Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by lartingyou

  1. My work email was moved in the past month to the cloud (outlook.office365.com) from a previous (local) office exchange server. My email address didn't change, but the server configuration did. So, obviously I needed to reset my mailhost config. However, when I tried to re-set (delete then add) the mailhost for my (existing) email, SpamCop only saw the former configuration (it doesn't see any office365 servers). Despite that, when I try to reconfigure SpamCop anyway for my work email address, after copying the "account configuration email" I correctly received, SC barfs the following message: "AAA" is not the real part of the host address (I'm trying to keep anonymity). I'm not sure if this is error is due to the "newness" of the configuration, or the fact that the office365 does use some internal servers that aren't visible outside? Anyway, I'm not able to report spams sent to my work email in the current situation. It's likely my employer's email system is not properly configured, but I am trying to understand why SpamCop doesn't "see" office365 in the new setup. How does (should) SpamCop know that the emails are now on Office365?
  2. TinyURL.com links get reports sent by SC to abuse@cloudflare.com, who do nothing saying they're not responsible for content that's not hosted on their site. However, my private LARTs sent to abuse@tinyurl.com result in quick shutdowns. Shouldn't SC use it? Does that address refuse SC emails? If not, I kindly request configuring SC to send there instead of cloudflare. Cheers!
  3. I'm not sure why you cite the terms of Tiny.cc -- Tinyurl.com is not the same system. If abuse@tinyurl.com don't like reports, don't we usually see that in the spam processing report?
  4. I tested the abuse@tinyurl.com link again today (without going through spamcop). They shut down the URL within one hour. Shouldn't SpamCop's default address be abuse@tinyurl.com for those links? Sorry if this is the wrong forum (I should have asked in http://forum.spamcop.net/forum/39-routing-report-address-issues/ ?) I've been off this site for too long
  5. The link was shutdown already. My guess is abuse@tinyurl.com is effective.
  6. I have one piece of .RU spam "Are you looking for some fun dates?" that alternates between tinyurl and bitly whenever one or the other mole gets whacked. I sent manual larts to abuse@tinyurl.com and one link got stopped for spam (it clearly says it when you visit the link, although I never got any ack on the larts, so I'm dubious which vector made it happen). There had been over 10 reports for the same URL sent to the cloudflare address over 2 weeks. I'm trying again with a fresh link to see if it makes a difference. I can report back if it's useful.
  7. Hello - abuse@cloudflare.com receives the reports for tinyurl.com spam links, e.g. https://www.spamcop.net/sc?track=https%3A%2F%2Ftinyurl.com%2F , yet my searches with Google show that abuse should go to abuse@tinyurl.com -- is there a reason it's not using the abuse address? Cloudflare seems to be ignoring reports (I report the same tinyurl links for weeks and they're still being used by spammers). Also,
  8. I got a spam this morning, and when I tried to report it, it said netops-ironport[at]cisco.com was the address... but, in the end it just bounces. That is ironic, no? From https://www.spamcop.net/sc?id=z6154803852zb0fee552131aa619c626149cecf5f2f0z
  9. Does anyone know if SURBL takes this phenomenon into consideration? That is, mow.so (or whatever lax shortener) will start to show up on block lists. That's how it's supposed to work, right? EDIT: I just checked SURBL, and mow.so is on SURBL lists: JP SC
  10. Wikipedia has some info about filtering misdirected bounces (aka backscatter): http://en.wikipedia.org/wiki/Backscatter_%28email%29#Filtering_backscatter If it's Russian spam, you may be experiencing a kind of backscatter that seems to be a feature of a spammer's software, perhaps to improve chances of passing a filter (that checks to see if the "from:" field is a real address) or to make sure that bounced spam ends up in a real mailbox. See the discussion/analysis here: http://profs.etsmtl.ca/cfuhrman/backscatter/ -- As others have said, there's probably not anything you can do about it.
  11. My bad! I've been away too long and made a "beginner" mistake. I edited the original post above to fix this. Come to think of it, so many people make this mistake that perhaps the "past reports" UI could also provide tracking links. Engineers can recognize a bad design when enough people are making the same mistake.
  12. Hello, I'm chiming in because I've been receiving academic spams (promotion of conferences) out of a Jordanian university using a dirty list for some time. The parses always get a nomaster at devnull for the sending host mail1.just.edu.jo whose IP is Here are examples: [edited to provide proper tracking links] https://www.spamcop.net/sc?id=z6024914306ze257ce5d677054e5ca27c8613c3b4074z https://www.spamcop.net/sc?id=z6034533535z3caace670fe85aa1999af4182a003d4fz https://www.spamcop.net/sc?id=z6032268933zec6ff5cebc9582e426c400d05bcb3c1fz https://www.spamcop.net/sc?id=z6025536261z292043ba8f3b15572f5f8ce5b1cec804z https://www.spamcop.net/sc?id=z6033078631zf3c93670b9d6c39976520477bb952c44z I'm willing to do the legwork to fix the problem, but want some advice on how to proceed. Do I need to contact an admin at mail1.just.edu.jo to point out that their RIPE info is wrong? Do I have a snowball's chance in Hades of making a difference? I'm getting pings back from semi-innocent bystanders whose URLs are spamvertized, but I realize the real force of SC is not being properly applied. Thanks for your advice in advance. EDIT: According to https://who.is/whois-ip/ip-address/ :
  13. Hi, I've been getting spams through an AOL.com (AIM.com) email since November 2011 which I've reported systematically through SpamCop. Here's the latest one: http://www.spamcop.net/sc?id=z4857825360zf...a4b77fad38d3d6z Here are others: http://www.spamcop.net/mcgi?action=gettrac...rtid=5365764922 http://www.spamcop.net/mcgi?action=gettrac...rtid=5360315806 http://www.spamcop.net/mcgi?action=gettrac...rtid=5358946750 http://www.spamcop.net/mcgi?action=gettrac...rtid=5327874122 http://www.spamcop.net/mcgi?action=gettrac...rtid=5302594529 http://www.spamcop.net/mcgi?action=gettrac...rtid=5301055005 http://www.spamcop.net/mcgi?action=gettrac...rtid=5290730760 AOL has taken no action. I even managed to open a trouble ticket with postmaster.aol.com, and got someone about 6 weeks ago to admit the account was compromised. He said he was "escalating it to the appropriate person" but nothing has happened. Any advice? p.s. so sorry to learn about Miss Betsy. I used to contribute on the NNTP forum, but have been gone for around two years.
  • Create New...