petzl
-
Posts
2,980 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by petzl
-
-
3 hours ago, Foggy said:
agreed. on paper in Klaviyo things look good, I just have to take mail-tester with a grain of salt at times, this may be one of those where I have to just wait it out and see if the SPAMCOP powers that be deem this account copacetic in the next few months.
Just explaining how I believe SpamCop blocklist BOT works.
SpamCops blocklist is a spam radar, it uses a algorithm measure against normal email flow, when spam hits its trip point it activates, when spam stops for 24 hours it turns off.
When someone like a Microsoft email IP starts hitting spamtraps it takes a very large number of hits and reports to trip it.
I believe you have a better clue than me to work out how to remove poisoned/spamtrap email address than me,
don't help if you have a know all, uncooperative client IMO, so good luck. -
20 hours ago, Too Many Spams said:
Thank you for replying. Here's one of the many SpamCop links: https://www.spamcop.net/sc?id=z6888219156z7fa83fb0e9e999196d33bbac7bfc6e78z
Yesterday, I received more than 30 emails from the same spammer! It's really getting out of hand. Microsoft, Namecheap, and Cloudflare have done nothing to stop it. The links within the spam emails keep changing. I pretend to unsubscribe and it all redirects to netkeib.com.
Microsoft email accounts are used by spammers as free throwaway email accounts they renew after each spam run
You need to concentrate on the web site SpamCop only reports to the IP address which will do nothing unless engaged in illegal activityThe web site here is a porn phishing site don't matter it they look like 90 years old still report them as a child porn if the don't show they are over 18 years of age! Unless you are a pediatrician and want the spam to continue.
Name: galfom.com
IP: 104.21.31.185, 172.67.179.43
Domain: galfom.com
Registrar Abuse Contact Email: abuse[AT]namecheap[DOT]com
include email address of US FED's namecheap.com is registered as a American Domain (don't listen to their denial.
Pooh-Poohing it's not child porn, that's up to the FED's to deicide if they are legal?)They will get your email address list washed by spammers.
phishing-report[AT]us-cert[DOT]gov makes them sweat
Include notes my boiler plate is - add this to Cloudfare reports also American registered.Child porn phishing spammer
pictures under 18 or made to look under 18
NO PROOF OF AGE available!
SENT TO MINORS2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.
"unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."
No working unsubscribe
-
9 hours ago, Foggy said:
my client has the custom Klaviyo footer that includes an unsubscribe link. like most of my clients it was not until the Google/Yahoo deadline did they realise that dedicated domains were important. so most clients got there dedicated domains in November, December and January. in time their longevity on a dedicated domain can clean up their sending reputation if they behave. I have sunset flows in place and clean soft bounces and severely unengaged from accounts quarterly or sometimes bi-monthly. the only issues is a small subset of the clients want single opt-in still.
To clean up a Sh*t list of poisoned email addresses requires a email delivery receipt tells you that an email message was delivered to the recipient's mailbox, but not whether the recipient has seen it or read it. A read receipt tells you that a message was opened.
might help? -
On 2/24/2024 at 11:24 AM, Foggy said:
@petzl "Spoke to soon you may be on a shared IP with some loser not using a Double OPT-IN email list"
nailed it on the head there! the client refuses to do double opt-in, think that is causing all of this? I'd love to use this as another reason/case to prove them that they need it!
Suggest that your client do a Run with a working unsubscribe link in messages to not have one makes it illegal under "the spam act"!
QuoteThe spam Act 2003 also requires that all commercial electronic messages include a functional unsubscribe facility. This means that recipients must be given an easy and effective way to opt out of receiving future messages.
https://www.findymail.com/blog/how-to-add-unsubscribe-link-to-email/
-
5 hours ago, Foggy said:
@petzl "Spoke to soon you may be on a shared IP with some loser not using a Double OPT-IN email list"
nailed it on the head there! the client refuses to do double opt-in, think that is causing all of this? I'd love to use this as another reason/case to prove them that they need it!
It's not illegal to not use double-opt-in.. that's why a vast number of poisoned email address's are stacked into web pages.
Land lines in Australia have been mostly destroyed by spam callers. Mobiles are very good at stopping them by easy to mark as spam. -
On 2/23/2024 at 10:40 AM, petzl said:
Spoke to soon you may be on a shared IP with some loser not using a Double OPT-IN email list
SpamCop spam-traps being hit means they are using poisoned email addresses with no owner.
obtained by scraping Internet web pages for email addresss
On 2/23/2024 at 9:37 AM, Foggy said:@petzl thank you for that note, I am the marketing agency working for the client who sends the bulk of the emails, I am awaiting their reply on the IP and may in fact just have them test as they are more in line with their IP address fluctuations than I am.
