[Mailhost problems after employer moved to outlook.office365.com]

On 5/23/2021 at 7:19 AM, gnarlymarley said:

From what I understand SpamCop mailhosts only finds out about changes in mailhosts by someone resumitting a mailhosts test.  I think you should be able just resubmit when you need to add a new internal server.

Probably best to delete in this case because my mailhosts appear to be linked to others and it would be good to have a new fresh section for Office365, but you said you had tried that.  Maybe deleting and giving it a new name?

Yup. Deleting is the best solution.

[Is there a SpamCop Outage]

On 6/28/2021 at 5:30 PM, RobiBue said:

Hi @SWarner,

this is a problem with "private" blocklists e.g. rbl.websitewelcome.com

they will list ip addresses, and then redirect you to spamcop, which is not involved in the listing through aforementioned RBL.

it happens often, and users who are blocked think that spamcop is to blame. Of course, there can be instances where a customer shares the same address range as a spammer, and ends up as casualty in the spam wars, but here, you are the victim of an independent RBL who has added the IP range you "inhabit" in his/her listing.

if you check goggle you will find a myriad of entries regarding that specific RBL, and it's not good.

https://www.google.com/search?q=rbl.websitewelcome.com

you can also check your mail host here: https://mxtoolbox.com/blacklists.aspx

maybe this info will be of help.

again, just to clarify: said RBL has no connection to spamcop whatsoever.

Good luck

Thank you for sharing this. I came here since I had a similar problem, but this comment definitely solves it for good.

[spamcop does not parse correctly when the header start with "Return-Path: <>"]

On 6/18/2021 at 2:28 PM, Lking said:

If you would post Tracking URL for the examples we all could look.

The tracking URL above the spam or in the email you received saying the spam was ready to report.

Agree, the tracking URL will probably the best option for everyone to see the issue.

[Yes My Internet provider has been down for 32 hours.]

On 4/16/2021 at 10:33 PM, gnarlymarley said:

Century link installed a new pedestal in my area.  It serves the next neighborhood over.  The problem with it is they didn't install a battery backup and it is fed by fiber.  So when my power goes out, they lose internet.  I am not sure if they will ever fix that.

I simply cannot believe that you're saying. It is incredible that Century link commits such a dumb mistake.

[Sendgrid reports dev'nulled?]

This is quite interesting since we're talking about a really weird problem. Whenever you solve it, please let us know!

[TLS support for SMTP host for spam submission]

On 4/2/2021 at 5:39 PM, gnarlymarley said:

Yeah, probably a good idea to send the link to this forum to the deputies at deputies[at]admin[dot[spamcop[dot]net.

I don't know man. Do you really think this could be a good solution to the issue described?

[dot xyz dot com]

On 4/13/2021 at 7:47 AM, pusser_uk said:

I did notice that many, if not all of these spam emails contained "amazonaws" in amongst them.  I decided to forward each one I received on one particular day to 'abuse@amazonaws.com'.

As if by magic, I haven't had one since. Maybe it was a coincidence, maybe list washing, or maybe I found the right place to complain. Who knows.

In my opinion, the case you are describing in this post definitely looks like list washing.

[TLS support for SMTP host for spam submission]

On 3/18/2021 at 7:19 AM, readefries said:

Hey there,

I wanted to send spam reports via mail, but due the the lack of TLS of the receiving mailhost of Spamcop this gets bounced.

I was really surprised to see, that Spamcop doesn't support TLS on their mailserver. Can you please enable TLS support, so I can securely forward spam mails? For almost al MTA's this is just a configuration.

 

Thanks in advance

 

Cheers, Hindrik

 

On 3/19/2021 at 1:15 AM, readefries said:

It can, but it's my provider disabled it by default, in favour of mail security. Which I completely understand. I just was very surprised that Spamcop doesn't use TLS, which IMHO is the defacto standard of sending e-mail these days. Unless you are a spammer and want to spoof stuff in your mail headers

Agree. Spamcop usually responds in a timely manner and tend to find a very effective solution most of the times.

[tinyurl.com spam links report to abuse@cloudflare.com rather than abuse@tinyurl.com]

On 4/5/2021 at 4:33 PM, lartingyou said:

Here are the terms on their site: https://tinyurl.com/app/terms

To be honest, I think that tinyurl's terms are simply terrible. It's a shame.

[TLS support for SMTP host for spam submission]

On 3/18/2021 at 7:19 AM, readefries said:

Hey there,

I wanted to send spam reports via mail, but due the the lack of TLS of the receiving mailhost of Spamcop this gets bounced.

