Jump to content

petzl

Memberp
  • Posts

    2,974
  • Joined

  • Last visited

Posts posted by petzl

  1. 2 hours ago, gnarlymarley said:

    Wow, they finally got blocked. One thing to note is that Microsoft was warned numerous times before their inaction allowed the IP to show up on the blocklist. I have been getting abuse from their IP with a few messages a day from a .shop address trying to immitate some paypal links.

    I suspect Microsoft's way of handling it's spam blocked IP's is to turn them off, and use another one they have a vast number of them?

  2. SpamCop block list only blocks a single IP when it hits a span threshold algorithm ratioed to the volume of email going through that IP.
    Then releases it when the spam stops for 24 hours, 40.107.8.113 is not presently listed so the flood of spam going though it has presently stopped it's spam flood.
    The range of IP's listed may not be blocked but may have been.
    For a Microsoft email IP to be blocked would be very high well above the ratio for most IP's!
    A lot of other big email providers just block rouge IP's and don't supply figures for doing so.
    SpamCop Block releases IP when spam attacks stop.
    Microsoft IMO do not seem to of worked out how to stop spammers.
    Gmail is pretty good at doing this.
      

  3. 4 hours ago, Engin Acar said:

    Hi,

    We are getting the same problem with the emails from almost all our suppliers.

    This is the failmessage;

    "JunkMail rejected - mail-vi1eur04on2113.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com) [40.107.8.113]:13093 is in an RBL: Blocked - see https://www.spamcop.net/bl.shtml?40.107.8.113"

    Almost all the ip adresses which begins with 40.107.XXX.XXX ends up in Junk mail.

    This should be fixed ASAP.

     

    Seems SpamCop Blocklist  to be working well.
    Microsoft are the only ones to fix it, too many BOT spammers hitting spamtraps (fictitious email addresses)
    https://www.spamcop.net/w3m?action=checkblock&ip=40.107.8.113

    40.107.8.113 listed in bl.spamcop.net (127.0.0.2)
    If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 6 hours.
    Causes of listing
    System has sent mail to SpamCop spam traps in the past week 
    Other hosts in this "neighborhood" with spam reports
    40.107.7.114 40.107.7.115 40.107.7.117 40.107.7.118 40.107.7.119 40.107.7.120 40.107.7.121 40.107.7.122 40.107.7.123 40.107.7.124 40.107.7.125 40.107.7.127 40.107.7.128 40.107.7.129 40.107.7.130 40.107.7.131 40.107.7.132 40.107.7.133 40.107.7.134 40.107.7.135 40.107.7.137 40.107.7.138 40.107.7.139 40.107.8.40 40.107.8.41 40.107.8.42 40.107.8.43 40.107.8.44 40.107.8.45 40.107.8.47 40.107.8.48 40.107.8.49 40.107.8.50 40.107.8.51 40.107.8.52 40.107.8.53 40.107.8.54 40.107.8.55 40.107.8.57 40.107.8.58 40.107.8.59 40.107.8.70 40.107.8.71 40.107.8.72 40.107.8.73 40.107.8.74 40.107.8.75 40.107.8.77 40.107.8.78 40.107.8.79 40.107.8.80 40.107.8.81 40.107.8.82 40.107.8.83 40.107.8.84 40.107.8.85 40.107.8.87 40.107.8.88 40.107.8.89 40.107.8.90 40.107.8.91 40.107.8.92 40.107.8.93 40.107.8.94 40.107.8.95 40.107.8.97 40.107.8.98 40.107.8.99 40.107.8.100 40.107.8.101 40.107.8.102 40.107.8.103 40.107.8.104 40.107.8.105 40.107.8.107 40.107.8.108 40.107.8.109 40.107.8.110 40.107.8.111 40.107.8.112 40.107.8.114 40.107.8.115 40.107.8.117 40.107.8.118 40.107.8.119 40.107.8.120 40.107.8.121 40.107.8.122 40.107.8.123 40.107.8.124 40.107.8.125 40.107.8.127 40.107.8.128 40.107.8.129 40.107.8.130 40.107.8.131 40.107.8.132 40.107.8.133 40.107.8.134 40.107.8.135 40.107.8.137 40.107.8.138 40.107.8.139 40.107.9.54 40.107.9.73 40.107.9.80 40.107.9.82 40.107.9.88 40.107.9.89 40.107.9.102 40.107.9.108

