LaserMoon
-
Posts
17 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by LaserMoon
-
-
On 11/6/2022 at 5:18 PM, Hanco said:
Any of you guys look at the image hosts for spams too? I tend to look and report the image files.
A bit off-topic, but yes, there are several "extra" things to be reported that are outside of SpamCop's scope:
- The entire URL obfuscation chain (to URL shortening providers, or to services used as redirects such as Twitter, Wix, AWS S3, Google Sites)
- Image hosting.
- Gmail or other email addresses used as the reply-to field.
-
And what exactly is "MyCoucheTard.onmicrosoft.com"?
smtp.mailfrom=tssolution.ru; dmarc=none action=none header.from=tssolution.ru; dkim=none (message not signed); arc=none\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MyCoucheTard.onmicrosoft.com; s=selector1-MyCoucheTard-onmicrosoft-com; -
This is beyond parody, Microsoft is now openly enabling scammers to send the lowest tier of spam "FBI NOTIFICATION FUND" signed by "CHRISTOPHER A. WRAY" <ksmg@tssolution.ru>.
They even give the Russian spammers their own little subdomain for convenience:
dig +short MX tssolution.ru 0 tssolution-ru.mail.protection.outlook.com. 10 mx.yandex.net.Amazon EC2 is light years ahead of Microsoft when it comes to pretty much everything.
-
For several months I've been registering an uptick in spam sent from Microsoft services, both from Azure and from Outlook. Are they vulnerable to exploitation, or are they merely incompetent at handling abuse reports? We literally tell them "here's the user abusing your services", yet the same abuser is allowed to send spam for months on end.
Their handling of abuse reports is also unhelpful, the message is always:QuoteThis message is to notify you that the Computer Emergency Response Team has reviewed your reported issue and has actioned it appropriately.
Something like this is never experienced with serious established infrastructure providers.
-
Found this on a webhost review site, thought you guys might like it:
QuoteServerion is a spam factory and they don't take abuse reports seriously
Every few weeks, a spammer picks a subnet and spans voraciously from it. Same spammer, same span, different subnet. I report the IP range, send examples, block the subnet. Serverion does nothing .. nada zip. Never a reply, No action taken. Now they have escalated to complaining and bouncing my spam reports for coming from an untrustworthy domain. I'm sick of it. Their online forms offer no credible way to contact them. Don't use them. I'm blocking a dozen subnets at this point and will probably just block their server farm at some point for traffic to my servers. If you host with them, I'm not going to accept a connection from them. They're in short pathetic and probably contacting police in Netherlands a filing a report is the only thing they would pay attention to
https://hostadvice.com/hosting-company/serverion-reviews/#user-reviews
-
The vast majority of spam that I get uses domains registered by Namecheap to both send the spam (from @domain), and to link to content and tracking scripts.
Namecheap's policy, as far as I can tell, is to only remove a domain if it shows up in the Spamhaus blacklist.
So the spammers' policy is to keep registering new domains, and Namecheap won't bother them as long as the infrastructure used is external (typically Russian).Does this match your experience?
-
Junk sent from a Google App contains the unique identifier of the GApp in the headers.
Upon reporting the URI (to both google-cloud-compliance@google.com and https://support.google.com/code/contact/cloud_platform_report), here's how Google responds:
Regarding the following URLs: yxs0mcxbeclorenz58-central-parc-ch.20210112.gappssmtp.com To request the blocking of these URLs from Google Search results under European law, please use this form: https://support.google.com/legal/contact/lr_eudpa?product=websearch If you need to send additional information in relation to your request, please respond to the email confirmation you receive after you send in the form. If you have already filled out the above form, your request will be processed shortly.
Did they completely fail to look into and block the activity of the reported Google App and instead just automatically classified it as a privacy issue about a search result?
-
On 10/6/2021 at 12:19 AM, petzl said:
SpamCop is sending reports to wrong abuse address should be "network-abuse@"
Is there any indication that they are taking action based on these messages?
