petzl
-
Posts
2,985 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by petzl
-
-
On 12/30/2022 at 7:27 AM, scottNY said:
Thanks. I understand that 127.0.0.1 is an internal loopback IP all computers use. How come I get regularly get spam [it always includes "yahoo" in the email header properties dialog] and uses 127.0.0.1 as the sender IP? It isn't coming from my PC and if I try to submit to Spamcop manually, it bounces back. I hope I am explaining this correctly.
Try reporting one via SpamCop and before you submit at top of reporting page will be a SpamCop "Tracking URL" copy it and post it here may help solve?
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6783981921z3874a5706b7057f2b6578e022311dddfz -
5 hours ago, scottNY said:
Does this refer to the spam I receive from domain *.xyz where it shows the originating IP as 127.0.0.1 or is this a different issue? Sorry for the newbie-like question.
Reporting spam from a companies network address "127.0.0.1", won't work with SpamCop
-
2 hours ago, Hanco said:
Right! So how the hell are they able to do it 20 years later?
They think it works, It's not their problem it's yours/ours, Not that I bother even clicking.
Don't know if it can be done but interested myself
Can I block sites from "domain provider" Namecheap would head my list. -
3 hours ago, Hanco said:
I get an email every week for this gummies junk.
The domain of the spamvertized URL is always created the same day or very recently.
the Nameserver in the domain registration WhoIs is usually also created the same day or very recently.
The registrar is always Namecheap (usually for the nameserver and the spam URL)
Namecheap are a problem with their free domain spam. The major spam in this newsgroup (Fake drug's) points to them.
Might be a good idea to also include namecheap's provider in spam complaint? abuse[AT]cloudflare[DOT]com?
May make them sweat?
https://en.wikipedia.org/wiki/Namecheap
go to Namecheap to do your homework.
https://www.namecheap.com
The spam sites are never up long, but they should ask for a credit card they can do a zero/$1 charge look at card to see if it's valid.
Found this out when Amazon gave my credit card details to some unheard of drongo that decided to give me a "free trail" that I never asked for .
My bank SMS'ed my mobile phone straight away
"Card ending in XXXX has an attempted transaction at 'CLIENTCONNECT.AI' for $0.00 at 7:49"
Had to cancel card very reluctant to give Amazon new card details! -
3 hours ago, Mikey2 said:
Well, it did not exactly work for me.
Originally, I posted:
Parsing header:0: Received: from 104.148.61.131 (EHLO channel.saygingasgrup.com) by 10.215.136.138 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Sat, 10 Dec 2022 16:18:01 +0000Hostname verified: channel.saygingasgrup.com
Possible forgery. Supposed receiving system not associated with any of your mailhostsWill not trust this Received line.
Mailhost configuration problem, identified internal IP as sourceMailhost:
Please correct this situation - register every email address where you receive spamNo source IP address found, cannot proceed.Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look likeNothing to do.I went through the automated mail host set up, and it added a new mail host for me after following the prompts, but I'm still getting the "Mailhost configuration problem, identified internal IP as source" message on some of my spam messages. Thank you very much for asking Lking.I would suggest you remove old ones, then redo your "new" mail hosts, you could get more than one email from mail hosts you need to reply to each of them.
-
4 hours ago, Snowbat said:
https://www.spamcop.net/sc?id=z6788026871zda04df1b43771d7d7ec913e7d185f4cez
Tracking message source: 20.165.134.12:Just had a look. IMO this provider uses or did Microsoft for clients email?
Could be a legacy issue?
Google search results
https://tinyurl.com/2edys2pj -
10 hours ago, RobiBue said:
https://www.spamcop.net/sc?id=z6786521132zfa608a49023b1c68b7755922fa18db6cz
and 7 to 8 hrs prior to this message: just barely over 24 hours.... This change will affect many of my submissions as I submit them when I log on, but don't always have time to report them right after they are ready...
Sorry, this email is too old to file a spam report. You must report spam within 1 days of receipt.
Thanks. I just send as attachment to Microsoft from Gmail does not seem to deter this spammer clown. -
1st I've heard of this?
But most of mine is from Microsoft and I report directly to to them from Gmail.
Also under a day though? -
On 11/22/2022 at 6:45 AM, Sven Golly said:
This is typical of the parser response when the email originates from outlook.com.
