Jump to content
Hanco

October 2019 - A month different to others?

Recommended Posts

Has this happened before?

Look at that green “spam submitted” line in the screenshot I attached. Normally spam submitted leads to a higher volume of reports.

October though? We see a significant amount of spam reported with reports not sent.

If my experience is anything to go by, there was a major increase from one group of spammers (phishing activity actually, but not the overt fake Apple sites, Amazon, Walmart, Netflix etc login pages)

And it was mostly email coming from Amazon IP addressees, which I always see SpamCop track but not send reports. Instead, I send the reports directly myself.

But is that what this month’s driver was? The group behind these daily deals of loan offers, warranty offers, cures for bizarre conditions etc.? They seemed to be quiet, then boom, daily 12-25 emails. Mostly sites with domain names from Namecheap (they said to someone in response to a domain abuse report, that they have a “huge volume” of support requests at the moment)

It seems like volume is down now (or the jerks behind the flow do not work weekends) and Amazon are “caught up” on the backlog of reports. Maybe the green line will go back below the blue...

380D0FE1-610F-41B4-B62B-9E95F94BDFDC.jpeg

Share this post


Link to post
Share on other sites

I don't know, but as of late, I submit spams (to seekrit.email@spamcop.com) but only occasionally am able to submit the spam. the others are lost in limbo...

maybe that has to do with the green spikes?

Share this post


Link to post
Share on other sites

Such a high level of reports to a spammer's ISP might generate a high level of bounces. We know that spamcop won't keep sending reports that are bound to bounce (and only waste more email bandwidth). Maybe that's the reason for a high submitted:sent ratio?

Share this post


Link to post
Share on other sites

It’s even more pronounced now. From 29 Sept through about 10 days, then back to normal. It aligns with a huge spike of email abuse I saw from AWS and other Amazon IPs.

Share this post


Link to post
Share on other sites

I did notice on the source of spam page lately there are a lot of "ISP has indicated spam will cease" from IP ranges such as 89.34.26.0/24 and 195.29.0.0/16 where it appears that they are just marking the option to prevent reports from being submitted.  (It seems to be more than one IP in their range.)  It appears they have been doing this for more than 48 hours and marking this maybe every six hours as the time after the message seems to jump up by around six hours.  Could this be part of the why the spikes have changed?
 

Share this post


Link to post
Share on other sites

Seems like my email abuser has switched to using now-dns.com

Reports are sent by SpamCop to the host of the subdomains, but that is VPSVILLE.RU which doesn’t seem bothered to act with any level of pace.

That’s one source. The other..

Much of the email volume is repetitive and has links to a Google Storage API location... there I can view XML showing all the subject lines and outline content they generate. And ALL of them redirect to “hwManyMore.com” (how many more? Well at least the jerk has a sense of humour I suppose?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×