Jump to content

Recommended Posts

Another year, another onslaught. This example of a spam which fools SpamCop:

https://www.spamcop.net/sc?id=z6711267418zdf68ad337aa8e4fc8dd805e6bbd5cb6dz

is one of a particularly nasty sort of spam, which scares the living daylights out of ordinary mail users, who believe that their "accounts have been hacked" and are spooked into giving Heaven knows what away to the criminals who send these spams.

Which all scares people away from communicating by e-mail, the simplest, cheapest and safest means of communication mankind ever invented, and drives them into "social media", "whatsapps" and all sorts of programmes which are more expensive and far less safe.

Can we see a tendency here?

Can SpamCop Admin investigate why this, and a number of similar spams, are failing to parse?

Something of a spam storm seems to be going on, with all sorts of sudden failures of SpamCop reports.

Yes, I did my mailhosts.

Thanks,

Spamnophobic
 

Share this post


Link to post
Share on other sites

I have seen this lately when the spammer is using the same provider as one of my mailhosts.  I just go and delete the related mailhost, submit and then I can put it back on.  Annoying when the spammers start sending me spam from the providers I use .

Mailhost configuration problem, identified internal IP as source

 

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, Spamnophobic said:

Another year, another onslaught. This example of a spam which fools SpamCop:

https://www.spamcop.net/sc?id=z6711267418zdf68ad337aa8e4fc8dd805e6bbd5cb6dz

There is only one IP in headers
185.148.67.27 is a botnet abuse[AT]satpol[DOT]pl is this your email provider?
The machine using this IP is infected with malware that is emitting spam, or is sharing a connection with an infected device.
We believe this malware to be of the gamut family.
https://check.spamhaus.org/listed/?searchterm=185.148.67.27
 

Edited by petzl

Share this post


Link to post
Share on other sites

Thank you all for your speedy replies.

@gnarlymarley 185.148.67.27 is definitely not one of my mailhosts as my latest mailhosts refresh confirms. I don't doubt that it is infected as Petzl says.

@Petzl Thanks for your info on this machine. Somehow it seems to have fooled SpamCop into thinking it is one of my mailhosts. This happened to me before (and a number of other SpamCop users as I understood), and was only finally solved after administrative action by SpamCop staff. I would rather not elaborate on the technical details here, following advice by SpamCop administrators. But it was definitely a spammer trick to try to disable SpamCop reporting. Obviously this latest round of scare mails is potentially a lucrative business for these criminals and they really hope that this sort of action on (may I call them "Scareware" mails?) will hold off spam blocking long enough for them to have terrified many users worldwide into giving away, as I said, Heaven knows what.

SpamCop admin, methinks urgent action is once again required. See my previous thread on this problem. Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×