Peace Freak

spam from Google Hosted website??

15 posts in this topic

Am not sure if this is the right forum to be posting this...

I'm currently getting 80 to 120 spam a day from what appears to be a single spammer. 

I've been consistent in submitting the spam but there has been zero reduction in their number... Below is what I see in the SpamCop reporting window.

Google seems to be ignoring these reports.

Does anyone have any suggestions on getting google to do something about this?

Thanks!

Re: 151.150.58.94 (Administrator of network where email originates)
 To: clifford.vaughan@honeywell.com (Notes)

Re:http://trollssupportsshowstopper.site/7g5HwW8HF... (Administrator of network hosting website referenced in spam)
 To: google-cloud-compliance@google.com (Notes)

Re:http://trollssupportsshowstopper.site/NWv9mMy97... (Administrator of network hosting website referenced in spam)
 To: google-cloud-compliance@google.com (Notes)

 

 

 

 

Share this post


Link to post
Share on other sites

PF there are two reasons the spam reports you reference were sent.

  1. a report was sent to honeywell.com as the sender of the email/spam
  2. two reports were sent to google.com as the host of web pages referenced in the spam

Google can not control the sender of email that includes links to web pages in their domain.  In the pasted it was common for weight loss/nutrition supplement sellers to buy full page articles (advertisements) in papers like the New York Times.  They then reference the NYT in their spam.  Obviously the paper could not stop the spam.  They have stopped taking the ads.

Share this post


Link to post
Share on other sites

Thanks for helping me understand the situation. So from what your saying there is nothing further that I can do?

Share this post


Link to post
Share on other sites

Keep reporting.  Perhaps adding KnujOn.net, fda.gov, acma.gov.au uce.gov

Share this post


Link to post
Share on other sites

Thank you. Should I just add the addresses:

nonreg@knujon.net, spam@UCE.GOV, report@submit.spam.acma.gov.au, uce@ftc.gov

to Personal copies of outgoing reports in SpamCop Preferences?

Also, is there a reporting plugin available for Apple Mail or some other method to make reporting easier?

Thank you?

Share this post


Link to post
Share on other sites
On 12/21/2017 at 9:47 AM, Peace Freak said:

Thanks for helping me understand the situation. So from what your saying there is nothing further that I can do?

Try giving a "Tracking URL" at top of SpamCop reporting page BEFORE you submit.

Share this post


Link to post
Share on other sites

Not sure what you mean by "try giving a "Tracking URL". A tracking URL appears at the top of the spam reporting window. Should I copy it somewhere?

Share this post


Link to post
Share on other sites

Should I copy it somewhere?  Yes.

That was a gentle suggestion to include the Tracking URL of a spam report you are posting about.  That way all of us can see the full email & header, the information the parser found and what action the parser suggested.

 

 

Share this post


Link to post
Share on other sites
22 hours ago, Peace Freak said:

OK this is a redirection site put in comments
Just save BELOW as a text file, this should grab their attention also copy and paste, above porn spammer text, "IP(Administrator of network where email originates)" and "URL IP Resolves to 35.225.234.14"

Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS

>

Share this post


Link to post
Share on other sites

Thanks Petxl, I would definitely like to improve the reports I send but I don't fully understand your instructions.

Firstly, that spam was already submitted. So I guess you are you saying that for future spam of a similar nature I should write in the "Additional notes (optional - max 2000 characters)" section, the IP address, and also:

***
Child porn spammer 

pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS
***

Is this correct?

Share this post


Link to post
Share on other sites
2 hours ago, Peace Freak said:

Thanks Petxl, I would definitely like to improve the reports I send but I don't fully understand your instructions.

Firstly, that spam was already submitted. So I guess you are you saying that for future spam of a similar nature I should write in the "Additional notes (optional - max 2000 characters)" section, the IP address, and also:

***
Child porn spammer 

pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS
***

Is this correct?

Yes in additional notes  put that in plus the IP address of The spam source and the URL IP resolves to under that put ">" to stop SpamCop formating it different

Send a report to yourself so you see what a abuse desk does 

SpamCop without "additional notes" is just headers  and body text makes it hard below is what I put in

Quote

 SpamCop V4.8.6 ]
This message is brief for your comfort.  Please use links below for details.

User-targeted report, see notes, if any.
  deleted
183.32.221.122 is open proxy, see: https://www.spamcop.net/mky-proxies.html

[ Additional comments from recipient ]
cncert@cert.org.cn 183.32.221.122 is an open proxy BOTNET SEE https://www.abuseat.org/lookup.cgi SEE ALSO CisCo sites REPUTATION IP LOOKUP https://www.talosintelligence.com If Microsoft Windows Defender is available to you, use it! THEN Change Password
Other BOTNEThosts in this "neighborhood" with spam reports 183.32.220.123 183.32.220.134 183.32.220.135 183.32.220.137 183.32.220.168 183.32.220.190 183.32.220.208 183.32.220.213 183.32.220.219 183.32.220.235 183.32.220.241 183.32.220.243 183.32.220.245 183.32.220.247 183.32.221.1 183.32.221.5 183.32.221.74 183.32.221.124 183.32.221.136 183.32.221.145 183.32.221.160 183.32.221.162 183.32.221.179 183.32.221.182 183.32.221.186 183.32.221.204 183.32.221.207 183.32.221.246 183.32.221.248 183.32.221.255 183.32.222.0 183.32.222.24 183.32.222.29 183.32.222.31 183.32.222.35 183.32.222.37 183.32.222.44 183.32.222.57 183.32.222.75 183.32.222.76 183.32.222.92 183.32.222.93 183.32.222.107 183.32.222.115

[ Offending message ] Return-Path: <277387642@qq.com> Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by sloti1d2t03 (Cyrus fastmail-fmjessie46427-15765-git-fastmail-15765) with LMTPA; Fri, 22 Dec 2017 15:26:25 -0500

 

Share this post


Link to post
Share on other sites

Have started to follow your suggestions. The IP addresses do not resolve to a URL. Here are 4 that I tried:

213.173.54.67
213.190.7.23
217.18.56.98
193.176.18.54

I wonder why?

Thank you for introducing CBL and Talos. Checked both IPs with them but they were not listed or neutral.

Would appreciate any comments and/or suggestions.

Share this post


Link to post
Share on other sites
5 hours ago, Peace Freak said:

213.173.54.67
213.190.7.23
217.18.56.98
193.176.18.54

Using https://whoisip.ovh identifies country of IP then send incident to relevant CERT https://www.first.org/members/teams/ (view all page bottom)
1  info@us-cert.gov no whois address?

2  info@us-cert.gov no whois address?

3 cert@ncsc.nl no whois address?

4 cert@ncsc.nl no whois address?

Aways in "Additional notes (optional - max 2000 characters): " I have created some templates saved in "notepad"  to copy and paste ALWAYS under text put in > or SpamCop format to one unreadable line send a copy to yourself to improve

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now