-
Just received this from postmaster@outlook.com:
Delivery has failed to these recipients or groups: report_spam@hotmail.com Your message couldn't be delivered. Despite repeated attempts to deliver your message connection time outs with the recipient's email server prevented delivery. Contact the recipient by some other means (by phone, for example) and ask them to tell their email admin that it appears that their email system is timing out when your email system is trying to connect to it. Give them the error details shown below. It's likely that the recipient's email admin is the only one who can fix this problem. report_spam@hotmail.com 10/7/2021 8:17:21 AM - Server at MN2PR21MB1230.namprd21.prod.outlook.com returned '550 5.4.315 Message expired, connection timed out(Socket error code 10060)' 10/7/2021 8:07:21 AM - Server at xmr-internal.protection.outlook.com (10.233.166.17) returned '450 4.4.315 Connection timed out [Message=Socket error code 10060] [LastAttemptedServerName=xmr-internal.protection.outlook.com] [LastAttemptedIP=10.233.166.17:25] [CB1PEPF00003800.namprd00.prod.outlook.com](Socket error code 10060)'
Microsoft's CERT form (https://msrc.microsoft.com/report/abuse) was also down for a whole day because one of their JS resources failed to load.
What's going on with Microsoft?
-
1 hour ago, Ron Dragushan said:
Sorry if these are basic questions. I am far from an email expert. I think my reply is related to this thread.
Lately, I get many spam emails each day from gmail addresses. When I submit the email source to SpamCop, the only place the email gets reported is: google-abuse-bounces-reports@devnull.spamcop.net.
The tracking URL of the last such spam email report was: https://www.spamcop.net/sc?id=z6725343589z6a5760a25ef977e0d0fe0613ae4f705az
Does this mean that reporting these emails does nothing?
In future, should I not report any emails from a gmail address?
I realize that SpamCop does their best to get spammers shut down. If these spammers have found ways to make SpamCop ineffective, please let me know if there are any other actions I should take.
Hi Ron, I think Google doesn't accept spam reports that come in by mail.
If you're reporting spam as a hobby, you may want to look at automating submissions to this form: https://support.google.com/mail/contact/abuse?hl=en
Heads up: sometimes spammers spoof their emails to make it look like they originate from a Gmail address.
-
If you do a Google search for "aronu01mbaonu@gmail.com" you will see it was reported on blacklists almost a year ago.
It's still sending scam emails now, and the originating server is actually Google.
So what's going on, is Google that bad with detecting who uses their services to send "African scam" emails?
-
I confirm that the vast majority of spammy domains that I look at are registered through Namecheap.
-
Hello,
When I report spam sent to Hotmail addresses, SpamCop wrongly indicates one of the internal Hotmail IPv6 IPs as the source.
Where can I report situations like this to help improve SpamCop?
-
No, that's not it. The filesize is 48K.
I'm attaching just that part of the email that is sufficient to cause Chrome to freeze.
It's a single line with more than 30 thousand characters. Pasting it in other textareas on other websites doesn't freeze Chrome, though.
-
Hello,
I have an email sample that makes the SpamCop web form freeze (and crash) on Google Chrome as soon as the text is pasted in the form (Mozilla Firefox doesn't have this issue, but Chromium-based Microsoft Edge does).
By the looks of it, it has to do with specially-crafted HTML attributes. (Does SpamCop try to to any client-side parsing, other than to check the length?)
Is there a technical contact where I can send the file for analysis?
Thanks.
-
Hello,
I know SpamCop works by reporting spam to infrastructure providers (targeting the servers sending the emails and those hosting the resources linked to in the body of the emails).
A comment posted on this forum on July 16, 2020 suggested that spam sent from Germany can also be reported to allgemeiner-spam@internet-beschwerdestelle.de (+ another address for illegal content).
This got me thinking, what other avenues are there?
- Maybe a specific server provider uses a web form, not an email address (like Hetzner, in the linked thread, or Gmail).
- Maybe a specific server provider won't accept reports from SpamCop, but will accept them if you send them yourself (AWS EC2).
- Maybe a specific domain registrar will take action on a reported domain, if that domain is present in certain trusted blacklists.
- Maybe more national governments have a dedicated email address where spam can be reported.
- Maybe there is a GDPR avenue for servers hosted in some EU countries.
My question is, has anyone put together a guide for how to best target spam based on origin?
Can't continue parsing. DNS-server-error; Try to refresh this page later.
in SpamCop Reporting Help
Posted · Edited by LaserMoon
added more information
Over the past few days, I've encountered the following error several times when manually submitting spam to SpamCop in the web interface:
Eventually it goes through after a few refreshes.