-
Posts
2,974 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by petzl
-
-
2 hours ago, gnarlymarley said:
Wow, they finally got blocked. One thing to note is that Microsoft was warned numerous times before their inaction allowed the IP to show up on the blocklist. I have been getting abuse from their IP with a few messages a day from a .shop address trying to immitate some paypal links.
I suspect Microsoft's way of handling it's spam blocked IP's is to turn them off, and use another one they have a vast number of them?
-
SpamCop block list only blocks a single IP when it hits a span threshold algorithm ratioed to the volume of email going through that IP.
Then releases it when the spam stops for 24 hours, 40.107.8.113 is not presently listed so the flood of spam going though it has presently stopped it's spam flood.
The range of IP's listed may not be blocked but may have been.
For a Microsoft email IP to be blocked would be very high well above the ratio for most IP's!
A lot of other big email providers just block rouge IP's and don't supply figures for doing so.
SpamCop Block releases IP when spam attacks stop.
Microsoft IMO do not seem to of worked out how to stop spammers.
Gmail is pretty good at doing this.
-
4 hours ago, Engin Acar said:
Hi,
We are getting the same problem with the emails from almost all our suppliers.
This is the failmessage;
"JunkMail rejected - mail-vi1eur04on2113.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com) [40.107.8.113]:13093 is in an RBL: Blocked - see https://www.spamcop.net/bl.shtml?40.107.8.113"
Almost all the ip adresses which begins with 40.107.XXX.XXX ends up in Junk mail.
This should be fixed ASAP.
Seems SpamCop Blocklist to be working well.
Microsoft are the only ones to fix it, too many BOT spammers hitting spamtraps (fictitious email addresses)
https://www.spamcop.net/w3m?action=checkblock&ip=40.107.8.11340.107.8.113 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 6 hours.
Causes of listing
System has sent mail to SpamCop spam traps in the past week
Other hosts in this "neighborhood" with spam reports
40.107.7.114 40.107.7.115 40.107.7.117 40.107.7.118 40.107.7.119 40.107.7.120 40.107.7.121 40.107.7.122 40.107.7.123 40.107.7.124 40.107.7.125 40.107.7.127 40.107.7.128 40.107.7.129 40.107.7.130 40.107.7.131 40.107.7.132 40.107.7.133 40.107.7.134 40.107.7.135 40.107.7.137 40.107.7.138 40.107.7.139 40.107.8.40 40.107.8.41 40.107.8.42 40.107.8.43 40.107.8.44 40.107.8.45 40.107.8.47 40.107.8.48 40.107.8.49 40.107.8.50 40.107.8.51 40.107.8.52 40.107.8.53 40.107.8.54 40.107.8.55 40.107.8.57 40.107.8.58 40.107.8.59 40.107.8.70 40.107.8.71 40.107.8.72 40.107.8.73 40.107.8.74 40.107.8.75 40.107.8.77 40.107.8.78 40.107.8.79 40.107.8.80 40.107.8.81 40.107.8.82 40.107.8.83 40.107.8.84 40.107.8.85 40.107.8.87 40.107.8.88 40.107.8.89 40.107.8.90 40.107.8.91 40.107.8.92 40.107.8.93 40.107.8.94 40.107.8.95 40.107.8.97 40.107.8.98 40.107.8.99 40.107.8.100 40.107.8.101 40.107.8.102 40.107.8.103 40.107.8.104 40.107.8.105 40.107.8.107 40.107.8.108 40.107.8.109 40.107.8.110 40.107.8.111 40.107.8.112 40.107.8.114 40.107.8.115 40.107.8.117 40.107.8.118 40.107.8.119 40.107.8.120 40.107.8.121 40.107.8.122 40.107.8.123 40.107.8.124 40.107.8.125 40.107.8.127 40.107.8.128 40.107.8.129 40.107.8.130 40.107.8.131 40.107.8.132 40.107.8.133 40.107.8.134 40.107.8.135 40.107.8.137 40.107.8.138 40.107.8.139 40.107.9.54 40.107.9.73 40.107.9.80 40.107.9.82 40.107.9.88 40.107.9.89 40.107.9.102 40.107.9.108 -
On 1/13/2024 at 11:11 AM, Scott_R said:
I have a Hotmail account that I use for unimportant things-
They use shared IP address so it may be spam from the same IP as you were using at that time?
