Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by petzl

  1. seems the guilty party Check your mail hosts setup by clicking the "Mail hosts" TAB when you log into SpamCop. to many received lines in header your provider one is your email server
  2. Report one to see what SpamCop makes of it, and submit Before submitting, at top of report page is a tracking link, copy it and save. spammers also use reply addresses Spoof may well be from spammer
  3. They did not give the nation cert contact? How German of them. Look up the right one from this list (click view all) https://www.first.org/members/teams/ Very bureaucratic Germans are. maybe this one? EU I think? https://www.bsi.bund.de/EN/TheBSI/Contact/contact_node.html bsi[AT]bsi.bund[DOT]de
  4. Just include "S-CERT[AT]S-CERT[DOT]de" in your reports. xsserver.gmbh seem crooked to me? The idea is to get better than SpamCop include in notes "Criminal phishing, blackmail threat, abuse@xsserver.gmbh ignore abuse reports. no unsubscribe, bogus but valid reply address go to innocent parties"their reply address is valid but Bogus goes to innocent parties, eg. a restaurantIt is a non-registered Website no registra? - contact@ is bogus not valid If you own your own server try blocking ' -' IP range. bounce to abuse@xsserver.gmbh criminal activity!
  5. German ISP's are notorious for not replying! Facebook page is not that active SC blocklist is too forgiving Reports go back to "Submitted: 5/19/2020, 5:08:58 AM +1000:" But don't appear to be hitting spamtraps
  6. The German abuse desk is BlackHat ignoring many, many SpamCop reports Report to their CERT http://www.s-cert.de/eng/ email is in weblink tell in notes, "Criminal phishing, blackmail threat spam, no unsubscribe, bogus valid reply address to innocent parties" their reply address is valid but Bogus goes to innocent party, a restaurant It is a non-registered Website no registra? - contact@ is bogus not valid Include weblinks in report? which to me also seem bogus links to innocent parties Select TAB Preferences Show Technical Details during reporting Simple output Show technical data Their provider https://xsserver.eu Seem dodgy as well? Registrant: NOT DISCLOSED! Visit www.eurid.eu for webbased WHOIS. has a facebook page https://www.facebook.com/XSServer
  7. I right now cannot see you on any blacklist? Maybe your problems over?However some blacklists never remove one from their blacklist, until a lot of grovelling is done. Hotmail GMail don't list their black lists! But your System is set up correctly, just high usage. SpamCops blocklist only lists a maximum of 24 hours if spam stops, sooner if one delists it. on your contact webpage change email addresses to images as "spamBots" scrape email addresses yes some spamBots can read images most cannot. Many companies do not allow personal email or downloads which stops malware, and have all email electronically read, if enough "strikes" it then is actually read, with security arriving unannounced to remove offender off site! The only course to if you are satisfied that all 3000 PC's are clean and kept that way but blocking is still happening is to change to a different IP for your email server. I would suggest you ask via email and or Blog. for all your 3000 PC network to change passwords to a secure one First letter of their (Capitalized) name, first 2 numbers of their street address, followed by a = sign, followed by a lower case, upper case Alphanumeric unforgettable password. example; P77=BratiSlava (this has 14 characters there may be a limit of characters one can use on a password?) Ask all to run on their Microsoft defender offline scan. THEN change password is best, but gets problematical with naive users, get them to ask for assistance from other colleagues if needed. Up to you but I don't recommend all 3000 users do this at same time, babysteps first say 5 first? https://support.microsoft.com/en-us/help/4027710/windows-using-windows-defender-offline Screen Capture of running Windows Defender offline scan https://ibb.co/2dLcPXP
  8. Nobody has access to spamtrap spam. spamtraps are kept secret sorry But I did look at your email server which shows is slow. indicates it is accessed by a or many a spammer https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a193.87.56.3&run=toolpage 220 mail.fnsppresov.sk ESMTP Server (Kerber Mail Server 3.0) ready at Fri, 26 Jun 2020 13:12:11 +0200 Test Result SMTP Connection Time 6.079 seconds - Warning on Connection time More Info SMTP Transaction Time 8.734 seconds - Not good! on Transaction Time More Info SMTP Reverse DNS Mismatch OK - resolves to mail.fnsppresov.sk SMTP Valid Hostname OK - Reverse DNS is a valid Hostname SMTP Banner Check OK - Reverse DNS matches SMTP Banner SMTP TLS OK - Supports TLS. SMTP Open Relay OK - Not an open relay. https://talosintelligence.com/reputation_center/lookup?search= spam LEVEL The spam Level indicates how much spam that originated from this host, has been lately caught and archived. This statistics is not displayed for every spam sending host, because Talos Reputation Center is not storing every spam we encounter.
