Outernaut
-
Posts
65 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Outernaut
-
-
55 minutes ago, petzl said:
SpamCop (SC)is just a aging BOT that is still chugging along!
Thanks @petzl. That is bad news. I'd say the war against spam is over, that they have won. 😞
And, thank you for being around all these years sharing your know-how and experience.💯
~o
-
Short form, Is it a waste of time posting (manually logging and pasting source etcetera) here at SpamCop? I don't see any spam being dead any more. The most obvious spammer even passes through the no-spam monitor at Shaw.Ca. We're supposed to forward them to a Shaw email address, but they get bounced back. Not just me everyone that tries to help controlling it. They made us do their job for them, then don't bother to see is their =links work outside of it's dungeons.
Now, even the most obvious spam keeps coming through, and even though I and I would hope others, report it back to GOOGLE (king of spamdomania), doesn't even bother with them.
Is it the same here now? No sense posting them if they just go into file 13.
TIA
~o
-
On 5/30/2023 at 11:26 PM, Citric Acid said:
Hey everyone!
This is still an issue: my account also is an "ISP" one and doesn't contain a "coded email address". How could I get one having that type of account?
Short form, Is it a waste of time posting (manually logging and pasting source etcetera) here at SpamCop?
Ditto to getting the "coded email address".
...and last I looked ISP is Internet Service Provider and IP is for Internet Protocol. Have the Googies changed that too?
-
12 hours ago, petzl said:
Seems you are wrong.
The IP won't take action on websites at the IP address.
Registrars are the ones to complain to the owner/operator of website IP won't
SpamCop reporting IP address's is worthless
Why I send directly from my email address sometimesI gather you mean 'The ISP won't take action' not IP. Two different things.
You said..."send directly from my email address sometimes". Do you know where I may find the step x step to send via email (Thunderbird) client instead of reporting via site?
TIA,
~o
-
14 hours ago, RobiBue said:
... maybe reset the account as something is fishy...
That's my suggestion if anything else fails.
~~~~ RobiBue
That is what I figured and why I checked our mail server (I have access). I'll look again, maybe for a server email Event. Thanks for clarifying that the site is working.
I'll check again.I can attest to what @ninth mentioned. One of our server ISPs blocked a IP due to spaming. Some hosts/ISP will definitely block a IP if it's shown to be sending spam.
I've reported obvious spam to SC, and in comments, added "Just the usual spammers at OVH" because it was getting really bad. Later, I received a note from OVH, 'The matter has been taken care of'.
I intend to capture the next report and get the tracking number (or whatever that report result number near the top is.to @petzl. I think he speaks the language.
~o
-
11 minutes ago, petzl said:
SpamCop has been left on auto mode for years noe, in it's hay-day it had plenty of volunteers to keep it up to date, not now!
In you OP you explained
Which is what I do, but now you have to check BEFORE you bother the abuse address is correct often it's not!
https://tinyurl.com/2pncp5cc search for databases
Go back to doing that!I don't think we are on the same topic. The site went belly up 16-06=5-2023 according the emails I get telling I didn't "FORWARD" emailed, copy, copied to , I don't know how the Hades to explain it otherwise. I DON'T/DIDN'T/WOULDN'T Forward the spam email.
There is a big difference between the SC emails I get from SpamCap about Forwarding (which - again, I am Not doing).If SpamCop has been neglected to this state where it is in need of some serious intervention, and can only report spam that goes no where, then pull it's %^$# plug!
We're not getting anywhere except frustrated.
Bye
~g
-
2 hours ago, petzl said:
If it went down and bounced SpamCop stops sending,
You need to first go to SpamCop reporting web page past your headers in box and parse
Learn what is happening
This is a tracking url first link it was a very long spam that SpamCop would of truncated work it out??
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z
Full report of what I sent
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display
Thanks. I'm not explaining myself well enough or your'e missing the point. The site AFTER reporting MY way, has always worked. Until recently. The site STILL sends the report. A while later, a email from the site reports that i need to do something else. It is assuming I "forward'emails,. I don't. I already explained the process. I should also point out I am NOT using a cell phone, a smart phone not even a dumb phone. It's called a DESKTOP. I don't send any thing. I manually go to the site, manually copy & paste the '''source''' of the entire spam. I then click Send button. Done! NOTHING DIFFERENT than last week ore the lat month or last 4 or 5 years.
