Jump to content

gnarlymarley

Memberp
  • Posts

    835
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. anyone8, as per Lking mentioned some of these domains are flaky. What I do is to keep the tracking URL and then go back to it a few minutes later to see if SpamCop would pick up the IP. Sometimes waiting and refreshing works for flaky domains.
  2. @Brendon, could this be what you might be talking about? ;; ANSWER SECTION: spamcop.net. 251 IN NS ns1-11.akam.net. spamcop.net. 251 IN NS ns1-90.akam.net. spamcop.net. 251 IN NS ns1-109.akam.net. spamcop.net. 251 IN NS ns1-73.akam.net. spamcop.net. 251 IN NS use1.akam.net. spamcop.net. 251 IN NS asia3.akam.net. spamcop.net. 251 IN NS ns1-93.akam.net. spamcop.net. 251 IN NS ns1-117.akam.net. $ dig vmx.spamcop.net @use1.akam.net ; <<>> DiG 9.18.20 <<>> vmx.spamcop.net @use1.akam.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43587 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;vmx.spamcop.net. IN A ;; ANSWER SECTION: vmx.spamcop.net. 300 IN A 184.94.240.112 ;; Query time: 18 msec ;; SERVER: 72.246.46.64#53(use1.akam.net) (UDP) ;; WHEN: Sat Mar 09 07:06:23 MST 2024 ;; MSG SIZE rcvd: 60 $
  3. One possible alternate to the SpamCop blocking list could be SpamAssassin. You can tie weights to SpamCop such that it would take more than one Blocking list to block spam. You can also whitelist email addresses or make rules that override the SpamCop blocking list. if certain keywords show up in that email.
  4. I changed from using RBLs to using SpamAssassin. Now using SpamAssassin for me, I can do "and/or" rules where just because something might be on the SpamCop blocking list, it is not blocked unless it is also on another RBL as well. (And I can add a weight percentage to each RBL.)
  5. I get that mailhosts forgery message if my ISP changes or I try to submit an email for an address not on my mailhosts. You might need to resend the mailhosts email setup without deleting the mailhosts entry to have the mailhost entry refreshed.
  6. Are you using a shared IP? https://www.spamcop.net/w3m?action=checkblock&ip=40.107.94.90 Looking at the blocking list entry, it looks like someone maybe reporting emails as spam to SpamCop. Some things to note, you might want to check that your email list is using double opt-in or else anyone can add an email address. You might also need to check routers and cameras have not been hacked.
  7. Most of my recent reports have a "Cache/Refresh" link I can click to have it update from the whois listing.
  8. You know you are irritating a spammer if they are trying to retaliate. The only real way to make a spammer think your account is dead is to reject the email at the border server. You might be able to accomplish this by "blocking" the user and sending it to the spam folder, but most of the spammers will just try a different address to get past your filters. Since Gmail and Microsoft don't let me control the border server, I setup my own email server and use SpamAssassin to filter out the spammers. A few fine tuned rules and it blocks the spammer. In watching the rejections, I noticed that some spammers retry more often when it rejects.
  9. A few notes to add to Lking;s post. You might want to check that your IP cameras and routers are secure. You might also be sharing an IP with someone who is sending email that is causing it to show up on multiple blocking lists.
  10. You do have to click each link in the mail for every spam. I believe SpamCop did this so that you would double check that the message is actually spam (because we don't want to accidentally report good messages). Now if the email address was never used for legitimate email, then I believe you might be able to work out using the quick.xxxx8888xxxx8888xxxx@spam.spamcop.net address. (I believe you might have to work with the deputies to have this turned on.)
  11. Wow, they finally got blocked. One thing to note is that Microsoft was warned numerous times before their inaction allowed the IP to show up on the blocklist. I have been getting abuse from their IP with a few messages a day from a .shop address trying to immitate some paypal links.
  12. Could it be an issue with the HTML formatting? I see the first link doesn't have the closing tag. The third link has the tag formatted wrong. The second link has a IMG in the middle. Also, the content boundaries seem a little strange.
  13. I setup my own mail server for this reason years ago. I try to avoid forwarding as an attachment directly through one of the "free email accounts" because they seem to flag them quicker if they are an attachment heading to a spamcop submit address.
  14. fe80:: is the local interface address and is not to be used on the internet. It is used to dynamically acquire an actual IPv6 address. More likely that one of the server's IPv4 address is on the blacklist and resending the email went through a different outbound server. I have heard that a lot of people get spam from outlook.com/onMicrosoft.com. So I wouldn't be surprised if they had a server on the black list. Because of this kind of issues with the random blocks, I now lean toward using SpamAssassin instead of just a single blacklist. It takes a combination of various keywords and multiple blacklists in order for me to block inbound email in my server.
  15. So, I believe in the forums that there are two types of Microsoft spams. One is from the IPv6 issue where Microsoft is using millions of addresses internally, but I believe SpamCop mailhosts only remembers fifteen. The other, is where they are actually coming from microsoft as you have listed. I believe the *.onmicrosoft.com might be their cloud setup. For some reason, I seem to have very little spam the past week for some reason. The only suggestion I have (after you are attempted the reporting to them) is to report as many as you can to feed the blocking list.
  16. The SpamCop blocking list is not tied to emails, but it is based on the IP 54.240.27.58. I currrently do not see that entry in the block list, but it possibly could have been when they tried to send you the email. The receiving server should have an entry for "dnsbl/bl.spamcop.net" and would have sent a response with the following link. https://www.spamcop.net/w3m?action=checkblock&ip=54.240.27.58 54.240.27.58 not listed in bl.spamcop.net
  17. The SpamCop blocking list has a special formula where it takes multiple people over some time for it to be listed. I believe they have this so that a spammer cannot get revenge and just start adding random servers to the blocking list. That said if other people are not reporting all of their spam, then it is not likely to be listed.
  18. I believe spammers started doing that around the turn of the century to get past the SpamCop reporting. Be nice if the links could be consolidated.
  19. This looks like rbl.websitewelcome.com is the block list and then send you a link to www.spamcop.net. The admin of the server receiving the email has a problem with the setup. Check with the server administrator of the receiving server to see why they setup the explanation up wrong.
  20. Another solution could be to bundle them by hostname, since most of mine are all the same hostname and going to be sending one email for all the links....
  21. It looks like the Chain test failed for the name between the first Received line and the second. 185.56.86.0 is not 34.28.10.218. Somewhere a header got lost or else the server has two IPs. Chain test:instance-us-central1-g787.prod.antispam.mailspamprotection.com =? delivery.antispam.mailspamprotection.com Host delivery.antispam.mailspamprotection.com (checking ip) = 185.56.86.0 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com Host instance-us-central1-g787.prod.antispam.mailspamprotection.com (checking ip) = 34.28.10.218 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com
  22. If they are sending from your domain, you might want to look into SPF. SPF and SRS were originally designed to protect the mail from headers and stop the spoofing.
×
×
  • Create New...