Hanco
-
Posts
135 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Hanco
-
-
7 hours ago, petzl said:
Then "Forward as Attachment" the spam to your 'submit' SpamCop address
That’s the problem 😔
Theres no way in iOS, either in the native Apple email app, nor in the iOS Outlook app, that I know of, to:
1) Forward an email as an attachment on a new email
2) To View the email headers/plain text
To achieve the capability to report email to SpamCop from an iPhone or iPad, a third party email client is needed because Apple and Microsoft Outlook are not the answer, as far as I can see.
15 hours ago, hmkemerz said:Could someone please "open my eyes" and provide me with an instruction (or refer to solutions I did not find yet) about how to make possible what I tried to describe?
Look at AltaMail for one possible solution. Not sure about the attach to email, but it allows viewing of the email headers and plain text. No longer free I think, but has interesting features.
Please come back and let us know how you get on Michael. You won’t be the only one who has this question over time!
-
23 hours ago, gnarlymarley said:
It is interesting that all their networks all point to
abuse[at]hetzner.de.
Yes, because.de is a country with very strict privacy rules. Hence they asked a couple of times what they could tell their criminally malicious “customer” about my complaint (before kicking them off their network anyway... and into a Lithuania outfit which seems to have a Russian based parent or at least very similar named company which is now host of most of the targets of the spam in the last 36 hours))
-
5 minutes ago, petzl said:
Gmail allow to report spam as Phishing which AWS support allow?
Last link gives site blocked/fraud warning. Very probable all of amazon will be included
https://crypto-marketnews.com/btcprofitnow/index_gm.html?affid=CellX_Globalmarkets&cxd=gm_35731_601854_w5hgt2biq780f4up1to2tafu&bta=35731&nci=5532&afp=w5hgt2biq780f4up1to2tafuI see what you mean. Thanks
-
On 9/18/2019 at 3:02 PM, petzl said:
If enough amazon spam get reported as phishing, which it is. the blocking of amazonaws domain is automatic but takes a lot,
What do we do to report “as phishing”?
I’m not sure how to make the report as phishing. I’ve been using SpamCop for a lot of years - only in forum for a few though.
-
On 8/13/2019 at 11:26 AM, gnarlymarley said:
If the reports are not helping, at least the reports are feeding the block list.
There is that. Yes.
On 8/13/2019 at 11:26 AM, gnarlymarley said:One thing you might want to try reporting to their ISP.
Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)
-
On 7/24/2019 at 9:34 PM, HeatherReid43 said:
hetzner.de
They bounce reports asking for a form to be filled in.
I have a standard reply:
I’m sorry I don’t have time to fill in your form, but you have the information needed to follow this up* - I’m a European citizen and you’re allowing the processing of my email address in your network. That is not acceptable. Please do NOT share my details or any of my data with your “customer”.
They have asked me by follow up if they can share the date and time of my reported received spam email. I apologize and say no and it should not be necessary to do that.
This was repeated several times when “the criminal spammer” was using their services multiple times to host their redirect sites. It ends when I send another report and they simply reply with a curt, “I looked at the website we are hosting and it is a blank page” to which I tell them what PHP files they will see and that they are simply acceptors for parameters and then redirect. Then they reply with, “The website is not hosted by us. Please contact the host xxxxxxxxx” (and the host is a Lithuania based outfit... doesn’t Namecheap have Lithuania links too?)
* footnote: If they want standard format reports, accept munged from SpamCop eh? Smacks of a dodgy ISP really
-
2 minutes ago, petzl said:
If you get a overdose of spam with Gmail they will close your account so it IS a DDoS attack from AWS.
Never knew that.
-
This may be wrong to mention here but it closely links with the only source of spam I deal with (these jerks) - I noticed SURBL .org was offline a while today. It was in a quiet period for the spamming (at least to me) so maybe they were using their resources for other reasons than spamming? DDOS anyone?
(Leaving to get some aluminum foil for a new hat now)
-
5 hours ago, Lking said:
You might try stop-spoofing@amazon.com
I think the Amazon business divides the IPs. Sometimes EC2 responds, other times IP Management, and other times a more general address. I first noticed the split when SpamCop wanted to report rather than switch @ for #
-
2 minutes ago, petzl said:
clicking every link or any link that often
Oh absolutely. I try hard NOT to click the links. Ever.
The Imgur team are good guys. They’ve got really quick at deleting. I send in my submissions in a very recognizable format they know will be a genuine report of ad images.
Today, this jerk’s domain site hosted by Linode was pulled really quickly (within minutes of me getting their email. The images were also deleted very quickly.
So quickly did this all happen in fact, that the dense idiot behind this process was sending out emails from the Amazon hosted mail service with “image not found” errors in the body and still linking to the non-existent site.
Shame Namecheap and Amazon cannot get their acts together. Be more like Imgur and Linode.