  4. 11 hours ago, spamkiller said:

    uthentication-Results:  perfora.net; dkim=none
    Received: from NAM11-DM6-obe.outbound.protection.outlook.com
     ([40.107.223.128]) by mx.perfora.net (mxeueus005 [74.208.5.3]) with ESMTPS
     (Nemesis) id 1MWB7u-1rgHQL1Zve-00Vfv1 for <REMOVED>; Sat,
     06 Jan 2024 04:41:51 +0100
    ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
     b=WH5Fl6oIMs9UCI5HL7Jx1GEQeddJQpSpEBrpfdoU7Kmqxdpg8/YMGsfm/LRdUSMshIr3PmL7MWf5JmGOwb/ymRrhX/eMeDDY6oFpq/fCnK7gX6POHdFTLZtgtDxMbyTfVJPTFhqNU0uNbNGrZtwsd7htSAQxD7wJLvPqMXdpY75helChsPwR7ROrs5Ox0+e9HwGQfQNvkxRdr3Iuppa1rW2+nH/jya0ZnvDUNRffIWuwV31GRl/jmhBWgg1ExMO3oZc3qx6zOmcoLJLz9kMc5AXSoO0VlXuYtEgffN7HTykUeX65lGx4OqiaLjPGY7WxH5Bb6tUBrX/euNCaLgU65w==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
     s=arcselector9901;
     h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
     bh=8koqciwTQQ9NBa8XbTaJbbGVvpjlOMLF/IyfHTjyI/s=;
     b=QHN7bRJ2DPwEHWSCu8G/RQGHmXtzWxTRYOdAH/SN6jmQgiW9apOqGw7kNkkrdRAk6avTtBKTaFrD8tCYErl50kGN8jSmFRYvqSH52AH0O/DCkeTYZyOCW2W6eQMOUjDhfVc2gtppm29Ks37Wx0kdA778nyZQDlsmTAIDuXWTvtKEbVC7xz3bf0s6RpudvZw/G7drM/jtIODwUdHb4QsoTVIVpjyJesRUM7YK8iPfzKEbOpLkWq09PRMJ9W2oX3JvbAUiayUrg+SkPE9lwu8mHh9YdntlLjHuDSbCXux/fPjA0irDWCOzr9PAyRlMiw1uY8rXzlACano6vz+SCd284A==
    ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
     185.139.230.132) smtp.rcpttodomain=REMOVED
     smtp.mailfrom=azx2u2kc5.onmicrosoft.com; dmarc=none action=none
     header.from=azx2u2kc5.onmicrosoft.com; dkim=none (message not signed);
     arc=none (0)
    X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.139.230.132)
     smtp.mailfrom=AZx2u2kc5.onmicrosoft.com; dkim=none (message not signed)
     header.d=none;dmarc=none action=none header.from=AZx2u2kc5.onmicrosoft.com;
    Date: Sat, 06 Jan 2024 04:40:40 +0100
    CC: REMOVED
    From: YETI Department <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com>
    To: REMOVED
    MIME-Version: 1.0
    Content-Type: text/html; charset="UTF-8"
    In-Reply-To: <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com>
    Content-Transfer-Encoding: 7bit
    Importance: high
    Subject: Adventure-Ready: YETI 30 oz Travel Mug for On-the-Go Excellence
    Message-ID:
     <ee0f5bb7-ee44-4c91-928c-186e94101ec5@BN8NAM12FT110.eop-nam12.prod.protection.outlook.com>
    X-EOPAttributedMessage: 0
    X-MS-PublicTrafficType: Email
    X-MS-TrafficTypeDiagnostic: BN8NAM12FT110:EE_|BL3PR07MB8900:EE_
    X-MS-Office365-Filtering-Correlation-Id: 532e6f5b-21fe-45a3-aa98-08dc0e696a8b
    X-MS-Exchange-SenderADCheck: 1
    X-MS-Exchange-AntiSpam-Relay: 0
    X-Microsoft-Antispam: BCL:0;
    X-Microsoft-Antispam-Message-Info:

    That's all we need better to send a track
    Microsoft get worse at every turn then call them "upgrades"
    40.107.223.128   abuse[AT]microsoft[DOT]com only one available
    which is ignored except for auto ack gleefully telling you to go to some obscure address

    Their CERT address is no longer for their phishing DOS attacks!
    phishing-report[AT]us-cert[DOT]gov
    If they even breathe perhaps need to tell Microsoft for Automatic spam forward as attachment website to sort their DOS attackers out?
    Microsoft have forums?
    Will faceup to converting to a Google operating system when this gets to slow with Microsoft deliberately bloated "updates" (downgrades)
    But won't save the problem with Microsoft spam!

     

  5. 10 hours ago, spamkiller said:

    @petzl Thanks for the info.

    I did receive a reply from Microsoft on Jan 4 that I had sent them on Dec 23.  It seemed to be an real reply rather than an auto reply.  This is the 2nd reply that I got from them.  I always put "spam Report # xx" in the subject because when they reply, there is no reference as to which email they are replying to.  They replied to email report # 31 and I'm up to report # 55, so they are really slow or running about 2 weeks behind.

    the best way IMO is to charge a small fee US$10 (for life) via Credit card or PayPal for what was once free email accounts, this stops the bots. Twitter is anti-bot, and have hoops and jumps to get through.

  6. 7 hours ago, spamkiller said:

    @gnarlymarley Thanks for the reply.  I will continue to report all spams to spamcop.

    I've searched the internet on the proper method to report spam to Microsoft and almost 100% of hits are an explanation on how to configure your "Microsoft" email app to block or ignore spam!  Really??  Microsoft needs to wake up to the fact that not everyone uses a Microsoft email app.  Also, why should everyone have to configure their email app to block spam originating from Microsoft?  I think that Microsoft should configure their mail host to stop the spam in the first place.

    "Abuse at microsoft com" will get you a Auto ack telling you where to send spam
    I don't believe they know how to deal with spammers free email accounts?
    Usually its 
    phish[AT]office365[DOT]microsoft[DOT]com
    this week?
    But they must get millions of abuse reports, most of the clue'y automate by using a web page
    This criminal redirection links using Gmail Google cloud are reported here for instance
    https://support.google.com/code/contact/cloud_platform_report 
    I send the .eml attachment as a file attachment with it in "chose file" button
    But they seem getting bogged down now also?

  7. 17 hours ago, ninth said:

    Note that cloudflare take about a month to get back and then ask if the problem has resolved itself yet. I also try not to truncate as the app will often resolve any links and websites even if on the last line but not if there are too many and I'm not bothering counting them each time.  

    They want you to use their Web pages for abuse

    If you do they act reasonably quick but maybe not in your favor, they will also contact the registrar
    Cloudfare's is
    https://www.cloudflare.com/trust-hub/abuse-approach/ 

  8. 1 hour ago, ninth said:

    I truncate when I get those X rated PDF files from dodgy countries - and now using your link to the feds to dob them in re modern slavery thanks useful member. What is it with these big companies like cloudflare and namecheap being their own registrars?

