RobiBue

well, got some replies from them and they said that the IP I reported about was not handled by google cloud platform.... heck, the whole internet is the cloud... and anything google is in the google cloud.... marronies!!! (or maybe I am the marroni... 🤪 )

when I get the "Can't send report" message, I simply resubmit and usually the second time around it works. Honestly, I don't know if I'm "allowed" to resubmit spam (usually not,) but in these cases I believe these measures are warranted. The reason I resubmit is that reports are not sent if the error arises, and it is not possible (yet) to manually force a report to be re-sent.

true

Yeah they fixed it 😁 but there for a couple of days thereafter the whole site was a mess until they fixed the css access which wasn't being downloaded with the forum pages.... but they eventually fixed that too 👍

"Internal handoff" means that there is no reporting address to be found since it is internally and could be anywhere in any company. It's basically the same as either of the three private IPv4 addresses: 10.0.0.0/8, 172.16.0.0/12, or the more common home network 192.168.0.0/16 used in most home networks. This means that there is no set "reporting address" to contact the "owner" or its upstream owner. SC is correct in this assessment and, no matter how strongly you might feel about it being wrong, it still won't find a reporting address since there is none to find. I hope this explanation helps Just in case I am unable to explain it clearly, there is a Wikipedia article related to Unique Local Address Especially in the Properties section

I use https://support.google.com/code/contact/cloud_platform_report instead. with Firefox it works. In the section about Cloud Platform Service I put "not sure" since emails don't really fall into any of those categories... then I place a short note about the received: header line in the Abuse Details box and attach the full email in the additional logs (the plural is somewhat misleading since only one file can be attached...) In the abuse details text box I also mention the lines spf=pass (google.com: domain of ????@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=????@gmail.com; of both Authentication-Results: and ARC-Authentication-Results: in the headers.

I don't know. I sure hope so, although they'd investigate them just as they'd investigate the reports sent through SC.... of course, if the reports to google abuse bounce, then the chance is higher by submitting them manually and directly.

My apologies. Due to the CSS misconfiguration of the forum I somehow overlooked that part. All good now

The problem is that abuse@google.com bounces (25774 sent : 16690 bounces) and that's why SC comes back with "no reporting address" If you want to report to google, you have to report manually through your email and not through SC.... I am thinking that those bounces created SC's latest submission hiccups.

I believe the mail server is reaching its HDD limit, hence the SMTP 452 #4.3.1 errors. Somehow I think there is a cleanup job running in the background, but it is also possible that the server's HDD is starting to lose capacity due to corrupted sectors (this is just a thought, although it's feasible taking into consideration the age of the system...) and with that, even a cleanup job won't keep the system happy for long...

in regard to the 452 #4.3.1 errors: the receiving smtp server is most probably at the end of free disk space here I would say that bounces.spamcop.net has reached its free HDD space (or the allocated space for the mail server) maybe @Richard W or @Lking could put in a word to the server's system admin to run a cleanup job (just a loud thought here 🖖)

The problem is not that the site isn't upgraded to HTTPS. The problem is that the certificate is issued to *.cloudfront.net and that is what needs to be fixed... but I agree! I am browsing the forum with a security exception, which doesn't give me much confidence...

Hello Perrin, not knowing how you got informed that you are "blacklisted" leaves me at a loss too. If you enter here (spamcop) your email address web address individually -- that is as a single address (one line only) -- you will be able to see if your email/site are blacklisted by spamcop (SC) but somehow I doubt it by your description of the issue. As an example: I added www.spamcop.net in the field and here is the result: https://www.spamcop.net/sc?track=www.spamcop.net under Statistics you can see the status of the website in the block lists. It is possible that your problem does not stem from SC but from an individual provider who claims that the BL (block list) is from SC ... edit: IIRC SC BLs are only active for 24 hours, which means that after 24 hours they should expire if it was ever listed through this anti-spam service. (If I Remember Correctly SpamCop Block Listings)

at 4:30 CDT I get it too: it happens as soon as the [ Send spam Report(s) Now ] button is pressed. Edit: 30 minutes later it worked. No idea what's going on...

while the IP address in the first link isn't in any BL listed in SC, Microsoft/Outlook seem to have a different view: <https://answers.microsoft.com/en-us/msoffice/forum/all/our-emails-being-blocked-for-no-reason-and-your/717fe0e7-a33d-4db3-ae0b-b89f98c1eb5c> I didn't check the other two though...

