Jump to content

dlongnecker

Members
  • Posts

    11
  • Joined

  • Last visited

dlongnecker's Achievements

Member

Member (2/6)

0

Reputation

  1. I started to receive about 20 spam emails a day from what appears to be from Google Groups. I believe this is the tracking URL of one of them: https://www.spamcop.net/sc?id=z6707809601z2c5de4ccffa47ffb304b7c3d74ca6f98z and https://www.spamcop.net/sc?id=z6707809629z40c0e8cd887ea54b6291795efdb74274z and https://www.spamcop.net/sc?id=z6707809914ze468ce08815c2ade874ab7f97e5fce75z Some of the headers look like: Received: from dovdir3-hob-05o.email.comcast.net ([96.114.154.205]) by dovback3-hob-23o.email.comcast.net with LMTP id gCAFAJtXYmA9CAAAggBf7Q (envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>) for <x>; Mon, 29 Mar 2021 22:41:31 +0000 Received: from dovpxy-hob-10o.email.comcast.net ([96.114.154.205]) by dovdir3-hob-05o.email.comcast.net with LMTP id WKM0OZpXYmAfdQAA4qVdkw (envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>) for <x>; Mon, 29 Mar 2021 22:41:30 +0000 Received: from reszmta-po-12v.sys.comcast.net ([96.114.154.205]) by dovpxy-hob-10o.email.comcast.net with LMTP id 0FJ9MppXYmAjKAAASO2o5g (envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>) for <x>; Mon, 29 Mar 2021 22:41:30 +0000 At the bottom of this header are these clues: List-Post: <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/post>, <mailto:x> List-Help: <https://support.google.com/a/plniwzw.logafadasa.agency/bin/topic.py?topic=25838>, <mailto:dlongnecker+help@plniwzw.logafadasa.agency> List-Archive: <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/> List-Unsubscribe: <mailto:googlegroups-manage+744056152566+unsubscribe@googlegroups.com>, <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/subscribe> If I follow that last unsubscribe URL, I get: Authorization Failed This group is on a private domain. Please sign in with an authorized account to view this content. When I report, it just goes to abuse@google.com and I doubt they do anything. Any suggestions on how to curb this? Dennis
  2. In the past I would always copy my headers and emails and paste them on the spamcop screen to submit them. Today I tried to forward them as an attachment to the e-mail address. All of them received this: Submitted: 9/29/2018, 8:13:26 AM -0700: =?UTF-8?B?TWlyYWNsZSBEcm9wIENCRDogUmVkdWNlIEluZmxhbW1hdGlvbiwgUHJvbW90ZSBCb25... No reports filed Submitted: 9/29/2018, 8:12:18 AM -0700: =?UTF-8?B?W0luc2lkZXIgRXhjbHVzaXZlXSBLZXRvIElzIEdvaW5nIFZpcmFsLCBIZXJlIGlzIFd... No reports filed Submitted: 9/29/2018, 8:11:07 AM -0700: what E.D PiII Makers don't want you to see [VIDEO] No reports filed Submitted: 9/29/2018, 8:10:14 AM -0700: =?UTF-8?B?V2hpY2hfb2ZfdGhlc2VfNF9vaUlzX2N1cmVzX0FJemhlaW1lcnM/?= No reports filed If I took one of them and cut and paste the email into spamcop, I get Submitted: 9/29/2018, 8:18:56 AM -0700: =?UTF-8?B?V2hpY2hfb2ZfdGhlc2VfNF9vaUlzX2N1cmVzX0FJemhlaW1lcnM/?= 6858346613 ( 2a06:3d81:1:275a:275f:275d:275c:2764 ) To: abuse@hostsailor.com What might I be doing wrong with the email forwarding? I do forward them as an attachment. Dennis
  3. I looked at the e-mail headers of them all. The first hop is always a different random one. The second hop is always a secureserver.net server. The first to are listed as blacklisted. Hop Delay From By With Time (UTC) Blacklist 1 * xvxghaddsfgqfxqmdv 197.9.128.15 ESMTPA 5/27/2018 4:51:24 AM 2 0 seconds p3plsmtpa11-03.prod.phx3.secureserver.net 68.178.252.104 resimta-ch2-34v.sys.comcast.net SMTP 5/27/2018 4:51:24 AM 3 2 minutes resimta-ch2-34v.sys.comcast.net 69.252.207.53 dovpxy-ch2g-04o.email.comcast.net LMTP 5/27/2018 4:53:24 AM