    They want you to use their Web pages for abuse
    Cloudfare's is
    https://www.cloudflare.com/trust-hub/abuse-approach/ 

    Googles is (Usually a redirect for another spam site)
    https://support.google.com/code/contact/cloud_platform_report?hl=en
    First I send as attachment to spam source
    (then from sent email you can download the **.eml file, you can attach as file for attachments)

  9. 20 hours ago, ninth said:

    I just gave it a whirls and got too much data error message which was strange as I always truncate large emails thanks to advice on here. All spam was processed anyways thanks SC.

    Used to be SpamCop automatically truncated?
    Not now it seems I have always truncated to save my data usage, sending obvious spammr links to the Registrar of Domain (if they have one)
    Namecheap right now is refusing to remove a child porn spammers domain which the IP owner always does (as has every other registrar)?
    Then I report the IP to the IP address, which always does!
    As well as report to the FED's (doubt if they even get off their ass), but the IP Owner does!

  10. 2 hours ago, Too Many Spams said:

    Hi,
    Was wondering if anyone knows how to stop this junk spam:
    I get over 20+ emails from this spammer. Each time I report with SpamCop, it goes to report_spam@hotmail.com, abuse#amazonaws.com@devnull.spamcop.net, and malware#mnemo.com@devnull.spamcop.net.

    Doubt if Hotmail get the SpamCop report?
    You need to send a SpamCop tracking link for better advice!
    You need to find the registrar of the Website, SpamCop only reports the IP address of the Website.
    Also with porn sites they by law need to have those lude photo a government Age ID. Most if not all spammers do not have this!
    I always report this as child porn spam with this "Boiler plate". If you are a pediatrician you would be listened to
    I also forward as attachment to the FED's 
    phishing-report[AT]us-cert[DOT]gov

    Child porn spammer 
    pictures under 18 or made to look under 18
    NO PROOF OF AGE available! 
    SENT TO MINORS

    2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.
    "unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."
     

  11. 4 hours ago, Steve said:

    According to Gmail's mailer-daemon, malware AT mnemo DOT com doesn't exist, yet SC's parser dev/nulls this address.

    https://www.spamcop.net/sc?id=z6877159915z6bfdd31b37f0c6be4d2b2f3fb9c2bc3e

    Ovh Canada SERT
    https://www.first.org/members/teams/cccs

    as it's a porn site a good boiler is this one
    Namecheap hate it  because it's true

    no working unsubscribe
    phishing-report@us-cert.gov
    Child porn spammer 
    pictures under 18 or made to look under 18
    NO PROOF OF AGE available! 
    SENT TO MINORS
    
    2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.
    
    "unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."

     

  12. 10 hours ago, livingny said:

    But if my email address isn't registered here it won't accept, bounce or report spam to that email address.

    Mailhosts are different to a email address.
    https://www.spamcop.net/fom-serve/cache/397.html
    If you register your mailhosts SpamCop whitelists their IP's and won't report them as a spam source.
    All SpamCop will report is the email server that sent you spam.
    Spammers use throw-away email accounts which make them almost impossible to be blacklisted by SpamCop
    Although this German one has just been listed, as long as it keeps getting spam reports or hitting spam-traps it will be relisted quickly
    https://talosintelligence.com/reputation_center/lookup?search=82.165.159.40
    If you remove your mailhosts you need to check you are not reporting yourself, which if your email servers are set-up correctly won't happen!

  13. 21 hours ago, ninth said:

    If blocked at the IP level the addresses in the first and last example above are different so they will only be blocked for 24hrs unless more spam is sent. It's still worth blocking accounts and reporting to move them up levels on blocklists and increase the likely spam or scam rating %...it all adds up to a bad reputation.

     

    To block a FREE throw-away German email IP is not likely to happed. each IP and they have a great many has to be reported a great many times or hit SpamCops spamtraps
    A source IP is likely to be blocked very quickly, a Mailhost is only needed if your email server is misconfigured and starts getting SpamCop reports.

