Jump to content

Richard W

Forum Admin
  • Posts

  • Joined

  • Last visited

Everything posted by Richard W

  1. I've put this in our developers' queue to have a look at. The key is here: Reports regarding this spam have already been sent: Re: (Bounce) Reportid: 7097982956 To: noc@galaxydata.ru The spam with the blank RP is treated as a bounce by the system Richard
  2. Thanks. I've added this to another ticket that is similar. It is on the list for the next patch rollout. RicharD
  3. I think your ISP changes and your not receiving replies are related, but not really. Just because your smtp settings change in your mail client, doesn't mean the path of your incoming mail changes. I'm not sure what you are expecting to see as a new mailhost. The address you are submitting for mailhost setup is a rr.com address and that mailhost already exists in your account. I see the November 18 mailhost config email was sent to a different LHS address than your SC account is under, but the host is the same. As far as not getting responses to submitted spam, it comes down to 'did the submission reach us?'. It could be a problem of your ISP blocking the submissions with their outgoing spam filters, so the submissions don't reach us, or your submissions reach us but your ISP blocks our replies. I do see some submissions in your account from today, so at least those submissions are reaching us. If you didn't get replies then you know the problem is your ISP blocking the replies. If the submissions are reaching us, as they are and you saw at least the one in your report history, there will be an "Unreported spam" link on the main SpamCop page. Clicking that will take you to the first submission, where you can complete the reporting process. If the unreported spam link is not there, your submissions did not reach us. Richard
  4. Just to follow up, it ended up the time was out on one of the servers. SpamCop runs on many servers with load balancing. Every page you see may be served up by a different server (look at the source code of the page and it will tell you what server it came from (www01 to www03, app01 to app08, and others, 24 in all)). Making sure the time was synced across the servers fixed the issue. BTW Outernaut, just clicking refresh often brought up a shorter time, or even no nag screen if the second was a time in the future.
  5. Just to clear one thing up, we do not sell the database. The SpamCop Blocking List is free to anyone who wants to use it. Since the community contributes greatly in the compilation of the service, it is only fair the community should be free to benefit from it. I only became aware this morning that the nag time had climbed. It is a bug, not anything sinister or intentional. The setting is for a maximum of seven seconds, so I have filed a ticket to have this investigated and fixed since I have been able to duplicate the extended nag screens. Incidentally, the history of the nag screen was a revenue generation put in place by Julian. The nag screen was to be an advertisement display, but there was ever only one taker. When Ironport bought SpamCop the decision was made to not be advertising dependent, but we've never written the nag screen out. We've talked about it many times but have been told it is too integrated to just easily drop and we should wait until the new GUI is in place. After many years, we're still told it's coming, it's coming
  6. Please send me details at service@ spamcop.net. I see your account and there has been no credits. However, we have not used Paypal for a couple of years and no longer have a Paypal account. All payments are now through Stripe. I have a couple of failed payments in Stripe for 9/16 and 9/18, but they don't look they are connected to you.
  7. A major upgrade to the SpamCop reporting system is scheduled to take place Sunday night. This is the long awaited move to SpamCop version 5.0. The upgrade is scheduled to start around 10:00 pm PST (-800) Sunday, January 13, 2019 and will take from eight to ten hours. The SpamCop website may not be available during some or all of this time. If you see "Maintenance Mode" you will know the changes are in progress. Thank you for your support and patience, Richard
  8. If you write me at deputies@ with your account address and the addresses you are trying to add, I'll see what I can do. Can't do much with Hotmail or Gmail until they get they crap together and start following standards again, but if you have other hosts I may be able to dig them up.
  9. Another possibility is, I notice bouyguestelecom.com has their own issue with IP addresses being listed. It is possible they are rejecting mail because their own IP is listed, but their error message shows the connecting IP. In this case they would be rejecting most of their incoming mail and would hopefully notice quickly.
  10. I'll file a bug report on the exact matches as those should be munged. I can't say whether the address is being munged in the delivered report or not. In the ones I check in the past, they were munged. This looks to be a different situation though. The only real way of checking is to send yourself a report and see what you get. I can't really make an argument on munging the from address where it is not an exact match with the recipient address though. sameLHS [at]gmail.com is not a match with the address the spam was sent to. If its any consolation, this does look to be gamut spam, so the reports are not going back to the spammer/bot operator. But it is a door we need to get closed again. Richard
  11. There will be a planned outage of the SpamCop forum on Monday April 25 from 6:00 am to 10:00 am PDT. During this time the forum hosting provider will be upgrading the software to its new version. Richard
