Jump to content
Sign in to follow this  
petzl

Her's another brilliant thinker

Recommended Posts

We are not allowing use of spam blocking email accounts

Regards,

HotCopper

www.hotcopper.com.au <http://www.hotcopper.com.au>

________________________________

From: H Skinner [mailto:petzl[at]spamcop.net]

Sent: Sat 9/07/2005 7:34 PM

To: HotCopper.Support

Subject: my account suspended why?

:lol: a typical reason why they are FREE

Share this post


Link to post
Share on other sites
We are not allowing use of spam blocking email accounts

30068[/snapback]

Omygawd, they're real! Thought it was all a figment of your fevered imagination for a moment. Somewhere a whole heap of villages are missing their idiots (dreadfully).

Share this post


Link to post
Share on other sites

I have had a couple of similar experiences. In such situations, I sign up with another account that forwards to my SpamCop account.

People who are thinking about getting a new SpamCop email account should consider the cesmail.net or cqmail.net domain. You get the same kind of filtered email account, but without the notoriety of the SpamCop name.

Share this post


Link to post
Share on other sites

Being the kind of straightforward person that I am I sent a professional-style flame to the email address listed on the domain record for hotcopper.com only to discover (via their response) that they (a financial services unit) is no longer affiliated with hotcopper.com and that they, too, think blocking spam-protected accounts is pretty idiotic.

As of this morning the domain record was updated to reflect a surreptitious domain squatter that is now trying to sell hotcopper.com.

That explains why you got blocked all of a sudden. Domain squatters go hand-in-hand with the rest of the underbelly of the Net, such as spammers.

Share this post


Link to post
Share on other sites
As of this morning the domain record was updated to reflect a surreptitious domain squatter that is now trying to sell hotcopper.com.

30111[/snapback]

Excellent work Turmoyle!

Wayback doesn't seem to show any recent changes to hotcopper's actual webpage content, which I guess is another indication: http://web.archive.org/web/*/http://http:/...otcopper.com.au

There actually have been changes (link to the financial services unit removed, the "Top Ten postings feature added, together with a cute little invitation therein to "make a contribution" to the running costs via PayPal) so I guess the current occupier is banning archiving, for very good reason? This seems like a little more than just domain squatting to my untutored mind - running very close indeed to fraud - advertising is still being solicited as part of that possibility.

I note the contact detail (mailto) is unaltered. dnsstuff says about that address: "ERROR: A CNAME appeared in the MX records; this is not valid." whatever that means.

Anyway, reassuring in a way that it is not just stupidity at play, good old familiar greed seems to be in the mix (what a relief). Or am I too harsh?

Share this post


Link to post
Share on other sites
Being the kind of straightforward person that I am I sent a professional-style flame to the email address listed on the domain record for hotcopper.com only to discover (via their response) that they (a financial services unit) is no longer affiliated with hotcopper.com and that they, too, think blocking spam-protected accounts is pretty idiotic.

As of this morning the domain record was updated to reflect a surreptitious domain squatter that is now trying to sell hotcopper.com.

That explains why you got blocked all of a sudden.  Domain squatters go hand-in-hand with the rest of the underbelly of the Net, such as spammers.

30111[/snapback]

This is with Hotcopper.com.au (Australia) Seems most of the sensible imput is moving away from them at any rate (at least the ones I follow have moved)

Share this post


Link to post
Share on other sites
This is with Hotcopper.com.au (Australia) Seems most of the sensible imput is moving away from them at any rate (at least the ones I follow have moved)

30121[/snapback]

Gads, you're right - Turmoyle is evidently talking about hotcopper.com with a "for sale" note on its masthead. OK, I take back what I said in my last posting - the .au people aren't revealed to be bordering on the larcenous at all, merely stupid in the matter of their email policy.

Just as an opinion, the quality of the later postings there do not seem to be high (unsubstantiated opinion, just like this posting ;-) and there is little to nothing evident in the way of moderation. Taken together, the justification for the site's existence is hard to see - looking elsewhere is probably a good move.

Edited by Farelf

Share this post


Link to post
Share on other sites

Right you are. My original mail was to hotcopper.com.au which is fronted by a financial services company, and they let me know they no longer had any affiliation with that domain and also agreed that blocking anti-spam accounts is idiotic. However, it was before my first cup of coffee in the morning when I read their response and when I looked up the domain again I did it with hotcopper.com rather than hotcopper.com.au.

That's my mistake and I apologize.