indeed SC does only "x" out the email address... the websites/links stay the way they are for the ISP to verify that the website is used and to remove the abusing domain or website. this is unfortunate in your situation, and believe me, I know... had the same "heplful webdesigners" spam me too (well, maybe not the same...) not much that can be done here...

interesting page... especially the last part: the last link there is so old that it's as outdated as a broken and deceased newsgroup... well, lots of things change in 15-20 years... except spam that is, unfortunately 😞

Hi @SWarner, this is a problem with "private" blocklists e.g. rbl.websitewelcome.com they will list ip addresses, and then redirect you to spamcop, which is not involved in the listing through aforementioned RBL. it happens often, and users who are blocked think that spamcop is to blame. Of course, there can be instances where a customer shares the same address range as a spammer, and ends up as casualty in the spam wars, but here, you are the victim of an independent RBL who has added the IP range you "inhabit" in his/her listing. if you check goggle you will find a myriad of entries regarding that specific RBL, and it's not good. https://www.google.com/search?q=rbl.websitewelcome.com you can also check your mail host here: https://mxtoolbox.com/blacklists.aspx maybe this info will be of help. again, just to clarify: said RBL has no connection to spamcop whatsoever. Good luck

well, looks like both, yours and mine, are hosted by the same Russian spam haven SERVERLUX-NET aka serverlux.ru... ...seems to be a yandex.ru / yandex.net customer... IMNSHO it's the Russian ransomware group phishing for more... just my opinion... I mean no offense to Russians in this forum, nor any offense to yandex/serverlux users, but the hosting companies seem to be very lax when it comes to spammers, scammers, and cyber criminals... seem is the word of choice I am using...

I have been getting spam in Russian lately, but not from transcriby... they are always something about money ... scams IMO... Today, this one: https://www.spamcop.net/sc?id=z6714158319za96a80e7bd03d49067421101abebbddfz oddly enough, if I look at the whois records for 87.251.84.130 % Abuse contact for '87.251.84.0 - 87.251.85.255' is 'noc@serverlux.ru' and sc sez: routeid: 78610752 87.251.84.0 - 87.251.88.255 to: noc@serverlux.ru Administrator interested in all reports 3/19/2020, 10:53:21 AM -0500 [Note added by (no name)] Route added without comment but: of course, Reports disabled ...

looking at the whole message, it does seem that the spam came from an outlook account, so report_spam[at]hotmail.com seems to be the correct place to report for spam origin. looking at the links in the spam, wix.com is the owner of the web IP address, so abuse[at]wix.com would be the place to report the link. just my 2¢ p.s. if secureserver.net were to remove received lines it would be on them to track the origin of the spam. No MX should be removing received lines, only adding them as they pass through their "sector" to be able to trace the origin correctly. Outlook does have misconfigured mail hosts which break the tracing as the names for inbound vs. outbound are different. (at least that's the way I see it)

