Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by nei1_j

  1. Hi LKing. You wrote: > I don't know you. Well, we've never been formally introduced. But since my social graces stink, I'd better leave it to someone else. "Administrator." Cool. Thanks for serving. Hi Gnarley. OK about Yahoo servers. But this has been happening, occasionally, with Yahoo for sooooo long. If it's their problem, then I guess they're uninterested in doing anything about it. Personally, I set my clocks almost often enough that I should talk to my shrink about it. Too bad their "wrong time" isn't some time in the future. Then I could get extra-credit for reporting spam that hasn't even been sent yet. Or something like that. -n- https://smokymountains.com/fall-foliage-map/
  2. I remember when the gmail spam folder stopped being empty all the time. But so far, no non-spams in my spam folder(s). That would be an awful turn of events, as they evolve from doing everything well to not doing anything right.
  3. Received: from (EHLO sequencemarket.pw) by with SMTP; Sat, 3 Oct 2020 21:33:50 +0000 X-Apparently-To: x; Sat, 3 Oct 2020 21:33:51 +0000 Date: Sat, 03 Oct 2020 17:32:47 -0400 (EDT) The header says this email was processed around 1700 Hours my local (Eastern) time, +0400. Other times are given as 2100 +0000. So the times are consistent. I know I checked for fresh spam multiple times last night. I don't know exactly when it showed up, but it didn't show up when it was processed. I just found the spam at 1000 hours, the day after, 17 hours after the spam was apparently processed. My hypothesis is that, for whatever reason, Yahoo held on to the spam for many hours, rending it useless for SpamCop reporting. Am I interpreting the timeline correctly, that Yahoo is delaying delivering spams? Anyone else notice this? Even before their last corporate takeover, I've seen this behavior from some Yahoo spams. Or, is it a trick by the spammer? Thanks, -n-
  4. Ok. So the whole "Received:" line is a forgery. If anyone's interested: https://www.spamcop.net/sc?id=z6643327190zb33a603c90f8edb039ee9fc7ef49ffd1z
  5. Hi Gnarly. Thanks for the reply. I think I understand some of that. Are you saying that Newegg was hacked?!? But what you say suggests that it would indeed be beneficial if I can send in those SpamCop reports ASAP. Perhaps if someone can invent a SpamCop Alarm, so that my computer would beep when stuff shows up in my spam folder. That would certainly cut down on my reporting delays.
  6. > ovh.net Me too. If you wanna hear a nightmare: I went to Googlemaps to find a doctor near me. I found a nearby listing, but the address was a private residence, but they provided a cellphone number. So I sent a text message with damn near my life's story in it, including my ever-clean [google] email address that I use for friends and family. One clue that the listing was fake was that the Dr.'s name was Dibbledydibble, or something like that. But, y'know, I needed a doctor, and who ever heard of people using Googlemaps to harvest information like that? That fake "doctor's" listing disappeared. Within a couple of days, I started getting ovh.net and some other spams to my "clean" email address. Anyway, google does a good job of keeping spam out of the Inbox. I haven't anti-spammed in a long time, but this guy forced me back into it with a vengeance. I'm even setting my alarm clock for 2:30 AM to catch his 1:30 AM spams, so I can report them Fresh. Based on this thread, I wouldn't expect this unstoppable behavior to come out of a civilized country as France. It's disappointing that there's no authority there to affect ovh.net. I just noticed, an interesting line from my most recent report: Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. []) by mx.google.com with ESMTPS id l3si5139590plb.379.2020. for <x> According to ipinfo.io, is ovh.net. They report a Canadian flag. The report was not copied to Newegg. I'll have to send a copy on my own. "Dear Newegg, I found your name in the header of a spam-email, if you might be interested..." I don't understand how the spammer got Newegg tied up with his shenanigans. Thanks for anti-spamming.
