Jump to content

gnarlymarley

Memberp
  • Content Count

    560
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I had a spammer try to use the google cloud, but they sent it to my spamtrap. Mysteriously everything got reported and they appears to be kicked off the google cloud. My guess is if we keep up reporting it, the spammers will give up on using google's systems. The speed of reporting seems to have a great effect on causing the spammers to no longer want to waste their time setting up a google cloud server.
  2. gnarlymarley

    Straight to tracking URL?

    The issue is the double dot in the Received line. The two dots make this an invalid record. If you change it to a single dot, it should submit.
  3. gnarlymarley

    spam from Google Mail Groups

    This is your logged link to which we do not have access. The link I would be able to access is called the tracking URL on the page.
  4. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    From my experience, google seems to better to external people than to their own users. From the spam I reported that came from the google cloud, it seems mine stopped in about two weeks. Sure is much faster than amazon's two months...
  5. The body of yours seems missing, so I resubmitted with a new body and I get the same thing. There seems to be a problem somewhere else in the headers that is confusing. If you look at my completely changed message ID line as below, then you can see that the message body (from the View entire message link) seems to be put onto the end of the messageID line (from the tracking URL). There seems to be something else than just the $nul that is going on here. with $nul: https://www.spamcop.net/sc?id=z6620984216z1309884122860acc9adaeae9dbe67578z without $nul: https://www.spamcop.net/sc?id=z6620984773z5d37101fab5fd6f6b535b8b6f8eca868z Completely changed message line: https://www.spamcop.net/sc?id=z6620985295z6cd84be9d2a4f3f7ab69843964529431z
  6. I so sent in spam reports from a different email and I do currently get it going back to my email like you expect. I did have a recently time where I tried to forward a spam using gmail to amazon and google blocked it. This is one of those situations where I like to see the bounce. (However, I do not like the bounce after accept when it is from externally.) If it is being blocked by your work there might be an option where you can go into the sent item and see a sending status there.
  7. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Mine has switched to using a new shortener of http ://owl.li/**********.
  8. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Yep, it did come from google. I guess having one recipient is too much for them. I submitted it to amazon using a different account and it went through. Funny how the original email is not blocked, but attempts to report it are.
  9. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Well, now this is new. I just got a bounce from amazon. Hard to tell if gmail rejected my report to amazon or if amazon did. Final-Recipient: rfc822; ec2-abuse@amazon.com Action: failed Status: 5.0.0 Diagnostic-Code: smtp; Message rejected. See https://support.google.com/mail/answer/69585 for more information. Last-Attempt-Date: Sun, 16 Feb 2020 15:23:11 -0800 (PST)
  10. gnarlymarley

    Why organisation ip Blacklsited?

    Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries. There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop. If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus. Another thing you might want to try is one of the following commands around the time an email is blocked. If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop. dig any 43.38.225.195.bl.spamcop.net nslookup -type=any 43.38.225.195.bl.spamcop.net
  11. gnarlymarley

    Why organisation ip Blacklsited?

    I don't see this listed in the blocking list. 195.225.38.43 not listed in bl.spamcop.net Being a user as yourself, I also don't have access to view email addresses that may have caused any listing. From https://www.spamcop.net/sc?track=195.225.38.43, it looks like abuse[at]gazprombank[dot]ru should have all the reports. It takes more than one user or email address to be listed on the blocking list. The abuse address should have most of those reports.
  12. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs?
  13. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    I have not got that. Mine has only said "This is a follow up regarding the abusive content or activity report that you submitted to AWS. We have investigated this report, and have taken steps to mitigate the reported abusive content or activity." Which I wonder if they are taking down the correct customer or are just sending a stock reply. I am not sure amazon is doing anything on this or else maybe the spammers themselves are running support. Amen.
  14. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    Hopefully, this keeps working out for you. The last BBB case I opened, the provider just laughed at me and the BBB didn't do anything about it.
  15. gnarlymarley

    Spamcop not parsing Gmail spam correctly?

    After me going back through my stuff, I was not able to locate a spam that had a BCC to me. I believe I have had one, but I download the spam over imap/ssl and it probably doesn't keep the BCC on the imap side. Since the field is an added by the receiver mail program, I would probably just remove the header before submitting.
  16. gnarlymarley

    Why does abuse@amazonaws.com get /dev/null?

    Agreed. As for action, I believe all we can do at this point is to feed the Blocking List and if capable, use the Blocking List on your email server. Also, from what I can tell, the directory in the googleapis URL seems to be unique to the receiver email account. I have two email addresses that are getting the spam and each account seems to have their own google links.
  17. gnarlymarley

    Spamcop not parsing Gmail spam correctly?

    I usually sent a note to the deputies about bugs at deputies[at]admin[dot]spamcop[dot]net. I try to include helpful information such as the link to this forum post or tracking URLs. The deputies have an internal bug tracker. https://www.spamcop.net/fom-serve/cache/12.html
  18. I had some other hosts appear when I setup mine when I originally setup hotmail, but they all appeared under the one entry. I believe mine came from other people who had previously setup mailhosts. Yours could be the same. If the mailhosts does not work for you, there is an option in a dropdown list to delete any entries you do not like and you can try adding again.
  19. gnarlymarley

    Unable to register - Invalid CAPTCHA

    Seems to work for me. Ostap, are you getting a spinning circle to the left of the blue "try another captcha" button?
  20. gnarlymarley

    Spamcop not parsing Gmail spam correctly?

    Gmail works for my reports, but then I am using fetchmail (over ssl) and an scri_pt that encapsulates the spam in an attachment. Are you using something like thunderbird or another mail client or the "Show Original" option found in the webmail? When I click the Show Original, my emails seem intact.
  21. gnarlymarley

    Spams received already outdated

    Yep, looking at the headers I see a jump from smtp26.services.sfr.fr to filter.sfr.fr for the two days. It appears that sfr.fr is internally delaying the emails (since they are coming from a 10.x.x.x private address). This appears to be the case. Looking at the "Received:" lines the border server seems to be catching the spam on time, but for some reason there is a delay going to the next internal server. It appears to be a problem on the SFR servers. I think what petzl is trying to say is currently SpamCop thinks 173.240.15.12 should go to abuse[at]dacentec[dot]com but the whois.arin.net (where people in North America gets their IPs from) says the IP should be reported to abuse[at]bigboxhost.com. As long as abuse[at]dacentec[dot]com keeps rejecting spamcop reports, manual sending may be required. Looking at the routing details, it does appear that spamcop does not want to send to abuse[at]bigboxhost[dot]com, but would prefer dacentec even though it bounces.
  22. gnarlymarley

    Why does abuse@amazonaws.com get /dev/null?

    I can agree on this, however my recent troubleshooting appears that the person/people that are managing the abuse mailbox do not seem capable of clicking on the tracking URL. Also, they do not accept attachments either. I found that I have to copy out the spam email to the body of a message when I manually send to the abuse mailbox. It would be nice if this could be automated such as appears with the level3, but amazon seems to keep changing the reporting rules.
  23. gnarlymarley

    no TLS?

    My guess is that when the forum was setup not very many people were using https. At that time, the FBI and NSA had the capability to decrypt https trafffic. The place where encryption should be is on the login page. In my own opinion (completely my own opinion and not anyone else's) a public accessible forum (that does not require a login to read) should not need TLS or https encryption on the pages that anyone can read.
  24. gnarlymarley

    reveal obfuscated url for reporting

    Back on v4, I thought I remembered that spamcop use to do this with some URL forwarders. I ran across another post (shown below) before the V5 upgrade and I suspect they took out the unobfuscation section.
×