  14. 3 hours ago, livingny said:

    I am having the same issue. I have 3 AOL Verizon email addresses. It only has let me add one of those addresses to my mailhosts. When I get spam from an address that SC doesn't take it says it can't do anything since that mailhost isn't listed for my account here. I used to be able to report all of my addresses now I'm limited to just one for AOL Verizon, one for Gmail, when I have 3 email addresses for each of these. I keep trying to add them back but it won't send a test email to anything else after I've set up one address. Has something changed here? 

    Appreciate any help I can get!

    It's better to not add mail hosts if your are not reporting your provider.
    Mailhosts only allow the reporting of the email server that sent it to you.
    Without SpamCop will look for the IP source that sent it to the mail server you received it from
    free german disposable email server IP
    82.165.159.40 
    Email source 
    176.113.82.77  United Arab Emirates
    spam LEVEL Very High    

    From these headers trry passing see if SpamCop targets the source IP? 176.113.82.77

    Delivered-To: XXX
    Received: by 2002:a05:7108:628f:b0:338:fe90:582f with SMTP id l15csp772717gdq;
            Fri, 17 Nov 2023 16:37:26 -0800 (PST)
    X-Google-Smtp-Source: AGHT+IGy0SbW8gkyRzW6Fn8MOIH/ATERyYKegZ+MeRcXOdcCEIpPxZkm+TAR8BAiCgEwy6M+fj6/
    X-Received: by 2002:a05:6000:400e:b0:32d:b991:1a71 with SMTP id cp14-20020a056000400e00b0032db9911a71mr476095wrb.0.1700267846070;
            Fri, 17 Nov 2023 16:37:26 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1700267846; cv=none;
            d=google.com; s=arc-20160816;
            b=zxdCS5JLDaqaq7P7XMM7NQIBFspLN+L/mDSW7XbVnlCmD4Ihp+gY0cAlAb8tQLkfEJ
             WtKTrgdaZG02D1jtpR+L1K08+OIn3hJjbeyJlYzq1a/bnV1ctDFlej/WSJKxgJgTNtZC
             lvoxPSxsByxKnqX/JZYlhdCyLhjcmC/v3fVqpA1H+S9YhDwMeYVS2giOlGZa9Tfs68du
             gBJ+6AwZdgRvYNyN4/quZtg1e0OvS0F2EC3kkOCb+jv2q8WUTcG53tDZunw7jyrUDsQl
             WUX77gj8aCqpnzTNhGCEeAHAZltR0V7nWqyzV5UOW7JabknV2m+dzKW2y9atnnK/Jlwj
             3Lmw==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
            h=ui-outboundreport:date:to:reply-to:subject:from:message-id
