RobiBue
-
Posts
453 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by RobiBue
-
-
16 hours ago, kolor said:
Still the same issue .I wrote email to Cisco about this issue and why nobody fix this .But I see nobody care about it.
I feel spamcop go to be obsolete idea .
Can't send report: smtpEnvelope (7148829.3c0fe287@bounces.spamcop.net, abuse@hetzner.com): smtpFrom: mail From 7148829.3c0fe287@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) )
Can't send report: smtpEnvelope (7148832.5f34342c@bounces.spamcop.net, abuse@cloudflare.com): smtpFrom: mail From 7148832.5f34342c@bounces.spamcop.net: error (550 No expected reply from SMTP)when I get the "Can't send report" message, I simply resubmit and usually the second time around it works.
Honestly, I don't know if I'm "allowed" to resubmit spam (usually not,) but in these cases I believe these measures are warranted.
The reason I resubmit is that reports are not sent if the error arises, and it is not possible (yet) to manually force a report to be re-sent.
-
11 hours ago, gnarlymarley said:
Also seems like they upgraded as the forum has a new feel to it.
true
-
Yeah they fixed it 😁 but there for a couple of days thereafter the whole site was a mess until they fixed the css access which wasn't being downloaded with the forum pages.... but they eventually fixed that too 👍
-
"Internal handoff" means that there is no reporting address to be found since it is internally and could be anywhere in any company.
It's basically the same as either of the three private IPv4 addresses: 10.0.0.0/8, 172.16.0.0/12, or the more common home network 192.168.0.0/16 used in most home networks.
This means that there is no set "reporting address" to contact the "owner" or its upstream owner.
SC is correct in this assessment and, no matter how strongly you might feel about it being wrong, it still won't find a reporting address since there is none to find.
I hope this explanation helps
Just in case I am unable to explain it clearly, there is a Wikipedia article related to Unique Local Address
Especially in the Properties section
-
I use https://support.google.com/code/contact/cloud_platform_report instead. with Firefox it works.
In the section about Cloud Platform Service I put "not sure" since emails don't really fall into any of those categories... then I place a short note about the received: header line in the Abuse Details box and attach the full email in the additional logs (the plural is somewhat misleading since only one file can be attached...)
In the abuse details text box I also mention the lines
spf=pass (google.com: domain of ????@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=????@gmail.com;
of both Authentication-Results: and ARC-Authentication-Results: in the headers.
-
I don't know. I sure hope so, although they'd investigate them just as they'd investigate the reports sent through SC....
of course, if the reports to google abuse bounce, then the chance is higher by submitting them manually and directly.
-
12 hours ago, Steve said:
Like I said, I also report the emails through the form on this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1
My apologies. Due to the CSS misconfiguration of the forum I somehow overlooked that part. All good now
-
8 hours ago, Steve said:
Is anyone having a problem reporting Gmail spam? The last 2 Gmail spams I've received have had SC come back with No reporting addresses found for 209.85.220.65, using devnull for tracking. I alternatively report the spam ton this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1
Here's the tracking URL:
https://www.spamcop.net/sc?id=z6723876118z2316e05022f73d38d77598da3bc5f84fz
Steve
The problem is that abuse@google.com bounces (25774 sent : 16690 bounces) and that's why SC comes back with "no reporting address"
If you want to report to google, you have to report manually through your email and not through SC....
I am thinking that those bounces created SC's latest submission hiccups.
-
I believe the mail server is reaching its HDD limit, hence the SMTP 452 #4.3.1 errors.
Somehow I think there is a cleanup job running in the background, but it is also possible that the server's HDD is starting to lose capacity due to corrupted sectors (this is just a thought, although it's feasible taking into consideration the age of the system...) and with that, even a cleanup job won't keep the system happy for long...
-
in regard to the 452 #4.3.1 errors: the receiving smtp server is most probably at the end of free disk space
here I would say that bounces.spamcop.net has reached its free HDD space (or the allocated space for the mail server)
maybe @Richard W or @Lking could put in a word to the server's system admin to run a cleanup job (just a loud thought here 🖖)
-
7 hours ago, leagris said:
Seriously, this forum still runs on plain HTTP and no HTTPS.
Given how browsers discourage use of plain HTTP, and how it will become harder or soon impossible to use plain HTTP, without editing obscure config options:
− less and less users will be able to access here, but spam bots.
The problem is not that the site isn't upgraded to HTTPS. The problem is that the certificate is issued to *.cloudfront.net and that is what needs to be fixed...
but I agree! I am browsing the forum with a security exception, which doesn't give me much confidence...
