Jump to content

Farelf

Forum Admin
  • Posts

    7,012
  • Joined

  • Last visited

Everything posted by Farelf

  1. Yes, http://www.spamcop.net/fom-serve/cache/297.html shows how it works in general, reputation points help approximate a ham:spam ratio determination which in turn helps ensure a few bad eggs don't drag down any massive, mostly non-spamming assets to the great detriment of the innocent public. You can then look at data presentations from the SC Stats pages to put your 'problem' networks in context. Regarding the instance of 107.158.214.212 - from http://www.spamcop.net/spamstats.shtml thence http://www.spamcop.net/w3m?action=map;mask...ratio;sort=spam we can see that 107.158.214.0/24 doesn't get a look in for spam ratio (/200) and is ranked down at 47/200 in spam count - http://www.spamcop.net/w3m?action=map;net=...35;sort=spamcnt Current metrics: 107.158.214.0/24 No.s Total email volume 1314 Total spam reports 39789 spam reports vs. email volume 30.28 Number of hosts sending email 90 Number of hosts reported for spam 76 Hosts reported vs. hosts sending 0.73 Average volume per host sending 14.6 There are presently three servers from that 107.158.214.0/24 allocation listed in the SCbl according to http://www.senderbase.org/senderbase_queri....158.214.0%2F24 No doubt if more people were reporting there would be more of them (so don't despair, certainly keep reporting them yourself) but, as you can see for 107.158.214.212 in that display, the network operations for that service spread the load (that specific IP address is currently having a bit of a holiday). An unkind observer might say they 'snowshoe' a little. [edit - fixed links etc.)
  2. SpamCop has nothing to do with APEWS and posting removal requests here achieves nothing useful - and we find it downright wearisome when they are posted here. Those posts might be subject to removal in future, the only reason this has not happened at the time of writing is we were sort of hoping people would see them and the repeated advice that they are misplaced and take the hint. We don't "do" APEWS removal requests. The APEWS FAQ suggests "Publish your error report complete with relevant email headers including your IP address so that an Administrator can find it." That DOES NOT mean these SpamCop Forums are a "drop box" for removal requests, the APEWS administrator(s) have never requested that, we do not even know if he/she/it/they ever visits these pages - and the above-mentioned APEWS FAQ goes on to caution against posting removal requests here. For some independent, calm advice on APEWS listings (and supposed APEWS blocking), read Listed on APEWS: what to do (and what definitely not to do). DO NOT post removal requests ANYWHERE, in any section of this forum! Should you wish to discuss general matters relating to spam and spammers, you are quite welcome to make an appropriate post in the "SpamCop Lounge" section. Most other sections here relate to SpamCop facilities from the point of view of users or those otherwise affected by them but our membership has varying degrees of interest, experience and expertise in general spam (prevention/avoidance) matters. This is not a "social" site, it has a purpose as an anti-spam site. Do browse at least the Help section before joining the forum and posting. There is a huge additional resource in our Wiki, FAQs, Pinned notices and sundry accumulated topics.
  3. Thanks for the observations guys, glad to see there's a way through. I've been stranded for a month with just an iPad (totally unfamiliar device apparently optimized to frustrate anyone over 40) and unable to try out the recent suggestions as they unfolded but you seem to have "cracked it". Forum-power at its best.
  4. Tried a dozen things - coming to the conclusion that the parser is only interested in text, skips anything where it is told about HTML. If it is NOT told about it, it handles HTML without a problem. Well, apart from wasting time looking at the standard www.w3.org link in the opening DOCTYPE comment. Parse (that succeeds) with modified headers and body to remove content declaration and boundary definition shown: http://www.spamcop.net/sc?id=z5551238400z1...5c2f2e0934ae65z (<!-- SpamCop::Web::Look $Revision: #17 $ produced by prod-sc-www1 -->) Seems almost/exactly as if the parser has been modified to skip declared HTML sections of the body. This may have been a "temporary" measure several/many attempts ago in the lead-in to system updates - to keep things simple, reduce the variables for trouble-shooting. "Seems", only the engineers could say, I suppose.
  5. Maybe the parsing was affected by the recovery period following the system upgrade? Does re-submitting the spam now (and cancelling reports) still show the same? You can save and show the tracking URL for a cancelled report. [edit] Ah, no, I see that is a mangled spam ... but following declaration, no boundaries are set within the HTML body. But ... fixing that doesn't seem to fix the parsing ... yes something seems to be wrong (or I'm not very good at fixing - not that "fixed" spam can be used for a real report anyway).
  6. Farelf