  7. Lancer, Yes sir. Let's give it a chance to see where this goes before we give up. -neil-
  8. I have an opinion. Isn't that intriguing? Most of the spam I submit is from Yahoo. My first Yahoo email address has declined into being useful as an exceptional spam-honeypot -- I think I clicked on an "Unsubscribe" link in it back in 1999. My other Yahoo addresses, including one from which I never sent ANYTHING, are also useful sources of spam. The combination of having Yahoo accounts and having signed up to make Spamcop-submissions is hopefully doing some good, somehow. If not in this dimension, then maybe the next. I think I submit Yahoo-spam differently. The Spamcop parser requires something from the "body" to be added after the header, with an empty line inbetween. The header is easy. Don't tell anybody I said so, but I just copy and paste the subject into my submission, after an empty line after the header, and I call that macarroni "Body." If the parser won't accept a submission without something like a body, then that's what I give it. Of course, the spambodies are where the spamdresses are, and now I'm not sending in any of them. There goes my moral credibility. But I like to think I got to that point honestly. I also used to pull out my hair because the parser frequently couldn't find obvious URLs in the bodies I submitted. When I ran out [of hair], I realized that the real value is to report the spam-source IP addresses. Hey, we're lucky if an ISP stops the account of a spammer, but even that isn't hardly a given, these days. I don't believe that any great detective resources are being devoted to turn spamdresses into arrests, fines, and jail-terms, so I stopped worrying about 'em. So when I'm done submitting the header (and the subject, twice), I haven't even opened the spam to see what they claimed to be selling. I don't care anymore. Happy just to disconnect computers sending the spam, then it won't matter what the spamvertisement addresses were. Today, I think that leaves us wanting ISPs to be more accountable for their users sending spam, pirate ISPs to be raided and put into cells with nothing more than childrens blocks to play with, and more SpamCop participation. https://0.s3.envato.com/files/135029.jpg The thing that brought me to the Forums today is that for the past couple of weeks, almost all of my spam have been from IP addresses that SpamCop can't determine their ISPs, so all the submissions go into the round-devnull-file. Network-tools.com, Robtex.com, and NirSoft.net's "IPNetInfo" utility have "no records" for the elusive IP addresses. What's being done about that? How are people getting connected to the Internet without any records, thereof? So, I'm looking around to see if anyone else has noticed the same increase in devnull reports, spams that aren't really submitted beyond SpamCop. As far as I can tell, each one represents a spam that someone is getting away with. best luck, -neil-
  9. Ugh. Link-in-the-body, it said "verizon.com." The parser couldn't see it. Pitiful.
  10. I can match that for absurdness. I got a plain-text link-in-body that was ".net." Even after reloading the parser a few times, I couldn't get the parser to notice it was a URL. I have trouble following directions, such as FarelF suggesting IPNetInfo as a DNS lookup tool. Instead, I've had http://network-tools.com/ bookmarked for a few decades. I select "Express," then fill in the URL, and click Go. Usually, it provides an "Abuse" email address (towards the bottom of the page), otherwise, there'll be another email address, which I'm happy to use in those cases. I've been using network-tools.com a lot, lately, and they haven't kicked me off, yet. It is, however, an extra step -- that takes extra time -- in the reporting of spam that wouldn't be necessary if the parser were working properly. --- I might have missed something... What was the general consensus about why Cisco refuses to properly maintain SpamCop, like a good netizen in their position would be expected to do? (E.g., can't handle URLs with "www" or .net...) Did they purchase it to kill it?