  4. Sorry -- just for another one...here is the link: https://www.spamcop.net/sc?id=z6466623999ze5a95f7f593183ee1b4c654653008869z
  5. Sorry -- forgot to do that: https://www.spamcop.net/mcgi?action=gettrack&amp;reportid=6816950466 https://www.spamcop.net/mcgi?action=gettrack&amp;reportid=6816950003
  6. I'm getting about 20 emails a day now that are spam. I run the headers through SC and the reports all go to FBL@digitalocean.com Once in awhile there is godaddy address in their too. I also flag it as spam in Comcast, but still get them. One would think all the header information in there should be enough for DigitalOcean to find the culprits and shut them down. What might I be missing? Dennis
  7. 95% of my spam email comes from Yahoo email servers. I feel its not doing any good in reporting it via Spamcop as it just says "Internal spamcop handling: (yahoo) (Notes)" when I report it in Spamcop. Is there somewhere I can actually report it? I would be virtually spam free is Yahoo stopped spamming me.
  8. I would have to concur with this post. 95% of the spam I receive comes from Yahoo e-mail servers. Received: from [98.139.213.9] by tm13.bullet.mail.bf1.yahoo.com Received: from [98.139.215.142] by nm18.bullet.mail.bf1.yahoo.com Received: from [98.139.211.204] by tm17.bullet.mail.bf1.yahoo.com Received: from [66.196.81.171] by nm16.bullet.mail.bf1.yahoo.com Received: from nm16.bullet.mail.bf1.yahoo.com ([98.139.212.175]) Received: from [98.139.213.8] by tm17.bullet.mail.bf1.yahoo.com Received: from [66.196.81.171] by nm1.bullet.mail.bf1.yahoo.com Received: from [98.138.226.179] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000 Received: from [98.138.226.58] by tm14.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000 And then, they domain name for the spamming site is from goDaddy. https://www.spamcop.net/mcgi?action=gettrack&reportid=6437216391 https://www.spamcop.net/mcgi?action=gettrack&reportid=6436643177 Hardly get spam from other e-mail servers....maybe I should knock on wood. Dennis
  9. Interesting. Does that mean I have to do something different, or is there a bug I need to report somehow? I get alot of these e-mails....different subject and content, but coming from Yahoo.
  10. Sorry here it is: https://www.spamcop.net/sc?id=z6210338025z07881b142c9577c988589b07302b9647z None of the 98.139.... addresses are even mentioned in the report eceived: from reszmta-ch2-01v.sys.comcast.net (LHLO reszmta-ch2-01v.sys.comcast.net) (69.252.207.65) by resmail-po-246v.sys.comcast.net with LMTP; Wed, 10 Feb 2016 00:29:37 +0000 (UTC) Received: from resimta-ch2-18v.sys.comcast.net ([69.252.207.18]) by reszmta-ch2-01v.sys.comcast.net with comcast id GQ4w1s06x0QMCLM01QVd9p; Wed, 10 Feb 2016 00:29:37 +0000 Received: from nm3-vm0.bullet.mail.bf1.yahoo.com ([98.139.212.154]) by resimta-ch2-18v.sys.comcast.net with comcast id GQTd1s00G3LS1GJ01QTdet; Wed, 10 Feb 2016 00:27:37 +0000 X-CAA-spam: F00000 X-Authority-Analysis: v=2.1 cv=VJ8g5I7X c=1 sm=1 tr=0 a=ShkE6dxMhVxIz4CqgcZ0Vg==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10 a=jFJIQSaiL_oA:10 a=iRiDHzTbAAAA:20 a=mJ13SSIGAAAA:20 a=uf8i7LTUAAAA:20 a=X5SlxfJeAAAA:20 a=FOmS_1etb7tNoesycXUA:9 a=QEXdDO2ut3YA:10 a=E4kUXCl2bboA:10 a=iwWp-_zyRIgA:10 a=FjF1CFJ0Iz4A:10 a=a8ycZRaUjJAA:10 Authentication-Results: resimta-ch2-18v.sys.comcast.net; dkim=pass header.d=yahoo.com header.b=Iu5aVu+p DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1455064057; bh=RBFDXHK+GEU908UXnTG3PmiAxwQRtXeWVfR6Yjm/rkk=; h=To:From:Subject:Date:From:Subject; b=Iu5aVu+pZf34640McOLuBivzA3x2AyZAmiiByU0Q0fAYwE+G34F4cu4qDfrdlfsNZrb+gJR5V/G0/dDQzuKePSuiLgDyZQDg3T3tkeIKxO6FwASQF2PuRRTJEawr6gwkVd70BUutQnvyBIgp6G4J3OUm+pH0D+Rb+lGM20/PAjKNT9D1yZ4h/5hWHxbBdMQygZTj+EOCBLmAHbG4ZulJxYB57ixqddUsquzOHylFFi+BwU+/qYsqOp2rBtezdYdGmmWPsLcikt/1yaKZoseMpDNXAMiJPNfP6fFyOJBoPboHsP2Rz4Y5CXoGr7MgQjkBgyPMTjeKqguiCF2/m0YaWQ== Received: from [98.139.215.141] by nm3.