I use Outlook 2016 desktop with a macro that assembles the internet headers back onto the body as one email attachment. Don't have any issues with it other that this. Any thoughts?
SG
its Microsoft with improper headers just forward email spam to their abuse
40.107.223.117 -
On 11/13/2022 at 4:14 AM, gnarlymarley said:
Be nice if we could get the big companies to realize who is fighting spam. Back when gmail did invites, I was the fifth invite away from Eric Schmidt. So, if we tell our friends about SpamCop (and they tell their friends), maybe we could get google to know about SpamCop.
I believe Microsoft are passing my abuse reports to hacker phishing criminals?
My last spam from Microsoft was claiming to be from Australian retailer "KOGAN" I have bought from them 2x's but never from the email Addy that Microsoft pound me with!
I use a VPN and send reports directly to Microsoft. My VPN uses Sydney Australia IP's.
However Gmail do not send originating IP's but Microsoft have my email Addy information?
As I have said before SpamCop need to involve CERT to send Microsoft reports to?
Sometimes criminals get unlucky.
I truncated this but here is the SC Track
https://www.spamcop.net/sc?id=z6786399930z3ed0db3486a98ea89686916ec9f6cb89z -
31 minutes ago, Hanco said:
New today
http:// www. mdqs. ntlilud. com/
I can't get it to open?
Whois
Failed Domain Lookup.
Hostname: www. mdqs. ntlilud. com/
Don't know which Top Level Domain this server belongs to!
Please contact me with the domain name so I can fix this.
Falling back to the default server.
Domain: www. mdqs. ntlilud. com/
OK there are spaces in link
Failed Domain Lookup.
Hostname: www.mdqs.ntlilud.com
Domain: ntlilud.comQuerying root.rwhois.net:4321 for ntlilud.com...
Can not resolve host 'root.rwhois.net'Querying whois.crsnic.net for ntlilud.com...
Domain Name: NTLILUD.COM
Registry Domain ID: 2737885207_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-11-11T14:58:39Z
Creation Date: 2022-11-11T14:58:34Z
Registry Expiry Date: 2023-11-11T14:58:34Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: mailto:abuse[AT]namecheap[DOT]com
-
32 minutes ago, Hanco said:
Tonight I had Microsoft spam, with a link to a Google document for the first redirect.
Microsoft won’t get a report
Google won’t get a report from SpamCop
Google did get a report from me and replied, “If you would like to report suspected spam, Malware, Phishing, or other abuse on Google Cloud, please fill out the form at the following link: https://support.google.com/code/contact/cloud_platform_report If you would like to send a legal request to Google, please submit a request through our webform for the fastest response time: http://support.google.com/legal”
Google, how about you deal with it ?!?!
we are officially f*****
They have weaponized Gmail If you have a Gmail account you can report spam as phishing they then shut links to their websites if any.
You can have your email forwarded to Gmail try to leave yours as "unread", but logging into Gmail web email you can report phishing
Gmail though does electronically read your email, if dubious do report you to the FBI.
Enough hits they will read it manually. -
Even getting porn spam from them send my normal reply
Microsoft have hit a new low!
Child porn spammer
pictures under 18 or made to look under 18
NO PROOF OF AGE available!
SENT TO MINORS
-
4 hours ago, Lking said:
Of course all reported spam does feed the SCBL which assist all that use that dynamic list.
What would be the purpose of sending a spam report to an email address that bounces the email? Or sending a report to a host that doesn't want the reports and just drops them on the floor? In either case the report just adds to the clutter on the internet and cost SC clock cycles and bandwidth with known ZERO positive results.
The same spammers IP changes in every spam so will miss the algorithm needed to get on the SCBL
Perhaps SpamCop could send reports to US CERT?
https://www.first.org/members/teams/cert-cc
Pay to ask first -
For Microsoft's next act they will bring out WIN11
I'm going to Chrome sick of continual downgrades from WIN3.11
-
1 hour ago, RobiBue said:
hate to ask: is this a "shameless plug"?
you noticed that this thread had been inactive for over 4 years?me thinks a troll
-
4 hours ago, nelgin said:
My mail server is pretty rigorous and will fail to accept email under certain conditions.
