Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable. Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.
  2. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I use exim and spamassassin for that bouncing spam during the SMTP connection. Once an email is sent on the SMTP communication it is scanned by spamassassin and if good, the SMTP accept command is sent. This way, the sending server has to deal with the spam. If the sending server wrongfully accept to relay the email and didn't verify the address, then it will be bounced to the server admin so they can fix the hole.
  3. Ooops. Sorry, by "opt-in check" I meant single or double opt-in. Some of the big social media sites are not even doing the single opt-in. Yeah, some picked it up and starting doing the double opt-in, but only took a few years and they all forgot about it. Sometimes I wish people didn't have a short memory. In one spam report, I put a note that they should delete their email list and should be using "double opt-in" and then the spam stopped very quickly.
  4. That is why I prefer imap/ssl when possible because thunderbird always seems to work for me. Maybe a webmail version of outlook might work for you, if you have one.
  5. Bob, I am getting the reporting noticed that it accepted my attachments as normal. Are you still having issues with this?
  6.  yeah, sure Rule #1 Sounds like a business might not know about the double-opt-ins. If they don't have any opt-in check, they they really should change their wording to "some subscribed using your email address to....."
  7. gnarlymarley

    Unable to Register Mailhost

    It also might take the email address in each received line and try to compare it. If your ISP adds something like .local to the host that might be something that could make the parser think it is a completely different domain/email address. Might be able to make sure that email is the same for every received line. We can hope your solution works.
  8. gnarlymarley

    SpamCop says it's too old, it's not

    ~o~, I have seen it where the spammers inject a Received line with an old date. It might be good to check that you have mailhosts enabled too where spamcop will only trust the header added by your ISP. If it is getting to that header, then the spammer should not be able to affect your ISP's date. I have also seen some ISP border servers "hold" the emails for more than two days, which will make them old.
  9. gnarlymarley


    I don't think it is useless either. In researching the whole /24, it does appear this might be some snowshow spamming. Hopefully other people will report their spam soon too so it can be listed. Too bad they haven't sent any to me. I agree. It may take some time for this to be listed.
  10. If I remember correctly, this bounce flag button was very noticeable. It had replaced the field where you can paste in your spam. I think this is something you would have noticed. If it is still not working for you, you might want to try the deputies[at]admin.spamcop.net as I believe the have access to the mail server logs.
  11. gnarlymarley

    Link obfuscation flaw?

    One benefit of snowshoe spam that I can see, is the spammer is not able to put in a single IP where the "ISP has resolved this issue". This means that I am able to report every spam. I have seen where the ISP/spammer marks "The issue is resolved" and by the time I go to report the spam, SpamCop doesn't let me further report as the issue has been "resolved". (Mole reporting just changes the resolution time to the current time.) This also prevents me from adding to the block list statistics.
  12. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    Looks like they are striking back with a new set of links for me. (Google is not the source of the email, but the links inside point there.) I am starting to see a number of links in the body where one of the following domains appears multiple times with a different four character alpha numeric code. https://kolw.page.link/4_digit_alpha_numeric https://lopw.page.link/4_digit_alpha_numeric https://johr.page.link/4_digit_alpha_numeric I will see how long it takes to for google to respond. With each message containing 10+ unique links it would appear that they can sign up faster than we would ever be able to shut them down.
  13. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    That time can be damaging. Amazon is four days and I think theirs is too long. By the time a week goes by a spammer could have already moved on anyway, so the account could be abandoned by the time they shut it down. For me, I would make it no longer economically viable. If I could speed up the disable process, then the captcha alone would deter them. It may be they figured out who I was and dropped me off their list, but not likely. Probably what is more likely is mine was different spammer.
  14. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    I think my reports were successful. All my spam coming from the google cloud seems to have stopped.
  15. I have seen this a few times in the reply email after I forwarded something to my submit address. As near as I can tell, the submitted spam seemed intact and I was able to report it. Judging how it moved the subject line of line up to between when vmx.spamcop.net got it from me and sent it onto the next node, I would guess this was done by the external vmx.spamcop.net node. Received: from vmx.spamcop.net (prod-sc-smtp8.sv4.ironport.com []) by prod-sc-app010.sv4.ironport.com (Postfix) with ESMTP id B579451B67 for <submit.xxxxxxxxxxxxxx@spam.spamcop.net>; Mon, 6 Apr 2020 20:02:23 -0700 (PDT) Subject: [WARNING: UNSCANNABLE EXTRACTION FAILED](Ma
  16. gnarlymarley

