Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by fliptop

  1. Do the IPs get blacklisted by SC? As long as that happens I don't care what they do w/ them.
  2. Howdy all - I seem to recall this happening before, perhaps a couple-three years ago? https://members.spamcop.net/sc?id=z6723973700z580d8f6227bc283c1b918450a2e3c366z Spamcop reports for google spam is being /dev/null'd again. Since about 90% of the spam I receive comes from google's servers, this is not good. The submission always responds w/ something similar to this: Tracking message source: Routing details for [refresh/show] Cached whois for : network-abuse@google.com abuse@google.com bounces (25774 sent : 16844 bounces) Using best contacts No reporting addresses found for, using devnull for tracking. Yum, this spam is fresh! Message is 0 hours old not listed in cbl.abuseat.org listed in dnsbl.sorbs.net ( 1 ) not listed in accredit.habeas.com not listed in plus.bondedsender.org not listed in iadb.isipp.com Anyone have any idea what's going on? Gmail is so ubiquitous, it's impossible to firewall these IPs w/o upsetting a lot of people...
  3. https://www.spamcop.net/sc?id=z6701008650z8443d041021da58dc93c7fd8f5f68e1az Agreed. Just happened today.
  4. https://www.spamcop.net/sc?id=z6700686795z8eefb6baa04238df0bcefe8cf0f71e01z I was wondering about this too, for many months I've had endless "I've invited you to fill out this form" spam and it all originated from google. Been reporting them using Spamcop dutifully and they were going to (IIRC) network-abuse@google.com. But this week, well see above. Even if a report email isn't sent does the IP address still find its way into Spamcop's blacklist? One would think google would *want* to not allow spam to originate from their servers.
  5. I included the 1st line of the body in the original submission. The $null causes the parser to gobble up the blank line separating the headers from the body and incorporate part of the body into the Message-ID: value. If you remove just the $null from the aforementioned header and resubmit it gets parsed correctly. This is the reason I offered to post the original message instead of the tracking URL. If doing that will be helpful, let me know. Thanks, Paul
  6. the last header is as mentioned, then there's a blank line, and the first line of text from the message reads: Do you need an Investor?
  7. here ya go https://www.spamcop.net/sc?id=z6620853362z4a1334258458d03c2ed000ed00bb6c9ez
  8. Lately I've been getting spam where the last line of the header reads: Message-ID: $null when reporting this using the web form it causes the parser to somehow misinterpret the end of the headers and beginning of the body text. As a workaround I just remove the $null portion and post the report. I've kept an example that fails, so if need be I can post the headers for inspection. Thanks, Paul
  9. https://www.spamcop.net/sc?id=z6373673157zfcf5d8744ed20927f013c0ab2388921ez The bottom 'Received:' header has "from cubecube..home (unknown...". When submitted (above link) it aborts parsing the header. When I changed that Received: line to 'cube.cube.home' it parses the header just fine. There must be a bug in the parsing code that causes it to sh** the bed on bad hostnames.
  10. Can't send report: smtpEnvelope (s[at]x.x, abuse[at]x.x): smtpTo rcpt to:abuse[at]x.x (550 #5.7.1 Your access to submit messages to this e-mail system has been rejected. ) This morning I submitted a few and everything seemed fine. Today I'm getting these errors on every submission.
  11. I'm just now experiencing the same thing. This morning everything was working fine. I think we should start a new thread in this forum, though.
  12. I too have been receiving similar responses and experiencing slowness for a few days. Most times the response is something like this: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.37fe2fd0.1341589697.36623e9e Strangely enough, this outage has seemed to coincide with a marked increase in spam coming to me from many sources, mostly yahoo! and google (gmail). Interesting? Yes. Coincidence? Who knows..... Regards, Paul
  13. Hi Andrew - yes, i submit via email then use the HTML form to submit. Hi Don - it happened over the weekend, while I was working from home using satellite internet. This morning, I used the HTML form w/o any problems after I came into work. Therefore, it may have been my connection at home. Regards, Paul
  14. For the past couple of days I've been unable to report any spam submitted via email. After clicking the "Report spam" button on the member's page, the connection times out and a "Bad Response From Server" message appears. The only thing I can do is to remove all unreported spam, which obviously I don't want to do. I'd also add that the HTML form for submitting spam seems to be working fine, it's just the spam that's submitted via email that's having problems. Regards, Paul
  15. I just tried again and it's letting me log in, but when I click on 'Report Now' I'm getting just an empty page w/ a Spamcop header.