  12. Lou is correct. When we took over the MX from CESmail in 2014 our concern was we didn't want users losing email addresses they had come to rely on, but it was not feasible to take over the actual mail service. Therefore our promise was to forward received mail to an address provided by the user. No filtering is done. The mail shouldn't be coming to you as an attachment. The mail just passes through as a .fwd rule, adding a hop to the header. There is no actual server at mvx.spamcop.net to accept the mail, store it and forward it. Richard
  13. Word is the bug should be fixed. A patch was pushed out Wednesday night after a couple of days of beta testing. The issue was created when some coding was changed/removed to correct css vulnerabilities. It took a while to get a secure workaround.
  14. I just want to follow up a little bit with what Lou had to say. As many of you have noted, it has been a rough few weeks around SpamCop. Believe me though, it's been tougher on this side of the screen than on your side. With all the security breaches and break ins and data thefts, everyone is concentrating on security. There has been huge increases in spam in recent weeks from exploits in all the major CMS software, including Joomla, WordPress and others. This means anything scripting, such as php, cgi, or whatever is suspect. Our back end teams are pouring through code looking for anything that might be suspect and making changes. Of course with all the inter-dependencies in SpamCop those changes will sometimes unexpectedly break things. That's what is behind things like the not finding links issue, html display issues, etc. It's a time consuming process but it is all being done to maintain the integrity and security of SpamCop. Fixing some of the breaks will always be prioritized along with all projects underway, so sometimes they are going to take longer than normal. They are all being tracked and will be fixed. Cisco remains committed to SpamCop and SpamCop is a very important part of their security operations. This includes SpamCop being part of the Talos group at talosintel.com, where we are part of Cisco's overall security research, response and development team. Richard
  15. As I had stated and shown, reports are going out with the addresses munged. If I suspected there was an issue I would have been the first to make the call to flip the switch on SpamCop until the problem is resolved. There is an issue with the html rendering and display on the SpamCop pages, where mark up language is being shown instead of tag characters causing the display to not show the tags properly, outgoing reports are being interpreted properly and user addresses are munged. I'm working with our development team to get this resolved. Richard
  16. I can assure you reports are going out with the addresses munged. The same bug that is causing html tags to be converted to ascii is causing addresses to be displayed when you look at the message in your browser. However the report that goes out is sent correctly: User-targeted report, see notes, if any. https://www.spamcop.net/w3m?i=z6zzz004zfdd2e5bb2b90188260669f94dbxxx [ Offending message ] Return-Path: <wegwuag[at]pizda.ninka.net> Delivered-To: <x> Received: from vmx5.spamcop.net by prod-sc-queue2.sv4.ironport.com (Dovecot) with LMTP id OomQJealClfyYgAA97r88g for <x>; Sun, 10 Apr 2016 12:14:14 -0700 Received: from pizda.ninka.net (unknown []) by vmx5.spamcop.net (Postfix) with ESMTP id 0DBBBED2FE for <x>; Sun, 10 Apr 2016 12:14:06 -0700 (PDT) Received: from axu (unknown []) by pizda.ninka.net with SMTP id mwaAOpRAeo7IlIZv.1 for <x>; Mon, 11 Apr 2016 03:14:06 +0800 Message-ID: <2016____________5127[at]pizda.ninka.net> From: =?utf-8?B?54eV5oC7?= <wegwuag[at]pizda.ninka.net> To: <x> Subject: =?utf-8?B?5pyA5paw5Ye65Y+w55qE5paw5Yqz5Yqo5ZCI5ZCM5rOV?= Date: Mon, 11 Apr 2016 03:14:00 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0E7B_011A47D6.17D6E4E0" X-mailer: Rnnxeyfsyy 3 Richard
  17. Announcement It is with extreme sadness that we announce the passing of long time SpamCop Deputy Don Bennett (aka Don D'minion). Don was the first deputy hired by SpamCop in about 2001 and has been busy in the fight against spam since then. Although Don may have been hard-nosed, he also had the thick skin needed in this job. Underneath, he held a true desire to just make sure things are done right. He was a colleague and a friend, who truly will be missed. Anyone that has been making contact through the service[at] alias can continue to do so as I'll be looking after that mailbox for the time being. If you've been using one of his personal aliases to contact SpamCop, please change to service[at] or deputies[at]. Thank you and may God bless Don and his soul. Richard
  18. Please be patient with us on this one. We have 24 shiny new servers coming online that are running a new version of SpamCop (v4.8.3.028) on CentOS versus FreeBSD and SpamCop v4.8.2.018. Obviously we're working through some bugs so you're seeing us switching back and forth between the servers. Hopefully everything will be worked out and we'll be on the new servers full time by mid-week. Richard
  19. It's been a long time since I've hand parsed it took me a bit to get on top of this :-) The parsing engine does act differently for users that have mailhost records in their account versus those that don't (you don't). It does rely a little more on chain verification, time stamp matches, things like that when there is no mailhost record. Note in the parsing there is a couple of statements: mail.gavle.to and h-214-100.a322.corp.bahnhof.se have close IP addresses - chain verified Possible relay: Received line accepted After that the received lines fail the chain test, so it falls back and takes the most recent accepted line, which is the handoff from, which does look like the correct target to me. I looked at a bit of your report history to see how your network handles mail. Some other samples from this same source convinces me the right source was selected. If you had mailhosts in your account the parsing would probably have stopped at, but here it went one step further. Certainly not a wrong choice. Richard
