Jump to content

RobiBue

Memberp
  • Posts

    453
  • Joined

  • Last visited

Everything posted by RobiBue

  1. yeah, and I sure hope so soon
  2. with the current amount of junk, this could be a good start, but it has the problem of there aren't many moderators around (actually, currently I have only seen one making his daily cleanup rounds -- except in Winter when the snowstorm breaks his Internet connection for a few days), that's point 1, and he would have to vet every new poster, regardless whether it's a legitimate new member or just another forum spammer/scammer. Whoever it is, will have to wait until the mod logs in and checks the messages. That could discourage legit posters because they can't see their new message for a pretty long time depending on when they posted it, and what is going on at the mod's end... oh, πŸ‘‹ hey Lou πŸ˜‰
  3. yeah, but... how can one achieve a higher level of membership without "posting"... starting a new topic or replying in an existing thread, both are equally bad when it comes to junk. just waiting? some of them already do that. they create their "personas" a day or more ahead due to mandatory wait times in some forums. hence my suggestion of already established members reporting and by adding reports, user gets blocked from posting until mod either kicks them or re-allows access. I'd have several ideas or suggestions that could be discussed... Yes, maliciously blocking existing members is always a downside of such actions edit: as I am adding this, there are 9 new πŸ’©posters in the system (one of them created their account on Monday) and three of them actively posting their πŸ’© at almost 5AM CDT
  4. snakes don't care where they post, as long as they can earn their bucks. Honestly, I do not know what their incentive is, if they get commission per click, per proof of post, or per how long their spew was up until it got removed. would be interesting if one of them snakes could enlighten (sorry, a thing of impossibility) Hah! (LIGHTBULB!) πŸ’‘ How to train a snake: again, incentive (up-side) for the snake: when do they get paid? if someone clicks on their spew? have a snake pit for their garbage with a bot clicking on links only in that pit... well, probably bots won't be counted for clicks, but who knows, maybe a "promise" that if they post in the snake pit, people will click... ok, I lied....
  5. Thank you kind sir! This morning I noticed, amongst all the "forum junk" that it was on. now it's finally off! and you probably had a heck of a time mopping up the waste in here... there were about 6 characters placing their πŸ’©... sorry 'bout that I still wish there were a way for forum members to mark those ppl and as soon as one crosses the limit, they are blocked from posting... I believe it would save you some grief and a lot of time....
  6. and as I type, one of these guys thinks he's having a field day... I just wish that with every reported forum spam, the sender would get a n-minute timeout (like 15minutes) to slow them down... after so many reports the user would be flagged and could only resume posting after an admin cleared him, her, or it, they, whatever pronoun... hey, I'm inclusive
  7. Thank you. Today I noticed that it's not appearing anymore... Appreciate your help and now back to dealing with this forum spammer...
  8. wow! seems like I missed something!
  9. thanks done that before, but keeps reappearing every time...
  10. somehow every time I open the SC forums, there is a floating banner on top of the page telling me that there are System Outages Tuesday, October 18, 2022 I don't believe we should still be getting this warning or notification anymore.... 😁
  11. Historically speaking, getting the reports to the right players has often been a problem, especially when an ISP passes the info to their spamming customer and they "whitelist" the address used, but pass it on to other spammers for retaliation... When I report a spammer manually (not through SC), I have a special Yahoo! address for that purpose. Last month, I received a reply from one of those ISPs asking for unmunged headers because their customer can't find the Yahoo! address in their list to stop the spam... and that's the reason SC does not send that ISP any reports.
