RobiBue

the problem with hotmail/live.outlook/microsoft is that when you copy/paste you have an extra CR/LF (empty line) between each line and that disrupts the parser. i.e. I have this: which ends up looing like this in notepad: Received: from BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com (2603:10b6:406:80::21) by BN8PR14MB3108.namprd14.prod.outlook.com with HTTPS via BN7PR06CA0008.NAMPRD06.PROD.OUTLOOK.COM; Tue, 8 Oct 2019 17:12:07 +0000 Received: from BN3NAM04FT064.eop-NAM04.prod.protection.outlook.com (10.152.92.54) by BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com (10.152.93.177) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.20; Tue, 8 Oct 2019 17:12:07 +0000 at least that's what I get, an empty line between each line see https://www.spamcop.net/sc?id=z6579716938z8475af47adf145b28b287648c1133132z

Ah, the reason why you can't see the "coded email address" is because you have an ISP control center account. you might need to try out different links and options, like: clicking on [control center], or [preferences], or trying the [Action:] option other than [Find reports v] option: (I don't know what other options are in that list... as I don't have an ISP control center account) <-- this one here maybe... or wait until someone with such an account can help...

got it. although now-a-days there are not many email programs that let you attach emails (including headers). forward them, yes, but you lose the mail's identity. I believe many email providers changed that to protect their breadgivers/spammers...

well, when you submit the spam (depending on the way you submit it -- specifically in my case, copying and pasting the spam into the submission box in SC) you already got the raw spam, and as long as you don't click on any spam links (and also have a reliable anti-virus running on your system) you should be all good ...

no prob all gouda 🧀

Ah, that's probably why I got this error a few mins ago: Sorry, there is a problem You do not have permission to view this content. Error code: 2F173/H

SpamCop automatically does that (well, with the email address) see one of my submissions: https://www.spamcop.net/sc?id=z6578044857zc86d7fb1db68d76d82418caac89c33fbz Delivered-To: x Received: from fundamental.avisayon.com (fundamental.avisayon.com. [188.213.212.42]) by mx.google.com with ESMTP id q67si3118259wme.53.2019.10.03.17.05.23 for <x>; To: <x> To: <x> my email address entries are obscured as you can see in the link itself, and the names, well, I get spam emails addressed to different people that it doesn't bother me if they have RobiBue, MaryScott, or the Pope of Rome in the name

Question: before you submit the spam without body, are you able to write <empty line> spam completely encompassed in subject line with <empty line> actually being an empty line and not the words and angled brackets ?

Many times I have had these, it usually would stop if I didn’t report the links. And many times, reporting manually to amazon (since these seem to go to /dev/null ) other than that, ride it out...

if thunderbird takes after firefox then, unless habul gets worked on, the tool will be useless since xul is being removed permanently. sorry to be the bearer of bad news BTW, I think I remember legolas... wasn't he also an abuse admin like afterburner and nyarlahotep?

looking up the abuse.net db on mschosting .com shows the aforementioned list... https://www.abuse.net/lookup.phtml?domain=mschosting.com hostmaster and postmaster addresses are AFAIR quite old (10+ years) and often not used anymore... therefore the bounces. The tmcops address could be an old entry as well and it was never updated... There is also another possibility that all the addresses DO exist, but they have been either neglected or forgotten and the mailbox filled up and overflowed... ergo another bounce... Officially, APNIC lists noc-abuse for the mentioned IP address as the abuse address https://dnslytics.com/whois-lookup/110.4.46.157

yeah, spamcop has a few issues with APNIC when looking up the addresses in ARIN. Unfortunately they are more than just a few 😞

On a certain date, sendgrid probably asked SC not to send spam reports. On that date, or soon after, somebody manually devnulled the sendgrid abuse address. That date would be interesting to know, as well as the reason the address was devnulled. That's what Petzl means with perhaps someone with backstage access could shed some light, or clear up these murky waters 😉

I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not. Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

If I read this correctly: 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me) 6 of the 10 have all been now banned for spamming and received a warning point (for posterity) this leaves 4 (including me and you) and 2 of them have not posted yet so who posted the other 6 spams? I am a bit confused... And according to what you say, there aren’t enough people around to mark the spam... bummer!