-
11 hours ago, spamkiller said:
uthentication-Results: perfora.net; dkim=none
Received: from NAM11-DM6-obe.outbound.protection.outlook.com
([40.107.223.128]) by mx.perfora.net (mxeueus005 [74.208.5.3]) with ESMTPS
(Nemesis) id 1MWB7u-1rgHQL1Zve-00Vfv1 for <REMOVED>; Sat,
06 Jan 2024 04:41:51 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=WH5Fl6oIMs9UCI5HL7Jx1GEQeddJQpSpEBrpfdoU7Kmqxdpg8/YMGsfm/LRdUSMshIr3PmL7MWf5JmGOwb/ymRrhX/eMeDDY6oFpq/fCnK7gX6POHdFTLZtgtDxMbyTfVJPTFhqNU0uNbNGrZtwsd7htSAQxD7wJLvPqMXdpY75helChsPwR7ROrs5Ox0+e9HwGQfQNvkxRdr3Iuppa1rW2+nH/jya0ZnvDUNRffIWuwV31GRl/jmhBWgg1ExMO3oZc3qx6zOmcoLJLz9kMc5AXSoO0VlXuYtEgffN7HTykUeX65lGx4OqiaLjPGY7WxH5Bb6tUBrX/euNCaLgU65w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=8koqciwTQQ9NBa8XbTaJbbGVvpjlOMLF/IyfHTjyI/s=;
b=QHN7bRJ2DPwEHWSCu8G/RQGHmXtzWxTRYOdAH/SN6jmQgiW9apOqGw7kNkkrdRAk6avTtBKTaFrD8tCYErl50kGN8jSmFRYvqSH52AH0O/DCkeTYZyOCW2W6eQMOUjDhfVc2gtppm29Ks37Wx0kdA778nyZQDlsmTAIDuXWTvtKEbVC7xz3bf0s6RpudvZw/G7drM/jtIODwUdHb4QsoTVIVpjyJesRUM7YK8iPfzKEbOpLkWq09PRMJ9W2oX3JvbAUiayUrg+SkPE9lwu8mHh9YdntlLjHuDSbCXux/fPjA0irDWCOzr9PAyRlMiw1uY8rXzlACano6vz+SCd284A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
185.139.230.132) smtp.rcpttodomain=REMOVED
smtp.mailfrom=azx2u2kc5.onmicrosoft.com; dmarc=none action=none
header.from=azx2u2kc5.onmicrosoft.com; dkim=none (message not signed);
arc=none (0)
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.139.230.132)
smtp.mailfrom=AZx2u2kc5.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=AZx2u2kc5.onmicrosoft.com;
Date: Sat, 06 Jan 2024 04:40:40 +0100
CC: REMOVED
From: YETI Department <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com>
To: REMOVED
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
In-Reply-To: <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com>
Content-Transfer-Encoding: 7bit
Importance: high
Subject: Adventure-Ready: YETI 30 oz Travel Mug for On-the-Go Excellence
Message-ID:
<ee0f5bb7-ee44-4c91-928c-186e94101ec5@BN8NAM12FT110.eop-nam12.prod.protection.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT110:EE_|BL3PR07MB8900:EE_
X-MS-Office365-Filtering-Correlation-Id: 532e6f5b-21fe-45a3-aa98-08dc0e696a8b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:That's all we need better to send a track
Microsoft get worse at every turn then call them "upgrades"
40.107.223.128 abuse[AT]microsoft[DOT]com only one available
which is ignored except for auto ack gleefully telling you to go to some obscure addressTheir CERT address is no longer for their phishing DOS attacks!
phishing-report[AT]us-cert[DOT]gov
If they even breathe perhaps need to tell Microsoft for Automatic spam forward as attachment website to sort their DOS attackers out?
Microsoft have forums?
Will faceup to converting to a Google operating system when this gets to slow with Microsoft deliberately bloated "updates" (downgrades)
But won't save the problem with Microsoft spam! -
10 hours ago, spamkiller said:
@petzl Thanks for the info.
