KNERD
-
Posts
92 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by KNERD
-
-
Update, the eonix.net site is back up.
It seems one of their brands is serverhub.com so report eh crap out of them
-
On 1/17/2021 at 7:13 PM, bretmaverick999 said:
So here's the thing, http://eonix.net/ displays a webpage that says the domain has expired (there's a link to renew it http://enom.help/renew-faq) so you can't even view Acceptable Use Policy webpage.
The odd thing is, whois is reporting the domain does not expire until 2022:
QuoteUpdated Date: 2021-01-15T10:03:58Z
Creation Date: 2011-01-14T17:47:29Z
Registry Expiry Date: 2022-01-14T17:47:29ZLooks like it was renewed on the 15th of this month. The fact that the domain is being redirected to enom site, tells me the registrar probably renewed on their behalf. It is my understanding that registrars can do domain registration/renewal and not get charged up to 30 days, thus can cancel the registration. I learned about that after accidentally running running into accusations about GoDaddy stealing domain names when using their domain search/registry tool. If you waited too long to click BUY, the domain would be gone, and registered through GoDaddy, and already up for sale for a much higher price.
I guess we can check back in February to see what happens. If it is available, I will certainly snatch it up to try to put them out of business for a while.
On 1/17/2021 at 8:45 PM, gnarlymarley said:f it is only an IP or two and you have the ability to block them, I would suggest you put a block on there for a few days. One thing you can also do is to use a BGP looking glass and head to the upstream provider with your abuse logs. The bigger ISPs are usually good at fixing the problem with the smaller customer ISPs.
For enoix, it needs a perma ban. After blocking all of eonix IP ranges, just today, I finally got a new batch of spam. Not directly from eonix, but layerhost. I know it is the same spammer because they have some URLs being hosted on eonix IP addresses.
Very few small businesses host their own email servers, and tend to reply on companies like Google and Microsoft for that.
If anyone hosts their own email server, and is worried about blocking important email from coming in. There are guides online which show you how to block IP addresses and how you can put in a custom rejection message which will appear in their email client inbox.
-
On 10/2/2020 at 11:48 AM, Outernaut said:
I have no idea @gnarlymarley where the emails are going.Any mail with any of those addresses ends up in the byte bucket.
As for my own domains' email send-outs disappearing, it seems only Google mail rejects them. Was probably something I said
I hate to say this, but I guess I'll have to set up a kmail account at Google, and check what's happening that way. I still think Pinemail was better.
~o~
If Gmail is rejecting the emails, then there will be a notice in the rejection email as to why, and what you can do about it.
-
On 9/27/2020 at 1:09 PM, Outernaut said:
I'm confused, because my 'system' that has been sending invoices for years, using the same format, except edited a couple of times so as not to appear spamish are blacklisted. Recently, none get through, and I only find out after 2 months when no one has paid - they are not getting them. I get copies from same account that sends the invoices. Somewhere, a anti-spam decided to add my IP to their list based on what - invoice attached? It's getting so that legal, honest emails are being beaten down while faked large corporate names abused in spam (Apple winner etcetera) get off.
Anti-spam may fade away, and lose it's battle. But only because the large corporate peons running Gmail, YahooMail, HotMail (still), Livemail and other privacy harvesters and ilk won't support anti-spam. Most people have been conned into using webmail and are just commodity - innocent collateral Googies.
I now use SpamCop just to paste those entire message source so I can easily read the tracks and manually adding the first 3 octets of the lazy ISP to cPanel > Email > Global Email Filters. I still submit the spam - but that is no longer why I use SpamCop.
~0~
Are you running your own mail server?
-
On 9/29/2020 at 3:50 PM, gnarlymarley said:
I am curious if you are not getting bounces or if the invoice emails are going to their spam folders and they are not paying attention to it. Google has made some changes to their spam folders a few years back and now I have to check the spam folder on a daily basis for non-spam email.
The only way to know is to test. For Hotmail/Outlook, from my own email server, they messages go to spam. WHy? I do not know as other legit email even goes there. I even see Microsoft's own email going to spam. However, if there is a real problem with your email, it will outright reject the email with a notice as to why, and what to do.
For Google, it never rejects email. During some testing, I have seem spammers emails goes to spam folder, but during my own initial testing with email server, the email just outright goes into a black hole. I finally got the emails through after some tweaks to my own server.
If anyone is having issue with running their email server, then I suggest people use online tools available to test for potential problems which can get your email through.
-
I believe spamcop is having less of an impact on spam these days than is did before for the following reasons:
- Less people reporting. Nearly 100% of the time I report spam, I am seeing the IP address not on the spamcop blocklist (and most others). So what is the point in using the spamcop blocklist if nothing is being blocked?
- Too many devulls to abuse email accounts.
- Very few ISPs bothering to take action. Probably because of item #1 in combination with very few of their customers getting bounces about being blocked, so they cannot complain about something which never happens.
