-reporting Hotmail as the sender more and more plus became a farce as they still haven't got the correct email report addresses for Hotmail or OCN

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

Link to comment
Share on other sites
its8up Member

its8up

Posted
Posted

@salfordian  Since you won't answer the other questions or address any of the other concerns, here's a couple guesses as to the root of your problem:

1)  For each spam, you have been sending spam reports to multiple wrong email addresses, or to at least one wrong email address.  The guess of sending to multiple wrong email addresses is based on your having said you tried sending two today, but the failed send list has 3 google-related contact email addresses -- that is, both of of the contact email addresses from whois and the abuse@ address which was not in the whois, for some reason.  Why?  DId you not learn that over reporting spam is bad?  Did you think these people would fail to notice that you incessantly spam your spam reports to the wrong email addresses?

2) You've been auto replying to spam and Google damn well should be blocking that stupidity by default.  Autoreplies introduce a few problems.  First, it allows the spammer to report you for spam.  Second, reply addresses can be spoofed so occasionally your autoreplies could be broadcasting that crap to the inboxes of many innocent people who can also report you for sending spam.  There's certainly more issues than just that, but those are the ones pertaining to this issue.

How long have you been doing this?  Long enough to have gotten you labelled as a spammer because, by definition, you are a spammer.  You're a cup of baby carrots, aren't ya bud?  How does it feel to know you are the thing that you hate?

 

NOBODY is on here typing walls of text at you because they like to hear the sound of their fingers whacking on a keyboard.  If you are just here to vent your frustration, that's great.  Go for it.  Just don't act like you want help when you clearly have no intention of paying attention, answering pertinent questions, or taking advice.

Good luck with your new email address.  Once the spammers get it and the spam starts flooding in, feel free to come back to vent about it.  All I ask is that you keep the same username so if I happen to be here I'll know better than to waste any time trying to help.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted (edited)
7 hours ago, salfordian said:

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

So what are you doing? I in Gmail select "original message" then download save it to "Download" folder which is saved as "original_msg.txt" open that and remove 2nd line "Received: by 2002:a81:2f14:0:0:0:0:0 with SMTP id v20-v6csp1840286ywv;" do not leave a space. Copy and past that to your SpamCop processing box. and click "Process spam" button. That simple. Always click "report phishing" option for Gmail spam.

Edited by petzl
Link to comment
Share on other sites
klappa Advanced Member

klappa

Posted
Posted
22 hours ago, salfordian said:

Oh I used to use Spamcop all the time but recently has started miss-reporting Hotmail as the sender more and more plus became a farce as they still haven't got the correct email report addresses for Hotmail or OCN

PS when I did or when I was allowed to report emails I sent at most 30 a day, now I can't send one.................Google is even blocking Google

Every spam i get on Hotmail Spamcop wants me to report to abuse at microsoft dot com. I thought it worked as intended? Spamcop will always report to the last known source which it can trust?

Link to comment
Share on other sites
salfordian Member

salfordian

Posted
Posted

Like I said OCN is broken

 

"Received: from VI1EUR04HT037.eop-eur04.prod.protection.outlook.com (2603:10a6:4:8f::13) by DB5PR10MB1496.EURPRD10.PROD.OUTLOOK.COM with HTTPS via DB6PR0501CA0003.EURPRD05.PROD.OUTLOOK.COM; Thu, 27 Sep 2018 13:57:13 +0000 Received: from VI1EUR04FT011.eop-eur04.prod.protection.outlook.com (10.152.28.58) by VI1EUR04HT037.eop-eur04.prod.protection.outlook.com (10.152.28.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Thu, 27 Sep 2018 13:57:13 +0000 Authentication-Results: spf=pass (sender IP is 66.163.189.146) smtp.mailfrom=yahoo.com; hotmail.co.uk; dkim=pass (signature was verified) header.d=yahoo.com;hotmail.co.uk; dmarc=pass action=none header.from=yahoo.com; Received-SPF: Pass (protection.outlook.com: domain of yahoo.com designates 66.163.189.146 as permitted sender) receiver=protection.outlook.com; client-ip=66.163.189.146; helo=sonic314-20.consmr.mail.ne1.yahoo.com; Received: from sonic314-20.consmr.mail.ne1.yahoo.com (66.163.189.146) by VI1EUR04FT011.mail.protection.outlook.com (10.152.28.67) with Microsoft SMTP Server (version=TLS1_2, "

hot.jpg

Link to comment
Share on other sites
RobiBue Advanced Member

RobiBue

Posted
Posted

It would be so much easier if instead of a screenshot, only the URL would be provided...