I did receive a reply from Microsoft on Jan 4 that I had sent them on Dec 23. It seemed to be an real reply rather than an auto reply. This is the 2nd reply that I got from them. I always put "spam Report # xx" in the subject because when they reply, there is no reference as to which email they are replying to. They replied to email report # 31 and I'm up to report # 55, so they are really slow or running about 2 weeks behind.
the best way IMO is to charge a small fee US$10 (for life) via Credit card or PayPal for what was once free email accounts, this stops the bots. Twitter is anti-bot, and have hoops and jumps to get through.
-
7 hours ago, spamkiller said:
@gnarlymarley Thanks for the reply. I will continue to report all spams to spamcop.
I've searched the internet on the proper method to report spam to Microsoft and almost 100% of hits are an explanation on how to configure your "Microsoft" email app to block or ignore spam! Really?? Microsoft needs to wake up to the fact that not everyone uses a Microsoft email app. Also, why should everyone have to configure their email app to block spam originating from Microsoft? I think that Microsoft should configure their mail host to stop the spam in the first place."Abuse at microsoft com" will get you a Auto ack telling you where to send spam
I don't believe they know how to deal with spammers free email accounts?
Usually its
phish[AT]office365[DOT]microsoft[DOT]com
this week?
But they must get millions of abuse reports, most of the clue'y automate by using a web page
This criminal redirection links using Gmail Google cloud are reported here for instance
https://support.google.com/code/contact/cloud_platform_report
I send the .eml attachment as a file attachment with it in "chose file" button
But they seem getting bogged down now also? -
I like fried cannedSPAM on toast with vegemite, a fried runny egg. with a mug of coffee
-
17 hours ago, ninth said:
Note that cloudflare take about a month to get back and then ask if the problem has resolved itself yet. I also try not to truncate as the app will often resolve any links and websites even if on the last line but not if there are too many and I'm not bothering counting them each time.
They want you to use their Web pages for abuse
If you do they act reasonably quick but maybe not in your favor, they will also contact the registrar
Cloudfare's is
https://www.cloudflare.com/trust-hub/abuse-approach/ -
1 hour ago, ninth said:
I truncate when I get those X rated PDF files from dodgy countries - and now using your link to the feds to dob them in re modern slavery thanks useful member. What is it with these big companies like cloudflare and namecheap being their own registrars?
They want you to use their Web pages for abuse
Cloudfare's is
https://www.cloudflare.com/trust-hub/abuse-approach/Googles is (Usually a redirect for another spam site)
https://support.google.com/code/contact/cloud_platform_report?hl=en
First I send as attachment to spam source
(then from sent email you can download the **.eml file, you can attach as file for attachments) -
20 hours ago, ninth said:
I just gave it a whirls and got too much data error message which was strange as I always truncate large emails thanks to advice on here. All spam was processed anyways thanks SC.
Used to be SpamCop automatically truncated?
Not now it seems I have always truncated to save my data usage, sending obvious spammr links to the Registrar of Domain (if they have one)
Namecheap right now is refusing to remove a child porn spammers domain which the IP owner always does (as has every other registrar)?
Then I report the IP to the IP address, which always does!
As well as report to the FED's (doubt if they even get off their ass), but the IP Owner does! -
2 hours ago, Too Many Spams said:
Hi,
Was wondering if anyone knows how to stop this junk spam:
I get over 20+ emails from this spammer. Each time I report with SpamCop, it goes to report_spam@hotmail.com, abuse#amazonaws.com@devnull.spamcop.net, and malware#mnemo.com@devnull.spamcop.net.Doubt if Hotmail get the SpamCop report?
You need to send a SpamCop tracking link for better advice!
You need to find the registrar of the Website, SpamCop only reports the IP address of the Website.
Also with porn sites they by law need to have those lude photo a government Age ID. Most if not all spammers do not have this!
I always report this as child porn spam with this "Boiler plate". If you are a pediatrician you would be listened to
I also forward as attachment to the FED's
phishing-report[AT]us-cert[DOT]govChild porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS
2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.
"unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."
-
4 hours ago, Steve said:
According to Gmail's mailer-daemon, malware AT mnemo DOT com doesn't exist, yet SC's parser dev/nulls this address.
https://www.spamcop.net/sc?id=z6877159915z6bfdd31b37f0c6be4d2b2f3fb9c2bc3e
Ovh Canada SERT
https://www.first.org/members/teams/cccsas it's a porn site a good boiler is this one
Namecheap hate it because it's trueno working unsubscribe phishing-report@us-cert.gov Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS 2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction. "unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."