  9. Someone had disabled windows defender or you have a spammer using your computers! To get listed by spamtraps means 1000's of emails were being sent through your email server Widows defender is very good at picking up malware. Right now your email server has dropped by 100% https://talosintelligence.com/reputation_center/lookup?search= LAST DAY LAST MONTH spam LEVEL Very High Very High EMAIL VOLUME 0.0 3.5 VOLUME CHANGE -100% see check https://blog.mikrotik.com/security/winbox-vulnerability.html
  10. Not listed now, only one member report (child porn) so must of been hitting spamtrap addresses? SpamCop was sending abuse reports to old abuse address so refreshed it to "abuse-po[AT]sanet[DOT]sk" Important for your customers to use a virus/malware program Windows Defender is a good choice, but any would do. If malware detected they need to change password. only report was Submitted: 4/22/2020, 5:36:59 PM +1000: My dream is to try with you something that I have never done before.
  11. Need a Tracking URL to look before you submit it's on page top SpamCop v 5.1.0 © 2020 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6638897535zab568c7aa78b449e543f0c2ef2712cf7z Skip to Reports
  12. Abuse net often get their addresses wrong putting postmaster@domain, that used to be the default address where no abuse address can be found. Doubt if it goes any where, pays to look-up abuse addresses yourself to check. I use this windows APP from http://www.nirsoft.net/utils/ipnetinfo.html
  13. "smtpauth passwords would show up, correct?" pwned is the term https://monitor.firefox.com/breaches I have a throwaway gmail address for facebook to read newspapers, seems pwned claims it gets breached often? Bit of a pain to change all passwords Facebook, Gmail, cancel the "News account" clickbait I never wanted pwned lists all that show compromised, my passwords are upper/lowercase, alphanumeric with symbols. Put up a FaceBook page with REAL name to see if I could contact "lost friends" before I even used it facebook appears to of sold my info to a Russian spam crime gang, Still get phishing from them but has slowed to so far one a month. Reporting does work
  14. Go here to see if your Email address is listed? https://monitor.firefox.com/breaches
  15. Yes smart TV's, Amazon, google devises, mobile phones, baby monitors, security camera's, are now on the list for hackers Internet of Things (LoT) is the new threat.
  16. Talking about your PC a virus check is a must. Could be you have been compromised. I even use a VPN this encrypts my communications to and from Computer. Even my Skype calls are encrypted. Win!0 here just use Windows defender which right now seems very good.
  17. Seems strange a provider would shut down a website with one complaint? Make sure it has not been compromised, change password. Run a virus scan on your computer. If you are competing against a similar website you are possibly being attacked, often done for blackmail as well! Your mailhosts are not necessarily the same as a domain. have a look But then SpamCop only stops reporting your email "domain" Contact your provider
  18. Well (proserve[DOT]nl, signet[DOT]nl) at a guess seems to be your email provider or network. You seem to be picking your email from a internal network which probably changes? AFTER deleting your mailhost entry try redoing. If this don't update Contact SpamCop support logon and go here (there is email address but I forget it) https://mailsc.spamcop.net/fom-serve/cache/401.html or free user https://www.spamcop.net/fom-serve/cache/401.html Other reasons for contact (put in) "Mailhosts"
  19. spam came from IP "abuse[AT]vodafone[DOT]net[DOT]tr" Seems you need to check/update your mailhosts or you will be reporting yourself! Logon to SpamCop then go here https://www.spamcop.net/mcgi?action=mhedit Paying member go here https://mailsc.spamcop.net/mcgi
  20. Without seeing a Tracking URL. Sometimes a server is turned off when it is found spewing spam When turned on again it spews out remaining spam. While you may just get it it can of been sitting on server for days. That is the received date SpamCop goes by, not when you receive it.
  21. Check your forwarding email address is correct and remove/edit your email address (spam BOTs scan for email addresses) SpamCop email still Works for me https://mailsc.spamcop.net/mcgi?action=wizard&stage=1
  • Create New...