Let's just say we both tried and forget it. I won't bother any more and just cuss the spam and click delete.
~o
-
I'm going to back on this topic and ask again,
16 hours ago, petzl said:Just send a tracking URL is all that's needed
I don't think you read my post (OP) correctly @petzl.
I ave always been able to copy the message source, and paste it into the reporting box. If file was too big, SC asks if I want it truncated, Yes, and off it goes. NEW EVENT SC sends it back telling me to make it mime or something. I'm NOT EMAILING the source, I log into SC and paste it into the report box. So why is it email, them back to me requiring I change it and re-email it?
Our ISP is second largest in Canada and dropped using their anti-spam telling everyone to put spam into the Junk box instead. So now we pay more for less that we must now do ourselves. So SC is blessing - most times.
Same topic, still asking.
~o
p.s. I checked the mail server. It's not mailing the reports. So, what changed at SC?
-
1 hour ago, ninth said:
I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there.
That's not only extra steps, it also never worked for me. What may be different, is that I use a email client, not web browser. Too, I manage the mail server the domain with issues.
As for "raw" email my copy & paste email source is the same thing, only you email it. I've had those on-purpose huge 'raw' but the reporting box takes it and truncates it. There's never been a problem with those. Just recently, last few days, I paste and later a SC email arrives saying that "When forwarding spam..." I didn't forward anything. That's what I use to get when I tried email (Forwarding) to SC and failed. So the other way, copy/paste into report box, should work.
I am sheepishly beginning to wonder if some changes to our anti-spam on the server (LAMP) didn't kick in a forward to SC. I will embarrassingly leave now and go check it out.
Will report back when I know.
~o
-
2 hours ago, petzl said:
Pay to send a Tracking url alays at top of page before you submit
Sorry @petzl I've no idea what you mean by pay. Pay who, pay what, pay for every report, and is this a new thing about pay? The only "pay" I've seen is to pay to get rid of the delay screens. Last time I used a cheque was about 20 years ago. I haven't seen a pay gateway here.
Like I stated, I never had this happen until a few days ago. And as I pointed out, the reason I was given was to use "a MIME attachment". "attachment":; this too is new to me.
How much to whom using what payment plan?
~o
-
Hi,
I am now getting reports from SC that spam reported to SC is not sent.
Quote[SpamCop] Errors encountered
How I have always sent them:
- Recognize spam in email
- I view the "email source" (full text view)
- I select All, and Copy
- Open SpamCop, login
- Click Paste into the reporting box and hit process.
- Then when SC is done processing it, I add to the comment or usually just press the Send report.
- Done, move on to the next or logout.
Now the SC message that it didn't process, and assumes I used HTML. I don't, it's pasted as "plain text".
This is how I have been doing for what, 3 or 4 years now.
The SC email report sent back reads:
QuoteSpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. The email which triggered this auto-response had the following headers: Return-Path: <~~~@REDACTED.!!> Received: from vmx.spamcop.net (prod-sc-smtp14.sv4.ironport.com [10.8.129.224]) by prod-sc-app009.sv4.ironport.com (Postfix) with ESMTP id C599083833 for <submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net>; Thu, 25 May 2023 09:39:46 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=@REDACTED.!! IronPort-SDR: kqquO8Xcw2axZfgsKJTNViGT8HprfRAi7bGWOmy4HDgSZZ5tVaWQa0P9w92IZrVVR0DBg05Nhk X7CfXhrN//M6lB2l3QIfGBtQC/LC4htjRSrczbNO44tP0Zl/cp+njRFPVTGAkU3OlyibyB+tZS sctcXVP8AskcNhAJ2phtoBYcGO735771JVQNbEu7DmY37uEGWT6B+GqQPPN85gJxvZz5Q76JnE 5vWlb5mU3RmwkSuCTv4JFALuMdCGyMmpQJmTlNAkLe7X7mpOEjAiUwJAxsQsu8kAORdFauPmrX 6u8= Received: from nauj.domain.tld ([65.254.34.162]) by vmx.spamcop.net with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 25 May 2023 09:39:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=REDACTED.!!; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Reply-To:To:Subject: Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WY5P5eYCjIJKJdMmg6kDBcrlG5sXaOI0Hxf2clyqn3k=; b=OkXpKbqQomOYa2dvXicy2eHBz6 N/Qkf7clM+VuBoOTO4bgS/NINje1AsGU+gicz/+edzZIJGX6Z/id04Q7wYWTsh3tEMsSIDz7/sYkt lBGsBl8H/B4nN/tJxIPc2bfaDrkkmJiWrtNSGddq1dXZKskA0rIdbhil0R3z1akKf5j7cHKiFY1ZS Bqjsyz2OuK+JvJhAk1nhs+IBs3mj9IIVv1To2oSvXfV0HTINlV3XyIREtecPzAfTlISHu3hTeV+Xg CyDmJCUH48JOzESmvx2cEvNkTfn3f1Keary1US2VtyfDZMqLU77OOzOL6gFz8QUZDP1/CTVc4Yqju vpOQg6/g==; Received: from [96.50.188.51] (port=49257 helo=[192.168.0.10]) by nauj.domain.tld with esmtpa (Exim 4.96) (envelope-from <~~~@REDACTED.!!