-
10 hours ago, livingny said:
But if my email address isn't registered here it won't accept, bounce or report spam to that email address.
Mailhosts are different to a email address.
https://www.spamcop.net/fom-serve/cache/397.html
If you register your mailhosts SpamCop whitelists their IP's and won't report them as a spam source.
All SpamCop will report is the email server that sent you spam.
Spammers use throw-away email accounts which make them almost impossible to be blacklisted by SpamCop
Although this German one has just been listed, as long as it keeps getting spam reports or hitting spam-traps it will be relisted quickly
https://talosintelligence.com/reputation_center/lookup?search=82.165.159.40
If you remove your mailhosts you need to check you are not reporting yourself, which if your email servers are set-up correctly won't happen! -
21 hours ago, ninth said:
If blocked at the IP level the addresses in the first and last example above are different so they will only be blocked for 24hrs unless more spam is sent. It's still worth blocking accounts and reporting to move them up levels on blocklists and increase the likely spam or scam rating %...it all adds up to a bad reputation.
To block a FREE throw-away German email IP is not likely to happed. each IP and they have a great many has to be reported a great many times or hit SpamCops spamtraps
A source IP is likely to be blocked very quickly, a Mailhost is only needed if your email server is misconfigured and starts getting SpamCop reports. -
17 hours ago, ninth said:
Flick the raw text to certified senders germany they handle complaints of unauthorised sending of mails and newsletters:
csa-complaints@eco.de
Reporting the free throw-away email server mean the child porn spammer opens another one!
The source of email is what SpamCop would report if you didn't have to use Maillhosts
176.113.82.77 United Arab Emirates -
3 hours ago, livingny said:
I am having the same issue. I have 3 AOL Verizon email addresses. It only has let me add one of those addresses to my mailhosts. When I get spam from an address that SC doesn't take it says it can't do anything since that mailhost isn't listed for my account here. I used to be able to report all of my addresses now I'm limited to just one for AOL Verizon, one for Gmail, when I have 3 email addresses for each of these. I keep trying to add them back but it won't send a test email to anything else after I've set up one address. Has something changed here?
Appreciate any help I can get!
It's better to not add mail hosts if your are not reporting your provider.
Mailhosts only allow the reporting of the email server that sent it to you.
Without SpamCop will look for the IP source that sent it to the mail server you received it from
free german disposable email server IP
82.165.159.40
Email source
176.113.82.77 United Arab Emirates
spam LEVEL Very HighFrom these headers trry passing see if SpamCop targets the source IP? 176.113.82.77
Delivered-To: XXX
Received: by 2002:a05:7108:628f:b0:338:fe90:582f with SMTP id l15csp772717gdq;
