Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    how to request details on the specific complaint

    I am a volunteer too. You mentioned a summary report and ARF format. If I remember correctly those came from the "ISP Control Center" account as an hourly or daily email as "Third party interested in daily aggregate summary reports". There would have been a separate email that Lking is talking about that contain a link to the spam. This email would have been sent to abuse address as defined in your local internet registry's whois service.
  2. gnarlymarley

    Invalid certificate of forum.spamcop.net

    My firefox showed invalid certificate until I made a permanent exception. Some of the providers use multiple ssl certificates for a connection, but this is not one of those sites.
  3. gnarlymarley

    Reply-To abuse

    That is why I either use the imap downloading offered in email client downloads, or if I have my own server, I use fetchmail. This way, I do not abandon the old account and replies can come from the new account.
  4. The date in the receive line should be added by Yahoo's servers, and the spammer should not be able to trick the server into putting in the wrong date. As it is possible that there could be a bug in Yahoo's servers that they might need to fix, it is more likely that Yahoo has either the wrong date or a problem with their server's ability to deliver email. Yahoo should be the one to fix such a bug, queue processing, and the time on the servers.
  5. gnarlymarley

    spam with no sender source? How is that?

    Hmmm, I wonder if it works for you if you wait without doing anything. Such as revising a tracking URL that didn't work after an hour or two. If so, might be some other issue.
  6. gnarlymarley

    Spam by SMS?

    sounds like something tied to the US Federal Trade Commission.
  7. gnarlymarley

    Disappointed in links

    I found some of the pages are still there, but when they upgrade the forum a few years back the links changed. Trying to search for the pages seem to bring the up for me. I don't like how the links don't always work after that upgrade.
  8. gnarlymarley

    OVH.Net spam ?

    I am curious if you are not getting bounces or if the invoice emails are going to their spam folders and they are not paying attention to it. Google has made some changes to their spam folders a few years back and now I have to check the spam folder on a daily basis for non-spam email.
  9. gnarlymarley


    Also good to know is that some people would make their own blacklist or point it to spamhaus, but leave the "data response" section indicating it was done by SpamCop. The following is one configuration that was found a few years back and you can see that there can be more than one blacklist on the message. reject_domains: deny message = rejected because $sender_host_address is in a black list at bl.spamcop.net dnslists = bl.spamcop.net : sbl.spamhaus.org : xbl.spamhaus.org I do not like how someone people left their configurations blaming SpamCop if (such as this example) the IP is on a blacklist at SpamCop or spamhaus. If your mail server IP is not listed in bl.spamcop.net, either it was for a small time or the email provider has their own blacklist and is blaming SpamCop. Those, I have to use my hotmail email to ask them why since they could be blocking my other address.
  10. gnarlymarley

    SpamCop Emails To Me Bounce

    If they cannot remove the filter, maybe one possible option is for them to whitelist the mfrom domain of SpamCop.net or give it a non-spam score. It would be nice to not use the word "spam" in a filter. But then what kind of spammer would actually use the word "spam" in their emails?
  11. gnarlymarley

    Reply-To abuse

    Spammers started using Reply-To a few decades ago because they could mask the from as an invalid and prevent bounces. Yep, and SpamCop does not send a report for the "from:" address either. Only the source IP, any relay IPs, and the URLs are reported. This is an interesting idea, but the from and reply-to could be spoofed to catch innocent people. I think I almost vote to have a feature like this added, if it were not for the possible spoofing.
  12. Eventually you should start to recognize the external and internal headers and might be able to shorten step 3.
  13. gnarlymarley

    spam with no sender source? How is that?

    One question that I am not sure if you know, you can revisit any of your tracking URLs and from my experience they will get any mailhost changes you make. You have about 48 hours from the time the email was received by your border server to report. My email provider's IP is dynamic and I have never had a problem reporting or using mailhosts. Then I use exim and KNERD seems to be using postfix. Maybe SpamCop might be parsing the headers from different servers differently?
  14. gnarlymarley

    spam with no sender source? How is that?

