MIG

Thank you HeatherReid43😊

Hey RobiBue, Thank you! What I've been doing is manually searching for any "http" Example: <a href=3D"https: // odnogrupniki.com.ua / =away.php?url=3Dhttp:// recover.wokdorkers/?10809809944215154550025261733"> , removing everything except https: // odnogrupniki.com.ua /, dropping the result in SC Parser. 2 outcomes, SC Parser recognises the links & I think, in another post, you provided info that each time full links were parsed the spammer got a positive hit, that urinated me off so any action I can take to limit benefits for spammers, is good for me😎 I think I need to 101 regular expressions/Regex to get my🦗head around your solution😉 Cheers!

All good Klappa & thank you! Re 2. Please post more/new SC Report URLs that have embedded redirect links to Amazon. Cheers!

Hello HeatherReid43, Re "selecting SCF category for posts" Never let concerns about where to post stop you from posting, there's very good & helpful SCF people who'll move any "misplaced" post to the correct location. Re "escalating ongoing spam that is not being addressed" Sometimes rules are meant to be broken, oftentimes fighting spam makes rule breaking mandatory😎 Specific to "419 scam email" Are you able to post us a Spamcop Report URL please? {He means a Tracking URL} It'll look similar to: https://www.spamcop.net/sc?id=z-very long-number-z😊 at the top of your submitted SC report. Cheers!

Hey GnarleyMarley, Jimmywalter & anyone working with Outlook web mail, It's not possible to: [Save email as .eml] or any other format. When using Outlook web mail there's no [key sequences] to [forward an attachment]. Sucks I know, but, it is what it is. Cheers

Hey RobiBue, Have you ever seen a 🦗 begging? Stand by to witness this miracle: If your "dirty" scri_pt is safe to share may I have a copy please? My litlle 🦗paws are fair worn out from modifying scummy spam urls... Cheers!

Hey klappa. Thanks! 1st ❔, specific ONLY to MS Outlook mail, do you always REMOVE the ENTIRE 1st [Received >>>>> +0000] section BEFORE parsing? Received: from BY2NAM03FT039.eop-NAM03.prod.protection.outlook.com (10.152.84.53) by BY2NAM03HT214.eop-NAM03.prod.protection.outlook.com (10.152.85.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1709.13; Sat, 16 Mar 2019 15:51:29 +0000 Specific to your submitted url https://www.spamcop.net/sc?id=z6530636585z175385238ef9c81fac2a7bbb91908ac0z, the [REMOVE] instruction wouldn't make much/any difference as this email has travelled via MS. The rationale for the [REMOVE] instruction is well documented in Forum posts, I'll drag some up for you & post back. 2nd ❔: (My understanding was we were addressing: topic/35014-what-to-do-with-amazon-hosted-spammers) so, forgive me if I'm confused, but, are your concerns more to do with the process/reporting methodology or ? 3. "instead of reporting them as sex spammer use phishing e-mail instead?" I agree with Petzl, use both. 4. Do you add [Notes] to the addresses SC parser has identified? 5. When I forward the phishing/spam email, I always include, in the subject line [offending ip address, offending ip address: "Network being used by criminals to distribute child porn"], or whatever the criminal activity is. More soon, if you have more SC URLs please continue to post to Forum. Cheers!

Hey klappa, As you receive the emails & process them via SpamCop can you post the tracking URLs to this forum please? Cheers!