-
Hello Perrin,
not knowing how you got informed that you are "blacklisted" leaves me at a loss too.
If you enter here (spamcop) your
- email address
- web address
individually -- that is as a single address (one line only) -- you will be able to see if your email/site are blacklisted by spamcop (SC) but somehow I doubt it by your description of the issue.
As an example:
I added www.spamcop.net in the field and here is the result:
https://www.spamcop.net/sc?track=www.spamcop.net
under Statistics you can see the status of the website in the block lists.
It is possible that your problem does not stem from SC but from an individual provider who claims that the BL (block list) is from SC ...
edit: IIRC SC BLs are only active for 24 hours, which means that after 24 hours they should expire if it was ever listed through this anti-spam service.
(If I Remember Correctly SpamCop Block Listings) -
at 4:30 CDT I get it too:
QuoteGateway Timeout
The proxy server did not receive a timely response from the upstream server.
Reference #1.d6200117.1629192635.5cabf13
it happens as soon as the [ Send spam Report(s) Now ] button is pressed.
Edit:
30 minutes later it worked. No idea what's going on...
-
while the IP address in the first link isn't in any BL listed in SC, Microsoft/Outlook seem to have a different view:
I didn't check the other two though...
-
indeed SC does only "x" out the email address...
the websites/links stay the way they are for the ISP to verify that the website is used and to remove the abusing domain or website.
this is unfortunate in your situation, and believe me, I know... had the same "heplful webdesigners" spam me too (well, maybe not the same...)
not much that can be done here...
-
interesting page... especially the last part:
QuoteHelpful Resources for Victims of Spamming/Hacking/Fraud
the last link there is so old that it's as outdated as a broken and deceased newsgroup... well, lots of things change in 15-20 years... except spam that is, unfortunately 😞
-
3 hours ago, SWarner said:
I have seend this issue posted a couple times in the past, and wanted to see if anyone could provide their thoughts on what I'm experiencing.
Our sending IP was verified as unlisted as late as June 21 at 7AM PST, but an email we sent the next day June 22 at 930AM PST returned several bounces with a range of errors.
What I find interesting is that we received all bounces/errors on the same day, but the errors are so different and come from several unrelated recipient domains. All are referencing a SpamCop block.
550-"JunkMail rejected - XXX.mktomail.com [XXXXXX]:55650 is in an 550-RBL on rbl.websitewelcome.com, see Blocked - see 550 http://www.spamcop.net/w3m?action=checkblock&ip=XXXXXX"
550-"JunkMail rejected - sjsmtp.mktomail.com [XXXXXXX]:36064 is in an 550 RBL: Blocked - see https://www.spamcop.net/bl.shtml?XXXXXX"550 spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?XXXXXX. - https://community.mimecast.com/docs/DOC-1369#550 [469OF93uOEyQiJ_Jghl1jw.us376]
But we are not listed:
Could there be a single root issue, or is it really the case that the error is rooted in each recipient's settings --- meaning we would need to contact each recipient who returned an error and address their settings individually?Thanks!
Hi @SWarner,
this is a problem with "private" blocklists e.g. rbl.websitewelcome.com
they will list ip addresses, and then redirect you to spamcop, which is not involved in the listing through aforementioned RBL.
it happens often, and users who are blocked think that spamcop is to blame. Of course, there can be instances where a customer shares the same address range as a spammer, and ends up as casualty in the spam wars, but here, you are the victim of an independent RBL who has added the IP range you "inhabit" in his/her listing.
if you check goggle you will find a myriad of entries regarding that specific RBL, and it's not good.
https://www.google.com/search?q=rbl.websitewelcome.com
you can also check your mail host here: https://mxtoolbox.com/blacklists.aspx
maybe this info will be of help.
again, just to clarify: said RBL has no connection to spamcop whatsoever.
Good luck
-
well, looks like both, yours and mine, are hosted by the same Russian spam haven SERVERLUX-NET aka serverlux.ru...
...seems to be a yandex.ru / yandex.net customer... IMNSHO it's the Russian ransomware group phishing for more... just my opinion...
I mean no offense to Russians in this forum, nor any offense to yandex/serverlux users, but the hosting companies seem to be very lax when it comes to spammers, scammers, and cyber criminals... seem is the word of choice I am using...
-
I have been getting spam in Russian lately, but not from transcriby...
they are always something about money ... scams IMO...