Six years ago (we're now 2021) manual routing and reporting addresses were added to Spamcop for '217.79.176.0 - 217.79.191.255' but lots happens even in just one year... Currently SC has the following: https://www.spamcop.net/sc?action=showroute;ip=217.79.187.55;typecodes=16 routeid: 74332931 217.79.176.0 - 217.79.191.255 to: abuse@fibre1.net Administrator interested in all reports 10/9/2015, 10:31:27 AM -0500 [Note added by 70.64.96.109 (s0106586d8fed0f8d.ss.shawcable.net)] Route added without comment besides: Reports disabled for abuse@fastit.net Using abuse#fastit.net@devnull.spamcop.net for statistical tracking. BUT % Abuse contact for '217.79.176.0 - 217.79.191.255' is 'abuse@myloc.de' and remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+ the full whois as of today, May 27, 2021 with current data (no fastit.net nor fibre1.net anywhere to be seen although I do believe that a few years ago fastit.net and fibre1.net used to be involved...) $ whois 217.79.187.55 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '217.79.176.0 - 217.79.191.255' % Abuse contact for '217.79.176.0 - 217.79.191.255' is 'abuse@myloc.de' <------!!! inetnum: 217.79.176.0 - 217.79.191.255 netname: DE-MYLOC-DUS-20031117 country: DE org: ORG-MMIA3-RIPE admin-c: MOPS-RIPE tech-c: MOPS-RIPE status: ALLOCATED PA mnt-by: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT created: 2020-11-04T10:31:12Z last-modified: 2020-11-04T10:31:12Z source: RIPE organisation: ORG-MMIA3-RIPE org-name: myLoc managed IT AG country: DE org-type: LIR address: Am Gatherhof 44 address: 40472 address: D▒sseldorf address: GERMANY admin-c: MOPS-RIPE tech-c: MOPS-RIPE abuse-c: MOPS-RIPE mnt-ref: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MYLOC-MNT created: 2019-10-28T10:48:29Z last-modified: 2021-02-09T10:11:49Z source: RIPE # Filtered remarks: Phone number is 24/7 NOC number with senior engineer on duty for routing/backbone related issues. remarks: This number should NOT be used for customer support nor for requests by public authorities. remarks: Thanks for your understanding. phone: +4921161708110 fax-no: +4921161708111 role: myLoc NOC address: myLoc managed IT AG address: Network Operations & Services address: Am Gatherhof 44 address: 40472 Duesseldorf DE admin-c: PHAN tech-c: PHAN tech-c: DDO tech-c: JOH tech-c: NIL tech-c: PRI nic-hdl: MOPS-RIPE remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+ remarks: | Please send legal/law enforcement inquiries to | remarks: | auskunft_AT_myloc.de. | remarks: | | remarks: | PGP-Key ID for auskunft@myloc.de is 0xBB75B2C5 | remarks: | | remarks: | You can send your inquiry also via fax to this | remarks: | number: +49 211 61708 551 | remarks: | | remarks: | For questions on legal/law enforcement use phone | remarks: | number: +49 211 61708 114 | remarks: | | remarks: | Mails to abuse@myloc.de WILL | remarks: | be automatically processed and the customer WILL | remarks: | get a notification about your inquiry. | remarks: +---------------------------------------------------+ remarks: | ONLY In case of routing/peering related issues | remarks: | please contact NOC: | remarks: | | remarks: | 24/7 NOC email: noc@myLoc.de | remarks: | 24/7 NOC phone: +49 211 61708 110 | remarks: +---------------------------------------------------+ abuse-mailbox: abuse@myloc.de mnt-by: MYLOC-MNT created: 2013-02-11T16:38:10Z last-modified: 2021-02-09T19:48:35Z source: RIPE # Filtered % Information related to '217.79.176.0/20AS24961' route: 217.79.176.0/20 descr: myLoc managed IT AG origin: AS24961 mnt-by: MYLOC-MNT created: 2003-11-17T13:44:38Z last-modified: 2017-02-07T16:39:12Z source: RIPE % This query was served by the RIPE Database Query Service version 1.100 (BLAARKOP) Personally, I would suggest disabling the two report routes, and if myLoc managed IT AG requests to place those two reporting addresses back, add a comment to the note(s) of who requested the addition and why. Thank you

for me and for SC it resolves. just paste the link to the parser... it does redirect to a different website though... Edit: now, 12 hours later I got the chance to revisit the issue: <Error> <Code>UserSuspended</Code> <BucketName>d00</BucketName> <RequestId>tx0000000000000348ca477-0060aed878-c814a11-nyc3c</RequestId> <HostId>c814a11-nyc3c-nyc3-zg03</HostId> </Error> digital ocean does seem to act upon reports! It would just be nice if SC would parse bounces regardless...

The problem is not where the spam is coming from. the problem for the OP is that whenever a bounce is detected, the links in the spam do not parse. also, manual reporting is not for everybody, and SC was designed to automate the process, not make it harder. It's a pity that Julian is not involved anymore... I miss him... and if @Richard W can look into this again, it would be fantastic wink wink BTW @EkriirkE I like your interests status it sounds fun to peruse stuff for something it's not meant to be 😄

@WindsorFox what email program do you use to submit the spam? I would first try the following: Open the saved email file with notepad and copy/paste the whole content (headers and body) into the https://www.spamcop.net/ online form and see if that causes a problem when you submit it like that. Also, I am not sure if the attached email files have to end in spamfile.eml or if it can be .txt or .whatever (but I would go with .eml) so be sure it has the correct file type. Just as a side note, mine works if I submit it as spam1.eml and I can submit many spam emails attached to the one submission email (of course the number then increases for the file.)