Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Is there a SpamCop Outage

    maybe not the problem, but a possibility. If I recall correctly, there used to be a setting in opera that would allow bidirectional usage of other people's internet. I think it was there to enable a faster download of other people on your same ISP to use their cache to download webpages faster. If this option was enabled, maybe it could have contributed to the issue.
  2. gnarlymarley

    Cannot find ip range in whois output

    one possible option would be to do a regex swap when the whois is pulled into the cache such as: s/inetnum/inet6num/
  3. gnarlymarley

    blocklist removed

    One note is that you can try is to do a local lookup and see if it is cashed in the blocklist by your local DNS. Another thing to note is that a few decades back, there were some email providers that mistakenly blamed the spamcop blacklist for blocking email when in fact, it was their own blocklist they were using. nslookup -type=any If the IP is not on the blocklist, but is still blocked, it is likely the email provider has setup a badly configure rbl entry in the receiving email server.
  4. gnarlymarley

    Reporting spam has no effect

    I probably have a million plus reports of the past few decades that sure keep my average up. I believe I saw the term snowshoe spamming. that explains this. I have about a thousand of my own spamtrap email accounts and one thing I noticed is that the IP never seems to be repeated. If you look at what Lking sent above, the spammer is doing that do they will not get listed. Can be amazing how many IP blocks are out there that they can use with this "hopping" method.
  5. I don't see the "Forward as attachment" as an option in the webmail version. That is basically what it is, so you can save the "raw message" as a notepad txt file and then attach it to a new message. Or else you can use something like the thunderbird email client that forward as an attachment.
  6. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    My phone company has a special number that I can call that will disable callerID. Hopefully you also have this option to block callerID enabled, so they are not able to retaliate to your number. if they can see the callerID....
  7. gnarlymarley

    Eonix.net helping spammers?

    Either that or maybe see if your mail server supports special filtering rules. Before I went to spamassassin, I was doing weird helo accept/deny rules as well as maintaining my own blocklist. They can revoke the IP address for policy violations but that doesn't always stop the spammer. The ISP's ISP should be checking that their customers are using valid ranges. I had one in Europe that has assumed two class C networks without being assigned them. It took a few months for them to stop using them.
  8. gnarlymarley

    spamcop forum on IPv6?

    Can we get http://forum.spamcop.net to have IPv6 enabled similar to http://www.spamcop.net? From what I understand cloudfront.net seems to indicate it could be free. On 23 may 2020, risebroadband and verizon had a IPv4 routing issue that prevented me from accessing the forum because it was hosted at cloudfront.net. It took quite a few days to get the issue resolved. I still do not know who had the broken router, but if we had IPv6 enabled on the forum, it could have been accessible during this period. IPv4 Routing Problem: C:\>tracert forum.spamcop.net Tracing route to spamcop.invisionmanaged.net [] over a maximum of 30 hops: 2 12 ms 11 ms 11 ms 3 9 ms 21 ms 9 ms 63-248-56-128.static.layl0101.digis.net [] 4 8 ms 9 ms 9 ms 63-248-56-49.static.layl0101.digis.net [] 5 13 ms 11 ms 14 ms ip65-46-60-157.z60-46-65.customer.algx.net [] 6 23 ms 25 ms 23 ms [] 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 * * * Request timed out. 14 * * * Request timed out. 15 * * * Request timed out. 16 * * * Request timed out. 17 * * * Request timed out. 18 * * * Request timed out. 19 * * * Request timed out. 20 * * * Request timed out. 21 * * * Request timed out. 22 * * * Request timed out. 23 * * * Request timed out. 24 * * * Request timed out. 25 * * * Request timed out. 26 * * * Request timed out. 27 * * * Request timed out. 28 * * * Request timed out. 29 * * * Request timed out. 30 * * * Request timed out. Trace complete. C:\> kinda working during the only 10 min period of the day: C:\>tracert forum.spamcop.net Tracing route to spamcop.invisionmanaged.net [] over a maximum of 30 hops: 1 1 ms 1 ms 2 ms DD-WRT [] 2 11 ms 23 ms 14 ms 3 10 ms 12 ms 11 ms 63-248-56-128.static.layl0101.digis.net [] 4 11 ms 13 ms 8 ms 63-248-56-49.static.layl0101.digis.net [] 5 20 ms 19 ms 11 ms ip65-46-60-157.z60-46-65.customer.algx.net [] 6 27 ms 25 ms 26 ms [] 7 34 ms 43 ms 28 ms 8 25 ms 24 ms 24 ms 9 36 ms 27 ms 66 ms 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 * * * Request timed out. 14 * * * Request timed out. 15 * * * Request timed out. 16 25 ms 26 ms 28 ms 17 30 ms 48 ms 40 ms 18 * * * Request timed out. 19 * * * Request timed out. 20 * * * Request timed out. 21 * * * Request timed out. 22 * * * Request timed out. 23 25 ms 33 ms 44 ms server-13-226-234-24.lax50.r.cloudfront.net [] Trace complete. C:\>
  9. Rainer, This appears to be only the URL specified and not coming directly from your server. Running it through google translate, it appears to be the normal whois email address testing. Sounds like they are sending out spam to attempt to send a bill to random domains to try to extort money. Been a while since I got one of those. (I think what petzl is talking about is where I have seen IP cameras and routers get hacked and the spam sent from there, but this does not appear to be coming directly from your server. If it was coming directly from your server, I would check the server and any devices that might be sharing the same IP for possible intrusions.)
  10. gnarlymarley

    Invalid certificate of forum.spamcop.net

    Seems to still be the same. Maybe you can submit something to the new features to get it fixed. http://forum.spamcop.net/forum/10-new-feature-request/
  11. gnarlymarley

    Bad Certificate for SpamCop

    It would appear that the forum only does http. From what I can tell, the hosting is done on cloudflare.net. So as long as that is the SSL cert, then you can login using https. I would advise against sharing this password with other places. I found the following, so I am not sure if there are plans in the works to fix this. Maybe submit a new feature request?
  12. gnarlymarley

    New spammer trick?