  12. I know that it doesn't make sense, but there is no other explanation... (and also sorry for this "very long dissection") TL;DR: IronPort mail server changes the Subject: line. Somehow end of March, SpamCop's servers were moved (at least that's what I understood) and the new flow of reports goes through a different set of mail servers (or at least one additional set.) Here's one I took apart which is the first [SUSPECTED spam] in over a decade (back between November 2008 and April 2009 I received a few like that marked by Barracuda but it caused more headache than good so the list manager fixed the spam filter to disable the "subject mangler") Now just to clarify: this is not the one from back in 2008/9; this is the first one I received like this on April 1st. Received: by 2002:a05:6520:144:b0:258:69b6:a43 with SMTP id n4csp534227lku; Sat, 1 Apr 2023 11:33:58 -0700 (PDT) Received: from esa1.spamcop.iphmx.com (esa1.spamcop.iphmx.com. [68.232.142.20]) by mx.google.com with ESMTP id b11-20020a621b0b000000b0062dabeefa60si5083852pfb.277.2023.04.01.11.33.57 Sat, 01 Apr 2023 11:33:57 -0700 (PDT) X-IPAS-Result: [some data] IronPort-Data: [some more data] IronPort-HdrOrdr: [a little more data] X-IronPort-Anti-spam-Filtered: true Subject: [SUSPECTED spam] [SpamCop (2603:10b6:408:10b:0:0:0:15) id:7252589014]Verification X-IronPort-AV: E=McAfee;i="6600,9927,10667"; a="154996" X-IronPort-AV: E=Sophos;i="5.98,311,1673942400"; d="scan'208,217";a="154996" Received: from vmx.spamcop.net ([184.94.240.100]) by esa1.spamcop.iphmx.com with ESMTP; 01 Apr 2023 10:33:55 -0800 IronPort-SDR: [other data] X-Corpus-CASE-Score: 0 Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 01 Apr 2023 11:33:56 -0700 Received: from [my IP address] by spamcop.net with HTTP; Sat, 01 Apr 2023 18:33:56 GMT so I send the spam as email and the system registers my IP and the time it received it Received: from [my IP address] by spamcop.net with HTTP; Sat, 01 Apr 2023 18:33:56 GMT then there is some "internal" handling: Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 01 Apr 2023 11:33:56 -0700 Received: from vmx.spamcop.net ([184.94.240.100]) by esa1.spamcop.iphmx.com with ESMTP; 01 Apr 2023 10:33:55 -0800 sometimes it's esa2.spamcop.iphmx.com . here I have the inkling that esa1.spamcop.iphmx.com is the IronPort server that handles the spam volume and changes (or adds to) the Subject: line, since the Subject: line is right there in between the X-IronPort-... and the IronPort-SDR as well as X-Corpus-CASE-Score headers. Then Google receives it and places it in my inbox... reports that are unaffected look like this Received: by 2002:a05:6520:144:b0:258:69b6:a43 with SMTP id n4csp1220378lku; Sat, 15 Apr 2023 12:01:56 -0700 (PDT) Received: from esa2.spamcop.iphmx.com (esa2.spamcop.iphmx.com. [68.232.143.151]) by mx.google.com with ESMTP id up37-20020a170907cca500b0094f3b71946dsi558548ejc.870.2023.04.15.12.01.55 Sat, 15 Apr 2023 12:01:56 -0700 (PDT) X-IPAS-Result: [some data] IronPort-Data: [some more data] IronPort-HdrOrdr: [a little more data] X-Talos-CUID: [data] X-Talos-MUID: [data] X-IronPort-Anti-spam-Filtered: true X-IronPort-AV: E=McAfee;i="6600,9927,10681"; a="563322" X-IronPort-AV: E=Sophos;i="5.99,200,1677571200"; d="scan'208";a="563322" Received: from vmx.spamcop.net ([184.94.240.100]) by esa2.spamcop.iphmx.com with ESMTP; 15 Apr 2023 11:01:53 -0800 IronPort-SDR: [other data] X-Corpus-CASE-Score: 0 Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 15 Apr 2023 12:01:54 -0700 Received: from [my IP address] by spamcop.net with HTTP; Sat, 15 Apr 2023 19:01:54 GMT From: <me> To: <me> Subject: [SpamCop (2001:8d8:81c:9c00:0:0:63:3ff4) id:7255148248]=?UTF-8?Q?[Easy_Litiges]_D=C3=A9tails_de_connexion.. Interesting is that these have X-Talos-... headers and the subject line is after the From: and To: lines. before the change of end of March: Received: by 2002:a05:6520:144:b0:258:69b6:a43 with SMTP id n4csp229177lku; Mon, 20 Mar 2023 03:02:34 -0700 (PDT) Received: from vmx.spamcop.net ([184.94.240.100]) by mx.google.com with ESMTPS id t199-20020a37aad0000000b006fef590aaf1si2538508qke.0.2023.03.20.03.02.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Mar 2023 03:02:33 -0700 (PDT) IronPort-SDR: [other data] X-Corpus-CASE-Score: 0 Received: from prod-sc-www01.sv4.ironport.com (HELO prod-sc-www01.spamcop.net) ([10.8.129.225]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 20 Mar 2023 03:02:33 -0700 Received: from [my IP address] by spamcop.net with HTTP; Mon, 20 Mar 2023 10:02:32 GMT From: <me> To: <me> Subject: [SpamCop (200.34.164.202) id:7249958650]Your Bitcoin Payment there is no esa1/2.spamcop.iphmx.com server. Google received them directly from vmx.spamcop.net. At least these are my findings, so I have a very strong suspicion that Cisco added an extra "outgoing layer of security" to the handling of the emails, and unfortunately, since they "are spam ", they get flagged... YMMV
  13. and just now, I did another search in my history and found that back in 2009, a mail list running Barracuda had exactly the same add-on. The list manager did remove it "I believe I've turned off the subject mangler." 😁 but that was in 2009...