  16. I was just about to post the same thing, the "members" reporting page just keeps popping up the basic authentication box asking for my username and password.
  17. hi farelf - i'm not, my mail server is connected directly to the net. i check my server every morning and consequently have a close eye on what's going on. when i notice a marked increase like i have something must be up. i just wanted to know if any other admins out there were noticing it too. regards, paul
  18. maybe, but they're being sent to an email address i've had for 10 years and is widely published. i thought i already was on all the lists. spam from hotmail accounts is up slightly, but none of the new viagra spam is coming from hijacked or fake hotmail accounts. it's all high-speed pools, dialups (i guess), and the occasional hacked server. regards, paul
  19. since last week or so i've seen a spike in viagra spam. has anyone else experienced the same? the From: header reads 'Sales'. the messages are coming from all over, israel, japan, germany, great britian, usa, etc. from the looks of the ip addresses i'd guess most senders are part of a bot-net, and i have seen a few from what appears to be a cracked server (the ip's are not pool handouts). it just seems that for the past week or so there's been a huge spike. regards, paul
  20. hi wazoo - thanks for your thoughts on this. here's the spam i reported: http://www.spamcop.net/sc?id=z1172879549z0...f3cb1045c2e7f1z to me, sccmmhc91.asp.att.net looks like an at&t mail server. the whole point to my original post was to state the reporting address for at&t mail servers should be changed, that's all. if spamcop administrators can do it, great, otherwise i'll just manually cut-and-paste it into the reporting message. later on, i was wondering how the group handles mail servers from isp's that don't accept spamcop reports. not necessarily at&t per se, but any isp. it didn't really have anything to do with the original topic. thanks, paul
  21. is there any consensus among the group about how to treat isp's that do this? what's the point of having a mechanism to report spam if the effort will get you nowhere? i would guess that most of the at&t machines that send this spam are parts of a botnet and are using at&t's or sbc's broadband connection. does at&t really not want to know about these machines so they can alert their (surely clueless) customers of the problem? when a company like at&t has this kind of policy, i have half a mind to block delivery of their mail in sendmail access, with a reply indicating the decision at&t has made in this regard. however, unless every mail server administrator did the same, it's doubtful it would have an effect. in fact, the effect would probably be the opposite of what i would want, because it's likely my clients would complain, and not the at&t customers who are trying to send the (possibly legitimite) mail in the 1st place. regards, paul
  22. hi all - just wanted to let the group know that if you receive spam from at&t's network, you'll get a response that abuse[at]att.net refuses spamcop reports. i called at&t and was told that they should be submitted to abuse_rbl[at]abuse-att.net. just an fyi. regards, paul
  23. i don't use hotmail, i have my own server and about 50 email addresses. most are published, and i used to receive quite a bit of spam. but since declaring war on spam 2 years ago, i've been able to get it from 600-1000 per day down to less than 30. and the 30 i get are the hardcore porn viagra cheap windoze software low mortgage home loan penis enlarging international lotto winners with the best stock picks. as if i'd need viagra with all that hardcore porn anyway, but i digress..... regards, paul
  24. well that bites the big one. what's the point of using bl lists like sorbs if the spammers will just use the bl'd machines to post spam through a web-based imap host? does this mean anyone running squirrelmail or the like will need to start checking web visitors against bl's? egad, it will never stop, will it.............? anyway, to get back to my original question, has anyone else noticed a significant increase in spam coming from hotmail as the last stop before reaching your local server? thanks, paul
  • Create New...