The domain record for hotcopper.com.au indeed still shows the same financial services unit behind it, I've since deleted the email they sent me (shame on me) but in it they provided a link to a press release on hotcopper.com.au that mentioned they had been purchased by a 3rd party and weren't sure they would continue offering any of their services.

Sorry again for the mixup but the bottom line is that hotcopper.com.au has been spun off from its originator and subsequently purchased by a 3rd party that hasn't decided what they're going to do with it yet.

Share this post


Link to post
Share on other sites
The domain record for hotcopper.com.au indeed still shows the same financial services unit behind it,  I've since deleted the email they sent me (shame on me) but in it they provided a link to a press release on hotcopper.com.au that mentioned they had been purchased by a 3rd party and weren't sure they would continue offering any of their services.

30130[/snapback]

I gave them an email address my present "provider" dumped me with and it is now getting stock spam within 24 hours of giving HotCopper. That email address which I had not used? So (IMO) either Hotcopper are selling email addresses or personal information is somehow being scraped? This imformation is not available to public.

Of course it may be (wink wink nod nod) extreme outside probability/odds that it is coincidence and also that the spammer is touting stocks (from USA ip 70.110.82.170 with an invalid reply address tj8ca<AT>verizon.net)

Just proves NEVER give out a legit email address to people first contact use a free through away with a (like)HaRd_2_Guess<at>hotmail<DOT>com one

Edited by petzl

Share this post


Link to post
Share on other sites
Just proves NEVER give out a legit email address to people first contact use a free through away with a (like)HaRd_2_Guess<at>hotmail<DOT>com one

30140[/snapback]

I have yet to have found anyone turning down a sneakemail address. They're unique, trackable, you can organize them, access them all with a single login, and turn them off whenever you want. Scraping is a possibility, either from your or their machine if infected. See one of my past threads on a scraped sneakemail address here: who would spam a sneakemail?

<plug> Get a sneakemail account here: http://sneakemail.com</plug>

Share this post


Link to post
Share on other sites
I have yet to have found anyone turning down a sneakemail address.

30153[/snapback]

I have found some, and it is time-consuming to de-sneakemail-ify spam emails.

Share this post


Link to post
Share on other sites
it is time-consuming to de-sneakemail-ify spam emails.

30154[/snapback]

under what conditions do you need to de-sneakemail-ify? SC handles them well enough to get the proper source off the headers (at least that I've seen). Edited by Jank1887

Share this post


Link to post
Share on other sites
under what conditions do you need to de-sneakemail-ify?  SC handles them well enough to get the proper source off the headers (at least that I've seen).

30157[/snapback]

Sure, but it reveals some info. Here's an example of what I mean (munged for the web). First, the original email as received at the Sneakemail server:
Return-Path: x<at>spamcop.net

Received: from c60.cesmail.net (HELO c60.cesmail.net) (216.154.195.49)

by mail.sneakemail.com with SMTP; 13 Jul 2005 15:44:10 -0000

Received: from unknown (HELO gamma.cesmail.net) (192.168.1.20)

  by c60.cesmail.net with SMTP; 13 Jul 2005 11:44:08 -0400

Received: (qmail 23585 invoked by uid 99); 13 Jul 2005 15:44:08 -0000

Received: from cpe-24-193-127-128.nj.res.rr.com

(cpe-24-193-127-128.nj.res.rr.com [24.193.127.128]) by webmail.spamcop.net

(Horde) with HTTP for <x<at>spamcop.net<at>cesmail.net>; Wed, 13 Jul 2005

11:44:08 -0400

Message-ID: <20050713114408.ezdpbwcs4ggs8040<at>webmail.spamcop.net>

Date: Wed, 13 Jul 2005 11:44:08 -0400

From: "Jeff G." <x<at>spamcop.net>

To: v48nrle02<at>sneakemail.com

Subject: 11:44 test

User-Agent: Internet Messaging Program (IMP) 4.0-cvs

This is a test.