Roger that as well!
"Many times a persons email receiver, has a SH*T list pf IP's that they have a grudge against.
Then send a fake SpamCop blacklist as the culprit."@Lking thanks for your notes as well.
I have the dedicated domain for my client set up properly with DMARC etc all in line with what we need. They've had dedicated domain set up for about six months or more but DMARC has only recently (within last two months) been established. Your spamhaus report that you ran is very helpful, thanks @petzl
Spoke to soon you may be on a shared IP with some loser not using a Double OPT-IN email list
SpamCop spam-traps being hit means they are using poisoned email addresses with no owner.
obtained by scraping Internet web pages for email addresses
Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
Express-delisting is not available
Listing History
In the past 87.2 days, it has been listed 15 times for a total of 15.0 days
Other hosts in this "neighborhood" with spam reports167.89.100.7 167.89.100.8 167.89.100.40 167.89.100.69 167.89.100.76 167.89.100.78 167.89.100.79 167.89.100.82 167.89.100.83 167.89.100.85 167.89.100.86 167.89.100.87 167.89.100.91
-
1 hour ago, Foggy said:
@petzl thank you for that note, I am the marketing agency working for the client who sends the bulk of the emails, I am awaiting their reply on the IP and may in fact just have them test as they are more in line with their IP address fluctuations than I am.
Roger that as well!
"Many times a persons email receiver, has a SH*T list pf IP's that they have a grudge against.
Then send a fake SpamCop blacklist as the culprit."@Lking thanks for your notes as well.
I have the dedicated domain for my client set up properly with DMARC etc all in line with what we need. They've had dedicated domain set up for about six months or more but DMARC has only recently (within last two months) been established. Your spamhaus report that you ran is very helpful, thanks @petzl
DMARC setup means it very unlikely to get on SpamCops blacklist
It could also be a fake bounce from email receiver, check bounces SOURCE IP match that of provider
If it don't match report it to that provider as a spam fake bounce!
Spoke to soon you may be on a shared IP with some loser not using a Double OPT-IN email list
SpamCop spam-traps being hit means they are using poisoned email addresses with no owner.
obtained by scraping Internet web pages for email addresses
QuoteCauses of listing-
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
Express-delisting is not available
Listing History
In the past 87.2 days, it has been listed 15 times for a total of 15.0 days
Other hosts in this "neighborhood" with spam reports167.89.100.7 167.89.100.8 167.89.100.40 167.89.100.69 167.89.100.76 167.89.100.78 167.89.100.79 167.89.100.82 167.89.100.83 167.89.100.85 167.89.100.86 167.89.100.87 167.89.100.91
-
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
-
2 hours ago, Lking said:
I'm guessing @Foggy does not know what IP address his mail server is using, so the link @petzl and I provided doesn't help much.
@Foggy contact you ISP (who I guess host your domain and email service) to check if you have a dedicated email IP or a shared IP. The IP address used to send your emails is what needs to be entered into the form on the link @petzl provided. THAT will tell you why you are/have been listed on the SCBL. With that information you can take positive corrective action.
Foggy just needs to send a email to himself from the email he is being told is blocked to get that IP then.
His server IP address is 167.89.100.92
https://www.spamcop.net/w3m?action=checkblock&ip=167.89.100.92
Then
https://check.spamhaus.org/not_listed/?searchterm=167.89.100.92
no troubles there that's why I think someonr has sendgrid on a sh*t list? -
3 hours ago, Foggy said:
Thank Lking and gnarlymarley!
Regarding the SCBL, I will ask for the client's sending IP address to further address, but upon quick review it does not seem as though it gets too specific here concerning that RCVD_IN_BL_SPAMCOP_NET other than I have to wait to see if it clears up over time.
This tells everybody nothing.
go to
https://www.spamcop.net/bl.shtml
and put the alleged IP into the box and if is true SpamCop Block it will show the listing.
Do a screen capture if real SpamCop Block List stops blocking short time after the spam stops;
Most good email sites don't block with a SpamCop blocklist, but have it on retry after 24 hrs.'
Many times a persons email receiver, has a SH*T list pf IP's that they have a grudge against.
Then send a fake SpamCop blacklist as the culprit. -
3 hours ago, Too Many Spams said:
Ugh, open Gmail this morning and received more than 35+ spam from the same spammer. I honestly don't know how Google, Namecheap,Microsoft, et.al. condone these. Is there a way to temporarily deactivate my Gmail, so these spammers will think my account is dead?