>) id 1q2E08-0001GC-0E for submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net; Thu, 25 May 2023 12:39:45 -0400 Subject: Fwd: Jim Dixon , We have some lnformation for you To: submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net Reply-To: ~~~@REDACTED.!! References: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> From: ~~~ <@REDACTED.!!> Organization: REDACTED.!! X-Forwarded-Message-Id: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> Message-ID: <43ce3d45-54ee-5af8-c59c-824a3a7d4440@REDACTED.!!> Date: Thu, 25 May 2023 09:39:25 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: base64 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - nauj.domain.tld X-AntiAbuse: Original Domain - spam.spamcop.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - REDACTED.!! X-Get-Message-Sender-Via: nauj.domain.tld: authenticated_id: ~~~@REDACTED.!! X-Authenticated-Sender: nauj.domain.tld: ~~~@REDACTED.!! X-Source: X-Source-Args: X-Source-Dir: .
Primary and original reporter of email redacted.
Is there something I should be doing different now?
Thanks for all your work,
~o
-
I've never seen it before. Maybe they are under new management, but whatever.
Preamble:
I reported phishing via SpamCop. The spam was originated at OVH. Today, get a response from OVH. Email didn't say it was private so here is what they said:
QuoteFrom: ticket+[redacted]@abus3e.ovh.net
Subject: [OVHcloud Abuse] Case #[redacted] resolved
To: [redacted]@reports.spamcop.netHello, You recently submitted a report which led to the opening of the Abuse Ticket #[redacted] For your information, this ticked has been resolved and is now closed. Kind regards, The OVHcloud Abuse Team.
As Mr. Rogers use to say, "It's a beautiful day in the neighbourhood".
~o
-
G'day
Serverion, as everyone seems to know about is being a real ^%&*$ renting out IP#s to a spammer that jumps from IP to IP. I've been manually copy-paste-message-source into SpamCops online reporting box. Time is taking it's toll and I just don't have enough of it to go through 36 emails accounts, so I manually delete them.
I've been through here, again, today, reading through the ">> spamcop-flat-rate-email-account-setup/" But there seems to be no Flat Rate Email Account Setup, just a bevy of questions and answers - nothing about where, how, or how much to pay.
I know your all very busy, so in point form I would like to ask:
ITEM 1:
- Is the SpamCop "Flat Rate Email Account" a email account, or a mail account that filters spam out of email, then send on to intended recipient?
- Either way, how much does it cost, where do we send money, sign up and such?
- Does the FAQ need updating from "FAQ: Getting Mail From The SpamCop Email System By Jeff G., January 31, 2004" or do the instruction apply in 2021?
ITEM 2:
-
I read that to Forward spam to SpamCop via email client (Thunderbird), we need send the source, not the email if in html. For Tbird, that means each spam needs to be opened, view source, copy, select all, create email to SpamCop.... (account id), paste source (text version), and send.
Is it possible to highlight all spam, then Forward it/all to "submit.blahblah........@spam.spamcop.net" or might that error out? - cPanel has a email option to setting filters, but IP addresses are one at a time, so that's useless. Do any Gurus here know of a way to direct email to SpamCop's reporting system from cPanel? My discussion with the folks at cPanel haven't helped. Using example: 323.423.312.* or 323.* or 323. or CIDRs like 321.323.232.1/12 don't work.
I am going to try several ideas I have; there is a danger in that
I will try creating filters in Tbird, that will forward it to SpamCop if Tbird will convert the spam and forwarding headers to TEXT.
I tried forwarding but received the following:
QuoteSpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper.