             :mime-version:dkim-signature;
            bh=3KL27dqf22qQEknZJ4Ph61N6xVhBcCUOP6e6cKwYQiU=;
            fh=GIhbJBYT0EH5LQuP2tB5rvgib++oZw6Kh7U+a6RCbJI=;
            b=YyWRNQ56gf/7uvNsr3lTtf7k04FDqDpouPxD2Uz6kuS1+9y0dM4IfXYdGwCATWupw6
             Yzd2dgyqRQCQz7RBhhy0J3TSQXTjefqOMuZ/l6Wldy/Od30A8ZL7uFGaiAYnynFNwrQX
             yB0ce5XeaWQbCyjVFAUvCWKqSNiaHLqvx8VS30GAKFkv4Xj6JhfAmldUEDLCciATcgpW
             yClCWZP+VlX1PHmC9h+Dp+EhANz3bf1VwOCKf/H7KoWjDnQSHlS1PloD30Ib5czE9fnX
             rQIRzo7GFKTv++EEpKDuljxkSqKH1QJP4ndXH6vwIY5iA+DEw7QLb5KLbuIZQXDvEgB5
             GHyw==
    ARC-Authentication-Results: i=1; mx.google.com;
           dkim=pass header.i=@gmx.de header.s=s31663417 header.b=cSlwoYYR;
           spf=pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) smtp.mailfrom=belenkovd@gmx.de;
           dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
    Return-Path: <belenkovd@gmx.de>
    Received: from mout-xforward.gmx.net (mout-xforward.gmx.net. [82.165.159.40])
            by mx.google.com with ESMTPS id d17-20020a5d5391000000b0032d9caeab1fsi1696840wrv.916.2023.11.17.16.37.25
            for <XXX>
            (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
            Fri, 17 Nov 2023 16:37:26 -0800 (PST)
    Received-SPF: pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) client-ip=82.165.159.40;
    Authentication-Results: mx.google.com;
           dkim=pass header.i=@gmx.de header.s=s31663417 header.b=cSlwoYYR;
           spf=pass (google.com: domain of belenkovd@gmx.de designates 82.165.159.40 as permitted sender) smtp.mailfrom=belenkovd@gmx.de;
           dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
    t=1700267845; x=1700872645; i=belenkovd@gmx.de;
    bh=7sWLcV7aPhDKgHuijf29I4AzQHNtAmVg2aZWKeKw9Fc=;
    h=X-UI-Sender-Class:From:Subject:Reply-To:To:Date;
    b=cSlwoYYRCP59Zd9mgIqTpPO6hLvqU0GnI/i5SU48uOWBYk/TLMk/XpoMLdahk8o0
    5LTjTVGZa9ZJ38S/xkni9ED3K55IADE4UsCSoNyKlKyU1+NckQwd/qWyv1P8KEB2m
    O1Rcyn6ozQNH+w+xuXGX98QWVuJA7du0naNCRryhPgX3sE3U7GfSMZABQP98yET32
    XQmhSy9tB9ccvQZeuxGMIUkEYL63NTfYNHX6s4ES2syK7Z403j7TXjm4XjjOJZyET
    0za490MQMXEj7pYfGdiGMu8UxTzZNrJ2fPnI0PPs4l1D6MfslMF8V/WtrBerHBUl6