https://www.spamcop.net/sc?id=z6488956777z48d6c277dfcfacb57994880635860105z

Anyway, it is clear why this and probably all hotmail emails are reported to Microsoft...

the topmost Received: line contains the IP address 2603:10a6:4:8f::13 which is allocated to MSFT...

now the next Received: line contains the following private network address: 10.152.28.58

and this breaks the chain, therefore SC reports the message to the last valid provider: Microsoft.

now why in Sam Hill isn’t it actually being reported to abuse@microsoft.com is probably because some “looong” time ago, abuse@outlook.com was the place to report to and SpamCop had a special “report desk” there... problem is, by breaking the chain, Microsoft alongside google et al. put SpamCop in a precarious position where spam isn’t being reported correctly anymore.

The email system is broken and spammers are having a free pass fest. It’s not SpamCop’s fault, but SpamCop/Cisco is not taking the problem seriously either. Sad days in the anti-spam community.

Link to comment
Share on other sites
its8up Member

its8up

Posted
Posted (edited)

Nice partial header, spammer.

How do you know it was sent from Yahoo?  Did you send it to yourself?  Was this sent to your account at outlook.com?  ......are you using an infected outlook express or some other crappy emailing software that is also virus prone?  If so, do you keep your antivirus subscriptions up to date as well as running extra measures for anti malware, such as malwarebytes?

Anyone ever seen "smtp.mailfrom=yahoo.com; hotmail.co.uk;" in their headers?  I know I haven't.  Forgery?

Edited by its8up
clarification - outlook express IS virus prone
Link to comment
Share on other sites
its8up Member

its8up

Posted
Posted

Indeed common sense says "look at the whois for the IP address", but common sense also tells me that rather than keeping up with tons of regular expressions to represent the tons of IP ranges for every major company and even for the ever morphing interweb where every day companies are born or die, spamcop is searching for domain names.  A shortcoming, but I don't pay for the service so I'm not complaining.

To my untrained eye that will probably never get trained with regard to your email provider, your header looks forged.  Here's a report for Yahoo to gMail spam that does not have a forged header:

https://www.spamcop.net/mcgi?action=gettrack&reportid=6857496981

 

Do you ever plan to come off a link for a full spam report of one of your Yahotmail SPAMs?

Do you have a legit email from yahoo in that inbox?  If so, does its header have "smtp.mailfrom=yahoo.com; hotmail.co.uk;"??   Do ANY of the emails in that inbox have a "smtp.mailfrom" with TWO mail providers listed after it?

Are you using mail handling software, such as Outlook Express?   <---- That one did it.  There I go typing a question again because you were too inconsiderate to type a short answer.

 

When people come on here with a complaint, there is no way for anybody to know the level of technical expertise the complaining person has.  Questions must be asked AND ANSWERED in order to diagnose/solve the issue.  Perhaps you think my questions are below you?  Well, your refusal to acknowledge pertinent issues that are raised or to answer important questions, which has caused me to repeat myself on multiple occasions, has lowered your complaints to the realm of intelligible autistic screeching as far as I am concerned.  

Answer the questions so others can help, or go play Minecraft for all I care.  You are spare parts. 

Abandoning thread.

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted

Most of the spam I receive at my hotmail/outlook accounts gets flagged for reporting to report_spam@..... as well.

There are a couple of options. If you've done the "add fuel to your account" thing you might want to consider looking for the abuse address for the apparent sending server/device, and adding that as a user defined report.

Link to comment
Share on other sites
salfordian Member

salfordian

Posted
Posted

Another example of SpamCop being broke

"Received: from SN1NAM02HT067.eop-nam02.prod.protection.outlook.com (2603:10a6:802::48) by VI1PR0102MB3295.eurprd01.prod.exchangelabs.com with HTTPS via VI1PR0102CA0035.EURPRD01.PROD.EXCHANGELABS.COM; Fri, 28 Sep 2018 08:26:00 +0000 Received: from SN1NAM02FT044.eop-nam02.prod.protection.outlook.com (10.152.72.59) by SN1NAM02HT067.eop-nam02.prod.protection.outlook.com (10.152.72.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1185.13; Fri, 28 Sep 2018 08:26:00 +0000 Authentication-Results: spf=softfail (sender IP is 192.99.127.109) smtp.mailfrom=kp.org; hotmail.com; dkim=none (message not signed) "


Yes its that large spam network OVH

 

spamcop.jpg

Link to comment
Share on other sites
its8up Member

its8up

Posted
Posted

From @salfordian:

...smtp.mailfrom=kp.org; hotmail.com; dkim=none...