Maybe it's time to lower the reporting threshold, and put an IP address on the block list longer?
It's gotten so bad, I have just outright started blocking IP address ranges of service providers when I get spam from them 2-3 times in a row. This means they are not going to take action, thus need to be blocked
-
On 9/22/2020 at 9:53 AM, gnarlymarley said:
One question that I am not sure if you know, you can revisit any of your tracking URLs and from my experience they will get any mailhost changes you make. You have about 48 hours from the time the email was received by your border server to report.
I did go back and try, and it was then finding the IP address of the old message, but more than 48 hours had passed
-
Yes it is static IP address.
Just reported email again. It is not obtaining the IP address again,
-
3 hours ago, petzl said:
You email server changed? Updated?
No changes to the server. I even redid the mail host for it just now. Still same result
-
I am getting the same thing as of today, and I am my own email provider
https://www.spamcop.net/sc?id=z6650350477z80b0fce72a3dcf5024577c98ea9276cfz
https://www.spamcop.net/sc?id=z6650350591z4d1415e917292ee52ab3f7832ae5fa40z
-
*67 does not really block your Caller ID if you are using a large commercial service such as AT&T,or others similar. The CID is just masked in which there are ways to unmask it.
-
I have been using Thunderbird email client. I have since discovered it is using Spamassassin.. It never did stop any of those coming from Eonix.net. Though I do see it is stopping some spam, as noted with the spam in the Junk folder. None of which has ever been from Eonix.net IP blocks.
On the other hand, I have seemed to of blocked all of Eonix.net as I have not gotten a single spam from them since my last posting.
-
How about this guy?
QuotePete Wellborn, the Spammer Hammer, ...
obtained a $25 million judgment against a Tennessee spammer engaged in massive identity theft and credit card fraud. More than three fourths of Wellborn's practice relates to the prosecution of civil cases against parties involved in spamming, spoofing, and/or Internet fraud. Wellborn has had a primary practice focus on Internet Law since 1996. He represented EarthLink against Howard Carmack, the "Buffalo Spammer," in a $16.4 million case and won. He has been suing spammers since 1998, and has never lost a spam case.
On 5/14/2020 at 10:51 AM, ArtmakersWorlds said:Ok, NOT being a computer tech here, how would I use spamassassin with yahoo email on a mac computer. If that's even possible? I think it's not.
The Thunderbird client has it already included, and will sent it to your junk folder (if it detects the email as spam).
-
It seems Spamcop no longer has the clout it had some years ago. I still report, but nothing usually gets done from most of those service providers. Also to get blocked, it has to be a few people reporting (not sure of the number of reports) the same spammer on the same IP address.
I used to get 10+ spams a day from one provider. The fact the spams came from sequential IP addresses tells me the provider is in cahoots with the spammer. I then tried some other block lists. After reporting, I would see the spammer IP addresses listed in various spam lists, and blocking services I was using on the email server, but for some unknown reason the spam/IP address was not being blocked.
I gave up on block lists and started just blocking that provider IP range. Then I got confirmation the provider is in cahoots with the spammer, when I started getting more batches of spam from another of their data centers in the same manner as before.
-
I guess I will need to look at spam Assassin. Since I posted this, I have had to blocked three more Eonix data centers/IP block ranges (Even had something come in from SpamChimp). They are clearly spam friendly. Maybe time for a campaign to ARIN to have their IP addresses revoked? Do they even do that?
With the mass amount of reporting of Eonix I did through Spamcop, it seems it just does not have the clout it had in the past.
Thanks for the input.
-
Back in early April I was getting a few from Google (when I usually don't). I reported them and they seemed to have stopped altogether now.
-
For many months now, I had been getting ten or more spams from their network. I would report each and every one of them, and would see the ports would go to poc@eonix.net or abuse@eonix.net. After about four months, and the spams still kept coming day after day despite reporting, I decided to just go ahead and block the IP range from which the spams would come from. That sure did stop eonix.net from sending anymore more; so I thought.
A week later more spams would start arriving from eonix.net, Looking, I see they are coming from a new block of IP addresses at a different location.
This has been repeating for a while now.
Another reason I am asking if eonix.net is helping spammers is because these spams were not coming from the same IP address, but the next IP address in numerical sequence. Ten or more spams, all coming from the next number up in an IP address? I mean come on now, they have to be helping, right?
Anyone know of their reputation?
Here is another thing. For a while I decided to add the Sorbs Blacklist.The reason is because after each report for spam from eonix.net, I would see the IP address is on Sorbs. I have noticed it is easy to get listed on there and stay listed. So I add their blacklist, and guess what? The spam from eonix.net listed on Sorbs is still getting to my email server, but legit mail such as from PayPal is getting blocked by Sorbs! They in cahoots also?
Help for tracking spammer
in SpamCop Reporting Help
Posted
You can always look up the IP address and report it to the hosting service