    vOUW2bDGGalxNHHYXg==
    X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
    Received: from mail.bigdealproduct.cyou ([176.113.82.77]) by mail.gmx.net
     (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id
     1Ml6qC-1rlDvl1zyu-00lUs0 for <XXX>; Sat, 18 Nov 2023 01:37:25
     +0100
    MIME-Version: 1.0
    Message-Id: <efUgbxJ.45851.894.jqU@bigdealproduct.cyou>
    From: ukraine women bang <belenkovd@gmx.de>
    Subject:💗💗ukraine women BANG💗 𝐋𝐞𝐭'𝐬 𝐠𝐨 𝐨𝐧 𝐚 𝐝𝐚𝐭𝐞 ♥𝐭𝐨𝐧𝐢𝐠𝐡𝐭 🍑💋💌𝐈 𝐭𝐡𝐢𝐧𝐤 𝐲𝐨 𝐮'𝐥𝐥 𝐥𝐢𝐤𝐞 𝐡𝐨𝐰 𝐢𝐭 𝐞𝐧𝐝𝐬! ❤️💋
    Reply-To: reply_to@bigdealproduct.cyou
    To: XXX
    Content-Type: text/html; charset=UTF-8
    Date: Sat, 18 Nov 2023 00:37:13 +0000
    X-Provags-ID: V03:K1:NfcqrB6DPxvyS0glquZuMAaIYOu0+A1aBxjZMQhL5IWhgZmssTe
     EgmDjBg5NzHJEzfZ8DNBU3AduDf5uyELIFbsfPYDPxQRjv/MWRjCWBzFbGjAedK9OIdR5vX
     zoSZj+eYCTaA3idnKhFn2qznLJh5lq4SRmcYkeCXqqDJgyks/p+e+zkgPCeO4iO23gAVtY6
     erG1afbdhstKyYl+1XEzQ==
    X-spam-Flag: YES
    UI-OutboundReport: junk:10;M01:P0:2H8NFLdZTK4=;0Ga0ZMbp7usMdok8UXIkQZ9kiU2Wf
     DJvDPDAKLFJl2579iZcpHmH4pZ0gqYwyr4zkLkcveIZoNZzb315Ru3z4XtPVIDgdKm72ANtbm
     VomJoGeewFh+ECnnIyOSeYaANNfYprGUSlFjhMKQ0qEnoD1jusIcL3Cx62vCqND09JfeDV8qT
     cDwI/sX9uEMo/X2t5pyk7fUd/d94xqpRWkDgocy2qwr4WTeVAPQPqCmhhcocGP3u0ciB3IGAk
     k4e4FMswz6DSTN63Xep4nQ2wC/Ntt/3AW26tQARw2T0gvW1lU85RyQDBKXim2O+gpcUe1xkih
     eCWEAMx0s2WNw5wYi6n3NcW0HV8Wbjc/wqhxOi5tBS0OyQ4owYH1Ht9k5oVp4VijRgqD6M56e
     tABxtu2/HlLMK30GQPN1/R4tFkqRxSm4ds932ty/tUSZNwXvhJ2oBGXoAdw/Ardh8V4K59zkq
     1+tuEi+H2aH9wfHsKqiIMGnMs9XO+0bQFkn5bVIHsBsqH42rVuDwgBiJkgHzxOYWZgcZ9138i
     pOguR1ZDA9KkGy9wpwS92Ta7SJ0Lst7JauwyNJOw7tXzL0c+6hBo1pacx7SP2uSjiYDRW1jod
     Sr6X/Q9FRCo3DGq9n2m2Z5ZbSAp6M8kIhqVAxUlqmIIsM7QNllwc56HiGOikbZzwUcQAlagN+
     GEbijmFxexD4Tk1nW4XSjY4l76qh2+HdaGdXvsXR87KOKxbccGWoLRkles1usQKumqXNbRVay
     Hipi6CUqtTvdJH448oraaLTgONPII1RzgzyyArC3tZdZSVaVltbFUMd1AaXqRj0uHTtwXTcIt
     o2OJCt75SKCvqyjjyhGxfVxiHHZXGRRHk/u38pYaRs9rBNGrTSjGpS5VXeXv0Y4//Kf/jYT/D
     wgjM2pnpOG9whZgHmJ2EFjriwvlstpHhP8SjejqrybpXe715uuLBj5PaVi19B3JiMS8JbixLw
     Cw4hyZbd6nToBVlIKY83oJrw/jrIHSot8x51dGLan7xulAEVBtjOc1xn7ysJGs/DTE75qqkd2
     eYOjo4h9LN69wLU0XveNqxEm/2ebQhjKHmp+6

