Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About jhg

  • Rank

Recent Profile Visitors

1,395 profile views
  1. abuse@mailchimp.com is devnull'ed in SpamCop. I have discovered that sending reports to abuse@mandrill.com results in their being queued in Mailchimp's abuse ticketing system. Can we get SC to change the abuse destination address for sendgrid.com to abuse@mandrill.com? (note: A mandrill is a primate, as is a chimp 🙂
  2. jhg

    Sendgrid reports dev'nulled?

    I have been sending reports directly to abuse@sendgrid.com and they seem to be getting into their ticket reporting system, so I second the idea that the devnulling needs to be revisited.
  3. jhg

    Sendgrid reports dev'nulled?

    Has there been any progress on this? I submit reports directly to abuse@sendgrid.com (not via SC) and they at least *SEEM* to get some attention. Can anyone at SC shed some light on why sendgrid is devnulled?
  4. @Lking That worked. Does anyone want the full email to figure out why it breaks the SpamCop web UI?
  5. I have a pending report https://www.spamcop.net/sc?id=z6482169832z1c8bdddf658335f33b7b4b8abdb15f13z I cannot submit it because the page stops half way through the analysis output and does not include any of the reporting buttons. The attached image shows the bottom of the page. I looked at the page source and it ends there as well (i.e. there is no unrendered content in the HTML).
  6. https://www.spamcop.net/sc?id=z6451656800zc64dcd7f5a3bc6377aa0d0284d2eba3bz The system won't let me submit this, saying "This email contains no date", which is clearly not true ... Received: from by cmpweb31.aul.t-online.de with HTTP/1.1 (Lisa V5-1-1-0.14292 on API V5-10-0-0) Received: from by spica07.aul.t-online.de:8080; Sun, 11 Mar 2018 20:53:24 +0100 (CET) Date: Sun, 11 Mar 2018 20:53:24 +0100 (CET) From: John Dashwood <mario.riedel@t-online.de> Sender: John Dashwood <mario.riedel@t-online.de> ... AFAICT this email doesn't look any different structurally from other emails the system accepted. What's up?
  7. Abuse contact for cloud.promodeals.nl [] is abuse@mihos.net This is one of those entries in RIPE where the reporting address is an inline image and not parseable from the text whois.
  8. Any chance of getting SpamCop to add a dynamic "additional reporting address" so that we can manually enter the address at reporting time?
  9. https://www.spamcop.net/sc?id=z6396626348z83eec1a7ee976570e7ece110f3a27b86z Return-Path: <RalphLauren@wolved.info> X-Original-To: x Delivered-To: x X-Greylist: delayed 00:06:28 by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.jhmg.net 937B2403AA Authentication-Results: smtp.jhmg.net; dkim=pass (1024-bit key) header.d=wolved.info header.i=@wolved.info header.b="DpuNugtc" Received: from smoking.wolved.info (smoking.wolved.info []) by smtp.jhmg.net (Postfix) with ESMTP id 937B2403AA for <x>; Tue, 8 Aug 2017 13:08:43 -0400 (EDT) Here's the SC interpretation... Tracking message source: Display data: "whois" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois" (Getting contact from whois.ripe.net) Lookup fdl258-ripe@whois.ripe.net Display data: "whois fdl258-ripe@whois.ripe.net" (Getting contact from whois.ripe.net) fdl258-ripe = whois.ripe.net (nothing found) No reporting addresses found for, using devnull for tracking. HOWEVER... see the attached image. The issue is that the reporting address is an image and not text. Are there any solutions? It would be really helpful if we could add an ad-hoc destination on the analysis results screen to cope with this issue.
  10. https://www.spamcop.net/sc?id=z6333092862z684f4e65bbaa470376d81782694ccf39z Spamcop reports: Tracking link: http://terais.cloner.wedn.us/unsubscribe?g=fDExMTgwNzI4fDUyMDAwMA&u=x No recent reports, no history available Host terais.cloner.wedn.us (checking ip) IP not found ; terais.cloner.wedn.us discarded as fake. terais.cloner.wedn.us is not a routeable IP address Cannot resolve http://terais.cloner.wedn.us/unsubscribe?g=fDExMTgwNzI4fDUyMDAwMA&u=x However [jhg@smtp ~]$ dig terais.cloner.wedn.us ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> terais.cloner.wedn.us ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6341 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;terais.cloner.wedn.us. IN A ;; ANSWER SECTION: terais.cloner.wedn.us. 599 IN CNAME ragg.pregit.com. ragg.pregit.com. 299 IN A and [jhg@smtp ~]$ ping terais.cloner.wedn.us PING ragg.pregit.com ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=53 time=24.1 ms 64 bytes from ( icmp_seq=2 ttl=53 time=24.0 ms 64 bytes from ( icmp_seq=3 ttl=53 time=23.9 ms 64 bytes from ( icmp_seq=4 ttl=53 time=23.9 ms Why does Spamcop think it's not a routeable address? Curiously, upon revisiting the report I see: If reported today, reports would be sent to: Re: (Administrator of network where email originates) williamsdesigndk@gmail.com Re: http://terais.cloner.wedn.us/unsubscribe?g=fDEx... (Administrator of network hosting website referenced in spam) abuse@nodesdirect.com However, Spamcop did not send send to the nodesdirect.com address originally.
  11. Lking

    I merged your post with the earlier related post, "500 internal Server error"

  12. jhg

    500 Internal Server Error

    I'm seeing fairly consistent server errors when submitting spam via the web interface. I get the "500 Internal Server Error" message on submitting an email for parsing as well as for sending the spam notifications. If I retry it will eventually work after 2 or 3 tries.
  13. Also seeing this on an email report that clearly contains lots of dates, on every "Received" line, as well as in the message headers.
  14. Just a heads-up... Some abuse contact info is appearing in "%" comment lines in returned whois info, and this isn't beeing seen by SpamCop. I submitted a spam message, received from the address in the whois output below, and SC used nomaster (https://www.spamcop.net/sc?id=z6150159699zf64fd115c02b2d6e1cf28dbf87b528e4z) [jhg[at]www ~]$ whois [Querying whois.arin.net] [Redirected to whois.ripe.net] [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to ' -' % Abuse contact for ' -' is 'nic[at]smartnet.kz' inetnum: - netname: SMARTNET descr: P2P address for clients in Almaty country: KZ admin-c: BU909-RIPE tech-c: BU909-RIPE remarks: INFRA-AW status: ASSIGNED PA mnt-by: MNT-SMARTNET created: 2011-09-14T04:44:54Z last-modified: 2011-09-14T04:44:54Z source: RIPE # Filtered person: Baurzhan Ussunov address: Almaty, Al-Farabi av, 73/2 address: Republic of Kazakhstan phone: + 7 727 356 01 33 fax-no: +7 727 356 01 10 nic-hdl: BU909-RIPE mnt-by: MNT-SMARTNET created: 2008-10-23T06:55:51Z last-modified: 2008-10-23T08:13:09Z source: RIPE # Filtered % Information related to '' route: descr: SMARTNET descr: Almaty block origin: AS43994 mnt-by: MNT-SMARTNET created: 2011-04-22T10:35:40Z last-modified: 2011-04-22T10:35:40Z source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.80.1 (DB-2)