Fri, 17 Nov 2023 16:37:26 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGy0SbW8gkyRzW6Fn8MOIH/ATERyYKegZ+MeRcXOdcCEIpPxZkm+TAR8BAiCgEwy6M+fj6/
X-Received: by 2002:a05:6000:400e:b0:32d:b991:1a71 with SMTP id cp14-20020a056000400e00b0032db9911a71mr476095wrb.0.1700267846070;
Fri, 17 Nov 2023 16:37:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1700267846; cv=none;
d=google.com; s=arc-20160816;
b=zxdCS5JLDaqaq7P7XMM7NQIBFspLN+L/mDSW7XbVnlCmD4Ihp+gY0cAlAb8tQLkfEJ
WtKTrgdaZG02D1jtpR+L1K08+OIn3hJjbeyJlYzq1a/bnV1ctDFlej/WSJKxgJgTNtZC
lvoxPSxsByxKnqX/JZYlhdCyLhjcmC/v3fVqpA1H+S9YhDwMeYVS2giOlGZa9Tfs68du
gBJ+6AwZdgRvYNyN4/quZtg1e0OvS0F2EC3kkOCb+jv2q8WUTcG53tDZunw7jyrUDsQl
WUX77gj8aCqpnzTNhGCEeAHAZltR0V7nWqyzV5UOW7JabknV2m+dzKW2y9atnnK/Jlwj
3Lmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=ui-outboundreport:date:to:reply-to:subject:from:message-id
:mime-version:dkim-signature;
bh=3KL27dqf22qQEknZJ4Ph61N6xVhBcCUOP6e6cKwYQiU=;
fh=GIhbJBYT0EH5LQuP2tB5rvgib++oZw6Kh7U+a6RCbJI=;
b=YyWRNQ56gf/7uvNsr3lTtf7k04FDqDpouPxD2Uz6kuS1+9y0dM4IfXYdGwCATWupw6
Yzd2dgyqRQCQz7RBhhy0J3TSQXTjefqOMuZ/l6Wldy/Od30A8ZL7uFGaiAYnynFNwrQX
yB0ce5XeaWQbCyjVFAUvCWKqSNiaHLqvx8VS30GAKFkv4Xj6JhfAmldUEDLCciATcgpW
yClCWZP+VlX1PHmC9h+Dp+EhANz3bf1VwOCKf/H7KoWjDnQSHlS1PloD30Ib5czE9fnX
rQIRzo7GFKTv++EEpKDuljxkSqKH1QJP4ndXH6vwIY5iA+DEw7QLb5KLbuIZQXDvEgB5
GHyw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmx.de header.s=s31663417 header.b=cSlwoYYR;
spf=pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) smtp.mailfrom=belenkovd@gmx.de;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
Return-Path: <belenkovd@gmx.de>
Received: from mout-xforward.gmx.net (mout-xforward.gmx.net. [82.165.159.40])
by mx.google.com with ESMTPS id d17-20020a5d5391000000b0032d9caeab1fsi1696840wrv.916.2023.11.17.16.37.25
for <XXX>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 17 Nov 2023 16:37:26 -0800 (PST)
Received-SPF: pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) client-ip=82.165.159.40;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmx.de header.s=s31663417 header.b=cSlwoYYR;
spf=pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) smtp.mailfrom=belenkovd@gmx.de;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
t=1700267845; x=1700872645; i=belenkovd@gmx.de;
bh=7sWLcV7aPhDKgHuijf29I4AzQHNtAmVg2aZWKeKw9Fc=;
h=X-UI-Sender-Class:From:Subject:Reply-To:To:Date;
b=cSlwoYYRCP59Zd9mgIqTpPO6hLvqU0GnI/i5SU48uOWBYk/TLMk/XpoMLdahk8o0
5LTjTVGZa9ZJ38S/xkni9ED3K55IADE4UsCSoNyKlKyU1+NckQwd/qWyv1P8KEB2m
O1Rcyn6ozQNH+w+xuXGX98QWVuJA7du0naNCRryhPgX3sE3U7GfSMZABQP98yET32
XQmhSy9tB9ccvQZeuxGMIUkEYL63NTfYNHX6s4ES2syK7Z403j7TXjm4XjjOJZyET
0za490MQMXEj7pYfGdiGMu8UxTzZNrJ2fPnI0PPs4l1D6MfslMF8V/WtrBerHBUl6
vOUW2bDGGalxNHHYXg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from mail.bigdealproduct.cyou ([176.113.82.77]) by mail.gmx.net
(mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id
1Ml6qC-1rlDvl1zyu-00lUs0 for <XXX>; Sat, 18 Nov 2023 01:37:25
+0100
MIME-Version: 1.0
Message-Id: <efUgbxJ.45851.894.jqU@bigdealproduct.cyou>
From: ukraine women bang <belenkovd@gmx.de>