Sending a SpamCop track URL would give one a better clue.
if you know the Registrar is Namecheap means you know row to Whois look up a Registrar, which is good
Also in Gmail once opening Gmail spam, Top Right hand side of spam, click the three vertical dots, then click "Report phishing" -
8 hours ago, GeForce777 said:
The IP 188.138.68.223 also shows Host Europe, even though it should be HEG Mass: https://apps.db.ripe.net/db-web-ui/query?bflag=false&dflag=false&rflag=true&searchtext=188.138.68.223&source=RIPE
Does SpamCop still have a IP refresh? SpamCop processes so much spam.
if SpamCop does check RIPE every time RIPE think it is a DS attack and blocks SpamCop from checking.
Not using SpamCop now lost password, but it did have a REFRESH button under IP to renew it
If you had sent a SpamCop track I could see and refresh it (anyone can) -
1 hour ago, ninth said:
Try sending a manual report and see if they respond?
I now don't use SpamCop for reporting
I forward as attachment to whatever source I can determine (Outlook/Hotmail do not identify email source IP's)
Any dodgy URL I report to the Registrar, plus the FED's
Yes I believe spammer's take me off their spam lists, but they have my email address anyhow!
My spam status since reporting from my Gmail accounts is now maybe. almost one a month.Still use SpamCop as a important tool,
for some reason my account has again stopped accepting my password, so stopped bothering. -
6 hours ago, Steve said:
Does anyone know if reports sent to sewr@senpluspluseop.onmicrosoft.com are read or ignored?
I would guess that they do, in their own way and time.
Abuse addresses for free Microsoft accounts would/must be never ending. -
1 hour ago, Steve said:
Querying the IP address (200.62.229.190) on LACNIC Whois only displays the email address gestion.ip AT claro DOT com DOT pe. SC parses the email and determines that this is a last resort contact. Is there any way to contact LACNIC to get them to update the abuse POC?
Certs are here but can't read Peruvian
https://www.first.org/members/teams/#peru
they have a contact on their FaceBook page
https://www.facebook.com/AmericaMovilPeruSAC -
1 hour ago, Too Many Spams said:
Thank you for the tip. Unfortunately, it seems like Microsoft just don't care. The spams just keep coming.
There is also the registrar of Website that needs reporting to (SpamCop only reports the websites IP which unless criminal show no interest)
Ro find the registrar I use this free windows program https://www.gena01.com/win32whois/ -
2 hours ago, Lking said:
Remember, if the "Product" is free, You are the product.
Exactly right.
-
2 hours ago, lartingyou said:
Thanks for the advice. Any recommendation of where to store the hundreds of passwords? I don't use the same one for each account - haveibeenpwned.com showed me the error of my ways 10+ years ago.
Look for a Password Saver, Free sounds nice but often not,
Having said that this is free for a single user, do your own homework, may be crippled $40 a year for family use?
I've used password Depot for years but can no longer recommend it (become more hype than reality) For me to go to a different one is going to be very time consuming, I'm now a old bloke.Sample of password generated UserName password RV?Gf?%B#5}p7x<
Back-up your password "key" to a few "somewheres" other than your computer Gmail Cloud is ok
-
16 minutes ago, lartingyou said:
But I fear I'm getting off the pavement/sidewalk/topic
I don't think that you are.
SpamCop has always been designed to target source of email spam.If you have mailhosts setup it will only target email server (usually a free throwaway type)
Not websites, why I now do my own reporting which include registrars of websites
SpamCop only targets the IP of websites, unless some criminal intent they are not interested. -
12 hours ago, ninth said:
Not sure why it is needed unless you are referring to the email service ?
Before usenet (last millennium) was on a news reader not web based and SpamCop was poor.
"news.admin.net-abuse.email" is what nanea stands for in my message.
https://en.wikipedia.org/wiki/News.admin.net-abuse.email -
5 hours ago, lartingyou said:
I didn't realize trial in Australian English is written as trail? 😉
Good comedy video about it
-
4 hours ago, lartingyou said:
Ribbing aside, I did some Web searching. SEWR is some Microsoft component relating to spam. Check out slide 8 of this presentation: https://www.slideserve.com/yoshe/understanding-microsoft-forefront-online-protection-for-exchange (lower right corner).
OK still trial not trail
I find that Microsoft do close spammers, but takes time, then it's easy for spammer to open another fake account to repeat.
There are plenty of free email account choices out there, Microsoft IP's are high volume so it takes a LOT of spam hits before the radar
SpamCop blocklist activate, The SEWR address I only see SpamCop using, I no longer report by SpamCop but do have a number of Microsoft abuse addresses to submit email as attachment to.
