Jump to content

gnarlymarley

Memberp
  • Content Count

    561
  • Joined

  • Last visited

Posts posted by gnarlymarley


  1. 6 hours ago, Sven Golly said:

    Microsoft Edge notified me on login to my Spamcop account that my Spamcop account and password had been exposed in a trove and recommended changing passwords (which I did).

    I don't seem to be affected on my email address that I used to sign up for SpamCop.  I also do not use edge.


  2. I have seen this lately when the spammer is using the same provider as one of my mailhosts.  I just go and delete the related mailhost, submit and then I can put it back on.  Annoying when the spammers start sending me spam from the providers I use .

    Mailhost configuration problem, identified internal IP as source

     


  3. 2 hours ago, MisterBill said:

    But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.

    About 20 years ago, some of the sites would have a selected checkbox that there they would "share your address with third party companies".  Though I am not sure if they are still using such a checkbox upon sign up, maybe the practice is still going on?  If the places where you did share your addresses are not sharing it, then I would have to believe they were compromised.


  4. On 4/23/2021 at 7:41 AM, Snowbat said:

    40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.83.112.59 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.

     

    Even though it appears it wants to send directly to the spammer, I don't see the domain and being valid, so this should bounce.

    C:\>nslookup confiraseusdescontosepontos.com
    Server:         192.168.1.1
    Address:        192.168.1.1#53
    
    ** server can't find confiraseusdescontosepontos.com: NXDOMAIN
    
    
    C:\>

     


  5. 4 hours ago, Telboy said:

    So I am unable to forward spam as I get :

    149.255.60.65 is not a SpamCop IP.  I think this might  be your ISP that is rejecting the emails.  Sounds like they accept spam, but don't let you forward it to SpamCop?

  6. 15 hours ago, MisterBill said:

    Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain.

    If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject.

    15 hours ago, MisterBill said:

    I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids.

    I have noticed this too and my first email addresses to starting getting spam were hotmail and yahoo.  I believe that some of the "free" address are sold to third party.  Now I have my own domain too and I setup separate email address for each one, to use as a throwaway and also so I know which idiot may have shared it with the spammers.


  7. 56 minutes ago, franklin said:

    From the looks of the emails, at the very least Sendgrid doesn't enforce double-opt-in for their customers.

    I agree that they don't enforce double-opt-in.  Someone signed up one of my spamtraps to a bando list and there was no double-opt-in.


  8. On 4/14/2021 at 4:58 AM, karl said:

    the latest 2 are clearly marked as local (LMTP) and should be ignored, the earliest has a private address and is correctly discarded . there is one single relevant received header which states 149.148.224.72 is the receiving MX
    81.95.160.44 is the sending smtp client (MSA). but the sender is  discarded as a forgery and the edge server is used for reporting.

    I don't see mailhosts enabled on this.  Mailhosts was setup as a way for SpamCop to find the border server.  The LMTP lines seem to look normal.

    19 hours ago, petzl said:

    Just looked seems working

    Could have also been a temporary look up issue that may have caused SpamCop processing confusion.


  9. I would suggest putting your super secret submit address into the bcc, except some email servers could leave that in the email as it goes out.  It would be good to know your email server before trying even the bcc.  Probably the only safe way is to forward separate emails.


  10. 1 hour ago, Outernaut said:

    After reviewing @gnarlymarley and checking again, it may be they used a contact form.

    If it was a contact form, you should be able to look up the IP in the http logs.  It would be good to have the form add some email headers, such as a "Received:" header that has the IP, hostname, and protocol, just like your email server does.  Another header maybe something like "X-WebForm:".

    Also, I would expect the receiving email server to show the IP of the server with the contact form.


  11. 2 hours ago, Outernaut said:

    https://www.spamcop.net/sc?id=z6708342598za3c1a7e1620502b088a404a350ad0835z

    The tracking URL seems to be missing an IP on the Received line.  Without that IP, it cannot proceed to report such IP.

    Received: from esteemcom by elm.nocdirect.com with local (Exim 4.93)
    	(envelope-from <info@domainregistrationcorp.com>)
    	id 1lT0m1-0006Jl-Cb
    	for x; Sun, 04 Apr 2021 07:18:33 -0400

     


  12. 1 hour ago, Gingko said:

    I received another one (with 18 messages inside !!!).

    Sounds like someone is attached 18 emails and sent to your reporting address.

    1 hour ago, Gingko said:

    Is there a way to change my submitting email address (the one like submit.XXXXXXXXXX@spam.spamcop.net) without having to create a new account and delete the old one ?

    Yes, you can email the deputies[at]admin[dot]spamcop[dot]net and they can change it for you.


  13. 6 minutes ago, Harry Adams said:

    I think that you could send a message to Spamcop in order to describe this issue and get it solved quickly. A friend of mine did it a couple of months ago and it worked.

    Yeah, probably a good idea to send the link to this forum to the deputies at deputies[at]admin[dot[spamcop[dot]net.


  14. On 4/1/2021 at 10:34 AM, lartingyou said:

    Shouldn't SpamCop's default address be abuse@tinyurl.com for those links?

    I believe that originally SpamCop was setup to report URLs to the ISP hosting the content.  They did this to avoid reporting directly to the spammers, who at the time, would setup they own domain and abuse address.  Reporting spam to the ISP, SpamCop appears to look up the IP the domain is pointing to at the time and report that IP to the ISP.

    If we can trust the abuse of the domainname such as in this case, SpamCop should be able to report to the domain's abuse  address instead of to their hosting ISP.


  15. 1 hour ago, KNERD said:

    At this point, I just do not believe in those block lists anymore.

    This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin.  The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.


  16. 4 hours ago, Gingko said:

    Along with quite long mail with subject "[SpamCop] Errors encountered" and beginning with :

    Quote

    sounds to me, like you might be talking about the response email that would contain a tracking URL if it worked, but it is not working.  A normal reply would be a subject line "[SpamCop] has accepted 1 email for processing".

    Reply emails with the subject line "[SpamCop] Errors encountered" usually indicate a problem with the attachment on the sending email.  Even if I had mailhost problems, I would still get a sucessful reply with a tracking URL.


  17. 10 hours ago, dlongnecker said:

    When I report, it just goes to abuse@google.com and I doubt they do anything.   Any suggestions on how to curb this?

    Dennis, I think you might be right on the google groups.  It sounds like someone signed up for you and set up their password while pointing it to your email account.  I see a mailto that is not you that you might be able to try a password reset on any of the mailto addresses that are not yours to see if it is a forwarder address.  If not, sounds like you might be up to the mercy of the google abuse address.

×