  11. Hey, thanks for looking me up. Wow, either you guys were up antispamming pretty early, or pretty late. Good; we need people to report the 3 AM spams "freshly." If I were a computer programmer and were required to provide a Russian version, I'd probably switch to flower arrangement. My spamcop account must have been given a higher priority in the parser after I bitched-&-moaned, because since then, I have not had a single link-in-body that the parser did not recognize as a URL. That's not to say that the links were all valid URLs. Most were not (according to the parser, "Can't be resolved"). But at least the parser recognized they were links and tried 'em all. Sometimes I wonder why a spammer would provide a non-working link. I'll have to email one of them and ask why; just kidding. Well, I guess the other possibility is that the links are "good," but the parser is a slacker at resolving them. I'm Reading Farelf's thread about the parser proclaiming that "links cannot be resolved": http://forum.spamcop.net/forums/index.php?showtopic=13285 So, we're looking at two potential problems with the parser. 1) The parser may have trouble recognizing a link-in-body, even if it's plain-as-day, which I was complaining about. 2) The parser may successfully recognize a link-in-body, but then pronounce "It cannot be resolved," even though it can. If we wanted to confirm if a link-in-body is good, the obvious thing to do would be try to browse to the spam-URL. If you can browse there, but the almighty Parser says the link "Cannot Be Resolved," then we have a problem, Houston. I think it would be best to use a honeypot computer to browse to spam-links, because you could find yourself in a dark, dirty, lonely, infectious corner of the Internet, and you don't want to risk, for instance, your primary computer. But if you browse there and get out alive, please tell us all what you saw there, if your anti-virus software went off like a pin-ball machine, and if you purchased any Viagra. As for the koi-8 problem, I haven't had any Russian URLs lately, but Karlisma has been getting his share, lately, and he sees that the parser is having severe problems processing KOI8-R links, even though the latest word is that it's supposed to be capable. So Karlisma, if you think it's a significant problem, I might recommend starting a new thread focusing on your observation, and send a PM (Private [or Provocative] Message) to "SpamCopAdmin", alerting him of the new thread. It's been years, but I recall SpamCopAdmin is a decent chap. We'll see what he can do. Best luck, -neil-
  12. Hi Farelf. How do you know the parser is incorrect when it says the URLs don't "resolve?" Are you thinking that it would be illogical for the spam to include a URL that doesn't resolve? Or perhaps, you're plugging the "un-resolvable" URLs into your browser, and you're raising an active website without any problem? You work too hard. Thanks, -neil-
  13. Hi petzl. Thanks for the IPNetInfo. It sounds like a more powerful parser than the one in SpamCop? Best luck, -neil- -------------------------------------------------------- Hi dbiel. Like neil, but different. SpamCop Wiki! That's news to me. Are you sure you don't want to rename it "SpamCop FAQ, The Next Generation?" I'll be reading you. But now, it's after midnight. Tomorrow. Best luck, -neil-
  14. Hi Farelf, Good to see you, in an alphanumeric sort of way. When I described my links-in-bodies not being found by the parser, I missed a relevant part of my spams' description. I "don't display images" in any of my email accounts by default, so I don't ever include miles of Base64 in my submissions. So, any links-in-bodies that I submit come from linked text, or if the URL was displayed in the body. Either as part of an html term, or just the URL without html complications. Either way, it's pretty plain text. So, what I submit for "bodies" is usually a very small bit of data. At least, a little plain text because SpamCop won't accept a submission unless there's something in the body. Even better, the URL of the phish or whatever, also in plain text. I don't know if those long miles of Base64 have URLs encoded in them, which might be a challenge for the parser to decode. But the URLs I submit are in plain text, frequently the only thing I'm submitting for a "body," and even a caveman could recognize they're URLs. And half the time, the parser doesn't report them. At the moment, I'm leaning towards the problem being a glitch at SpamCop. I need some experience to see if hitting my Refresh button will deliver those missing URLs to the parser output. Hope springs eternal. What started as an inquiry is losing its sheen; the important thing is to notify the ISP from whence comes the spam. Not so important is the URL that is unfortunate enough to be written into the [body of the] spam. And therefore, not so important if the parser has a challenge seeing it, for whatever reason / lack of reason. CU, -neil-