When forwarding spam, use a MIME attachment or text-type message with
the spam enclosed. Do not send spam in HTML format. Sometimes this
error is caused by using a "resend" feature to forward spam.HTML spam should be sent in text (source code) format.
The email which triggered this auto-response had the following headers:
Return-Path: <____@___________.___>
Received: from vmx.spamcop.net (prod-sc-smtp8.sv4.ironport.com [10.8.129.218])
by prod-sc-app008.sv4.ironport.com (Postfix) with ESMTP id 0C93B937E6
for <submit.__________________@spam.spamcop.net>; Thu, 14 Oct 2021 08:33:37 -0700 (PDT)Thanks for the work ya all do,
O
-
Looks like this is the only suggestion, the others are questions, but in keeping with old traditions - I'd like to suggest:
That SC introduce ways and means of using SCBLs under cPanel accounts. A tool so we can drop in SCRBL s and let cPanel compare incoming mail to SCRBLs, and delete the often very obvious spam.
Yes. Thanks for suggesting spam Assassin. If it was reliable, I wouldn't be suggesting side stepping the etch-a-sketch version of dealing with spam to using SC block lists instead of SA.
O
-
18 hours ago, petzl said:
Seem to be from Outernaut's internal network?
Not quite. After reviewing @gnarlymarley and checking again, it may be they used a contact form. The form did not have any captcha so I put a non-invasive invisible captcha on. We'll see.
Thanks to you both for your asistance,
~o~
-
This is new one for me. This scam comes from domainregistrationcorp.com (address is "502 Bad Gateway")
The scam warns owners of domain to renew at ridiculous rates, and for certain, those that do, Inever see their renewal, only a hole in their pocket.https://www.spamcop.net/sc?id=z6708342598za3c1a7e1620502b088a404a350ad0835z
~o~
-
On 4/1/2021 at 10:53 AM, gnarlymarley said:
This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin. The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.
I use spammassassin. Trouble is, even set at 2.5, so much crud still gets through - same spam, same IP. So I also use "Global Email Filters" and toss IP addresses in there. I don't care if I forget to check and remove them the list. Most come from Google, or passed through Outlook, or via OVH.
That's a manual task I'd rather get rid of, each domain has it's own cPanel, so what I add is not system-wide through all my clients. Ergo, my question about SBL > RBLs. Now I've come across extortion without a IP. Separate post on that.
Oh well, the battle goes on.
~o~
-
All very generic old-style Viagra, Fat Burners, free energy scams, sunglasses - the usual stuff flogged by affiliates whose owners don't care how their product get's out, so long as they make a $ are inundating one email address. I have reported the IPs to SpamCop for 2 weeks now. The IP is always the same except last octet goes up or down a number or 2. But they are still coming, and I WAS still adding them, today I think about 20 of them before I decided I need some time for myself.
I tested and pasted the full IP of several of those bits of wasted time into https://whatismyipaddress.com/blacklist-check and they all come out by SpamCop as being A-OK.
I can't be the only one that gets these. So, how is SpamCop a good thing? I've been manually posting the messages here , then copying the IP and going to my mail server and adding them in to Global Email Filters, which has decided that it no longer likes the asterisk in addresses (170.130.207.*) and does nothing about blocking them.
My own ISP, not affiliated with my other mail server, has decided not to use SBLs and insists customer can take the time to dig out the headers and paste it into a email to the ISP. I did this, and 2 weeks later received a email saying the spam was too old. They tell me they have their own "team" now reviewing copies sent to them. I think that support fella is too stoned.
I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them?
~o~
-
On 2/21/2021 at 10:18 AM, Tau said:
That is great news. However, when I suggest people use real email and get Tbird, I get the deer in headlights looking back at me. Too, it's hundreds of people doing the job that ONE mailserver should be doing.
I found today that all my manual reporting of domain 170.209.130.* spam for the last 2 - 3 weeks does nothing to stop it. That is in another post. But it is nice to see Tbird is still getting some add-ons.Thanks for the tip,
~o~
-
@gnarlymarley
I just received the following spam, posted it via the report spam box. It is dated Mar 10, as are all spam from our lover at amazonaws.The reference is: https://www.spamcop.net/sc?id=z6706263625z7a716025061c9bf82331039e2ea81dcfz
Are you able to tell who/ISP is delaying it? Or a link to how to read that stuff.
