Jump to content
Jericho

Reporting spam has no effect

Recommended Posts

Hello,

I am constantly receiving spam mails which I forward to SpamCop. The servers which are spamming are always the same (there are 3 or 4 different IP addresses), but reporting them again and again does not have any effect at all.
I expected to see these IPs on cbl.abuseat.org. But this does never happen, no matter what I do. The reports won't even show up on https://www.spamcop.net/w3m?action=inprogress

Some examples:

https://www.spamcop.net/mcgi?action=gettrack&reportid=7067133986
https://www.spamcop.net/mcgi?action=gettrack&reportid=7066822721
https://www.spamcop.net/mcgi?action=gettrack&reportid=7066820443
https://www.spamcop.net/mcgi?action=gettrack&reportid=7066812495

I also noticed that my average reporting time never drops below 4 hours, no matter how fast I submit my reports.

Is there something wrong? Please advise.

Share this post


Link to post
Share on other sites
18 hours ago, Jericho said:

Is there something wrong? Please advise.

Need a Tracking URL to look before you submit it's on page top
SpamCop v 5.1.0 © 2020 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6638897535zab568c7aa78b449e543f0c2ef2712cf7z
Skip to Reports

Share this post


Link to post
Share on other sites
Posted (edited)

It seems Spamcop no longer has the clout it had some years ago. I still report, but nothing usually gets done from most of those service providers. Also to get blocked, it has to be a few people reporting (not sure of the number of reports) the same spammer on the same IP address.

I used to get 10+ spams a day from one provider. The fact the spams came from sequential  IP addresses tells me the provider is in cahoots with the spammer. I then tried some other block lists. After reporting, I would see the spammer IP addresses listed in various spam lists, and blocking services I was using on the email server, but for some unknown reason the spam/IP address was not being blocked. 

I gave up on block lists and started just blocking that provider IP range. Then I got confirmation the provider is in cahoots with the spammer, when I started getting more batches of spam from another of their data centers in the same manner as before.

 

 

 

Edited by KNERD

Share this post


Link to post
Share on other sites

spam keeps coming in from these servers. Reporting them to Spamcop is pointless as long as the IP addresses won't show in the blocking lists.

Share this post


Link to post
Share on other sites
Posted (edited)
13 hours ago, Jericho said:

spam keeps coming in from these servers. Reporting them to Spamcop is pointless as long as the IP addresses won't show in the blocking lists.

The German abuse desk is BlackHat ignoring many, many SpamCop reports
Report to their CERT http://www.s-cert.de/eng/ email is in weblink tell in notes,
"Criminal  phishing, blackmail threat spam, no unsubscribe, bogus valid reply address to innocent parties"
their reply address is valid but Bogus goes to innocent party, a restaurant
It is a non-registered Website no registra?
http://195.62.32.155/#contact  - contact@195.62.32.155 is bogus not valid
Include weblinks in report? which to me also seem bogus links to innocent parties
Select TAB Preferences
Show Technical Details during reporting
Simple output
Show technical data


Their provider https://xsserver.eu 
Seem dodgy as well?
Registrant: NOT DISCLOSED! Visit www.eurid.eu for webbased WHOIS.
has a facebook page 
https://www.facebook.com/XSServer

Edited by petzl

Share this post


Link to post
Share on other sites

I already contacted xsserver via facebook and complained about spam. Messages are read but not replied.

Why are the IPs not included in the Spamcop blocking lists?

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, Jericho said:

I already contacted xsserver via facebook and complained about spam. Messages are read but not replied.

Why are the IPs not included in the Spamcop blocking lists?

German ISP's are notorious for not replying!
Facebook page is not that active
SC blocklist is too forgiving
Reports go back to "Submitted: 5/19/2020, 5:08:58 AM +1000:"
But don't appear to be hitting spamtraps

Edited by petzl

Share this post


Link to post
Share on other sites

Woukd a staff member please double-check this.
spam from xsserver.gmbh is still increasing.

I believe SpamCop does not work properly, at least for my account. As the servers won't appear on the blocking list, reporting them again and again is pointless.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, Jericho said:

Woukd a staff member please double-check this.
spam from xsserver.gmbh is still increasing.

I believe SpamCop does not work properly, at least for my account. As the servers won't appear on the blocking list, reporting them again and again is pointless.

Just include "S-CERT[AT]S-CERT[DOT]de" in your reports. xsserver.gmbh seem crooked to me?
The idea is to get better than SpamCop
include in notes

"Criminal  phishing, blackmail threat, abuse@xsserver.gmbh ignore abuse reports. no unsubscribe, bogus but valid reply address go to innocent parties"
their reply address is valid but Bogus goes to innocent parties, eg. a restaurant
It is a non-registered Website no registra?
http://195.62.32.155/#contact  - contact@195.62.32.155 is bogus not valid


If you own your own server try blocking  '195.62.32.0 - 195.62.33.255' IP range. bounce to abuse@xsserver.gmbh criminal activity!

Edited by petzl

Share this post


Link to post
Share on other sites
12 hours ago, petzl said:

Just include "S-CERT[AT]S-CERT[DOT]de" in your reports. xsserver.gmbh seem crooked to me?
The idea is to get better than SpamCop
include in notes

"Criminal  phishing, blackmail threat, abuse@xsserver.gmbh ignore abuse reports. no unsubscribe, bogus but valid reply address go to innocent parties"
their reply address is valid but Bogus goes to innocent parties, eg. a restaurant
It is a non-registered Website no registra?
http://195.62.32.155/#contact  - contact@195.62.32.155 is bogus not valid


If you own your own server try blocking  '195.62.32.0 - 195.62.33.255' IP range. bounce to abuse@xsserver.gmbh criminal activity!

S-CERT replied they are not concerned, because this problem has nothing to do with the German Sparkasse (financial business) IT.

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, Jericho said:

S-CERT replied they are not concerned, because this problem has nothing to do with the German Sparkasse (financial business) IT.

They did not give the nation cert contact? How German of them.
Look up the right one from this list (click view all)
https://www.first.org/members/teams/
Very bureaucratic Germans are.
maybe this one? EU I think?
https://www.bsi.bund.de/EN/TheBSI/Contact/contact_node.html
bsi[AT]bsi.bund[DOT]de

Edited by petzl

Share this post


Link to post
Share on other sites
On 6/24/2020 at 3:05 AM, Jericho said:

I also noticed that my average reporting time never drops below 4 hours, no matter how fast I submit my reports.

I probably have a million plus reports of the past few decades that sure keep my average up.

 

On 6/27/2020 at 10:52 PM, Jericho said:

Why are the IPs not included in the Spamcop blocking lists?

I believe I saw the term snowshoe spamming. that explains this.  I have about a thousand of my own spamtrap email accounts and one thing I noticed is that the IP never seems to be repeated.  If you look at what Lking sent above, the spammer is doing that do they will not get listed.  Can be amazing how many IP blocks are out there that they can use with this "hopping" method.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×