Lking
-
Posts
31,656 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Lking
-
-
Congratulations to you too! And thanks for letting us know about any success.
-
You did mouse over SC and see the little popup window with "SpamCop"?
If there are other commonly used, relevant abbreviations/acronyms let me know in this thread and I will add them to the list.
-
1 hour ago, nh905 said:
I would provide SpamCop tracking URLs if my email address were obfuscated.
If you logoff SC and then go to the Tracking URL you will see that your email address is replaced with "x"
-
1 hour ago, RobiBue said:
How do you know where to send the spam before parsing it?
When I send the spam to SC, it gets parsed and /* then */ I know whom to send it as well... (Color me confused)
"Dear" Color me confused : ) The confusion is that we (you and I) are talking about two different things.
You (and I) use SC to parse the spam email header to identify the source and supporting ISPs of the spam and the spamvertised links in the body of the email. I understand that you /*then*/ use the information from SC to manually expand where the spam report is sent.
In addition to the basic results from SC, I also send all 'raw' spam to government databases, US and Australian (spam@uce.gov & Report@submit.spam.acma.gov.au), for archival and whatever use.
When a quick visual scan of spam reveals that the name of an established company (Amazon, UPS, American Express...) is used to bate the spam receivers, I also send the raw spam to those companies as a "FYI some spamming a**hole is using your 'good' name to defraud people." In my example above:
On 4/12/2019 at 10:37 PM, Lking said:... Date: Fri, 12 Apr 2019 09:55:17 +0000 To: "bigknow@xxxxx.com" <bigknow@xxxxx.com> From: Amazon <reply@leneif.info> Reply-To: Amazon <reply@leneif.info> Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now
...
I noticed the From: Amazon displayed in the "Correspondents" column in Thunderbird so I single that spam out for special handling. Depending on the time of day and other factors, I also take a quick look at the body of some spam scanning for besmirched company names.
{It is another discussion, whether or not these corporations have a 'good name'. I am sure they think so and have the resources to defend it.}
I have chosen this less time intensive processing because of the volume of spam sent to the several domains I use (232 spam yesterday). In addition to the domain I have had sense 1996, I also manage domains for two non-proffets. I receive all email to these domains unfiltered (note To: bigknow{at}xxxx.com above). For me I "Do not have the time" to do the hard work that @RobiBue does.We each do what we can do.
As an aside I am confused by the thinking(?) of spammers. Looking at the "odd" mailboxes spam is sent to. Instead of dropping mis addressed email on the floor, I receive and report it. So I see these odd mailboxes. I can see guessing 'Bob@', 'John@' or "testemail@". I do not understand "f***you@", "A**hole@", "whore@". Who thinks someone would open an email addressed to "whore@"?
-
Please provide a Tracking URL so that others can see how 'SpamCop does not handle' you submission.
-
10 hours ago, MIG said:
I'm curious about [red]:
To: spam@uce.gov, Report@submit.spam.acma.gov.au, stop-spoofing@amazon.com
Subject: [blah, blah, blah] spam Report From: XXX <x@xx.com>
Acma spam reporting guidelines:
"Forward the email spam to report@submit.spam.acma.gov.au. When forwarding an email, don't change the subject line or add additional text."
Have Acma ever communicated with you regarding spam you've reported?
Curious?
The attached spam is forwarded without change. MY email, Subject: [blah...] spam Report, From: XXX is not what ACMA is referring to. The Attached email "Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now" "From: Amazon <reply@leneif.info>" is not changed, as required.
-
2 hours ago, MIG said:
are you suggesting manually adding amazon[dot]com to https://www.spamcop.net/ [User_Notification] field, irrespective of SC's determination?
NO I am not. That would result in a spam Report, from SC going to amazon. I am suggesting something like this header from MY email:
QuoteBCC: submit.xxxxxxxxxxxxxxxx@spam.spamcop.net To: spam@uce.gov, Report@submit.spam.acma.gov.au, stop-spoofing@amazon.com Subject: [HabuL Plugin] spam Report From: XXX <x@xx.com>
with an amazon related spam attached; in this case
Quote... Date: Fri, 12 Apr 2019 09:55:17 +0000 To: "bigknow@xxxxx.com" <bigknow@xxxxx.com> From: Amazon <reply@leneif.info> Reply-To: Amazon <reply@leneif.info> Subject: [Norton AntiSpam]TEXT ALERT: Winner, Winner John, is it you? >> Check Now
...
Note when I "Submit" the spam I BCC the email to SC to hide my private 16 char reporting account from Amazon.
Also note: Yes the FROM: is an obvious fake, but the sender is using the well known retailer's name to get "bigknow" to open the email.. I do the same for others common spam FROM UPS, American Express and others.
-
5 hours ago, Lking said:
I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com
I stand corrected. What I meant to say was that I add amazon[dot]com to the list of addresses when I submit said spam. So the copy of the spam comes from me not SC. I do get the obligatory auto-response "Thank you"
-
I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com
I add that address to all spam that I quickly identify as relating to Amazon or often amazon.uk
-
Welcome to the forum.