    Test topic

    Talking of the "Collusion" Firefox addin, interesting what it shows when logging in to and (particularly) out of free webmail accounts: Free Hotmail account: log in When you visit live.com it informs the following websites about you. demdex.net trouter.io skype.com live.net msecnd.net wlxrs.com atdmt.com msads.net microsoft.com bluekai.com omtrdc.net bkrtx.com gfx.ms The site live.com is potentially aware of your visits to the following websites. msn.com skype.com log out When you visit msn.com it informs the following websites about you. adnxs.com live.com cloudapp.net facebook.com twitter.com 2mdn.net mediaplex.com mookie1.com ebay.com doubleclick.net atdmt.com facebook.net visualrevenue.com bing.com msads.net scorecardresearch.com s-msn.com ******************************************************************************** Free Yahoo account: log in When you visit yahoo.com it informs the following websites about you. imrworldwide.com scorecardresearch.com yimg.com yieldmanager.com abmr.net The site yahoo.com is potentially aware of your visits to the following websites. yimg.com log out When you visit yahoo.com it informs the following websites about you. yldmgrimg.net dlqm.net 2mdn.net overture.com questionmarket.com doubleclick.net. yahooapis.com imrworldwide.com scorecardresearch.com yimg.com tubemogul.com adsfac.net imrworldwide.com yieldmanager.com yahoo.com abmr.net The site yahoo.com is potentially aware of your visits to the following websites. yimg.com ******************************************************************************** Well, we knew "free" to be a relative term - no wonder SuperAntiSpyware gets such a workout scrubbing "adware" cookies every time it is run.
  7. Looks good to me matey - only problem is with submission by e-mail from Outlook (not Outlook Express) so you're in the clear on both counts. Problem with Outlook e-mail submissions was (sometimes) mangling of the order of "Received:" lines in the headers.
  8. Farelf

    Test topic

    (test remote img link, then remove) Yep, Firefox addin "collusion" confirms information sent to remote location whenever the image is viewed (whenever page is loaded). Well, we knew that but still ... That's (one of the reasons) why remote images are not allowed in these forums.
  9. I see, I think, a little bit like "reverse psychology", you state your latest prediction in the hope of being proven wrong? I think a few words of encouragement directed at the long-suffering SC staff and the development engineers (in Elbonia, I suspect) might have been more to the point, but that's just me (and I confess I've been remarkably little affected by the whole IPv6 thing).
  10. See now http://forum.spamcop.net/forums/index.php?showtopic=13146
  11. Absolutely - mostly we seem to be seeing "internal" IPv6 network routing which can safely be discarded. Anything else, maybe not, but if the delivery to the reporter's network is clear then that is as much as the parser has been concerned with since the advent of mailhosting anyway.
  12. Yes, those were the points - "manual" reports can be risky, particularly for the novice, whereas SpamCop reporting is not. Probably should have instead pointed to the excellent Rick's spam digest, particularly http://www.rickconner.net/spamweb/spamreporting.html which has all the information needed for manual reporting.
  13. I guess if I was getting a number of them I would be tempted to manually report - but, in general, that would be an irresponsible thing to recommend to the general membership and, with most such reports ignored (and some maybe ending up in the hands of the spammers), fairly pointless or dangerous. Yes, it will be great to get the ease and security of the parser and reporting system in train on these, and the leverage of the SCbl behind it. Can't help but reflect that some of what was learned in the last attempt will be forgotten with the passage of time - nobody documents so well that it could be avoided. Oh well, obviously that will be more than offset by what the engineers' community has learned in the interim, when the next attempt succeeds - as it must.
  14. Farelf

    Test topic

    Oh, www.support.me wasn't blocked by the way - just the "Windows Support Centre" favourite method of using the run box to access the internet. All sorts of other URL connects, except through a browser, affected as well (links from dialog boxes, tcpIQ dictionary consultations, attachments to Yahoo7 webmail compositions, etc. all suddenly not working). But, it turns out, following some update of something, one now needs to specify a default browser. Hitherto those connections initiated from outside a browser picked up IE if no default was set. That stopped following M$ apparently taking a rare step back from imposing itself. Once a default browser is specified, it all works again. JIC others with multiple browsers experiencing the same (it was fair getting up my left nostril, I can tell you, so many possibilities to explore, so few clues). Microsoft update still opens via IE, if installed, regardless of the default (that's a good thing in my case). They haven't retreated all the way
  15. Farelf