    The mailhost update may be why both seem to be reportable now. Tracking message source: Tracking message source: I have not noticed any delays when I update my mailhosts.
  15. gnarlymarley

    spam with no sender source? How is that?

    Outernaut, I expect to see an IP somewhere in the Received line such as the following. Received: from oksupp ([IP.add.re.ss]) by elm.nocdirect.com Without the IP address in the Received line, I would have to assume this came from the internal site directly. Which is probably what SpamCop is doing.
  16. gnarlymarley

    SpamCop on cPanel - do-able?

    I was reading on https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WhitelistingEverybody and see that one should be able to match the IP using the following: header LOCAL_RCVD Received =~ /from .*\[173\./ describe LOCAL_RCVD Received from a local machine score LOCAL_RCVD 50 This will depend on how your mail server formats the Received: line.
  17. I wonder if SpamCop might be having problems with the IP of the receiving server too. If you change it to the follow, it will probably work. It may only want one entry for the receiving host. by www.enchanter.net with esmtps
  18. gnarlymarley

    Spamcop says email possible forgery

    Spammers use the unicode and base64 to try to hide from spam filters. (Most spam filters can be plain text.) If your filtering can do regular expressions then you can look for UTF-8. Some filtering programs will let you filter for the "raw" headers or the decoded headers. From: "=?eq7rzAaUmUTF-8?B? I suspect this might be a mix, but I do see a UTF-8 in the middle. Usually that start the unicode section.
  19. You can try reporting to deputies[at]admin[dot]spamcop[dot]net, or by requesting a feature in the New feature forum. Many have mentioned a similar problem in the past Microsoft mailhosts missing IP addresses. LaserMoon, I believe the issue to be that microsoft opened themselves up to using around 5,192,296,858,534,827,628,530,496,329,220,096 IP addresses when they moved to using IPv6 public addresses and spamcop might not be able to store them all.
  20. gnarlymarley

    "Sorry, SpamCop has encountered errors"

    mgolden, I am not sure if this could be your problem but last time I saw this message, it turned out to be one email of mine was forwarding to another. If you have multiple emails involved in a chain then you might need to report them in a backwards order, such as under the "how" section of https://www.spamcop.net/fom-serve/cache/397.html.
  21. gnarlymarley

    hetzner.de spam source

    I noticed my reports seem to be going through now to abuse[at]hetzner.de. (https://www.spamcop.net/sc?id=z6647053450zec936806eef4e1db9b66291bdb6b3a51z) Maybe something has changed and they are ready to take action?
  22. gnarlymarley

    Eonix.net helping spammers?

    fritz2cat, The link you gave seems to be only accessible by you or SpamCop deputies. However, you can find an accessible link with munged information if you click on that link and then click on "Parse". That page should have your Tracking URL near the top. (As a side note, if you view that while logged out, you should see the munged information on it.) Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net
  23. gnarlymarley

    Eonix.net helping spammers?

    I automated this using cron scri_pt and a firewall. The problem I saw is the scri_pt happened to catch some legitimate emails and blocked those hosts until it was too late for me to get them back. (There is a grey area of false positives and false negatives where something will be missed and legitimate stuff will be caught. This is why I prefer filtering the emails rather than straight blocking.)
  24. gnarlymarley

    How to know who is spam my IP address?

    Hopefully your website uses something like a confirmed opt-in. There are spammers that have been going around to websites and signing up other people's email addresses in order to get revenge for being reported for actual spam. The reports don't seem to be enough to make it onto the blocklist: https://www.spamcop.net/w3m?action=checkblock&ip=
  25. gnarlymarley

    OVH.Net spam ?

    I don't get auto-acks from OVH. I am guessing that was an IP OVH (such as a router) that they didn't lease out because the spam stopped so fast. https://www.spamcop.net/sc?id=z6645272240z11289f59c30f6cd5bc6b75151bc01042z Maybe that is why OVH might takes action on some and no action on others.