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:37 -0000 Received: from [98.139.211.200] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000 Received: from [127.0.0.1] by smtp209.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000
  11. For quite while now when I report spam with spamcop, it is not catching the original sender of the e-mail. I paste the complete headers in the GUI and it only flags the websites the e-mail is pointing to. I go to another website that parses the e-mail and it tells me Yahoo servers are the guilty parties, but they don't get listed in the spamcop report. I've pasted part of the headers below at the bottom....one of my analyzers says Originating IP: 46.228.39.107 Originating ISP: Yahoo! Europe But spamcop isn't finding any of this and only sends an abuse to comcast.net This is the same if I cut the raw headers out of my e-mail client and paste into spamcop or forward the e-mail as an attachment to the spamcop address. I get about 5 spam e-mails a day from the same place. Am I doing something wrong? Return-Path: othahakiefferhatu2881[at]yahoo.com Received: from reszmta-ch2-08v.sys.comcast.net (LHLO reszmta-ch2-08v.sys.comcast.net) (69.252.207.72) by resmail-po-246v.sys.comcast.net with LMTP; Tue, 9 Feb 2016 00:56:23 +0000 (UTC) Received: from resimta-ch2-14v.sys.comcast.net ([69.252.207.14]) by reszmta-ch2-08v.sys.comcast.net with comcast id G0t91s02k0KAWzH010wPU5; Tue, 09 Feb 2016 00:56:23 +0000 Received: from nm31-vm1.bullet.mail.ir2.yahoo.com ([212.82.97.88]) by resimta-ch2-14v.sys.comcast.net with comcast id G0uL1s02B1uQhSk010uNu6; Tue, 09 Feb 2016 00:54:23 +0000 X-CAA-spam: F00000 X-Authority-Analysis: v=2.1 cv=JfRB1h+V c=1 sm=1 tr=0 a=uzUpqhR7HfyP2Hmg+QDtQQ==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10 a=jFJIQSaiL_oA:10 a=YfFJMV-3AAAA:20 a=iLZ-leCFAAAA:20 a=1PJDDMUdAAAA:20 a=NZrp_aWcAAAA:20 a=ix8eH7dkAAAA:20 a=mTRizwjrAAAA:20 a=-GhZnFAOAAAA:20 a=G2n_K31vAAAA:20 a=tBoWEwYA6nPDhrmFYpYA:9 a=QEXdDO2ut3YA:10 a=bALo8Gh57gYA:10 a=BGHb84ZX6DgA:10 a=thP6Ab4tef4A:10 a=EsYVw3wIw1cA:10 Authentication-Results: resimta-ch2-14v.sys.comcast.net; dkim=pass header.d=yahoo.com header.b=Ef0EbomO DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1454979260; bh=QR+dKIf9wbgZsY4b5ZDGRBIVTy2U+OaWcInJeeuOvtM=; h=To:From:Subject:Date:From:Subject; b=Ef0EbomOjvXHE+iSzhTcja0PcmAoB3Jfstpa9NVXh8VfglrVQRvJSYGX0XlKsaZNq4IA9DX4ZoINZQGvA9P3BippYfgvm6xohfWJIiW8tUT1Tg0OAhQdSrEpee74sc5I1JbvG7vxScupIA1erX3Iam286sjmh5GRfaLh2tPfVNTsecS550ZcLpda0CmHJXZ5FkOFj4lP3S2vupHcho2MTtDJ/C9SPhkD7x4q8TUT/J2nA85zFELLNJ6veGADiZ0EI9sCa0+G3fhogTTxx6Vc9GSB3fQ4DwSJ2Dw+neb57BKM77DxiINyCLTObtezYSpciOaUrOH/XMubFEcGEIgVxQ== Received: from [212.82.98.56] by nm31.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000 Received: from [46.228.39.107] by tm9.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000 Received: from [127.0.0.1] by smtp144.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000 X-Yahoo-Newman-Id: 194802.59738.bm[at]smtp144.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-3
×
×
  • Create New...