Jump to content
Sign in to follow this  
wraymond

[at]spamcop.net ... spammers back door

Recommended Posts

Hello

Just to report that I am getting tons of spam daily (4-5 messages spam for every legit message) with the spammers using my own [at]spamcop.net email address. This seems to be a back door of sorts. I've tried putting my own email address[at]spamcop.net on my black list, but this doesn't seem to work (i.e. the blacklist wont work with my own [at]spamcop.net address ??)

N.B. I do not use the [at]spamcop.net address as a return address, but forward mail from other addresses to the spamcop.net account for screening.

Help!

Walter

:ph34r:

Share this post


Link to post
Share on other sites

Walter,

Are you 100% sure that your address isn't also on your whitelist? Here's an announcement that's currently on the SC webmail login screen:

Dec 5, 2008

[16:01 EST] Lots of users have their own email address in their personal whitelist. This is a problem because spammers often send you spam that is forged with your own email address as the return address. Please make sure that you don't have your own email address on your personal whitelist because if it is, this spam will be whitelisted and delivered to your inbox.

Check the headers of one of the spam messages that's "from" your address for a "whitelisted" line. If that's not the case, it would be helpful if you would run one of them through the SC reporting system and post a Tracking URL here for us to visit. If you want to avoid exposing your own email address, you can first redact it in the raw source and then paste the redacted message into the web-based reporting form at:

http://mailsc.spamcop.net/

Just be sure to cancel the reporting action after getting the Tracking URL (which will be near the top).

DT

Edited by DavidT

Share this post


Link to post
Share on other sites

Moderator edit: noting the lack of follow-up to a previous Topic, it only makes sense to merge this "new" Topic right back into the same user's previous 'new' Topic ... most of the answers are the same at this point. Lack of data is the primary issue as far as any attempt to 'help' .....

Hello

I'm now getting more spam messages than real email in my mailbox. Is the Spamcop spam filter broken?

Subject headings are obviously spam "enhancements" ... "pharmacy" etc.

What gives?

:unsure:

Edited by Wazoo

Share this post


Link to post
Share on other sites
I'm now getting more spam messages than real email in my mailbox. Is the Spamcop spam filter broken?

Subject headings are obviously spam "enhancements" ... "pharmacy" etc. ...

Hi Walter,

What is your response to DavidT's queries - http://forum.spamcop.net/forums/index.php?...ost&p=68090 - on your last post? Is this any different to what you were talking of then? A Tracking URL would still be a good way to discuss this.

Share this post


Link to post
Share on other sites
I'm now getting more spam messages than real email in my mailbox. Is the Spamcop spam filter broken?

Subject headings are obviously spam "enhancements" ... "pharmacy" etc.

What gives?

You are a paid user, yes? How long has this been happening? How many spams are actually getting stopped by SpamCop vs. those that get by it? Do you have numbers for any of this? Do you have examples of the spam that got past SpamCop that you can post via tracking URL?

-- rick

Share this post


Link to post
Share on other sites
I'm now getting more spam messages than real email in my mailbox. Is the Spamcop spam filter broken?

Subject headings are obviously spam "enhancements" ... "pharmacy" etc.

What gives?

Not enough info

Most likley you have whitelisted your own email address

in the headers (View source)

X-SpamCop-Checked: 111.111.111.111

X-SpamCop-Whitelisted: yourEmail

Share this post


Link to post
Share on other sites
<snip>

I'm now getting more spam messages than real email in my mailbox.

<snip>

...Okay, let's eliminate an assumption: when you write "in my mailbox," are you referring to:
  1. your SpamCop e-mail Inbox [which is what I think everyone who has replied to you so far has been assuming]?
  2. some other SpamCop e-mail folder?
  3. something else entirely?

Share this post


Link to post
Share on other sites

Hello

Follow up on earlier message. 5 new messages this morning, 4 spam 1 real !

Here are the subject headings for the spam messages that got through spamcop:

QuickLawn Grass Seed. Buy 1 Get 1 Free

Dont break the bank with unforseen auto repairs. Extend your warranty today

She opens her hole like a window. typewritist

JOB OFFER/REGIONAL MANAGER!!

Not sure how the spam filter at spamcop didn't catch these ??

Also, I have 55 pages on my white list, editing is a nightmare! Any way the list can be scanned for spammers or returned to zero for a fresh start?

Walter

This post was merged with existing topic. PM sent to poster

Edited by Miss Betsy

Share this post


Link to post
Share on other sites
Follow up on earlier message. 5 new messages this morning, 4 spam 1 real !