  15. Hi turetzsr, Your reply is so a cryptic and obtuse, so replete with jargon, so obviously uninterested in real communication, that there's not a lot of motivation to decipher or follow it. To top it off, you gave me a search term ("SpamCop reporting of spamvertized sites - some philosophy") that provides zero results in the Search function. Instead of providing me exercise, why not a working URL, instead? Or, gosh forbid, if you know the answer to the question and you notice there's a keyboard in front of you... So, to humor a little, I used the Search function for the unusual term, "philosophy," to see if that would bring me to your article. The first page of returns show zero topics with the word "philosophy" in it's title, so that didn't work either. To humor a little more, I searched again, this time just for the single word, "spamvertized." Ah-ha! Maybe did you mean to direct me to the article, "SpamCop reporting of spamvertized URLs?" So, you provided [only] a title to an article but not its URL, and you misnamed it. That's why the Search didn't work. Then, you spontaneously added a term into the alleged title that lead to more wasted time. I think you're not so serious about helping people with questions, or else you'd answer a question plainly, or at least lead people in the right direction instead of giving them silly puzzles. I recommend replacing your forum.spamcop time with watching more Star Trek. They have dozens of TV series' and movies, and I bet you need to catch up. Anyway, back to "SpamCop reporting of spamvertized URLs." I have problems with the thread -- it could be my dyslexia... 1) It seems to start off in the middle of a conversation. 2) I don't know what the jargon "spamvertized" in the thread's title means, so I'm not even given a chance to know what the subject is that they're talking about -- and remember, Turetzsr neglected to mention what's the subject of the article he's [allegedly] directing me to, so I share responsibility for not having a clue. 3) The discussion is very informal and meandering, it's certainly not a concise answer to the question. This is the answer you intended to give me? And I should mention, if it were just one bad answer directed to me, I'd just walk away. But this is an example of the chronic way that "help" is provided here, and it's a problem for a lot of people. So it deserves some light. Another search now, for "Finding links in message body." Hows this thread: Pinned: FAQ Entry: The Link Analysis Process > Link analysis is performed by the SpamCop Parser, part of the SpamCop Parsing and Reporting Service. Finding links in message body is the first step of the process. It sometimes fails to find links that are really there - refreshing usually helps. Not a concise instruction, but I think it means to refresh the parse-results. I would have always been afraid to corrupt the process by refreshing the parse-results, but I'll give it a try, next time. (Experimenting, I see that refreshing the parse-results is fast, painless, and doesn't corrupt anything.) I'm looking at this advice about refreshing the parse results. They're reporting that the "refreshing" strategy only helps sometimes, and a lot of Ctrl-R commands could adversely load up the SpamCop servers. There's some trouble with the domain managers (RIPE, etc.) getting them to standardize on something as simple as requiring "abuse" addresses for ISPs, which would make it difficult for SpamCop to provide such an address if it doesn't exist. And I think the thread discusses additional problems contributing to the links-in-the-body-not-being-resolved problem that I didn't read yet. The thread started in 2005. If this problem is 8 years old, and there has been a lot of talk about it, then might it finally be time to compose a clear, concise FAQ? It could be the first of its kind on the forum: clear, concise, short, directed, educational, useful. A possible, concise answer might be, "This problem was submitted to SpamCop in 2005. We will take this opportunity to re-submit it and see if there are any updates." That would be a two sentence answer, confirming to the user that (s)he is not crazy, that there is a problem, and that maybe it will be resolved although the gears of business grind slowly. So easy to roll into an clear, concise, and up-to-date FAQ, too. And no link to a bloated, incomprehensible, 3-page thread required, although discussion is still available elsewhere on the forum. And if the situation changes, perhaps motivated by the discussion, then the FAQ can be updated. Or if the problem is rectified, then the FAQ can be eliminated, too. When was the last time an FAQ was eliminated from the forum? Or edited for usability? And a resolution to the wider problem begins to coalesce in my mind. My hypothetical answer could become the 1st addition to "SpamCop FAQ -- The Next Generation," the collection of clear, concise, organized FAQs, waiting for the day when they