    Test topic

    Looks like someone is now blocking connection to www.support.me from my location/provider (still up and running via proxies/watchmouse.com etc. also pings work from my PC) - somewhat misguided since it is a legitimate service, simply abused. Ah well, my favourite "Windows Support Center" still gave me a six-digit code to type in which I promptly e-mailed to scamreport[at]logmein.com Anyone know the failure message if an incorrect code is entered there? Next time I might try stringing the scammers along using that, to see how many codes they will give me to report. Better in bulk, eh? [edit] Ah, never mind, got it. It is Code does not exist. Please contact your support provider.
  16. Following the discovery of the magic key combination enabling forwarding of Yahoo mail as an attachment with full headers (Shift-Alt-F), as described: http://forum.spamcop.net/forums/index.php?...amp;#entry82630 - thereby allowing e-mail spam submissions from the new(ish) Yahoo 7 which had seemed lost with the general demise of Yahoo Classic ... Can Rogers, Bellsouth (any other) customers where Yahoo provides the mail service hosting behind the scenes confirm the same works for them, from their Rogers/Bellsouth/whatever webmail access page? Not being a user of such services I have no idea of the interface(s). To test, you don't have to wait for spam, any current e-mail message will do - just remember to CANCEL the submission after you review the submission, DON'T send the report (unless it is spam of course). With the Shift-Alt-F method a sending screen is presented and it can be seen that the e-mail to be forwarded (only one at a time, unfortunately) is ATTACHED - as an eml file. It is simply a matter of pasting in your SC submission address and sending from that point. A SC confirmation should then be received ("[spamCop] has accepted 1 email for processing") and/or on subsequently going to the SC member reporting page there should be an "Unreported spam" link. After viewing and cancelling the submission, please obtain the report ID ("Past reports" tab) and post it here just in case the deputies need to have a look at the submission (only SC staff - Deputies such as Richard W or SC Admin Don - and yourself can view the submission from the ID number). Thanks in advance to any who can assist. Steve S
  17. See fragile's solution (Shift-Alt-F) in http://forum.spamcop.net/forums/index.php?...amp;#entry82630
  18. No idea - don't think Leon would let it rest if there were any problems with it though. Outlook 2010 hasn't changed in about 2 years either. Did you look in http://www.spamgrabber.org/forum/ ? SpamGrabber is third party - not a SpamCop product - "Questions and support must be directed to the provider of the program," as it says in the SC FAQ. Maybe some other member here who uses it has a comment to contribute? They should feel free to speak up if so.
  19. Problems apparently remain with Outlook 2010, read the SpamGrabber explanation, as above as one source of information (yes, it can be a little slow to load at times).
  20. Farelf

    Test topic

    http://translate.google.com/#hi/en/%E0%A4%9C%E0%A4%BE%E0%A4%A8%20%E0%A4%AA%E0%A4%B9%E0%A4%9A%E0%A4%BE%E0%A4%A8%20%E0%A4%B9%E0%A5%8B%0A%E0%A4%9C%E0%A5%80%E0%A4%A8%E0%A4%BE%20%E0%A4%86%E0%A4%B8%E0%A4%BE%E0%A4%A8%20%E0%A4%B9%E0%A5%8B Jaan pahachan ho, Jeena asaan ho. Okay, doesn't translate well - more along the lines of "(We should) get (properly) acquainted - (it would) make life more simple". Lines of the famous (in India) song resurrected in Heineken ads last year. http://www.infinitelooper.com/?v=XnBbjc5hmho&p=n Music on hold for those scam calls - the tell-tale 3 seconds silence then "Hello? Mr ? My name is David, I'm from the Windows Support Centre, OK? And we've been detecting serious errors and downloads of suspicious and malicious files to your computer, OK? To fix this problem I first need you to press the Windows key on your keyboard OK?... Hello?" http://www.youtube.com/watch?v=_hxXu0qD9Nc Report with the 6 digit pincode the scammers provide to take over the PC (via www.support.me, support.me, logmein.com, logmein123.com) and the date-time and timezone when provided to: scamreport[at]logmein.com OR https://secure.logmein.com/contactus
  21. You were amending your mailhosting on a reporting account? Write to SpamCop Admin (Don D'Minion) with all the details: service[at]admin.spamcop.net He will know the answer and may(??) be able to help sort you out.
  22. Farelf

    Forum Use

    Excellent point. thanks, done. Of course even when images ARE posted, contrary to advice, the grizzled old veterans amongst us are not going to see them anyway, having browser settings to block "external pictures". All that is shown to them is a blue, unlinked alternate text "PBL image" generated by the forum software (I think that's the wording) and, in the case of single pixel images, they will be the ONLY ones aware it has been posted. Web bugs might be old hat, going back to the very dawn of HTML, but BECAUSE of that they are evidently still occasionally used as a sneaky "just when you thought it was safe ..." variation in the hacker tool kit.
  23. Yes Tony - trial, some IPv6 spam parsed, bugs to be fixed so new version retracted, fixed version to be tried next week as advised in that other post by email_support. There was an opportunity while the new version was operating to add a report (if a paying user) to the correct abuse desk, if you were able to determine it. I use IPNetInfo.exe with the "Detect IPv6 addresses" box checked for those determinations since I am congenitally confused when it comes to using RIPE lookups unaided Steve
  24. Looks like work continues - gnarlymarley's link just at the moment has the "Unable to process header. IPv6 addresses are not supported. No source IP address found, cannot proceed." lines. <!-- SpamCop::Web::Look $Revision: #15 $ produced by prod-sc-www1 --> See http://forum.spamcop.net/forums/index.php?...amp;#entry80735 The analysis should find (I guess): 2a02:8420:4e46:2e00:211:32ff:fe11:32f5 tracks to SFR-BROADBAND-USER (FR) inet6num: 2a02:8420::/32 ... remarks: *********************************** remarks: * Abuse e-mail: abuse[at]gaoland.net * remarks: *********************************** ... role: LDCOM Legal Contact ... abuse-mailbox: abuse[at]gaoland.net ... role: LDCOM Networks Tech Contact ... abuse-mailbox: abuse[at]gaoland.net ... % This query was served by the RIPE Database Query Service version 1.8.13 (WHOIS2)
×
×
  • Create New...