     

    TRUNCATED

  15. 2 hours ago, antilyrical said:

    In 2014, I moved away from using my spamcop email address and started relying on my Hotmail and Gmail accounts. But I do have some lingering accounts that were signed up and use my spamcop.net email address.

    In the middle of the night, when I can't sleep because I'm thinking about random things I can't control, every so often I think "What if they stop forwarding my spamcop email address?"

    Has there been any indication or rumblings of the forwarding coming to an end?

     

    Mines still going, not heard otherwise, but a bit of a worry that CIsco seems to be moving away from SpamCop importance?

  16. 8 hours ago, sc_aswglo said:

    We have been receiving literally the same spam email every single day from the same network and it still is not on SpamCops block list. The network is Layerhost and it's clearly a spammers heaven but I report these Emails eveyry day and SpamCop does not block it. Does anyone know what is going on here?

    https://www.spamcop.net/sc?id=z6875012231z01deb9435cbbe9b35da77cc3716fc7bez
    snip
    https://www.spamcop.net/sc?id=z6872567543zadc3d8a351e1690eb05d589f6a3ef719z

    It is Chinese spam going through a American server
    https://www.ronhamjinten.com
    contact for the spam creeps, they have a facebook page as well

    Might pay to check you email address is owned by creeps?
    https://au.norton.com/breach-detection

    seem to be through a network "(unknown [127.0.0.1])" concealing the span source
    23.247.15.203 layerhost don't seem interested!
    As the unsubscribed spam  seems phishing you might try 
    US CERT phishing-report[AT]us-cert[DOT]gov *Don't expect the US FED's to care either*
    Their job is flameproof can't be fired IMO!
    The web links are Chinese "Hong Kong"
    Name:        count.bestedm.net
    IP:        43.135.35.107 abuse for IP  as139341_abuse[AT]aceville[DOT]net (SpamCop is in error)
    Aliases:    count.ronhamjinten.com
    Domain:    ronhamjinten.com
    you need to complain to Registrar DomainAbuse[AT]service.aliyun[DOT]com

  17. 3 hours ago, ninth said:

    60.251.163.7 discarded as a forgery, using 185.56.86.136

    IP forgery by spammer.

    The links in the email are registered by nic.br mail-abuse@cert.br host hostinger US

    60.251.163.7 has been hard coded by SpamCop to go to 185.56.86.136?
    Could be a legacy issue?
    60.251.163.7 Abuse address is hostmaster[AT]twnic[DOT]net[DOT]tw

  18. 10 hours ago, display said:

    Both https://www.intertor.net/ and related https://avito.pl/ are websites of supposedly some 'fiber internet provider', but they look more like generic placeholders than anything else.

    My guess they are controlled by the spammers themselves.

    Can you update the website so it wouldn't suggest sending reports to them?

    SpamCop don't send reports to website Registrar just to the IP the domain resides on
    If it did
    Name:        www.intertor.net
    IP:        185.35.199.240
    Domain:    intertor.net

    Name:        www.intertor.net
    IP:        185.35.199.240
    Which needs yo go tp
    Domain:    intertor.net
       Registrar Abuse Contact Email:  abuse[AT]key-systems[DOT]net
    INSTEAD
    SC would send it to
    abuse-c[AT]intertor[DOT]net

    learn how to send a URL track top of page BEFORE you submit
    like
    https://www.spamcop.net/sc?id=z6865456272zb80b6714137b6a769602c5c935b6318ez

  19. 3 hours ago, Lking said:

    Are your reports getting to SC? After sending a spam, even if you do not receive a response the spam should be in your SC queue to be approved. If it is not there then your email provider is blocking your outgoing email because of the spam content, or they have outgoing settings that fail to connect to the SC server. If they are not sending or are trying and failing to sent, your outgoing email they should send you some kind of a notice.

    On the other hand, if your submitted spam shows up in you SC queue, then your email host could be blocking email from SC. In the passed it has been common for ISPs to block email with the word spam in them. 

    Sense some are coming through, it may be informative to run a test: Forward some spam, one at a time, spaced out to see if there is a threshold when they start blocking outgoing or incoming email. Let the forum know what you find.

    Gmail often blocks my spam reports to abuse desks, because they contain spam.
    Copy and past to Spacop Web page is the best method

  20. 4 hours ago, Steve said:

    It usually says something to the effect of "Reports disabled for abuse AT sendgrid DOT com", but no explanation by the parser is given.

    Used to but rarely now!
    SpamCop reporting is easily disabled.
    It's not hard for ISP's to stop receiving SpamCop reports but guessing takes time for admin to log reason
    Sendgrid are masive email platform unlikely to be ever blocked by SCBL

    https://www.spamcop.net/fom-serve/cache/77.html
    IMO free email need to be scrutinized or they are just overrun by spam bots
    https://sendgrid.com/free/
    Twitter/X is attempting to remove what was 90% full of bots I believe
    Discourages people from signing up, I like a VPN so I always get confirmation messages
    so I just read news links without signing in

×
×
  • Create New...