Jump to content

Recommended Posts

Hi all,

About a month or maybe two ago, seems my one email that I use in places that will likely be hyjacked got hammered.

Spamcop really must work because I'm back down to the usual 2 or so a day.

BUT almost every bit that is still coming shows a reporting address of some long name at gmail.

SO WHY isn't google included in the list of reports sent to?   Wouldn't google want to know someone using gmail is violating TOS?

Or... does google even care?  (Well they must, when I was being flooded   almost all of them went to google network abuse.  It's stopped so they must have done something.)

 

Thanks.

Share this post


Link to post
Share on other sites

Hi ArtmakersWorlds,

I suppose you are talking about the IPv6 address in the email header's "Received:" line beginning with "2002:", otherwise it would be helpful if you could post the "TRACKING URL" you received when submitting the spam to better understand what you mean.

i.e. the URL you receive when reporting the spam (my link depicted in indigo purple)

 Tracking URL example

If it's the IPv6 (6to4) address, then see the threads here and here about the reasons why some of it isn't working and what Google is or isn't doing about it...

HTH

Share this post


Link to post
Share on other sites
Posted (edited)
8 hours ago, ArtmakersWorlds said:

Or... does google even care?  (Well they must, when I was being flooded   almost all of them went to google network abuse.  It's stopped so they must have done something.)

Gmail/Google don't care about customers, to them they are just data fodder!
Aside from reporting spam  mark it phishing

Edited by petzl

Share this post


Link to post
Share on other sites
23 hours ago, RobiBue said:

Hi ArtmakersWorlds,

I suppose you are talking about the IPv6 address in the email header's "Received:" line beginning with "2002:", otherwise it would be helpful if you could post the "TRACKING URL" you received when submitting the spam to better understand what you mean.

i.e. the URL you receive when reporting the spam (my link depicted in indigo purple)

 Tracking URL example

If it's the IPv6 (6to4) address, then see the threads here and here about the reasons why some of it isn't working and what Google is or isn't doing about it...

HTH

Ok, had to wait for the next one to arrive.  here...

SpamCop v 4.9.0 © 2019 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z
Skip to Reports

Share this post


Link to post
Share on other sites
1 hour ago, petzl said:

Add 
INCIDENT[ AT ] cert-in.org.in

To you report  "pracharnamapvtltd - gmail*com" is a apparent bit bin

Ok, so what is a bit bin???

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, ArtmakersWorlds said:

Ok, so what is a bit bin???

same as garbage can (a.k.a. /dev/nul)

adding a report to incident@cert-in.org.in is described in https://www.cert-in.org.in/SecurityIncident.jsp

from https://dnslytics.com/ip/103.111.41.221, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well...

that is, a report also to 'admin@rackbank.com'

at least for the spam just provided in https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z

Edited by RobiBue
specified to what the reply pertains

Share this post


Link to post
Share on other sites

btw, if you click on [past reports] tab/button/link, you can find past TRACKING URLs by clicking on the number link provided for the report, and then on the [parse] link in the resulting screen.

just for future reference ;)

Share this post


Link to post
Share on other sites
2 hours ago, ArtmakersWorlds said:

Ok, so what is a bit bin???

Rubbish bin never read. The Cert address is run by the Government who can get criminals arrested

Share this post


Link to post
Share on other sites
13 hours ago, RobiBue said:

same as garbage can (a.k.a. /dev/nul)

adding a report to incident@cert-in.org.in is described in https://www.cert-in.org.in/SecurityIncident.jsp

from https://dnslytics.com/ip/103.111.41.221, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well...

that is, a report also to 'admin@rackbank.com'

at least for the spam just provided in https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z

Ok, guys, I'm NOT a computer geek here.  Beyond some very basic and dated HTML code, that's it.   I do get dev/nul so ok, basically I've been wasting my time reporting these at all?  They are going nowhere???

 

Then... TRYING to figure out what your telling me here,

Well  get "Requested URL not found."

 

 

Not a clue what to do with this.  "I would add a report to..."  HOW?  Through spamcop? 

Listen, I have used spamcop for years now.  I've promoted using it to many others. Take the time to send spam through it.  But that's about all the time I care to waste on this.  Especially if the spammers found a way to send through some non address that is the same as dev/nul 

 

Spamcop must be doing SOMETHING though.  It only took a matter of weeks until my sudden flood of spam dwindled down to one a day.

(That one yesterday and an unrelated "fed ex can't deliver your atm card" bs that also seems to report to nowhere.

Here in case your interested in this one.  Seems I get that message on a regular basis.

(Spammers really are a stupid lot aren't they?  An ATM card?  Fed Ex has to deliver something that could fit in an envelope? That I KNOW is not mine?
Must be enough people even dumber to fall for this and probably have to send someone money first.) 

SpamCop v 4.9.0 © 2019 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6512217806z2094f4fdceb045889e1ad82b10175152z
Skip to Reports

 

I did once attempt to contact fed ex to see if they have an abuse reporting address.  Apple does, pay pal does, but they do not. 

 

Kinda drifted off topic but the point is I only got one piece of spam today.   So this site really does work.  Even if I don't understand just how.

And the email I'm using is one I use everywhere I think it might be harvested.  Survey sites I do, or if I want to bite on what I think is likely a scam, I'll use my trashable email.  So it's out there.  That I'm down to one spam in the morning is fantastic. 

Maybe I just have to wait until this particular spammer dies of old age before it stops then because I sure don't know what else to do. 

Thanks for trying though.  But unless someone can post

1. Do this..

2. do that...