https://www.scamwatch.gov.au/ reportATsubmitDOTspamDOTacmaDOTgovDOTau https://www.idcare.org/contact/report-phishing reportphishingATidcareDOTorg https://www.consumer.ftc.gov/ spamATuceDOTgov & Petzl has mentioned phishing-reportATusDASHcertDOTgov Does it really help? Scamwatch: quote "The Australian Communications and Media Authority (ACMA) receives information about spam via complaints and reports. This information informs the ACMA’s compliance and enforcement activities. Reporting is as simple as forwarding the message you have received to the ACMA’s spam Intelligence Database. Forwarding spam reports does not automatically stop the receipt of unwanted emails or SMS messages. Complaints, submitted by completing the ACMA’s online complaint form about a message you have received, allow you to provide important background information, as well as consent for the ACMA to disclose your electronic address to the sender in the course of any enquiries that the ACMA makes. Where the ACMA has been able to identify the sender of an email or SMS message, once per month the ACMA sends businesses a letter advising them that that a complaint and/or report has been received about them. This assists the company to review their business processes to ensure that they are meeting the requirements of the spam Act 2003 (spam Act). If the ACMA continues to receive reports and/or complaints about a company, the ACMA may commence a formal investigation. Under the Privacy Act, the ACMA cannot disclose a recipient’s email address without their consent. Because of the manner in which spam reports are received, the ACMA is unable to obtain appropriate consent to disclose a recipient’s address to the senders of those messages. As such, the ACMA is not able to request that your address be unsubscribed on the basis of spam reports alone. This is only possible when a complaint has been submitted to the ACMA, as submission of the complaint form establishes consent to disclose this information. spam reports are stored in the spam Intelligence Database. The ACMA advises consumers not to alter emails when forwarding them as reports as this may interfere with the results when filtering for particular emails during the course of an investigation. If a consumer wishes to make specific comments about an email, we recommend that they lodge a complaint. In addition, the information gathered from complaints and reports is used as part of a wider education process. The ACMA: provides consumers with information on how to reduce the amount of spam they receive informs Internet Service Providers (ISPs) about their obligations under the Act produces and distributes comprehensive print publications and online material that offer detailed information and practical tips on avoiding and reducing spam, meeting the requirements of the spam Act and reporting spam." unquote FTC: quote "The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad." unquote I'm sure there's others, as I come across them I post to the Forum. Cheers!

Hey jimmywalter, May I ask, are you using Outlook application or Outlook via a web browser? & Are you able to post a SpamCop Report URL, it will start with https://www.spamcop.net/sc?id= , please? Cheers!

Hey klappa, It is frustrating. With all spam I get I forward the actual mail to 3 regulatrory authorities (not sure this does anything tangible other than build up their databases), however & also, with Amazon I always forward to them, they respond with a request for more information, which I provide and within 48 hrs, 99% of the time they have actioned, with followup advice to me to report back if the issue continues for the specified "offender". I track very carefully, I've only had to revert 7 times out of 150 events. I never "create case on Amazon". Just out of curiosity, are you able to provide a SpamCop Report URL please? Cheers!

Hey Klappa: From SCAdmin: quote: "A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so. Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means SC can't trust their headers and will often take them as the source of the spam. All is not lost though, as Hotmail's parsing engines when they receive the report does pass through the report to the right party. It also helps Hotmail block new spam from that source. Microsoft is working on resolving the issue, but it is a couple of hundred thousand servers. They have told us (SC) though, the fix is measured in years, not weeks or months." Unquote Given the above & other "evidence", I'm not entirely sure MS's default position involves thinking😞

I still get abuse#amazonaws.com@devnull.spamcop.net; so, I submit via SC & manually forward all spam email to ec2-abuseATamazonDOTcom Amazon are very responsive to this method.

Hi Lisati, I've not tried the method you've suggested (but I'd like too), looking at recent spam source data, there's 2 or more "Received" lines: do you change only the first "Received" to "X-Received" or ? And, I've read (SC Faq & SCF) to not modify source data, how does this guidance fit with changing "X-Received" etc... ? Thanks in advance☺️

Hey klappa, I absolutely agree , I may not have communicated clearly, my experience prior to using SC, years using MS "mark as junk, phishing spam & or blocking" resulted in an increase in spam😬 >> Stumbled upon SC, started using, almost every parsed report resulted in: Report to: abuseATmicrosoft.com🤬, (sorry I previously said abuseAThotmail.com) until the "Quote ... Unquote" process was explained, I refined my submissions, ever since I get "truer" (is that even a word?) results.. If I use your original https://www.spamcop.net/sc?id=z6499645284z69efc272a2d2f2b47876f5ca99aa42ddz & don't remove the first "Received: from DM3NAM03HT165.eop-NAM03.prod.protection.outlook.com.... etc, etc....+0000" I get "Report to: "abuseATmicrosoft.com", however, removing 1st "Received: from..." results in Report to: mail-abuseATcert.br & abuseATlocaweb.com.br