Next, the email as received at the next server:
Return-Path: <pvrmijkp1m0t<at>sneakemail.com>

Received: from unknown (HELO monkey.sneakemail.com) ([38.113.6.61])

          (envelope-sender <pvrmijkp1m0t<at>sneakemail.com>)

          by pre-smtp05-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP

          for <x<at>example.com>; 13 Jul 2005 15:44:18 -0000

Received: (qmail 16311 invoked by uid 501); 13 Jul 2005 15:44:10 -0000

Received: from c60.cesmail.net (HELO c60.cesmail.net) (216.154.195.49)

by mail.sneakemail.com with SMTP; 13 Jul 2005 15:44:10 -0000

Received: from unknown (HELO gamma.cesmail.net) (192.168.1.20)

  by c60.cesmail.net with SMTP; 13 Jul 2005 11:44:08 -0400

Received: (qmail 23585 invoked by uid 99); 13 Jul 2005 15:44:08 -0000

Received: from cpe-24-193-127-128.nj.res.rr.com

(cpe-24-193-127-128.nj.res.rr.com [24.193.127.128]) by webmail.spamcop.net

(Horde) with HTTP for <x<at>spamcop.net<at>cesmail.net>; Wed, 13 Jul 2005

11:44:08 -0400

Message-ID: <20050713114408.ezdpbwcs4ggs8040<at>webmail.spamcop.net>

Date: Wed, 13 Jul 2005 11:44:08 -0400

From: "Jeff G. x-at-spamcop.net |scforumtest1 2005/07/13|" <pvrmijkp1m0t<at>sneakemail.com>

To: v48nrle02<at>sneakemail.com

Subject: 11:44 test

User-Agent: Internet Messaging Program (IMP) 4.0-cvs

X-Sneakemail-Label: scforumtest1 2005/07/13

X-Sneakemail-Address: v48nrle02<at>sneakemail.com

X-Sneakemail-Rcpt: v48nrle02<at>sneakemail.com

X-Sneakemail-Keyword:

X-Sneakemail-Return-Path: x<at>spamcop.net

X-Sneakemail-From: "Jeff G." <x<at>spamcop.net>

X-Sneakemail-Return-Phrase:

X-Sneakemail-Is-Sneakemail: yes

X-Sneakemail-Folder-Path: Desktop/2005/07

X-Sneakemail-Inc-Phrase:

This is a test.

Next, a preview of a report of the email without munging:
Return-Path: <pvrmijkp1m0t<at>sneakemail.com>

Received: from unknown (HELO monkey.sneakemail.com) ([38.113.6.61])

          (envelope-sender <pvrmijkp1m0t<at>sneakemail.com>)

          by pre-smtp05-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP

          for <x<at>example>; 13 Jul 2005 15:44:18 -0000

Received: (qmail 16311 invoked by uid 501); 13 Jul 2005 15:44:10 -0000

Received: from c60.cesmail.net (HELO c60.cesmail.net) (216.154.195.49)

by mail.sneakemail.com with SMTP; 13 Jul 2005 15:44:10 -0000

Received: from unknown (HELO gamma.cesmail.net) (192.168.1.20)

  by c60.cesmail.net with SMTP; 13 Jul 2005 11:44:08 -0400

Received: (qmail 23585 invoked by uid 99); 13 Jul 2005 15:44:08 -0000

Received: from cpe-24-193-127-128.nj.res.rr.com

(cpe-24-193-127-128.nj.res.rr.com [24.193.127.128]) by webmail.spamcop.net

(Horde) with HTTP for <x<at>spamcop.net<at>cesmail.net>; Wed, 13 Jul 2005

11:44:08 -0400

Message-ID: <20050713114408.ezdpbwcs4ggs8040<at>webmail.spamcop.net>

Date: Wed, 13 Jul 2005 11:44:08 -0400

Wrom: ONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDO

To: v48nrle02<at>sneakemail.com

Subject: 11:44 test

User-Agent: Internet Messaging Program (IMP) 4.0-cvs

X-Sneakemail-Label: scforumtest1 2005/07/13

X-Sneakemail-Address: v48nrle02<at>sneakemail.com

X-Sneakemail-Rcpt: v48nrle02<at>sneakemail.com

X-Sneakemail-Keyword:

X-Sneakemail-Return-Path: x<at>spamcop.net

X-Sneakemail-Wrom: TWFAOBUZXUWLSZLKBRNVWWCUF

X-Sneakemail-Return-Phrase:

X-Sneakemail-Is-Sneakemail: yes

X-Sneakemail-Folder-Path: Desktop/2005/07

X-Sneakemail-Inc-Phrase:

This is a test.