FORGED HEADER

 

 

From https://www.mailjet.com/blog/news/how-to-read-email-headers/

...smtp.mailfrom = mail@interactive.smartphoto.be; dkim = pass...

 

From https://www.agari.com/identity-intelligence-blog/understanding-email-header-information/

...smtp.mailfrom=account-security-noreply@account.microsoft.com; dkim=none...

 

From https://www.lifewire.com/see-full-email-headers-outlook-hotmail-1174272

...smtp.mailfrom=delivery@bounce.about.com; dkim=pass...

 

YOU DO NOT ANSWER QUESTIONS.   YOU CANNOT BE HELPED.

Link to comment
Share on other sites
salfordian Member

salfordian

Posted
Posted (edited)

Is that so, so why would the networks I report them to acknowledge them and get back to me stating they've taken action, you should stop trolling and admit Spamcop is broken

Another example. just got this

"Received: from VE1EUR01HT035.eop-EUR01.prod.protection.outlook.com (2603:10a6:7:15::40) by HE1PR10MB1498.EURPRD10.PROD.OUTLOOK.COM with HTTPS via HE1PR0902CA0051.EURPRD09.PROD.OUTLOOK.COM; Fri, 28 Sep 2018 15:53:18 +0000 Received: from VE1EUR01FT012.eop-EUR01.prod.protection.outlook.com (10.152.2.58) by VE1EUR01HT035.eop-EUR01.prod.protection.outlook.com (10.152.3.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.1185.13; Fri, 28 Sep 2018 15:53:15 +0000 Authentication-Results: spf=permerror (sender IP is 210.188.229.9) smtp.mailfrom=loyotech.com; hotmail.co.uk; dkim=none (message not signed) header.d=none;hotmail.co.uk; dmarc=none action=none "

spam.jpg

 

Why do I feel like I've got my own stalker and not a clued up one either

Edited by salfordian
Link to comment
Share on other sites
its8up Member

its8up

Posted
Posted (edited)

Trolling?  Ha!  I have not said Spamcop is without fault, but it sure seems to work well enough for everyone but you.  I apologize for having lost my composure earlier, but I am very accustomed to dealing with people who have the ability to grasp concepts more quickly.

 

One concept you seem unable to grasp is that information in a forged header is fake.  The Yahoo IP addresses you keep making boldface, as if that should give it merit, comes just before a bit of data that is obviously fake.  This is my third attempt to help you grasp that the structure of the data in "...smtp.mailfrom=loyotech.com; hotmail.co.uk; dkim=none..." proves it to be fake data.  That should be a single email address, not two domain names.  Confirm that fact by looking at a legit email header, or go play Minecraft.

 

Granted, I'm not saying Yahoo is not the source of these spam messages.  However, it seems you cannot grasp the concept that nobody will be able to help you without more information.  Complete headers are much more useful for diagnosis than bits and pieces.  You provided enough bits to diagnose that the header is forged, but that's it.  You can find a complete header (stripped of personal info) in Past Reports.  Are you familiar with the gMail IPv6 reporting workaround?  Perhaps there is a workaround for your forged headers.  Provide a complete header, or go play Minecraft.

 

 A Spamcop Tracking URL would also be useful, but you seem to think a screenshot is useful.  Do you really think any of us will type that entire jumble of letters and numbers in addition to the walls of text that you repeatedly ignore or otherwise fail to give adequate response?  Highlight the link, copy it, paste it, and post it. .....or go play Minecraft.

Edited by its8up
Was a bit too.....condescending. My bad.
Link to comment
Share on other sites
klappa Advanced Member

klappa

Posted
Posted
On 9/26/2018 at 4:40 AM, petzl said:

The correct abuse address is now "abuse [ at ] microsoft  [ dot] com", not "report_spam [at] hotmail [dot ] com"

what do you mean by typing it in? Where should i type it in? already told and you replied you have that box

Shouldn't report_spam [at] hotmail [dot] com work? Spamcop uses that abuse address all the time.

Link to comment
Share on other sites
Lking What Life?

Lking

Posted
Posted

Those involved in this thread need to keep in mind that the SpamCop forum is different than many other forums.  The objective here is to oppose spam, help others use the tool provided by SpamCop and provide others help in their efforts to keep spam out of their inbox and off the internet in general.

Meeting those purposes can be aided by keeping the level of civility high.  Please review your future post with civility in mind.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...