Hello klappa - re [Why does all my spam from my Outlook e-mail report to Microsoft when parsing it with Spamcop?] I've had the following explained to me: Quote "A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so.Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means we can't trust their headers and will often take them as the source of the spam.All is not lost though, as Hotmail's parsing engines when they receive the report does pass through the report to the right party. It also helps Hotmail block new spam from that source.Microsoft is working on resolving the issue, but it is a couple of hundred thousand servers. They have told us though the fix is measured in years, not weeks or months." Unquote This information allowed me to get my head around why the repetitive "report_spam@hotmail.com" was happening. And, to get a more accurate & true report from SpamCop I implemented ( as other SCF members have recommended, & I think the SC help doco also, suggests this method) Remove the first [Received: from blah-blah-blah.prod.protection.outlook.com (2603:xxc6:xx0:xx::36) before submitting to SC for parsing. Re [But if you have to do that it's (SC) broken] Technically, this is my opinion, SC is not broken, given the MS/Outlook/Hotmail Ipv4/Ipv6 mess, I think it's more that MS/OL/HM is broken & there's no point SC fixing their service to accommodate the mess. Also, there's lots of broken things in this world, however, they still work to some degree, that being the case, are better than nothing. I know for myself, after 15 years of faithfully marking all HM phishing emails as [block] & or [phishing] and not seeing any reduction in the emails, in fact, sometimes there was an substantial increase, to the point where I thought someone on the MS/OL/HM inside was a spammer or was facilitating spammers; a month ago, I found SpamCop, started using it and now, hand on heart, today was the first time in 7 days a spam email was received. So for me, using SC & using the workaround, removing the first "received" line is a small price to pay.

, would like to see it too....

Hey Petzl, decided to use some existing scummy spam: 2603:10a6:6:43::31 is not a hostname Routing details for 2603:10a6:6:43::31 [refresh/show] Cached whois for 2603:10a6:6:43::31 : abuse@microsoft.com abuse@hotmail.com redirects to report_spam@hotmail.com Using best contacts report_spam@hotmail.com Parsing input: 2603:10a6:6:2b::19 2603:10a6:6:2b::19 is not a hostname Routing details for 2603:10a6:6:2b::19 [refresh/show] Cached whois for 2603:10a6:6:2b::19 : abuse@microsoft.com abuse@hotmail.com redirects to report_spam@hotmail.com Using best contacts report_spam@hotmail.com (Which we already know & we know why MS is so stuffed up with the whole spam issue, & we use the "eliminate 1st "Received: etc..") I've checked another 15 spam emails, none seem to have more than 1 IPV6 - am I using the wrong info?

Thanks Petzl! You've given me another thing to test out, now I just have to wait till I get some spam - never thought I'd be saying that!

petzl ( I always go to type pretzel!😁et all - not sure if this information will be of any use..., a SC admin advised: " A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so. Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means we can't trust their headers and will often take them as the source of the spam. All is not lost though, as Hotmail's parsing engines when they receive the report does pass through the report to the right party. It also helps Hotmail block new spam from that source. Microsoft is working on resolving the issue, but it is a couple of hundred thousand servers. They have told us though the fix is measured in years, not weeks or months." On that basis I continue to to always "send" any parsed results that are directed to MSOL, if only to "let them know they have work to do. On a completely separate subject & everybody probably knows this, but, for newbies like me, I found adding my email address to [https://www.spamcop.net/mcgi?action=prefmenu] > Preferences > Personal copies of outgoing reports, has saved me mega work, I was always forgetting to take note of TRACKING URL, which made life difficult when I needed to submit an issue to the SCF. Now I get all SC reports, any followup is a breeze. Since starting using SC, spam has gone from 10/20 daily to 1 o 2 every other day... SC

Goodluck for the future GnarlyMarley!

Excellent DisplayName, thanks for posting. Not really my tip but I'll take acknowledgment

DN, here's the link where SC BIG team members give the real reasons for not posting spam full source data [ http://forum.spamcop.net/topic/27950-reporting-not-working-mainbody/ ], it's a good read

Hi GnaarlyMarly, thanks, however, hmmm, I'm not so attached to OL to much around installing OL2010/2003, in fact, I'm close to giving OL the boot. I don't get spam with (Seamonkey/Gmail/Yahoo), generally I muck around with OL to burn as many spammers as possible, but, dog says I'd be better off spending time with her, she's never wrong

, let us know how it goes & just a little fyi, the SC Forum "Big Team" encourage us to not post full spam data in the forum, they prefer the link that's generated when a spam is processed, even if the parsing spits out errors, still post the link with whatever the issue is that's causing us to report/request help. I think, from memory, filling up the forum with full spam source data hurts their eyes or maybe it's their scrolling finger gets tired