Hanco 0 Posted October 14, 2019 Has this happened before? Look at that green “spam submitted” line in the screenshot I attached. Normally spam submitted leads to a higher volume of reports. October though? We see a significant amount of spam reported with reports not sent. If my experience is anything to go by, there was a major increase from one group of spammers (phishing activity actually, but not the overt fake Apple sites, Amazon, Walmart, Netflix etc login pages) And it was mostly email coming from Amazon IP addressees, which I always see SpamCop track but not send reports. Instead, I send the reports directly myself. But is that what this month’s driver was? The group behind these daily deals of loan offers, warranty offers, cures for bizarre conditions etc.? They seemed to be quiet, then boom, daily 12-25 emails. Mostly sites with domain names from Namecheap (they said to someone in response to a domain abuse report, that they have a “huge volume” of support requests at the moment) It seems like volume is down now (or the jerks behind the flow do not work weekends) and Amazon are “caught up” on the backlog of reports. Maybe the green line will go back below the blue... Share this post Link to post Share on other sites
RobiBue 0 Posted October 15, 2019 I don't know, but as of late, I submit spams (to seekrit.email@spamcop.com) but only occasionally am able to submit the spam. the others are lost in limbo... maybe that has to do with the green spikes? Share this post Link to post Share on other sites
C2H5OH 0 Posted October 21, 2019 Such a high level of reports to a spammer's ISP might generate a high level of bounces. We know that spamcop won't keep sending reports that are bound to bounce (and only waste more email bandwidth). Maybe that's the reason for a high submitted:sent ratio? Share this post Link to post Share on other sites
Hanco 0 Posted October 21, 2019 It’s even more pronounced now. From 29 Sept through about 10 days, then back to normal. It aligns with a huge spike of email abuse I saw from AWS and other Amazon IPs. Share this post Link to post Share on other sites
gnarlymarley 0 Posted October 22, 2019 I did notice on the source of spam page lately there are a lot of "ISP has indicated spam will cease" from IP ranges such as 89.34.26.0/24 and 195.29.0.0/16 where it appears that they are just marking the option to prevent reports from being submitted. (It seems to be more than one IP in their range.) It appears they have been doing this for more than 48 hours and marking this maybe every six hours as the time after the message seems to jump up by around six hours. Could this be part of the why the spikes have changed? Share this post Link to post Share on other sites
Hanco 0 Posted October 26, 2019 Seems like my email abuser has switched to using now-dns.com Reports are sent by SpamCop to the host of the subdomains, but that is VPSVILLE.RU which doesn’t seem bothered to act with any level of pace. That’s one source. The other.. Much of the email volume is repetitive and has links to a Google Storage API location... there I can view XML showing all the subject lines and outline content they generate. And ALL of them redirect to “hwManyMore.com” (how many more? Well at least the jerk has a sense of humour I suppose? Share this post Link to post Share on other sites
goodnerd 0 Posted November 23, 2019 A lot of the spams that I reported that were originating from the AmazonAWS servers were never sent to any address at Amazon but instead used addresses like abuse#amazonaws.com@devnull.spamcop.net I also filed every spam complaint directly on the AmazonAWS reporting page, even when I was getting 50+ a day from this spammer. Amazon took it a little more serious when the spammer started forging their name and logos in the fake Amazon Gift Card spam attack. I got some virus spams from the spammer after getting that one shut down. They always seem to point back to a common registrar. Share this post Link to post Share on other sites
petzl 0 Posted November 24, 2019 4 hours ago, goodnerd said: A lot of the spams that I reported that were originating from the AmazonAWS servers were never sent to any address at Amazon but instead used addresses like abuse#amazonaws.com@devnull.spamcop.net I also filed every spam complaint directly on the AmazonAWS reporting page, even when I was getting 50+ a day from this spammer. Amazon took it a little more serious when the spammer started forging their name and logos in the fake Amazon Gift Card spam attack. I got some virus spams from the spammer after getting that one shut down. They always seem to point back to a common registrar. Always helps with a SpamCop Trackhttps://www.spamcop.net/sc?id=z6594340561z125f42ee61982fdb92980529b765f19bz always put in abuse report been going on for many many months.Banned all Amazon and subsidiaries purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS 52.45.175.153 abuse[AT]amazonaws.com spam text headers and body Share this post Link to post Share on other sites
goodnerd 0 Posted November 24, 2019 I didn't bother posting any tracking links because I was not sure others could see historical data from reports I filed. The party that utilizes AmazonAWS, numerous exposed Twitter accounts, Bit.ly and imgur image hostings now seems to be shrinking back to smaller country servers like vspnet.lt, home.pl, arax.md, and occasionally krypt.com. I've been dealing with this little man for quite a while now. That spammer even set up a fake Twitter account under my Gmail email address and occasionally sends me direct virus spams but yet he still can't stop spamming me. Go figure. I guess it's like the old Robert Soloway case where the man thought he was untouchable and above the law. Their account at digitalocean.com wasterminated on 11/22 (outlandisher.pw): Quote Hi there, Thanks for making this report. We identified and terminated the user responsible for this incident. Regards, Security Operations Digital Ocean Security Share this post Link to post Share on other sites
petzl 0 Posted November 24, 2019 1 hour ago, goodnerd said: Their account at digitalocean.com was terminated on 11/22 (outlandisher.pw): They can get millions of different email accounts herehttps://sendgrid.com/marketing/sendgrid-services-cro/ Try it out! Send 40,000 emails for 30 days, then 100/day forever. Sign up for free. No credit card required. Share this post Link to post Share on other sites
Hanco 0 Posted November 24, 2019 Pleased to see “hwManyMore.com” was shut down. That one wen on too long. There are so many domains in this racket though smh. Share this post Link to post Share on other sites