Oh dear, I think I created a monster 😉 I haven't been active recently. just been popping in occasionally (lately)... Anyway, back to the discussion: I do believe that the login in created by carbon entities who are promised a certain amount for every successful post approach 1) I think it's too complicated, as there are too many diverse systems floating around. approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best. approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch. So let's say it's carbon entities and not silicon based bots. Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working? My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.

Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...

WOW! wouldn't it have been easier for them to set up BPL? at least as redundancy? Internet: the final frontier. These are the enterprises of Telo. Its continuing mission: to communicate in strange new ways, to seek out new fiberoptic breaks and new dug-out holes, to boldly go where no internet has gone before. Besides, who needs the fiberoptics if you have Dilithium crystals. Just transmit and receive with subspace amplifiers... Live long and prosper nyuk nyuk nyuk 🙂

went one up on my previous (2 month old) post looking at it's /18 range: https://whois.nic.ad.jp/cgi-bin/whois_gw?key=202.238.192.0/18 SC itself still returns " No reporting addresses found for 202.238.198.169, using devnull for tracking. "

I don't know why the links don't appear in the report. I see them both, in the text/plain part, as well as in the text/html part of course, I also don't know why you'd be getting spam in German... unless the spammer thinks you're in Austria 🤣 but yes, netops at singlehop dot net would be the place to send the link reports to. 3 of them are links, and one is an image...

well, it is very possible, that those 2 are legit, just found SC, and decided to sign up in the forum.

gotcha! we need a

today, as of 11AM CDT: 17 new members (listed under All Activity) (well, one from yesterday, but almost midnight) 12 of them posted 1 spam each 2 of them didn't post anything 3 had a post, but it didn't exist (Content Count: 1 post -- but nothing found) 28 new spams 14 of them from listed new members the other 14 from unlisted members but all created within 1 hour of the post (almost as if they deleted their own user themselves after posting...) and while I was busy during 1 hour while this post is sitting here, cleanup has started and is just about finished ( I need to rephrase this somehow... my post was sitting idle in the editor while I was busy doing other things. When I got back 1 hour later, I noticed that cleanup was being done.)

Completely agree, IP blocking is not an option. and don't forget china true, didn't realize that until you pointed it out Didn't know there were so few uf us. (if I'm on the tablet I don't report because I have to go into the post to report it. with the pc it's easier using the mouse hover) yeah, again needed that to be pointed out, but it would require several people to report the post to be hid, and as I mentioned, it wouldn't be unreachable, only marked as hidden, but anybody wanting to read it could still access it. wrt PITA; I know, that's why the ideas being thrown around. Now an undocumented, unmaintainable/chaotic, up the wazoo system is not exactly what I had in mind... (sorry, pun intended) hopefully, with input of good ideas and weeding out the bad, a winning system could be proposed for third party implementation

Hmmm... now here comes a thought... I know, still dangerous 😉 What if... there is/could be a way to check how old an email account is (when it was created) ... Serious Callers Only (yeah, been reading Iain Banks lately 😉) won't use throwaway (recently created) emails to sign up and post in SC (at least I don't think so) unless they are spammers... Of course, if I had my own mx/mail server, I would be using emails, new or old, but mostly with @mydomain.tld (historically that used to be done in usenet/newsgroups to ensure that scavenged addresses could be pinpointed to a certain usenet base (at least that's how I remember it from way back when 🙂 ) Aaaanyway, so spammer creates emails galore on gmail/outlook/protonmail/yandex/whatever and tries to sign up in forum. Forum says your email is too new, you need approval from admin to post new posts. I know, you mentioned before about legitimate users that want to post, but their email addresses (on the aforementioned big email houses) are usually long established. So the email address age would prevent this spammer from posting right away, and his address could be placed on the ban list for future attempts... Now, OTOH, spammer uses own @mydomain.tld addresses. Even if the address was new, he would be allowed to spam as before, but now, the domain could be blocked, and to buy domain names could turn out to be costly for this kind of spam shop... and then he would drop the domains and someone else, legit picks them up and has them already blocked here, so somewhat a timed block could be set in place, coinciding when the domain name expires Was busy today and didn't have time to report early but I did read your comments and explanations and agree that IP blocking wouldn't be productive. Now of course, the whole discussion is more or less moot point, since invision would have to implement all this and I have no idea how willing they are to make changes at this level... and if (as I mentioned) there could be a way to check big email house creation date of addresses... also, since SC forum deals with valid spam, a forum spamkiller would unfortunately throw too many false positives...