its8up
-
Posts
20 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by its8up
-
-
I have a timer run google suite scri_pt that filters spam box contents with common keywords and emails headers to spamcop (as well as occasionally using common keywords to mail "dev/null" spam to the appropriate source). Of course, this means I must come by here every couple days or so to confirm and manually click the report link. Was reporting spam like normal, then ran into a strange issue. Clicked Unreported spam Saved: Report Now link and it went straight to this tracking URL:
https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z
Found the spam that apparently breaks the SPAMCOP page. It is below for your pleasure. Any idea what is going on with this thing?
Delivered-To: *********@gmail.com Received: by 2002:a4a:3016:0:0:0:0:0 with SMTP id q22csp1931387oof; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsCZ6pBhPe36NuRKdT0EMsXknH3fFGbThN9KldAi0TfyxqmwPz2vcG0j2ERgp+jUmn/eTJ9 X-Received: by 2002:adf:aac6:: with SMTP id i6mr5448025wrc.353.1584289188462; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584289188; cv=none; d=google.com; s=arc-20160816; b=zJ9PHkIdDyTy2PsnMjDH8uzyhmB2Gp+3oal157sBSgfNJGa5BlJ/E6HNgi7cfo+nea BUGRvr+4fn0EZHLqT4V75TFoTQ6XWC5ZnrtZGbKXkppDE/0da3tUtA/suvSO2Z3wdo4a zw9F6/5KfiYyPavw/twFrPuETLtYnAe1dWeD9WmAybLRmpQnB41VM6rVHUyCezBd4BHP ozeMZo1HkjWLIdZ5iSEXYYtAOcI0lK8r3/yJ16sMEtOHxwfhyISGBo9SzZmMZV/A+j9o fRlia56QMGB0VT3DmmzanjnRQIPLbjSN+yVe4jbQu7ebATnI+UKqhnThpO8r4pztvXxE rf7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=reply-to:date:from:to:subject:content-description :content-transfer-encoding:mime-version:message-id; bh=C0GmZhwjZqrXpIa4xSA+O5u22Z8WgX/O1JShatnvvkI=; b=DtRgqzxrV2YoaVwR9Zb/sTCEw/TkYpM2gacBajNylF3BT3ghuiuK0mEIYI6qRmS2R5 zHjtQx6kBqWtn+dRXX4ysAmDXUux++Jd43fzijV1cAR7WJ7/4wbqkbTTZejMOlkmrORh //NmTycczPlM0M67oSuT+c2aVjMQmOisU23ttnFNskZ741XtV+pvJbH0FTggccVNOc5Y ugXp4DGBaKVBauzqzoWaiYjCT7y+ET5LVFJHRmOAJ5CcYMMwpJ56/3J9I8iNxCJzTbii EeGSUUnblU+jJK3TQTecEdNg7vC4gRdT9icM2Oq8+r23sKj7z3S470u5itzYgRedWboN AKfw== ARC-Authentication-Results: i=1; mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Return-Path: <boc@bank.cn> Received: from relay1.macrois.de (relay1.macrois.de. [81.209.169.71]) by mx.google.com with ESMTPS id e17si12912723wrp.559.2020.03.15.09.19.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2020 09:19:48 -0700 (PDT) Received-SPF: temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) client-ip=81.209.169.71; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655; Sun, 15 Mar 2020 17:19:41 +0100 Message-Id: <202003151619.02FGIUm2032655@relay1.macrois.de> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: KEEP IN TOUCH To: Recipients <boc@bank.cn> From: "'Wang Wei'" <boc@bank.cn> Date: Sun, 15 Mar 2020 17:19:34 +0100 Reply-To: errrwew.d.son@gmail.com Hello, I have a business proposal worth $4,000,000.00 I wish to initiate with= you and you will be compensated adequately upon agreement and conclusion. = Do send your response for more details. Regards, Mr.Wei -
You lucky dog! Mine always drops to nil after manual reporting, then comes right back.
Several weeks back I had a chat with Amazon about Spamcop and they replied with genuine interest and whatnot. This may have led to better communication with spamcop and some overall Amazon spam activity reduction, though I cannot be certain. Unfortunately, as I'm sure you've noticed, spamcop still sends amazonaws reports to the trash which is a clear indicator that the amazonaws department is not active in this process.
My reporting from gmail to spamcop is automated on 3 accounts. Automating direct mailings for amazonaws is not simple due to the vast number of small IP ranges they own. Going back through spam to locate amazonaws mail for manual reporting is a real hassle, and the nuances of spamcop's IPv6 fiasco certainly does not help identify which of the 3 reporting accounts is the source.
Lacking any other automated choice, my fight against the amazonaws bad apples now includes mailings to their favorite URL shorteners, image hosts, and spoofed domain hosts. Hootsuite is the absolute best about quickly redirecting their ow.ly and owl.li links to nothing, and ddnsfree is pretty quick about dropping/resetting domains. Bit.ly and lnkd.in do OK too. Others, including amazonaws image and link hosting, not so much.
Good luck in your spam battle!
-
You could manually forward spam reports, but the people in the abuse@amazonaws department are USELESS. Try sending a copy of the full header/email to stop-spoofing@amazon dot com. Every time I've done that it all stops in a few days and can take as long as a week or more to return in the same numbers.
Yo spamcop! Amazon owns amazonaws. Any chance you could start forwarding amazonaws spam to a better Amazon owned abuse address that will actually do something about it? Seriously -- I've had great results with stop-spoofing.
Straight to tracking URL?
in SpamCop Lounge
Posted
Good eye! Adding a .replace() statement in preparation for a rash of those. Thanks!
Why does google allow invalid records through the pipe? Because they are too busy counting money to bother with syntax checks. This ain't the first issue Google caused for spamcop. Cannot rely on any standard formatting when the largest gorilla in the market chooses to march to the beating on its own chest. <insert angry gorilla noises here>