I was really surprised to see, that Spamcop doesn't support TLS on their mailserver. Can you please enable TLS support, so I can securely forward spam mails? For almost al MTA's this is just a configuration.

 

Thanks in advance

 

Cheers, Hindrik

I think that you could send a message to Spamcop in order to describe this issue and get it solved quickly. A friend of mine did it a couple of months ago and it worked.

[Google Groups spam]

On 3/30/2021 at 9:22 AM, dlongnecker said:

I started to receive about 20 spam emails a day from what appears to be from Google Groups.   

I believe this is the tracking URL of one of them:   https://www.spamcop.net/sc?id=z6707809601z2c5de4ccffa47ffb304b7c3d74ca6f98z

and https://www.spamcop.net/sc?id=z6707809629z40c0e8cd887ea54b6291795efdb74274z and https://www.spamcop.net/sc?id=z6707809914ze468ce08815c2ade874ab7f97e5fce75z

 

 

Some of the headers look like:

 

Received: from dovdir3-hob-05o.email.comcast.net ([96.114.154.205])
	by dovback3-hob-23o.email.comcast.net with LMTP
	id gCAFAJtXYmA9CAAAggBf7Q
	(envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>)
	for <x>; Mon, 29 Mar 2021 22:41:31 +0000
Received: from dovpxy-hob-10o.email.comcast.net ([96.114.154.205])
	by dovdir3-hob-05o.email.comcast.net with LMTP
	id WKM0OZpXYmAfdQAA4qVdkw
	(envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>)
	for <x>; Mon, 29 Mar 2021 22:41:30 +0000
Received: from reszmta-po-12v.sys.comcast.net ([96.114.154.205])
	by dovpxy-hob-10o.email.comcast.net with LMTP
	id 0FJ9MppXYmAjKAAASO2o5g
	(envelope-from <dlongnecker+bncbaabbgnprgbqmgqeifm7ghy@plniwzw.logafadasa.agency>)
	for <x>; Mon, 29 Mar 2021 22:41:30 +0000

 

At the bottom of this header are these clues:

 

List-Post: <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/post>,
 <mailto:x>
List-Help: <https://support.google.com/a/plniwzw.logafadasa.agency/bin/topic.py?topic=25838>,
 <mailto:dlongnecker+help@plniwzw.logafadasa.agency>
List-Archive: <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/>
List-Unsubscribe: <mailto:googlegroups-manage+744056152566+unsubscribe@googlegroups.com>,
 <https://groups.google.com/a/plniwzw.logafadasa.agency/group/dlongnecker/subscribe>

If I follow that last unsubscribe URL, I get:

Authorization Failed

This group is on a private domain.

Please sign in with an authorized account to view this content.

 

 

When I report, it just goes to abuse@google.com and I doubt they do anything.   Any suggestions on how to curb this?

 

Dennis

 

 

You should definitely contact Google and explain this situation. After all, as far as I’m concerned, is not exactly normal that you received spams from Google Groups.

[tinyurl.com spam links report to abuse@cloudflare.com rather than abuse@tinyurl.com]

On 3/26/2021 at 10:49 AM, lartingyou said:

Hello - abuse@cloudflare.com receives the reports for tinyurl.com spam links, e.g. https://www.spamcop.net/sc?track=https%3A%2F%2Ftinyurl.com%2F , yet my searches with Google show that abuse should go to abuse@tinyurl.com -- is there a reason it's not using the abuse address?

Cloudflare seems to be ignoring reports (I report the same tinyurl links for weeks and they're still being used by spammers). Also, 

 

First thing first: I’m not an expert at all. Nevertheless, all I can say it is extremely weird what you are describing. After all, Google should definitely use the abuse address.

[Spammers now hiding behind Cloudflare and others]

On 2/24/2021 at 3:13 PM, Tau said:

I've been using their online form to report a phishing website that was often redirected to in the spams I received, and I can say their are reactive. 

Only a couple hours after the report, i've received an email in which they said:

We have notified our customer of your report.
We have forwarded your report on to the responsible hosting provider.
You may also direct your report to:

1. The provider where xxxxxx.com is hosted (provided above);
2. The owner listed in the WHOIS record for xxxxxxx.com and/or;
3. The contact listed on the xxxxxxx.com site.

Then I visited the website and i had this: (before it was a fake Amazon survey to win an Iphone)

And this: (seems that the hoster was reactive too)

I'm so glad it worked ! 😁

 

 

 

Thank you for sharing this. A friend of mine was the victim of a phishing scam, and all I can say is that it was a pretty ugly situation.

[interestingly spam in my inbox has slowed down considerably!]

You’re a lucky person. I still receive a lot of spam emails every single day!