Next, a preview of a report of the email with munging:
Return-Path: <pvrmijkp1m0t<at>sneakemail.com>

Received: from unknown (HELO monkey.sneakemail.com) ([38.113.6.61])

          (envelope-sender <pvrmijkp1m0t<at>sneakemail.com>)

          by pre-smtp05-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP

          for <x<at>example.com>; 13 Jul 2005 15:44:18 -0000

Received: (qmail 16311 invoked by uid 501); 13 Jul 2005 15:44:10 -0000

Received: from c60.cesmail.net (HELO c60.cesmail.net) (216.154.195.49)

by mail.sneakemail.com with SMTP; 13 Jul 2005 15:44:10 -0000

Received: from unknown (HELO gamma.cesmail.net) (192.168.1.20)

  by c60.cesmail.net with SMTP; 13 Jul 2005 11:44:08 -0400

Received: (qmail 23585 invoked by uid 99); 13 Jul 2005 15:44:08 -0000

Received: from cpe-24-193-127-128.nj.res.rr.com

(cpe-24-193-127-128.nj.res.rr.com [24.193.127.128]) by webmail.spamcop.net

(Horde) with HTTP for <x>; Wed, 13 Jul 2005

11:44:08 -0400

Message-ID: <2005_______________________8040<at>webmail.spamcop.net>

Date: Wed, 13 Jul 2005 11:44:08 -0400

Wrom: ONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDO

To: x

Subject: 11:44 test

User-Agent: Internet Messaging Program (IMP) 4.0-cvs

X-Sneakemail-Label: scforumtest1 2005/07/13

X-Sneakemail-Address: x

X-Sneakemail-Rcpt: x

X-Sneakemail-Keyword:

X-Sneakemail-Return-Path: x<at>spamcop.net

X-Sneakemail-Wrom: TWFAOBUZXUWLSZLKBRNVWWCUF

X-Sneakemail-Return-Phrase:

X-Sneakemail-Is-Sneakemail: yes

X-Sneakemail-Folder-Path: Desktop/2005/07

X-Sneakemail-Inc-Phrase:

This is a test.

Note the instances of pvrmijkp1m0t<at>sneakemail.com (the sneaky from address), x<at>example.com (the real to address), x<at>spamcop.net (the real from address), x<at>spamcop.net<at>cesmail.net (an adaptation of the real from address), v48nrle02<at>sneakemail.com (the sneaky to address), pre-smtp05-02.prod.mesa1.secureserver.net (the mailserver of the to address), and scforumtest1 2005/07/13 (the sneaky label). Also note that pre-smtp05-02.prod.mesa1.secureserver.net, x<at>example.com, pvrmijkp1m0t<at>sneakemail.com, and scforumtest1 2005/07/13 (all of which a munger would consider confidential) are unmunged in the supposedly munged preview of a report.

Also, what's this "Wrom" business?

Share this post


Link to post
Share on other sites

let me make sure I followed that: you used your rr.com dialup/cable/etc to send an email via SC webmail to a test sneakemail account (v48nrle02<at>sneakemail.com), which forwards to one of your real email addresses (x<at>example.com).

the main problem I notice is that x<at>example.com is left in that received line. That's the address you were trying to protect with this whole process. That seems to be a parser error, or...??? No sneakemail spam I've ever parsed has left a for address in a received line. Just tested one now to be sure, and it x'd it out. Here's the SC munged last received from the test I just did:

Received: from monkey.sneakemail.com (sneakemail.com [38.113.6.61])
        by mx.gmail.com for x with SMTP id k4si944406rnd.2005.07.13.11.39.27;
        Wed, 13 Jul 2005 11:39:27 -0700 (PDT)

No problems here. Does it have something do do with the way secureserver.net records the received line? It seems any problems with that parse are in that one last (last in the chain) received line.

The other addresses: pvrmijkp1m0t<at>sneakemail.com, is sneakemail's alias for the original from address. Not too important for munging, as all it could reveal is the From address (real or forged), which is elsewhere in the headers, and which SC normally doesn't munge anyway. Also, the destination server isn't typically munged by SC.

Now, what is most alarming in yours is the received line with the valuable address. That still seems odd to me that SC didn't X it. With the sneakemail spams in general, you notice SC doesn't munge anything in an X-header line. If you're trying to avoid listwashing, you'd want to get the v48nrle02<at>sneakemail.com out of there.

This brings up a good point: if I sent spam to someone, and put their real email address in an X-header line, would it get munged by SC? If not, why not, as I just easily defeated any SC munging? If so, why wouldn't it get any other email addresses out of x-headers? It doesn't seem to limit itself to single To addresses. I have a couple aliases set up, and if multiple valuable addresses appear throughout the headers, they always get munged...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×