TIA
~o~
-
After login, at the report and landing on the report page, is a new-to-me announcement:
QuoteNews: (Last Modified: 3/11/2021, 12:51:03 PM -0800) (spamcop.net / login first.)
In a shell, does that mean we will no longer be able to report spam to SC, or does the change affect how we report?
I'm also worried all you guys that help here will loose your high-paying positions
~o~
-
On 2/25/2021 at 9:15 AM, ob1db said:
I have been manually forwarding amazonaws.com reports to abuse@amazonaws.com for the last 2 months. They have been responsive and appear to have taken action on more than one submission. Perhaps a deputy can contact amazonaws and confirm if they will now accept spamcop reports as well?
Have you found anything out? Today's visit to spam Cop (SC) shows a SC announcement dated March 11, 2021 at spamcop.com > "Welcome registered user" page title, under the "Paste entire spam..." box, > News: (Last Modified: 3/11/2021, 12:51:03 PM -0800) makes me wonder how the changes will affect people like myself that manually post full *'source' to spam. I have been reporting several spam-a-day through amazonaws now for 2 weeks. Nothing changes except the date and the IP addresses and only slightly. (I see it as IPs address changing in IPs 3rd digit by one or two of the 3rd and/or 4th octets (i.e., today's spam originated from amazonaws ###.###.###.123 becomes ###.###.###.124). Too, one could sometimes fantasize and send full headers to abuse@amazonaws.com.
I hope you have heard good news and also hope I am misunderstanding the SC announcement.
~o~
-
On 8/1/2020 at 8:26 AM, Lking said:
We have tried. In most browsers you will see that SCBL is underlined. if you slowly mouse over SCBL a small window will appear. HTH
Aha! So the key is "slowly" and the tooltip appears. I wondered what the dotted underline was supposed to do and since moving around and over it to find a link or something, I never went slowly. The onhover:showit(?) seems slow at this end.
As in:
<abbr title="Now I Understand">NIU</abbr>
I take it that one needs higher privileges like Admin, Mods etcetera to invoke that via this GUI. I'll stick to using * to call out a footnote.
I know topic is old, but forum isn't. Might help another noob like myself.
* Asterisk. Used to call out a footnote.😊
-
1 hour ago, gnarlymarley said:
Hmmm, the example says it is only 5 hours old and came in on 14 Mar 2021. I tried refreshing a couple of times. I wonder if it says it is old when you first go to report it?
Tracking message source: 99.79.57.23: Routing details for 99.79.57.23 [refresh/show] Cached whois for 99.79.57.23 : abuse@amazonaws.com Using abuse net on abuse@amazonaws.com abuse net amazonaws.com = abuse@amazonaws.com Using best contacts abuse@amazonaws.com Reports disabled for abuse@amazonaws.com Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking. Message is 5 hours oldHow an email might possibly be old is for instance, the 10.0.153.220 server could have held it internally for a few days. SpamCop goes off the date on the Received line where it picks up the spammers IP. This means if your ISP hold an email for four days, SpamCop would call it old, even though it may have just barely arrived.
Thanks, I understand - I think
My email client (Thunderbird) shows the spam date being March 10 and the garbage comes in after March 14 (today). My emails including the trash from scumbags is listed by most recent. Tomorrow, I know I will see several new legit email, and some unread (spam) will have day-before-yesterdays date. Let's blame the email client
If I understand the Spamcop announcement (News: (Last Modified: 3/11/2021, 12:51:03 PM -0800) new announcement at Spamcop.net > login > Reporting GUI is abandoning us, just a week after my ISP threw customers into the cesspool by dropping their use of SBLs and telling customers to start using the webmail GUI to create filters, ISPs not being allowed. It is a very sad day. R.I.P. Internet. I am addressing this in a separate Topic.
~o~
p.s. If I don't get to say so before we are blocked from adding spammers, my sincere thanks to you and all the others here that volunteer your time, experience, and patience to help everyone battle the festering sores of the Internet.
I will try creating filters in Tbird, that will forward it to SpamCop if Tbird will convert the spam and forwarding headers to TEXT.
Anyone still here?
in SpamCop Lounge
Posted
Perhaps for the same reasoning that most people is US don't want gun control.
We already see a lot of sites still using ReCaptcha, Google's click the bicycles games. Why? Because some minority might by chance hack in.
The need to have a disposable address is to protect one's good email address against spammers.
Please don't start a wokie thingy akin to lock everyone up because some people rob banks.