I'm out.   Spamcop then delete. Move on.  Life is too short.

Share this post


Link to post
Share on other sites
2 hours ago, ArtmakersWorlds said:

"described in https://www.cert-in.org.in/SecurityIncident.jsp"   

Well  get "Requested URL not found."

Sorry about that,  I just copied the link without testing it "stand-alone"

it was supposed to be https://www.cert-in.org.in, and then clicking on the link in the left menu [* Incident Reporting] (which ends up being that .jsp link that seems to go nowhere without context...)

2 hours ago, ArtmakersWorlds said:

[...] I have used spamcop for years now.  I've promoted using it to many others. Take the time to send spam through it.  But that's about all the time I care to waste on this.

[...]

Spamcop must be doing SOMETHING though.  It only took a matter of weeks until my sudden flood of spam dwindled down to one a day.

(That one yesterday and an unrelated "fed ex can't deliver your atm card" bs that also seems to report to nowhere.

Here in case your interested in this one.  Seems I get that message on a regular basis.

(Spammers really are a stupid lot aren't they?  An ATM card?  Fed Ex has to deliver something that could fit in an envelope? That I KNOW is not mine?
Must be enough people even dumber to fall for this and probably have to send someone money first.)

https://www.spamcop.net/sc?id=z6512217806z2094f4fdceb045889e1ad82b10175152z

Confirmation of Spammer's Rules Rule #3: Spammers are stupid, and Spinosa's Corollary: Spammers assume everybody is more stupid than themselves.

2 hours ago, ArtmakersWorlds said:

I did once attempt to contact fed ex to see if they have an abuse reporting address.  Apple does, pay pal does, but they do not. 

(no need to contact them, as it's not from them anyway)

Kinda drifted off topic but the point is I only got one piece of spam today.   So this site really does work.  Even if I don't understand just how.

And the email I'm using is one I use everywhere I think it might be harvested.  Survey sites I do, or if I want to bite on what I think is likely a scam, I'll use my trashable email.  So it's out there.  That I'm down to one spam in the morning is fantastic. 

Maybe I just have to wait until this particular spammer dies of old age before it stops then because I sure don't know what else to do. 

Thanks for trying though.  But unless someone can post

1. Do this..

2. do that...

I'm out.   Spamcop then delete. Move on.  Life is too short.

well, all I can say now: it works, and if it works for you , then great 👍:ph34r: mission accomplished!

Share this post


Link to post
Share on other sites
Posted (edited)
4 hours ago, ArtmakersWorlds said:

Thanks for trying though.  But unless someone can post

1. Do this..

2. do that...

Forward as attachment  from your email to abuse address is another way

botnet  source   88.198.112.174   'abuse@hetzner.de

Email server change password  62.172.235.230   abuse@bt.com

Received: from 127.0.0.1  (EHLO our.madebysonder.com) (62.172.235.230) your email server to you
  by mta4452.mail.bf1.yahoo.com with SMTP; Wed, 09 Jan 2019 11:52:48 +0000
Received: from User (static.88-198-112-174.clients.your-server.de [88.198.112.174]) source to your email server 
	by our.madebysonder.com (Postfix) with ESMTPA id 1306A30601B9;
	Tue,  8 Jan 2019 12:00:03 +0000 (GMT)

reference urls

https://www.talosintelligence.com

https://mxtoolbox.com/diagnostic.aspx

https://dnslytics.com/whois-lookup

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
18 minutes ago, petzl said:

Forward as attachment  from your email to abuse address is another way

botnet  source   88.198.112.174   'abuse@hetzner.de

Email server change password  62.172.235.230   abuse@bt.com

child porn source
182.111.98.3  anti-spam@ns.chinanet.cn.net
113.140.86.66   anti-spam@ns.chinanet.cn.net
offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader
example just forwarded as attachment from my email account
Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server
	by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB
	for <xxx[AT]spamcop.net>; Wed,  9 Jan 2019 13:31:08 -0800 (PST)
Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source

email server seems a fake one
https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a113.140.86.66&amp;run=toolpage
Edited by petzl

Share this post


Link to post
Share on other sites

petzl

I seem to remember that bt.com coming up in the past.  When I see an email address I sometimes DO forward copies directly.   Pretty sure that one only sends back some long winded BS auto responder which I don't even bother reading.  I don't know if they care or not.

 

RobiBue

LOVE THIS... "Confirmation of Spammer's Rules Rule #3: Spammers are stupid, and Spinosa's Corollary: Spammers assume everybody is more stupid than themselves."

So sad though that there are actually people even stupider than spammers.  Must be or they would be out of business.

 

 

Meanwhile.... today, in my out there for everyone junk email address I got NOT ONE spam message today.  (so far.) 

So spamcop really does work.  Seems even the ones that are dev/nul or where ever, must be doing something somehow huh?  I got hammered right around Christmas, and barely mid Jan it's stopped. WOOHOOO!!!!!

Share this post


Link to post
Share on other sites
32 minutes ago, ArtmakersWorlds said:

petzl

I seem to remember that bt.com coming up in the past.  When I see an email address I sometimes DO forward copies directly.   Pretty sure that one only sends back some long winded BS auto responder which I don't even bother reading.  I don't know if they care or not.

https://www.talosintelligence.com/reputation_center/lookup?search=62.172.235.230

Shows some one don't care UK  military server compromised 

https://www.raf.mod.uk/our-organisation/stations/raf-marham/

https://www.spamhaus.org/sbl/query/SBL428795

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×