Subject:💗💗ukraine women BANG💗 𝐋𝐞𝐭'𝐬 𝐠𝐨 𝐨𝐧 𝐚 𝐝𝐚𝐭𝐞 ♥𝐭𝐨𝐧𝐢𝐠𝐡𝐭 🍑💋💌𝐈 𝐭𝐡𝐢𝐧𝐤 𝐲𝐨 𝐮'𝐥𝐥 𝐥𝐢𝐤𝐞 𝐡𝐨𝐰 𝐢𝐭 𝐞𝐧𝐝𝐬! ❤️💋
Reply-To: reply_to@bigdealproduct.cyou
To: XXX
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Nov 2023 00:37:13 +0000
X-Provags-ID: V03:K1:NfcqrB6DPxvyS0glquZuMAaIYOu0+A1aBxjZMQhL5IWhgZmssTe
EgmDjBg5NzHJEzfZ8DNBU3AduDf5uyELIFbsfPYDPxQRjv/MWRjCWBzFbGjAedK9OIdR5vX
zoSZj+eYCTaA3idnKhFn2qznLJh5lq4SRmcYkeCXqqDJgyks/p+e+zkgPCeO4iO23gAVtY6
erG1afbdhstKyYl+1XEzQ==
X-spam-Flag: YES
UI-OutboundReport: junk:10;M01:P0:2H8NFLdZTK4=;0Ga0ZMbp7usMdok8UXIkQZ9kiU2Wf
DJvDPDAKLFJl2579iZcpHmH4pZ0gqYwyr4zkLkcveIZoNZzb315Ru3z4XtPVIDgdKm72ANtbm
VomJoGeewFh+ECnnIyOSeYaANNfYprGUSlFjhMKQ0qEnoD1jusIcL3Cx62vCqND09JfeDV8qT
cDwI/sX9uEMo/X2t5pyk7fUd/d94xqpRWkDgocy2qwr4WTeVAPQPqCmhhcocGP3u0ciB3IGAk
k4e4FMswz6DSTN63Xep4nQ2wC/Ntt/3AW26tQARw2T0gvW1lU85RyQDBKXim2O+gpcUe1xkih
eCWEAMx0s2WNw5wYi6n3NcW0HV8Wbjc/wqhxOi5tBS0OyQ4owYH1Ht9k5oVp4VijRgqD6M56e
tABxtu2/HlLMK30GQPN1/R4tFkqRxSm4ds932ty/tUSZNwXvhJ2oBGXoAdw/Ardh8V4K59zkq
1+tuEi+H2aH9wfHsKqiIMGnMs9XO+0bQFkn5bVIHsBsqH42rVuDwgBiJkgHzxOYWZgcZ9138i
pOguR1ZDA9KkGy9wpwS92Ta7SJ0Lst7JauwyNJOw7tXzL0c+6hBo1pacx7SP2uSjiYDRW1jod
Sr6X/Q9FRCo3DGq9n2m2Z5ZbSAp6M8kIhqVAxUlqmIIsM7QNllwc56HiGOikbZzwUcQAlagN+
GEbijmFxexD4Tk1nW4XSjY4l76qh2+HdaGdXvsXR87KOKxbccGWoLRkles1usQKumqXNbRVay
Hipi6CUqtTvdJH448oraaLTgONPII1RzgzyyArC3tZdZSVaVltbFUMd1AaXqRj0uHTtwXTcIt
o2OJCt75SKCvqyjjyhGxfVxiHHZXGRRHk/u38pYaRs9rBNGrTSjGpS5VXeXv0Y4//Kf/jYT/D
wgjM2pnpOG9whZgHmJ2EFjriwvlstpHhP8SjejqrybpXe715uuLBj5PaVi19B3JiMS8JbixLw
Cw4hyZbd6nToBVlIKY83oJrw/jrIHSot8x51dGLan7xulAEVBtjOc1xn7ysJGs/DTE75qqkd2
eYOjo4h9LN69wLU0XveNqxEm/2ebQhjKHmp+6TRUNCATED
-
2 hours ago, antilyrical said:
In 2014, I moved away from using my spamcop email address and started relying on my Hotmail and Gmail accounts. But I do have some lingering accounts that were signed up and use my spamcop.net email address.
In the middle of the night, when I can't sleep because I'm thinking about random things I can't control, every so often I think "What if they stop forwarding my spamcop email address?"
Has there been any indication or rumblings of the forwarding coming to an end?
Mines still going, not heard otherwise, but a bit of a worry that CIsco seems to be moving away from SpamCop importance?
-
8 hours ago, sc_aswglo said:
We have been receiving literally the same spam email every single day from the same network and it still is not on SpamCops block list. The network is Layerhost and it's clearly a spammers heaven but I report these Emails eveyry day and SpamCop does not block it. Does anyone know what is going on here?
https://www.spamcop.net/sc?id=z6875012231z01deb9435cbbe9b35da77cc3716fc7bez
snip
https://www.spamcop.net/sc?id=z6872567543zadc3d8a351e1690eb05d589f6a3ef719zIt is Chinese spam going through a American server
https://www.ronhamjinten.com
contact for the spam creeps, they have a facebook page as well
Might pay to check you email address is owned by creeps?
https://au.norton.com/breach-detection
seem to be through a network "(unknown [127.0.0.1])" concealing the span source
23.247.15.203 layerhost don't seem interested!