This post was merged with existing topic. PM sent to poster

Apparently, it's basically useless to respond to this user. Each visit to post seems to start with a 'new' Topic, apparently there is no thought or indication of any attempt to read other Topics/Discussions, most definitely his/her own previous queries. A few more of these and consideration will have to be given to removing posting privileges here.

Here are the subject headings for the spam messages that got through spamcop:

Pretty useless information, actually. Especially after the repeated suggestions of the use and provision of a Tracking URL.

Not sure how the spam filter at spamcop didn't catch these ??

And again, no real usable data has yet been provided.

Also, I have 55 pages on my white list, editing is a nightmare! Any way the list can be scanned for spammers or returned to zero for a fresh start?

Yes, but as seen, responding to your queries here has not yet been of any value thus far. It also seems apparent that you've not looked for/at any of the previous dialog on this subject either.

Wasting other people's time is not appreciated here. PM sent to user about the lack of follow-up on his part.

Share this post


Link to post
Share on other sites
Apparently, it's basically useless to respond to this user.

Sorry about any confusion my postings may have caused. Have only frequented the forum on about 3 occasions in the past 10 years (2 of these in the past few days.) -- the first in December ... I managed to sort out the problem and did report to the forum to report the cure (black listing my [at]spamcop.net address.)

my [at]spamcop.net address is NOT white BUT is blacklisted (I never use the address, so not a problem).

my mailbox is the spamcop.net mail POP3 box which I collect with Pegasus

I've checked the raw messages and find no references to white listing (for offending messages.)

Here are a couple of tracking URLs (I hope this is what you mean) from the spamcop reports:

Tracking link: ht tp://PHATFARMCLOT

HINGCOMPANYONLINE.INFO/bQGbVUbGngQVgLLUQUnUQbXnOqVLgGU

Tracking link: h ttp://www.at

man.hr/joomla/plugins/Banking/cef/

Will keep collecting these if this helps.

Walter

Moderator Edit: URLs broken, First one is an "unsubscribe" link, the other, I'm not even going to try to guess at, offers a login for investments, etc, easy to assume some sort of phishing site .... No reason to visit either page, neither link being a Tracking URL.

Edited by Wazoo

Share this post


Link to post
Share on other sites
Here are a couple of tracking URLs (I hope this is what you mean) from the spamcop reports:

Will keep collecting these if this helps.

Sorry. Not even close, As a matter of fact, those provided URLs have been munged out by me to prevent others from clicking on them for whatever reason. The term "Tracking URL" can be found on any successful parse result page, defined n the Dictionary, Glossary, SpamCop FAQ (here), and the SpamCop WIki, in addition to the literally thousands of times it has been posted about in so many previous Topics and Discussions within this Forum.

Share this post


Link to post
Share on other sites

Not sure how the spam filter at spamcop didn't catch these ??

I'm going with the teach a man to fish method...

Look at the headers of the messages (in webmail, use "Message Source" link or Headers: Show All Headers link). Look for the following headers:

X-spam-Checker-Version:

X-spam-Level:

X-spam-Status:

X-SpamCop-Checked:

X-SpamCop-Whitelisted:

X-SpamCop-Blacklisted:

X-SpamCop-Blocked:

Those headers, along with your setting on your email filtering blacklist menu will tell you everything about why the messages made it through.

Since I turned on greylisting, the only spam I have had has come through my (never used) ISP account. The last 4 days worth are shown below... all had SpamAssassin scores less than 3 and the IP's are not blocklisted (probably sent by corrupted desktop machines, confirmed by the parses and the fact they show up about noontime every day, likely when the computer is turned on), so they got through. I could lower my SpamAssassin level, but then risk having more valid messages get into my Held Mail folder.

1 Sun, 18 Jan 09 Jacklyn Ullrich Response to your vResume 3 KB

2 Sun, 18 Jan 09 jgumdrop4[at]lscp.com RDHC Polyethylene Glycol 8000 Topical Rksbia 2 KB

3 Mon, 19 Jan 09 nindiscreet2[at]fnbhuntsvilletx.com FQ0 pelvic c4 Fmishfec 2 KB

4 Tue, 20 Jan 09 asubjectiveu[at]opm.gov srl Or taoyxj 2 KB

5 Wed, 21 Jan 09 vmammaryx[at]checkernet.com DDFQ furrier Ggahnrc 2 KB

Share this post


Link to post
Share on other sites
<snip>

my mailbox is the spamcop.net mail POP3 box which I collect with Pegasus

<snip>

...If you're responding to my question, above, what I was trying to discover is: in which mail Folder are you finding these spam? Inbox? Held Mail?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×