    Change your password in this Forum

    I can say it was weird that both spotify and pinterest had weird interests picked, but I didn't pay attention to netflix. I can verify that my gmail accounts were not accessed as at the bottom of webmail there is a details button to tell me where the last logins came from. Spotify and pinterest ask me to confirm only once, while the acounts were being used, but netflix spammed me daily to confirm. So I can say that noone of mine had emails that were confirmed (I know this when I opened up the confirm email the link said it was still waiting for me to confirm), but clearly the accounts were being used. Interesting that netflix didn't care about me reporting all their confirm email notices through SpamCop. With pinterest I got a human on real quick.
  17. gnarlymarley

    Change your password in this Forum

    After linkedin got hacked a few years back, I went to unique passwords so I could tell who and where the hack occurred. I had this happen to me recently but it was spotify, instragram, pinterest, and netflix. What I found was interesting with netflix is they appeared to be using the account to get a free month since they did not verify the email before allowing services. I am not a fan of single-opt-in services nor have I been for over two decades.
  18. I did have see some delays this morning, but you said it happened this past year. Last time I had this happen to me (where all inbound emails were lost) I had a "SMTP disabled" with a button to reenable on the reporting page. If you do not have this button, I would suggest you contact the deputies at deputies[at]admin[dot]spamcop[dot]net as per https://www.spamcop.net/fom-serve/cache/12.html. I believe they have the ability to look at mail servers logs to help in the research.
  19. gnarlymarley

    Unable to register - Invalid CAPTCHA

    I am not sure what I was thinking either. I went back to look at Ostap's post and he has the image with the spinning wheel. I think I was just asking for confirmation. Interesting. I have tried this with this on edge, internet explorer, chrome, and firefox on win10, win vista, and win 7 and it seems to work for me. I also tried it with chrome on android and works. I have both AVG and avast, but web http filter is turned off for me. (My win10 is a work computer and uses the work's proxy filter, so I might not be able to duplicate the issue on my win10.)
  20. Sounds like the administrator of the server you were trying to send to has mistakenly put "https://www.spamcop.net/bl.shtml?" in their reject message. You might need to contact them to see why they think it is on the blacklist when it is not.
  21. gnarlymarley

    Multiple spam redirecting to TopOnlineBargins

    I found a term for this called snowshoe spamming. http://forum.spamcop.net/topic/43662-spam-from-91192400-9119243255-and-21761730-2176173255/?do=findComment&comment=151467
  22. gnarlymarley

    Multiple spam redirecting to TopOnlineBargins

    They sent it from different ISP to limit how quickly their IP is put into a blocklist. If they can jump around enough, their can keep sending out their spam for days. Now if everyone who got it reported it, we could get them on the block lists faster. This is why they like to remotely use routers and IP cameras to send their spam as they don't care if good people get blocked. SpamCop does have requirements to be added to the blocking list. My guess is what you saw for the change from Mivocloud to Psychz is that either they wanted to change, or Mivocloud turned off their service and the spammer moved on. (In my opinion, the faster we inconvience the spammer, they less they will desire to spam.)
  23. If the administrator doesn't care (or is even supportive of the spammer's actions), then that it will continue. What I did in the past (because they kept jumping around on IPs) was to block the whole IP range first in a firewall, then I did my own block list. This got their attention and they moved on to another ISP. This might be an issue as if you have the block list enable, then the reports stop and the IP falls off the list quicker. Hopefully, they run across a spamtrap which I believe it will continue to accept spam while it is on the block list.
  24. Being on a BL is only as useful if your email server/spam filter is configured to use it. A lot of providers discount BLs these days because some honest people can be blocked. Some admins have got overwhelmed by spam reports and just blocked all of SpamCop. Having a report sent by other means might cause the admin to ignore and block reports those too. I would prefer if the admins would just take action quicker rather than to just hit the delete all button.
  25. gnarlymarley

    Increase in spam out of google lately. Anyone know why?

    The problem with the week delay will be a similar reason why people complain about being on the blocking list. Spammers will use it to somehow deny real legitimate customers access. There will be some fine line somewhere where they could get it to work, but I don't know where that line is. It is interesting that spamassassin has three sections, not spam, spam, and an overlapping area. As a real person, I wouldn't want to wait a week but I do agree that spammers should wait. (But then with enough money, the spammers would probably sign up as a business and they would probably bypass the delay.)