are complete enough that the bloated, jargon-laden, awkward, and mostly-indigestible Original FAQs can be retired and moved onto a 3.5" disk, where they'll stop giving people heartburn. The tree of FAQs can't be navigated except with the Search function, and I guess the forum has been using the Search function as a crutch to avoid generating a 'usable' FAQ page. It points to the extent of the bloat, the lack of conciseness, and the lack of FAQ-order. "FAQ," "Pinned," whatever you want to call them. "Concise" includes listing them on one page. Not scattered willy-nilly around the forum. If someone has a problem or a question, they go to the "FAQ [The Next Generation]" page. The polar opposite would be to go on a wild goose chase around the website. This would be a good time to highlight a bad habit that has been going on in this forum for too long: If a member has the attitude that he's unwilling to plainly answer a question because it was "already answered previously in the Forum and why should I keep repeating myself," then let him follow his original instincts and simply "don't answer." Leave room for someone else who's helpful enough to make an effort to provide a real answer. Given the state of documentation on the forum, it's an exercise in sadism when an experienced forum member provides the answer, "Read the FAQ," or "Read this thread." Doesn't this boilerplate answer deny how unsuitable some of these posts are for serving as FAQs? Must users who come to the forum for help be forced to continue dealing with the disingenuousness of crusty old forum members? Isn't the service too important to let that continue? I would almost suggest, as an alternative to directly answering a fair question, providing instead a URL for an FAQ that directly answers the question. But given the disastrous shape of the existing FAQs, I can't suggest it. If a "Frequent Question" is going to be tersely answered only by providing a URL to an FAQ, then that FAQ should be one that was composed specifically to answer that Frequent Question, and it should include the traits of being explanatory, useful, with a dose of "Executive Summary," painlessly providing the answer instead of burying the user under tons of incomprehension. I think y'all should begin with Step # 1: Stop blaming forum users (if there are any remaining) for not being able to deal with your "FAQs." The problem lies in the FAQs, not in the users. And how's this for Step #2, if I might suggest: There are no stupid questions, and it's time to start giving them real answers. If you think the question is stupid and too beneath you to answer seriously, then leave it alone and let someone else deal with it. An ill-considered, careless, and offhand answer is destructive -- worse than no answer at all. Thanks, -neil-
  16. Amigos!!! I get some of my spam parsed, and send a few spam reports. It keeps me off the streets. Sometimes, the (plain text) body of the spam includes a URL. But the parser only "Finds the links in the message bodies" about half the time. Whether it's part of an <a href="http://blahblahURL/x"> term, or whether it's not surrounded by html code, that doesn't seem to matter. So, I assume that whether the parser will recognize the link or not has sometime to do with the URL itself. Has anyone else noticed that? Is there any rhyme or reason? And the erroneous message from the parser is, "Finding links in message body / no links found." I mean, I'm only a carbon-based life-form, but even I can find the links in the message body. Why can't Cisco? I understand the organization whose links are found in the message body is probably a victim, and if they asked SpamCop to stop annoying them with reports (for spam that they have no control over), then I would abide. But if their Abuse department is accepting the reports, and if the parser would parse the "links in the message bodies" for me more regularly, then that would be groovy. My occasional issues usually pertain to the Parser. Well, who you gonna call. Happy Friday (I hope), -neil-
  17. Hi Farelf & y'all. I made a real pest of myself and sent Spamcop reports to the "only available email address" as a user-defined recipient. I only sent reports that were Fresh spam, but I was getting so many of them that whenever I sat down at my computer, there were always a couple of fresh ones to report. A day or two ago, they suddenly stopped arriving. I hope that's the end of it, and maybe I had a small part. On the other hand, Farelf says I was the only one getting them from that address, which is kinda ominous. best luck, -neil-
  18. Hi Farelf. OK, I re-parsed, and I see I get the Tibruon on there, too. I'm with you about adding the authority to the list of recipients, in the case where SpamCop doesn't do it do it, itself. Thanks for cluing me in. With the parser identifying the authority, and then neglecting to inform them, I wonder if the parser needs a little adjusting. But, who you gonna call...