As the unsubscribed spam seems phishing you might try
US CERT phishing-report[AT]us-cert[DOT]gov *Don't expect the US FED's to care either*
Their job is flameproof can't be fired IMO!
The web links are Chinese "Hong Kong"
Name: count.bestedm.net
IP: 43.135.35.107 abuse for IP as139341_abuse[AT]aceville[DOT]net (SpamCop is in error)
Aliases: count.ronhamjinten.com
Domain: ronhamjinten.com
you need to complain to Registrar DomainAbuse[AT]service.aliyun[DOT]com -
3 hours ago, ninth said:
60.251.163.7 discarded as a forgery, using 185.56.86.136
IP forgery by spammer.
The links in the email are registered by nic.br mail-abuse@cert.br host hostinger US
60.251.163.7 has been hard coded by SpamCop to go to 185.56.86.136?
Could be a legacy issue?
60.251.163.7 Abuse address is hostmaster[AT]twnic[DOT]net[DOT]tw -
10 hours ago, display said:
Both https://www.intertor.net/ and related https://avito.pl/ are websites of supposedly some 'fiber internet provider', but they look more like generic placeholders than anything else.
My guess they are controlled by the spammers themselves.
Can you update the website so it wouldn't suggest sending reports to them?
SpamCop don't send reports to website Registrar just to the IP the domain resides on
If it did
Name: www.intertor.net
IP: 185.35.199.240
Domain: intertor.netName: www.intertor.net
IP: 185.35.199.240
Which needs yo go tp
Domain: intertor.net
Registrar Abuse Contact Email: abuse[AT]key-systems[DOT]net
INSTEAD
SC would send it to
abuse-c[AT]intertor[DOT]net
learn how to send a URL track top of page BEFORE you submit
like
https://www.spamcop.net/sc?id=z6865456272zb80b6714137b6a769602c5c935b6318ez -
9 hours ago, dlongnecker said:
They are not getting to SC. I can copy and paste them but I literally get 30 spam emails a day that I want to report and cut and pasting those headers each time is a slow process.
Probably all from same spammer. you need to find our registrar of their web pages which IMO spammer don't like
just forward as attachment to Registrar -
3 hours ago, Lking said:
Are your reports getting to SC? After sending a spam, even if you do not receive a response the spam should be in your SC queue to be approved. If it is not there then your email provider is blocking your outgoing email because of the spam content, or they have outgoing settings that fail to connect to the SC server. If they are not sending or are trying and failing to sent, your outgoing email they should send you some kind of a notice.
On the other hand, if your submitted spam shows up in you SC queue, then your email host could be blocking email from SC. In the passed it has been common for ISPs to block email with the word spam in them.
Sense some are coming through, it may be informative to run a test: Forward some spam, one at a time, spaced out to see if there is a threshold when they start blocking outgoing or incoming email. Let the forum know what you find.
Gmail often blocks my spam reports to abuse desks, because they contain spam.
Copy and past to Spacop Web page is the best method -
4 hours ago, Steve said:
It usually says something to the effect of "Reports disabled for abuse AT sendgrid DOT com", but no explanation by the parser is given.
Used to but rarely now!
SpamCop reporting is easily disabled.
It's not hard for ISP's to stop receiving SpamCop reports but guessing takes time for admin to log reason
Sendgrid are masive email platform unlikely to be ever blocked by SCBL
https://www.spamcop.net/fom-serve/cache/77.html
IMO free email need to be scrutinized or they are just overrun by spam bots
https://sendgrid.com/free/
Twitter/X is attempting to remove what was 90% full of bots I believe
Discourages people from signing up, I like a VPN so I always get confirmation messages
so I just read news links without signing in
Microsoft IP being blocked
in SpamCop Blocklist Help
Posted
It is not compulsory for a ISP email server to use SpamCop's blocklist.
I just use Gmail nowadays they don't.