-
1 hour ago, NanaBird said:
. If it continues much longer I think I will file an official complaint with our Canadian government and the RCMP.
Hope that helps. I include the authorities on all my Amazon reporting. Not sure it has any impact here in this country. Canada may be different...
-
1 hour ago, NanaBird said:
s.free.fr
You are dealing with a group of very well known spam/phishing jerks (at least, we’ll known to me)
Namecheap are almost exclusively the domains they (1) Create, or (2) Takeover.
The s.free.fr is a redirect site (short url) so the actual sites are not linked to in their malicious emails. Thus reducing risk of their actual redirect site being listed on SURBL or such.
Their actual site is not the ultimate destination either, but a redirect dance site to wherever they fancy sending you.
You'll also probably find they use other sites for image hosting (to deliver to their malicious emails when opened). Often they use “imgur.com” - and imgur will happily delete those as against their terms of service. Report here, if you want to help make the malicious emails look more odd than they do already 😏
-
On 10/4/2019 at 4:47 AM, HeatherReid43 said:
I hope I am not bringing out a thread from back from the grave
today i have received multiple instances of spam originating from AWS
...
any idea how to stop this onslaught ?I’m sending mine to:
abuse@amazonaws.com, abuse@amazon.com, ec2-abuse@amazon.com, ipmanagement@amazon.com
That seems to be working.
Were your target sites hosted by Lithuania outfit vpsnet? All mine were (australy.win, australy.bid, bulkoffers.win)
The target site australy.bid went onto SURBL Phishing blacklist Sunday/yesterday.
Not sure why/how, but the good news is that Nanecheap finally deleted the registration for the domain. That is something they refused to do several times (on February 6 and Feb 8 this year for example) despite emails for “number 1 milf site” etc!!
My level of frustration with Amazon (and with Namecheap) reaches far too high a level at times LOL
-
On 10/3/2019 at 11:07 AM, Shoo said:
I have tried multiple selections of the message source pasted into the two boxes and I still get a "No Data Found" message.
I got that a few times too. I refreshed and sometimes it took as many as 4-6 attempts but it eventually worked. Something was wrong but it wasn’t my ability to copy/paste
-
30 minutes ago, Lking said:
Different block list, different objectives, different rules.
Yes, exactly. Any ideas how to help them get onto those lists?
-
55 spam emails from Amazon IPs in the past 2-3 days... all designed to push traffic to one of three domains. All of no interest to me on topics from Gutter Guards, Home Warranty, some miracle instant translator device, some cure for a nerve condition, a flashlight, how stainless steel reverses diabetes, boosting testosterone, dating is easy with their Asian ladies, anthropomorphic renovation, CBD oil and miracle pain cures, dating for people much (much) older than me, and mortgages.
A surge recently in volume of this crap and a significant fall (to zero) in the Canada Pharma sh**e, and the “you’ve got to send me your personal details so you can get $1m that is yours”. Also not had the emails from my close friends by name with “saw this and you should look” links (typically link to a site domains created with Namecheap less than 24 hours ago, and always under 3 days ago)
It seems really clear this spam bot group is pushing all content through Amazon, and Amazon is either powerless, or doesn’t want to actually stop it.
Rarely will SpamCop offer reporting to Amazon, instead doing the abuse#amazon thing.
Should we send direct to Amazon or not? Which is likely to cause maximum potential nuisance to the spammer and reduce volume longer term?
-
23 hours ago, Lking said:
why should they??? They don's SEND any spam. Remember the objective of the SCBL is to block/filter incoming spam, not rate all the IP in the world. In the beginning spammers would include phony links to NY Times/ Washington Post, etc. to make it look like the spamvertised product was valid. A dynamic proces
Why should they? I agree with you that innocent bystanders don’t want to be impacted. I’m talking about three specific domains/sites, which exist ONLY for spam operations.
Obviously I appreciate determination of a site existence only for this purpose is not always straightforward. And maybe this is not the place to ask about it. Just curious how a domain like “australy.bid” or “australy.win” gets on blacklists like SURBL. It certainly seems like it is not achieved by the reports sent to the host this week
-
3 hours ago, Lking said:
Lets start with the SCBL deals with IP addresses not domain names. As for which IPs are blocked, have you looked at https://www.spamcop.net/spamstats.shtml or https://www.spamcop.net/fom-serve/cache/351.html
Have you looked at https://www.spamcop.net/fom-serve/cache/297.html scroll down to "Rules" Speed all depends.
Rules:
- SCBL lists IP addresses with a large number of reports relative to reputation points. The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible.
I guess I won’t know what that means in actual volume terms.
-
The SCBL weights reports depending on how recently the mail was received (or "freshness"):
- The SCBL counts the most recently received reports 4:1.
That’s me and these reports I send for sure. Avg reporting time 2 hrs now. Very fresh!