  20. Both remain valid. Don was having some mail issues, which have been resolved. R
  21. Important Announcement: The SpamCop Reporting Service is saddened by the news that Corporate Email Services (CESmail) will cease operations on September 30, 2014. As the exclusive provider of email service under the spamcop.net name, we have had a long standing business relationship with CESmail, which enhanced the service we have provided since 1998. SpamCop has worked with CESmail to ensure an orderly shutdown. To minimize impact to SpamCop users, CESmail has provided instructions to their customers to change their account options and provide a forwarding address prior to 5:00 pm EDT September 30, 2014. At that time SpamCop will take over the mail forwarding and CESmail will permanently close their operations. On the transition day, we will do our best to ensure the service migration to be seamless, however please be informed that temporary service disruption may happen. SpamCop will provide this mail forwarding service with no additional or future charge to our users. Our commitment is to provide the forwarding service through 2015 and review the ongoing need for this service annually each fall. Should you wish to discontinue this forwarding or change the address mail is being forwarded to, you will find a new tab on the SpamCop.net Reporting Service page when logged in allowing you to do this. It is important CESmail customers follow the instructions provided to set up forwarding. There will be no rescuing email accounts, files or folders once we take over the forwarding service. Those who have subscribed to the CESmail provided mail service have enjoyed enhanced access to the SpamCop reporting service, including all features of a premium SpamCop reporting account. This includes the ability to have standing addresses receive copies of SpamCop reports, the option to add addresses to receive copies of SpamCop reports, the option to appeal issues to SpamCop staff from directly within the reporting structure, and of course no nag screens when reporting spam. Anyone who has a CESmail account at the time of shutdown on September 30 will continue to enjoy the premium access to the SpamCop reporting service indefinitely without additional or future charge. SpamCop is also pleased to announce that while the user support forums have been hosted by CESmail, we will continue to keep the forums operational as the primary source for user support. Peer to peer support has been an important part of keeping SpamCop as a free service. To accommodate the changeover of the SpamCop Forums to our servers there will be a short outage of the forums on Thursday, October 2 between 9:00 a.m. and 11:00 a.m. PDT. There has been speculation that the end of the SpamCop mail service is a sign of Cisco not supporting SpamCop. Nothing could be further from the truth as Cisco remains completely supportive of SpamCop and further commits to upcoming and ongoing enhancements to the SpamCop reporting service. Again, we must reiterate the importance that you follow the instructions you have received from CESmail to set your mail forwarding options prior to the changeover in service at 5:00 p.m. EDT this Tuesday, September 30, 2014. Richard
  22. Cisco recognizes the performance issues many users of SpamCop.net have been experiencing, and would like to apologize to the community for the service delays. Over the past week our researchers have been actively monitoring increased global spam volumes caused by heightened botnet activity. Our investigations have revealed this as a global event not specific to SpamCop. In the past, the service has successfully processed higher volumes of spam, but our team has identified performance issues within our infrastructure. SpamCop remains an important part of our technology, and Cisco is working diligently to restore SpamCop to its previous service levels. Even as we continue the investigation, the spam and botnet data collected from SpamCop is improving Cisco’s industry-leading anti-spam solution for our customers. To show appreciation to the SpamCop community, Cisco is offering $15 worth of fuel to all registered users of the SpamCop spam reporting service. Registered users will receive an email notification within 3-5 days with further instructions and details on the credit. Cisco remains committed to the community and we acknowledge their contributions are integral in the continuing fight against spam. We remain a committed partner to the cause. Again, we apologize for the intermittent delays, and as our investigation continues, we will provide regular updates to the SpamCop community.
  23. The SpamCop.net Reporting Service is scheduled to be offline and unavailable for up to four (4) hours beginning about 9:00 a.m. PDT on Thursday May 10, 2012. The reason for the outage is to bring you a major update to the SpamCop.net Reporting Service, including the capability for parsing and reporting IPv6 sourced spam and IPv6 address space. The new version will show as SpamCop.net v4.7.0.019 The SpamCop.net website, including spamcop.net, www.spamcop.net, members.spamcop.net and mailsc.spamcop.net will be down during the upgrade. Emailed spam submissions will continue to be accepted but will not be processed during the downtime. Once the service is brought back online you can expect a delay of several hours as the backlog of spam is processed. The SpamCop mail service, newgroups and forums is not affected by this scheduled outage and will continue to be available throughout the upgrade. Thank you in advance for your patience Richard
  • Create New...