NANAE (usenet) many loved hating and criticizing (criticising) SpamCop for not having a abuse at address.
But logistically not practical to deal with the volume of mainly rubbish complaints, although it can or could be be done by WEB or the link in a spam report!
I would guess that Microsoft would have the same logistic problem, IMO the need to legitimize (legitimise) users.
Twitter/X tried to remove the BOT users seems to have worked a bit but still needs working on. -
12 hours ago, ninth said:
By using reputation to block SC has low rates of false positives.
SpamCop blocklist was designed to be a spam radar.
Once it detects a algorithm ratio for spam volume going through a IP it trips and blocks.
spam stops IP is freed.
-
11 hours ago, lartingyou said:
n any case, Spamcop doesn't seem to work well with emails forwarded outside of an Office365 domain, and so I suspect a lot of false reports are sent, which may explain why they are going to "sewr".
That is the address the owner of reported IP requested it to be sent to!
If SpamCop has been banned from sending reports it goes to BitBin [AT]spamcop
I suspect your problem is Microsoft 365 is having a spamer's delight with free trail!
I'm in Australia but you might want American English not Oxford English to see the free trail?
https://www.microsoft.com/en-au/microsoft-365/try?ocid=AID_ema_PRO_SE19097^FY24_Jan_M365^en_AU -
15 hours ago, Steve said:
SC's parser determined that abuse AT vividwireless DOT com DOT au is the responsible party for the above IP address. But when querying it on APNIC's site, it says that abuse AT optusnet DOT com DOT au is the abuse contact (and is an Optusnet IP address). For any of the Optusnet spam I've received, SC's parser would automatically deliver a result of abuse_sc AT optusnet DOT com DOT au.
Tracking URL:
https://www.spamcop.net/sc?id=z6883707653ze0a2ff6d67316ea0d5c8517df5690f95z
49.3.27.76 has a legacy entry from 2018 where someone wanted email abuse reports to go there.
That is a email server, the message IP source though is 154.127.53.82
Thus happens if you have mailhosts set-up
IP block (is an error, Some days they block them and other days they don't. )
in SpamCop Blocklist Help
Posted
Seems to me Microsoft are failing or have failed at dealing with spam and most of their IP's are hitting spamtraps also being reported.
This appears to be affect the non-spam community who share these IP's?
40.107.94.90 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours. in the past 14.2 days, it has been listed 6 times for a total of 9.0 days Other hosts in this "neighborhood" with spam reports 40.107.93.91 40.107.93.92 40.107.93.93 40.107.93.94 40.107.93.95 40.107.93.96 40.107.93.97 40.107.93.98 40.107.93.99 40.107.93.100 40.107.93.101 40.107.93.102 40.107.93.103 40.107.93.104 40.107.93.105 40.107.93.106 40.107.93.107 40.107.93.108 40.107.93.109 40.107.93.110 40.107.93.111 40.107.93.112 40.107.93.113 40.107.93.114 40.107.93.115 40.107.93.116 40.107.93.117 40.107.93.118 40.107.93.119 40.107.93.120 40.107.93.121 40.107.93.122 40.107.93.123 40.107.93.124 40.107.93.125 40.107.93.126 40.107.93.127 40.107.93.128 40.107.93.129 40.107.93.130 40.107.93.131 40.107.93.132 40.107.93.133 40.107.93.134 40.107.93.135 40.107.93.136 40.107.93.137 40.107.93.138 40.107.93.139 40.107.94.49 40.107.94.91 40.107.94.92 40.107.94.93 40.107.94.94 40.107.94.95 40.107.94.96 40.107.94.97 40.107.94.98 40.107.94.99 40.107.94.100 40.107.94.101 40.107.94.102 40.107.94.103 40.107.94.104 40.107.94.105 40.107.94.106 40.107.94.107 40.107.94.108 40.107.94.109 40.107.94.110 40.107.94.111 40.107.94.112 40.107.94.113 40.107.94.114 40.107.94.115 40.107.94.116 40.107.94.117 40.107.94.118 40.107.94.119 40.107.94.120 40.107.94.121 40.107.94.122 40.107.94.123 40.107.94.124 40.107.94.125 40.107.94.126 40.107.94.127 40.107.94.128 40.107.94.129 40.107.94.130 40.107.94.131 40.107.94.132 40.107.94.133 40.107.94.134 40.107.94.135 40.107.94.136 40.107.94.137 40.107.94.138 40.107.94.139 40.107.95.75