- The SCBL does not count reports regarding URLs or addresses in the body of the email. Therefore, the SCBL does not list websites or email addresses used to receive replies in reported email, unless that IP is also used to send the mail.
So, for spam emails that are from Amazon AWS IPs, where the body of the email is sent to drive traffic to the IP address of “australy.win”... australy.win’s IP address will never become blacklisted through the reports I send? The Amazon AWS IP might though?
- The SCBL will not list an IP address with only one report filed.
I hope someone else is receiving the junk I get and is bothered enough to report
-
On 10/1/2019 at 5:29 AM, j4v3d said:
Newbie here! What happens once you submit the spam using the form on the website?
When can you expect to see less spam emails coming through?
I wish I knew what drives inclusion of sites (or their Domain Names) in blacklists. I’ve been using SpamCop for a long time, but I’ve not worked it out. I feel like it has definitely reduced the spam I get. Many years ago I received very few every year. I stopped reporting them. Then about 18-24 months ago it started again.
Either I was in a data leak (pwned) or somehow I did get added to a list. Maybe a random bot sent email arrived and I opened it? Heaven forbid, but maybe I even replied to one?
Ive re-learned submissions, deciphering the plain text/headers and the “tricks” of the criminal idiots behind spam/phishing emails.
Now they all get reported. Average submissions time 2 hours. I also report image content when hosted off their spamvertized domain site. Some image hosting applications respond in under an hour at times, deleting the files. The spammer who continues to blast me has noticed and has to include “Can’t see the images? View unblocked email here” (or similar message at the top of their spammy emails)
I wish the blacklisting was faster. Especially SURBL, because then see the domain registrar take actual action to shut down one more spam site the spammer moves onto their next one but it causes them inconvenience which reduces the spam for a while!
Currently I’m dealing with ~24 spams per day, and all for the same three domains hosted by the same provider. Hoping for a slow down soon 😊
Best wishes.
-
6 hours ago, Lking said:
this would be the place.
Cool. Have I done it? (By the post above)
Or something else “to do” in this place?
thanks
-
3 hours ago, Lking said:
When using the web form to submit spam, after pasting the spam in the box and clicking <Process spam> the tracking URL is at the top of the next screen.
Thank you!
-
I tried 5 times (one of those being many minutes after the other 4 so I could paste a link here in the forum)
Even re copy/pasting did not work. Something is wrong today or the spammers are finding ways to cause issues.
It did work now though. Worth knowing.
Would be good for the tracking link to be available in “Past Reports” (I had to recreate for my forum post above)
-
Same for me today with multiple spam emails. I copy paste the headers/plain text into the form and submit.
https://www.spamcop.net/sc?id=z6577975043z5717151a0c3192ccd48d77159d8dbd4cz
Does that link above help? Is there a place to forward the plain text for further investigation? Seems like one spammer in my case has found a way to break the capability to report.
-
On 9/28/2019 at 12:12 AM, petzl said:
Looks to me like Amazon abuse desk is behind and protect
Criminal phishing, bogus reply address, bogus unsubscribe
Be very wary about giving Amazon credit card information they will have bogus charges appearing on it,
Some bogus charges on my credit card for kindle books I noticed, recommend canceling accounts/credit cards they have access to.
26/07/2019 Amazon Australia Servi Melbourne Au
Entertainment & Recreation $13.99
26/09/2019 10:44 Amazon Australia ServiMELBOURNE AU $13.99Although after spotting this I rang and they refunded the money I believe misappropriated
27/09/2019 Amazon Australia Servi Melbourne Au
Deposits $13.99...Wow, that’s not good. Credit card provider would likely have reversed all those if Amazon didn’t I guess.
Meanwhile here, Amazon IPs are the source of regular spams by the same criminal group now, every day for:
bulkoffers.win / australy.win / australy.bid
I wonder how many times it takes reporting these through SpamCop before we finally see them go on SURBL or similar...
October 2019 - A month different to others?
in SpamCop Lounge
Posted
Has this happened before?
Look at that green “spam submitted” line in the screenshot I attached. Normally spam submitted leads to a higher volume of reports.
October though? We see a significant amount of spam reported with reports not sent.
If my experience is anything to go by, there was a major increase from one group of spammers (phishing activity actually, but not the overt fake Apple sites, Amazon, Walmart, Netflix etc login pages)
And it was mostly email coming from Amazon IP addressees, which I always see SpamCop track but not send reports. Instead, I send the reports directly myself.
But is that what this month’s driver was? The group behind these daily deals of loan offers, warranty offers, cures for bizarre conditions etc.? They seemed to be quiet, then boom, daily 12-25 emails. Mostly sites with domain names from Namecheap (they said to someone in response to a domain abuse report, that they have a “huge volume” of support requests at the moment)
It seems like volume is down now (or the jerks behind the flow do not work weekends) and Amazon are “caught up” on the backlog of reports. Maybe the green line will go back below the blue...