Short answer: No
Longer answer: Finding links in the body of spam email is the lowest priority for the parser, after identifying the source and sending spam reports. With those priorities it is a mater of allocation of assets i.e. CPU cycles. And there is a cascading impact. If a link is found in the tail end of a large spam, the spam report also becomes larger than 50Kb to include the link; even more cycles and outgoing bandwidth. The CPU cycles and bandwidth all cost money, which makes it a return on investments.
Although Cisco, the current owner, may have deep pockets, the 50Kb limit was established back in the dark ages when SpamCop was privately owned.
-
6 hours ago, bobk said:
What do you mean by deselecting the cloudflare report? The only way I can tell it's from them now is to recognize the scri_pt in the header.
When you submit a spam, at the bottom of the screen you should see something like the following. By clicking on the checked boxes you can deselect a report and not sent a spam report to anyone of the suggested recepents.
QuoteReport spam to:Re: 146.111.121.4 (Administrator of network where email originates)
To: security@mail.cuny.edu (Notes)Re: http://andreahumphrey.com/o_ultranationalist_ma... (Administrator of network hosting website referenced in spam)
To: fbl-spamcop@ext.godaddy.com (Notes)Re: https://tigermail.qcc.cuny.edu/unsubscribe.html (Administrator of network hosting website referenced in spam)
To: security@mail.cuny.edu (Notes)Re: User Notification (Notes)
To: -
Yes Bob, welcome! As RobiBue suggested a Tracking URL would be helpful.
It is quite possible that your spammer is clever enough to hide your email address in the spam AND dumb enough to send you more spam because you reported them to SpamCop. Not being a spammer I don't see how "asking" to be reported by sending more spam to a know reporter fits into a business model. But then I am not a dumb spammer; see Rule #3 "Spammer Rules." What RobiBue suggest is quite possible.
Another possibility is that your email has made its way onto a list being passed/sold around among spammers and so your volume of spam is currently on the rise. I is also possible that your email ISP has somehow changed their spam filtering and as a result you are seeing more spam that slips through to your inbox. Be assured by things will change again. In the meantime, help the internet community by reporting all the spam you have time to report. Your good karma will be rewarded.
-
Useful discussion. Please be careful to NOT include active "malicious" links in your post.
Some suggestions for breaking links would be to
- replace periods "." in the URL with a coma ',' or '{DOT}'
- include spaces to break[ ]-[ ]up the URL as in http: // spamcop . net
When you do include a URL double check your post to make sure the system did not out smart you and generate a live link.
THANKS
-
3 hours ago, klappa said:
Any idea how i can formulate it? "That link leads to one of your domains"?
Maybe include the link that redirects to them.
3 hours ago, klappa said:Would they even care?
We can always be hopeful.
-
6 hours ago, klappa said:
using redirect links to Amazon hosted adult sex dating domains
Grrrrrrr! Maybe if you include a note to Amazon along with the spam Report about the redirect.
-
Can you provide a Tracking URL which can be found at the top of the submit screen:
QuoteSpamCop v 5.0.0 © 2019 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6524876703z2732b30d6e1336c8440ad74516f793a0z
There are/have been issues using OUTLOOK. Take a look at your sent email. You should be able to look at the attached email and see if contains the complete header which should look something like the header in the spam linked to above.
-
Are you forwarding the spam as an attachment to your email?
What email application(s) are you using to submit spam to SpamCop?
-
2 hours ago, Art101 said:
http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob...
Nice (Art101 too).
-
I merged two related topic. Hopping to avoid repeating guidance one thread into another.
-
14 minutes ago, klappa said:
But that will expose my e-mail
See my longer post at the top of thread.
There are other reasons to use SpamCop: Normally SpamCop correctly does the work of finding abuse addresses, and reporting to SpamCop feeds the SCBL.
-
17 minutes ago, petzl said:
The REAL abuse address is "ipmanagement[at]amazon[dot]com"
The current refresh (just now) shows - as you suggest
QuoteRe: 54.180.88.238 (Administrator of network where email originates)
ipmanagement{AT}amazon{DOT}com"It is a dynamic system.
-
1 hour ago, RobiBue said:
I do not believe you mis-spoke. It is an IPv6 problem.
There was a time when SC did not handle any IPv6 IPs. Now they do handle IPv6 IPs that are correctly applied. As petzl stated:
9 hours ago, petzl said:{Microsoft} obscure the source, pointing abuse back to them which should work with their "superdooper " ARC nonsense.
Which leads back to same old problem, SC can't be expected (at least by me) to maintain a parser that handles ever ISP and spammer variant of the standards whether implemented intentionally to obscure or through incorrect used of the the system.
-
Yes petzl, I miss spoke.
-
Klappa, I don't think your problems are unique to you. With both gmail and Outlook you have created almost a "perfect storm" apposing reporting of spam.
Have you looked at the other threads about handling the IPV6 issues? They do include suggestions for handling the headers before reporting.
It would be nice if SpamCop could handle the IPV6 problem "today" but it was reported in an other thread that the conversion process opened a security vulnerability that is currently being work. I have no clue about timing for resolution.
Abbreviations/acronyms
in SpamCop Lounge
Posted
Question: Do you have your browser set to block "pop up windows? That may be the problem. Please notice the dotted line under SC ?? if you move your cursor over SC, JMHO, SCBL or TANSTAAFL the small pop up window should appear.