Today, this one: https://www.spamcop.net/sc?id=z6714158319za96a80e7bd03d49067421101abebbddfz
oddly enough, if I look at the whois records for 87.251.84.130
% Abuse contact for '87.251.84.0 - 87.251.85.255' is 'noc@serverlux.ru'
and sc sez:
QuoteReports routes for 87.251.84.130:routeid: 78610748 87.251.84.0 - 87.251.89.255 to: admin@at-sib.ru
Administrator interested in all reports3/19/2020, 10:52:56 AM -0500
routeid: 78610752 87.251.84.0 - 87.251.88.255 to: noc@serverlux.ru
[Note added by (no name)]
Route added without comment
Administrator interested in all reports3/19/2020, 10:53:21 AM -0500
[Note added by (no name)]
Route added without commentbut:
QuoteRouting details for 87.251.84.130
Reports disabled for noc@serverlux.ruUsing noc#serverlux.ru@devnull.spamcop.net for statistical tracking.Report routing for 87.251.84.130: admin@at-sib.ru, noc#serverlux.ru@devnull.spamcop.net
of course, Reports disabled ...
-
2 hours ago, ronros said:
I don't see how it could have come from a different account; the email client only checks the one. But can you tell from the tracking link what email address I should add?
Also, if secureserver.net were removing the received lines, why would that only happen with email from this particular source? Emails from other sources can be reported without issues.
Thanks,
Ron
looking at the whole message, it does seem that the spam came from an outlook account, so report_spam[at]hotmail.com seems to be the correct place to report for spam origin.
looking at the links in the spam, wix.com is the owner of the web IP address, so abuse[at]wix.com would be the place to report the link.
just my 2¢
p.s. if secureserver.net were to remove received lines it would be on them to track the origin of the spam. No MX should be removing received lines, only adding them as they pass through their "sector" to be able to trace the origin correctly. Outlook does have misconfigured mail hosts which break the tracing as the names for inbound vs. outbound are different. (at least that's the way I see it)
-
Six years ago (we're now 2021) manual routing and reporting addresses were added to Spamcop for '217.79.176.0 - 217.79.191.255' but lots happens even in just one year...
Currently SC has the following: https://www.spamcop.net/sc?action=showroute;ip=217.79.187.55;typecodes=16
QuoteReports routes for 217.79.187.55:routeid: 74332930 217.79.176.0 - 217.79.191.255 to: abuse@fastit.net
Administrator interested in all reports10/9/2015, 10:31:24 AM -0500
routeid: 74332931 217.79.176.0 - 217.79.191.255 to: abuse@fibre1.net
[Note added by 70.64.96.109 (s0106586d8fed0f8d.ss.shawcable.net)]
Route added without comment
Administrator interested in all reports10/9/2015, 10:31:27 AM -0500
[Note added by 70.64.96.109 (s0106586d8fed0f8d.ss.shawcable.net)]
Route added without commentbesides:
Reports disabled for abuse@fastit.net Using abuse#fastit.net@devnull.spamcop.net for statistical tracking.
BUT
% Abuse contact for '217.79.176.0 - 217.79.191.255' is 'abuse@myloc.de'and
remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+
the full whois as of today, May 27, 2021 with current data (no fastit.net nor fibre1.net anywhere to be seen although I do believe that a few years ago fastit.net and fibre1.net used to be involved...)