  14. Since April 1st I am receiving the occasional spam report (the ones I send to myself from spamcop) which has the [SUSPECTED spam] marking added to the front of the subject line. I have the feeling that IronPort (SpamCop/Cisco) itself is adding that stamp, since it is coming directly from there. I get my mail through google, and only a few of the spam reports since 20230401 have that stamp, and only the spam reports. Not the spam, not other emails, and not even "suspected spam". As you can see, everything [SUSPECTED spam] is (in my case) added to some reports from SC.
  15. there is a blank line right above the Subject: line. That is the reason for the incomplete headers message. removing that blank line causes the spam to parse correctly.
  16. Devnull because they don’t want the report? What I did recently was report it through SC and then send a manual abuse report to the abuse address with a link to the SC URL mentioning that the report address is being dev/nulled either due to bounces or because they don't want reports from SC (or because they don't act upon reports) ...still waiting for a report confirmation from them... Β―\_(ツ)_/Β―
  17. oftentimes I report an email as phishing in the google own spam link while additionally reporting it through SC even though goog doesn't receive the latter complaint. if enough spam passes through that system and it is reported (even though to deaf ears) it will feed the blocklist and there are savvy people in that company that will dump their spamming customer if it affects them. time wasted? honestly, I don't think so. aggravating? sure, even more so because there seems to be no end to it; but eventually even the mightiest will take action... (at least that's what I choose to believe)
  18. just to clarify: 127.0.0.1 is a so-called loopback address, which resides in the machine itself. in other words: every computer system, small or large, has a 127.0.0.1 address, which is its own address (loopback to itself). that address in the received: header only means that it got the email from itself using the loopback. That's one reason why SC ignores that address, because it knows that it can safely ignore it and get the next (previous) received: line
  19. this one really has nothing to do. someone needs to talk to google and yahoo about headers. Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-mcmnh.gq1.yahoo.com with HTTP; Sat, 4 Mar 2023 18:43:45 +0000 Received: from 209.85.128.182 (EHLO mail-yw1-f182.google.com) by 10.253.234.152 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Sat, 04 Mar 2023 18:43:45 +0000 Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-536af432ee5so106803007b3.0 for <x>; Sat, 04 Mar 2023 10:43:45 -0800 (PST) 1st stop: google receives the email. where from? mail-yw1-f182.google.com knows but isn't saying and sends it on its merry way. 2nd stop: MX 10.253.234.152 (some network internal Mail eXchange, probably at Yahoo!) receives the email from IP 209.85.128.182 (EHLO mail-yw1-f182.google.com) and the EHLO identifies the host correctly, and sends it on. 3rd and last stop: atlas-production.v2-mail-prod1-gq1.omega.yahoo.com (most probably that 10.253.234.152 MX) receives it from its internal loopback address 127.0.0.1 (and that's the reason I presume it's one and the same) placing it in your inbox (or spam folder) and without mailhosts set up, I get: https://www.spamcop.net/sc?id=z6801431911z7b5140eb5b213b9de4a00693eadf89b1z of course, the problem is the following: Routing details for 209.85.128.182 redirects to google-abuse-bounces-reports@devnull.spamcop.net 😞
  20. There are many ISPs who do not talk to each other, and even if they do, oftentimes it takes an act of God to get them to actually work together to find a solution as they are, more often than not, set in their own ways.