    Okay, I am confused with the tracking URL. It seems to be the message you tried to report is one that was sent directly to your submit address. I see the vmx and the app009. Are you trying to report a spam from someone that sent it directly to your submit address? (I am glad your submit address was replaced by an x in here as I don't want to know what it is.) If your submit address is in the wild, I would suggest you contact deputies[at]admin[dot]spamcop[dot]net.
  13. I had a similar situation happen to me about two decades ago with an admin from a well known education institution confusing the internal links of the spam as the source of the spam. This is why I prefer to report just the source instead of the links inside. If I see any on my reports that might be valid (innocents caught in the crossfire), I uncheck those.
  14. gnarlymarley

    No Headers

    For me, if I copy the message to notepad first and maximize the window and then copy all again, I don't seem to have a problem. There appears to be a really long line added that has weird line breaks if copied straight across.
  15. Forwarding as an attachment contains some hidden lines that track message source. When forwarding (not as attachment) those tracking lines are lost. This is why SpamCop requires it to be an attachment. The lines that get lost when forwarding not as an attachment are the "Recevied:" lines as defined by RFC2076.
  16. gnarlymarley

    Spamcop captcha is not loading

    Cristian, The IP will be automatically delisted once the problem is resolved, and may have been already. I ran across the follow post about the captcha. I have not been able to duplicate the issue with the captcha not loading. If you are still having the issue, maybe you can try hitting the refresh button to the right of the circle to see if it will allow the captcha to load.
  17. gnarlymarley

    Unable to register - Invalid CAPTCHA

    Interesting, I ran across the following post about maybe the captcha could be a java scri_pt issue. Might be something to check out if you are still seeing the problem.
  18. gnarlymarley

    SpamCop says it's too old, it's not

    Without seeing a Tracking URL.  Sometimes a server is turned off when it is found spewing spam When turned on again it spews out remaining spam. ~o~, A tracking URL would be able to help us debug the issue. What you will be looking for is there is a "Date:" header and a "Received:" header. SpamCop does not look at the "Date:" header. It gets it time from the "Received:" headers. If you do not have mailhosts enabled, SpamCop will attempt to find your border server. The age of an email comes from the time gathered at the border email server.
  19. gnarlymarley

    Identified internal IP as source

    That sure is a lot of received lines. From what I can see, the source appears to be a fastmail user. SpamCop is really good at detecting company to company connections, but RFC9181 IPs can be assigned to every company. The source of will need to be looked at by a fasthost admin, which is why SpamCop gives you the message "identified internal IP as source".
  20. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Lets see if this helps. Spamassassin is a computer application that integrates with the email server for parsing spam at the time it is being received. For example, someone using a hotmail account could send email to my email account. My email server and spamassassin check the email for spamminess and either will accept or reject it. This happens while hotmail still has a connection to my server still open. The rejection notice will come from hotmail's servers as it is will not be able to send. As near as I can tell yahoo does not do any spam filtering, just address blocking. The filters only seem to be able to move spam to non-spam folders.
  21. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Will not be possible with yahoo. Hmmm, spamassassin plugs into the border email server. I know with my yahoo account they don't do much good for spam filtering. I think yahoo's only option is to block email address, but I am not sure the asterisk is working for me. This is why I went with my own domain and email server so I could do better filtering.
  22. gnarlymarley

    Eonix.net helping spammers?

    Some ISP do this and then return the old block and poor folks might get a spammy block when they request a new range. Years ago, I started blocking at the firewall level. Then I started blocking using a SMTP blocking list. Now I just use spamassassin and it makes the decision to block or not at the SMTP edge. This is the reason why I use spamassassin now is because clean emails can be on the block list and still be accepted, while spammy emails with the block lists it can tell the SMTP mailer to reject it. Spamassassin also lets me do some custom parsing rules which can single out ISPs such as eonix (either via headers, message body, or just connecting host).
  23. I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable. Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.
  24. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I use exim and spamassassin for that bouncing spam during the SMTP connection. Once an email is sent on the SMTP communication it is scanned by spamassassin and if good, the SMTP accept command is sent. This way, the sending server has to deal with the spam. If the sending server wrongfully accept to relay the email and didn't verify the address, then it will be bounced to the server admin so they can fix the hole.
  25. Ooops. Sorry, by "opt-in check" I meant single or double opt-in. Some of the big social media sites are not even doing the single opt-in. Yeah, some picked it up and starting doing the double opt-in, but only took a few years and they all forgot about it. Sometimes I wish people didn't have a short memory. In one spam report, I put a note that they should delete their email list and should be using "double opt-in" and then the spam stopped very quickly.