Nov 4 15:46:35 www postfix/smtpd[2692876]: NOQUEUE: reject: RCPT from vmx.spamcop.net[184.94.240.112]: 450 4.7.1 <prod-sc-www02.spamcop.net>: Helo command rejected: Host not found; from=<service@admin.spamcop.net> to=<me@mydomain.com> proto=SMTP helo=<prod-sc-www02.spamcop.net>
prod-sc-www02.spamcop.net does not resolve to an IP, therefore your mail is dropped. Please fix this. Thank you.
Your analysis does not seem correct?
https://talosintelligence.com/reputation_center/lookup?search=184.94.240.112
IP ADDRESS HOSTNAME FWD/REV DNS MATCH
184.94.240.112 vmx.spamcop.net Yes -
13 hours ago, emanmb said:
The moving target....
Personally I have FBP turned off for the moment. I'll wait and see as FB was acting odd a few days ago.
I have the link for FBP saved don't use FB that much just to keep contact with friends worldwide.
But all these fake ad's and "recommendations" are worse than spam. -
14 hours ago, emanmb said:
Not sure what that means.
All remains to be seen for now. I have my 2 accounts and won't pay anything for either lol. If it gets stupid w/ads then I'll decide then what to do. The platforms would remain viable no matter what I suppose, but people will complain. Ads were already getting annoying on twitter.
There are those who take matters into their own hands likeTwitter which will block all kinds of ads etc on Facebook. Nice little ad-on for your browser if you use FB.
A credit card can be checked to see if it's valid without charging.
I only go to Twitter if reading a news article and they give a link.
Don't have a Twitter account,
but since I read the $20 a month fee is for professional users like politicians/reporters
Will check out FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal? -
5 hours ago, emanmb said:
a lot comes from this spammer for now.
Yeah I'm getting hammered as is the rest of the world.
Reporting directly from your email seems to slow them down
Free accounts without a working credit card check zero amount.
Twitter. the "head twit" is going to charge US$20 a month,
should remove the bot accounts but doubt if people will pay that amount? -
11 hours ago, emanmb said:
I do that for google spam that is handled internally by SC and doesn't send to them. I use the link https://support.google.com/code/contact/cloud_platform_report as per an post I read here a while back. Extra work for us but for a while there was a lot of spam from there.
I only use Gmail do it's easy to mark spam as phishing, which should get their google cloud storage closed.
Seems your spam is going through a network (not yours?)
Received: from 127.0.0.1
Mailhost configuration problem, identified internal IP as source
But it came from 52.100.223.201 junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com
Just send it to them from receiving email account. -
On 10/26/2022 at 2:17 PM, emanmb said:
Then first thing this morning 3 in a row lol.
Helps if you could post a SpamCop (SC) tracking URL.
Top of page BEFORE you submit spam.
Try just putting email headers in parserbelow headers hit enter twice and write truncated
What happens is some spammers jest write spam as a header so SC only sees it as all header with no body
Then submit parse this is Microsoft free account phishing spam.
I just forward them with headers and body to
junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com
direct from Gmail after marking them phishing -
2 hours ago, LaserMoon said:
For several months I've been registering an uptick in spam sent from Microsoft services, both from Azure and from Outlook. Are they vulnerable to exploitation, or are they merely incompetent at handling abuse reports? We literally tell them "here's the user abusing your services", yet the same abuser is allowed to send spam for months on end.
Their handling of abuse reports is also unhelpful, the message is always:This always happens with "free trials" where they don't ask for a valid credit card
As soon as it gets canceled a spam bot opens another.
And spammers use their spam list always from
abuse[AT]messaging.microsoft[DOT]com - junk[AT]office365.microsoft[DOT]corn
Getting hammered from these morons ,myself -
4 hours ago, emanmb said:
This is very odd. So I've been reporting via SC forever and my yahoo act. is the one I used to sign up and use for the forums. Lately I've been getting these messages when reporting. I cut and paste from Yahoo's "View Raw Message"
You may need to delete your "mailhosts" for Yahoo
Then renew them I suspect Yahoo have recently renewed their mailhosts.?
Mailhost configuration problem, identified internal IP as source
in SpamCop Reporting Help
Posted
You using Yahoo email?
What is your email client seems headers are mangled?
Go to Mailhosts and send update them
the mail is from a spammer and gets blocked
https://www.spamcop.net/w3m?action=checkblock&ip=93.115.96.156
will be delisted automatically in approximately 6 hours.
Other hosts in this "neighborhood" with spam reports
93.115.96.56 93.115.96.171