$ whois 217.79.187.55 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '217.79.176.0 - 217.79.191.255' % Abuse contact for '217.79.176.0 - 217.79.191.255' is 'abuse@myloc.de' <------!!! inetnum: 217.79.176.0 - 217.79.191.255 netname: DE-MYLOC-DUS-20031117 country: DE org: ORG-MMIA3-RIPE admin-c: MOPS-RIPE tech-c: MOPS-RIPE status: ALLOCATED PA mnt-by: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT created: 2020-11-04T10:31:12Z last-modified: 2020-11-04T10:31:12Z source: RIPE organisation: ORG-MMIA3-RIPE org-name: myLoc managed IT AG country: DE org-type: LIR address: Am Gatherhof 44 address: 40472 address: D▒sseldorf address: GERMANY admin-c: MOPS-RIPE tech-c: MOPS-RIPE abuse-c: MOPS-RIPE mnt-ref: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MYLOC-MNT created: 2019-10-28T10:48:29Z last-modified: 2021-02-09T10:11:49Z source: RIPE # Filtered remarks: Phone number is 24/7 NOC number with senior engineer on duty for routing/backbone related issues. remarks: This number should NOT be used for customer support nor for requests by public authorities. remarks: Thanks for your understanding. phone: +4921161708110 fax-no: +4921161708111 role: myLoc NOC address: myLoc managed IT AG address: Network Operations & Services address: Am Gatherhof 44 address: 40472 Duesseldorf DE admin-c: PHAN tech-c: PHAN tech-c: DDO tech-c: JOH tech-c: NIL tech-c: PRI nic-hdl: MOPS-RIPE remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+ remarks: | Please send legal/law enforcement inquiries to | remarks: | auskunft_AT_myloc.de. | remarks: | | remarks: | PGP-Key ID for auskunft@myloc.de is 0xBB75B2C5 | remarks: | | remarks: | You can send your inquiry also via fax to this | remarks: | number: +49 211 61708 551 | remarks: | | remarks: | For questions on legal/law enforcement use phone | remarks: | number: +49 211 61708 114 | remarks: | | remarks: | Mails to abuse@myloc.de WILL | remarks: | be automatically processed and the customer WILL | remarks: | get a notification about your inquiry. | remarks: +---------------------------------------------------+ remarks: | ONLY In case of routing/peering related issues | remarks: | please contact NOC: | remarks: | | remarks: | 24/7 NOC email: noc@myLoc.de | remarks: | 24/7 NOC phone: +49 211 61708 110 | remarks: +---------------------------------------------------+ abuse-mailbox: abuse@myloc.de mnt-by: MYLOC-MNT created: 2013-02-11T16:38:10Z last-modified: 2021-02-09T19:48:35Z source: RIPE # Filtered % Information related to '217.79.176.0/20AS24961' route: 217.79.176.0/20 descr: myLoc managed IT AG origin: AS24961 mnt-by: MYLOC-MNT created: 2003-11-17T13:44:38Z last-modified: 2017-02-07T16:39:12Z source: RIPE % This query was served by the RIPE Database Query Service version 1.100 (BLAARKOP)
Personally, I would suggest disabling the two report routes, and if myLoc managed IT AG requests to place those two reporting addresses back, add a comment to the note(s) of who requested the addition and why.
Thank you
-
for me and for SC it resolves. just paste the link to the parser...
QuoteSpamCop v 5.3.0 © 2021 Cisco Systems, Inc. All rights reserved.
Parsing input: https://d00.nyc3.digitaloceanspaces.com/10507.htmHost d00.nyc3.digitaloceanspaces.com (checking ip) = 162.243.189.2
Routing details for 162.243.189.2
[refresh/show] Cached whois for 162.243.189.2 : abuse@digitalocean.com
Using best contacts abuse@digitalocean.comStatistics:162.243.189.2 not listed in bl.spamcop.net
More Information.
162.243.189.2 not listed in cbl.abuseat.org
162.243.189.2 not listed in dnsbl.sorbs.netReporting addresses:
abuse@digitalocean.comit does redirect to a different website though...
Edit:
now, 12 hours later I got the chance to revisit the issue:<Error> <Code>UserSuspended</Code> <BucketName>d00</BucketName> <RequestId>tx0000000000000348ca477-0060aed878-c814a11-nyc3c</RequestId> <HostId>c814a11-nyc3c-nyc3-zg03</HostId> </Error>
digital ocean does seem to act upon reports!
It would just be nice if SC would parse bounces regardless...
-
The problem is not where the spam is coming from. the problem for the OP is that whenever a bounce is detected, the links in the spam do not parse.
also, manual reporting is not for everybody, and SC was designed to automate the process, not make it harder.
It's a pity that Julian is not involved anymore... I miss him...
and if @Richard W can look into this again, it would be fantastic wink wink
BTW @EkriirkE I like your interests status it sounds fun to peruse stuff for something it's not meant to be 😄
-
@WindsorFox what email program do you use to submit the spam?
I would first try the following:
Open the saved email file with notepad and copy/paste the whole content (headers and body) into the https://www.spamcop.net/ online form and see if that causes a problem when you submit it like that.
Also, I am not sure if the attached email files have to end in spamfile.eml or if it can be .txt or .whatever (but I would go with .eml) so be sure it has the correct file type.
Just as a side note, mine works if I submit it as spam1.eml and I can submit many spam emails attached to the one submission email (of course the number then increases for the file.)
network-abuse@google.com bounces, again
in SpamCop Reporting Help
Posted
well, got some replies from them and they said that the IP I reported about was not handled by google cloud platform....
heck, the whole internet is the cloud... and anything google is in the google cloud.... marronies!!! (or maybe I am the marroni... 🤪 )