  19. Delivered-To: x Received: by with SMTP id e2csp128240pdh; Tue, 21 May 2013 08:34:26 -0700 (PDT) X-Received: by with SMTP id yi4mr3336989pbb.64.1369150465811; Tue, 21 May 2013 08:34:25 -0700 (PDT) Return-Path: <x> Received: from munitism.com ([2803:d300:5461:3451::1]) by mx.google.com with ESMTP id wt9si2817765pab.95.2013. for <x>; Tue, 21 May 2013 08:34:25 -0700 (PDT) Received-SPF: neutral (google.com: 2803:d300:5461:3451::1 is neither permitted nor denied by best guess record for domain of x[at]x.munitism.com) client-ip=2803:d300:5461:3451::1; Authentication-Results: mx.google.com; spf=neutral (google.com: 2803:d300:5461:3451::1 is neither permitted nor denied by best guess record for domain of x[at]x.munitism.com) smtp.mail=x[at]x.munitism.com Date: Tue, 21 May 2013 08:34:25 -0700 (PDT) Message-Id: <519b___________________________________________SING[at]mx.google.com> From: x Subject: x Content-Type: text/html; charset=US-ASCII Content-transfer-encoding: 8bit Choose up to 50k Protection for your Family <a href="http://munitism.com/x"> ----------- And the Parser says: Yum, this spam is fresh! Message is 0 hours old No reporting addresses found for 2803:d300:5461:3451:0:0:0:1, using devnull for tracking. [Darn.] ----------- Sometimes, it seems like all the spams in my gmail-spam-folder are ipv6, and they're only going to Devnull, not being reported to the sender's ISP. But I might be wrong. If there are ipv6's that are sufficiently identified and reported, then I'm probably processing them without giving them a 2nd thought, and I only notice the ones that only go to Devnull. In summary, I'm getting plenty of ipv6 spams from gmail that are not being sufficiently identified and therefore not reported to the sender's ISP. Is that a problem with all ipv6 spams? Thanks, -neil- PS: Are you getting email spasms? How about leg spams?
  20. Any macro- or micro-views on the spam situation, especially regarding any successes gained by our efforts? There have been two or three stories in the last 10 years in the Major Media about spammers being closed down, maybe another story about how many hours people spend processing spam, but I haven't seen much more. Forums.spamcop would seem to be the place to get additional information, especially any battles won with the help of Spamcop submitters. Such stories should be contained within a top, front, and center "Pin / Announcement."
  21. That would be the other shoe we're waiting to hear drop. ----- On the web-form, from clicking the "Process spam" button to getting the Parser page, it's taking about 4 seconds. A little faster than usual. Thanks mucho.
  22. > denial of service Could be. But then again, every technical problem looks like a denial of service. But then again, there is no News on the SpamCop website, so maybe there really isn't any problem For instance, if it is a DOS, then what took the bad guys so long to hit? I don't buy it. Full Disclosure: When it comes to web technology, I don't really know what I'm talking about. PS: At least SpamCop isn't complaining about ipv6 in the headers, anymore. The wheels of SpamCop grind slowly.
  23. Dear Ma'ams and Sirs, Like most of y'all here on the Forum, I spend some time and effort reporting spam. Preferably, "fresh spam." Life is complicated / time is short. Perhaps vice versa. And it's been a long time since I've read anything about spam in the press. Goodness knows, Spamcop doesn't provide any information regarding how the struggle is going. Therefore, I would like to ask if anyone knows whether spending all the time and effort is worth it? Or are we just exercising our keyboards? Thanks, -neil-
  • Create New...