  21. Thanks for the info, Richard. Appreciate the work you do behind the scenes and being the bridge between us users and the system itself. it's working here for me since yesterday (at least that's when I tried it out 😁)
  22. The way I see it, that loopback address injected in the headers happens by some MX servers. (edit: apparently ONE specific mail server: atlas-production.v2-mail-prod1-gq1.omega.yahoo.com) I see the loopback address and some 10.x.x.x addresses while the previous received line mostly always has that 10.x.x.x received line as the by receiver. spam messages: Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-fgr6h.gq1.yahoo.com with HTTP; Sun, 26 Feb 2023 22:36:22 +0000 Received: from 163.172.197.175 (EHLO slaveholds.store) by 10.253.231.22 with SMTP; Received: from 10.217.137.136 by atlas306.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Thu, 23 Feb 2023 22:39:17 +0000 Received: from 212.83.154.22 (EHLO toderat.biz) by 10.217.137.136 with SMTP; Thu, 23 Feb 2023 22:39:17 +0000 Received: from 10.197.34.205 by atlas320.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Thu, 23 Feb 2023 17:48:25 +0000 Received: from 195.154.54.73 (EHLO flesugho.art) by 10.197.34.205 with SMTP; Thu, 23 Feb 2023 17:48:25 +0000 Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-6878b8dbc4-nzz7h.gq1.yahoo.com with HTTP; Wed, 22 Feb 2023 22:01:21 +0000 Received: from 185.222.59.55 (EHLO dagene.putretee.com) by 10.214.167.142 with SMTP; Wed, 22 Feb 2023 22:01:21 +0000 vs. non-spam messages: Received: from 10.217.151.74 by atlas314.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Mon, 20 Feb 2023 10:52:03 +0000 Received: from 188.172.138.10 (EHLO outbyoip10.pod18.euc1.zdsys.com) by 10.217.151.74 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Mon, 20 Feb 2023 10:52:03 +0000 Received: from 10.217.150.141 by atlas318.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Sun, 19 Feb 2023 08:10:32 +0000 Received: from 188.172.138.14 (EHLO outbyoip14.pod18.euc1.zdsys.com) by 10.217.150.141 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Sun, 19 Feb 2023 08:10:32 +0000 Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-6878b8dbc4-cpz9n.gq1.yahoo.com with HTTP; Sun, 19 Feb 2023 07:00:24 +0000 Received: from 159.127.162.246 (EHLO mta246aa.pmx1.epsl1.com) by 10.253.232.218 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Sun, 19 Feb 2023 07:00:24 +0000 Received: from [10.233.18.107] ([10.233.18.107:39158]) by pc1udsmtn2n13 (envelope-from <bounce-HP2v610000018668793f488450a8434b5c55d8190@premiumservices.comms.yahoo.net>) (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM id 00/65-46805-709C1F36; Sun, 19 Feb 2023 07:00:23 +0000 this absolutely last one is from yahoo itself which would or could be taken as spam, but since it's a yahoo own advertisement message (which I believe I must have agreed to receive by creating my "free" yahoo! account) I dont think I can call it spam.... but you see how broken that last header is, and I looked for every received line...
  23. I understand, and that's why I mentioned it: it was a report (or multiple actually) I sent from my gmail account to SC, and SC always sends me a confirmation email when the parse is ready... but I never got one, so I went to the SC reporting page and lo and behold, there was that message about the bounce... so yes, it's about SC email not being able to forward (or send in my case) emails to gmail... SC did receive my submission, but wasn't able to send the confirmation parser links back... I'm just thinking: could it have to do with the actions taken in this YouTube video https://youtu.be/GEbn3nHyKnA? the video is probably a bit overdramatized, but I noticed some "spam" mentioned in there... and it's (cough cough) google and (cough cough) cloudflare...
  24. I did receive a mailbox bounce for my gmail account, but when I tested it, it worked, so I went ahead and claimed "problem solved" and was able to parse and send reports. Bounce error Your email address, x-x-x-x-x@gmail.com has returned a bounce: Subject: Delivery Status Notification (Failure) Reason: 5.3.0 - Other mail system problem 550-'5.7.26 The MAIL FROM domain [bounces= Please ensure your email account is reliable, then click below: [Problem Resolved] News: (Last Modified: 12/10/2022, 11:15:23 AM -0600) albeit I do not receive confirmations, so it is possible that SC is blocking gmail.... (as this is already the second time I have had to reset the bounce count...)
  25. from the following report https://www.spamcop.net/sc?id=z6799633778z4b9f3f187c2c91ba9480d8bff7af99daz Using best contacts abuse[at]sendinblue[dot]com abuse[at]sendinblue[dot]com bounces (99 sent : 99 bounces) although, when I reported manually: it seems to me that it does not bounce. I did get an automated reply first, but they followed up with the quoted response, and that does definitely not count as a bounce.
×
×
  • Create New...