gnarlymarley

I don't see Eonix traffic for some reason, so I am not able to test this and it will probably need some modification. But something like this spamassassin rule, which was built using the above criteria, should work for you. header RULENAME1 X-spam-Relays-Untrusted =~ /^[^\]+ ip=50\.[23]\./i header RULENAME2 Received =~ /BestWebHosting\.com/i header RULENAME3 From =~ /BestWebHosting\.com/i meta RULENAME RULENAME1 || RULENAME2 || RULENAME3 score RULENAME 1.5

That will probably take a while as there are a lot of pages out there. I think some of the volunteers use to fix the pages before they died.

I get emails from a different google accounts. They change to a new address after about thirty report.

Looks like both domains are gone as I get a nxdomain response to the look ups. http://forum.spamcop.net/topic/9519-sendmail-woes/?tab=comments#comment-154703 This may be why: http://forum.spamcop.net/topic/14277-cesmail-system-changes/

I don't use the CES email forwarding either. I use deputies[at]admin[dot]spamcop[dot]net to get a deputy.

I don't seem to be affected on my email address that I used to sign up for SpamCop. I also do not use edge.

I have seen this lately when the spammer is using the same provider as one of my mailhosts. I just go and delete the related mailhost, submit and then I can put it back on. Annoying when the spammers start sending me spam from the providers I use . Mailhost configuration problem, identified internal IP as source

Do you have a tracking URL? I show abuse@gtt.net as the reporting address when I try a look up. Parsing input: 67.200.116.254 More Information. Reporting addresses: abuse@gtt.net

About 20 years ago, some of the sites would have a selected checkbox that there they would "share your address with third party companies". Though I am not sure if they are still using such a checkbox upon sign up, maybe the practice is still going on? If the places where you did share your addresses are not sharing it, then I would have to believe they were compromised.

Some SMTP mailers could try to send it to the A record if no MX. But then it appears there is no A record either. C:\>nslookup confiraseusdescontosepontos.com Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find confiraseusdescontosepontos.com: NXDOMAIN C:\>

Even though it appears it wants to send directly to the spammer, I don't see the domain and being valid, so this should bounce. C:\>nslookup confiraseusdescontosepontos.com Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find confiraseusdescontosepontos.com: NXDOMAIN C:\>

When the links are taken down (someone starts taking action against some part of the spam), it makes the reports satisfying.

149.255.60.65 is not a SpamCop IP. I think this might be your ISP that is rejecting the emails. Sounds like they accept spam, but don't let you forward it to SpamCop?

If you have the ability to add an email checker, I would suggest you add spamassassin as it would allow you to create a rule to reject spam if it has 8888 in the subject. I have noticed this too and my first email addresses to starting getting spam were hotmail and yahoo. I believe that some of the "free" address are sold to third party. Now I have my own domain too and I setup separate email address for each one, to use as a throwaway and also so I know which idiot may have shared it with the spammers.

The deputies have some sort of bug tracking/new feature database. Since this is in the New Request forum section, hopefully someone will see it.

I agree that they don't enforce double-opt-in. Someone signed up one of my spamtraps to a bando list and there was no double-opt-in.

Century link installed a new pedestal in my area. It serves the next neighborhood over. The problem with it is they didn't install a battery backup and it is fed by fiber. So when my power goes out, they lose internet. I am not sure if they will ever fix that.

I don't see mailhosts enabled on this. Mailhosts was setup as a way for SpamCop to find the border server. The LMTP lines seem to look normal. Could have also been a temporary look up issue that may have caused SpamCop processing confusion.

I would suggest putting your super secret submit address into the bcc, except some email servers could leave that in the email as it goes out. It would be good to know your email server before trying even the bcc. Probably the only safe way is to forward separate emails.

If it was a contact form, you should be able to look up the IP in the http logs. It would be good to have the form add some email headers, such as a "Received:" header that has the IP, hostname, and protocol, just like your email server does. Another header maybe something like "X-WebForm:". Also, I would expect the receiving email server to show the IP of the server with the contact form.

Maybe came from a web form?

The tracking URL seems to be missing an IP on the Received line. Without that IP, it cannot proceed to report such IP. Received: from esteemcom by elm.nocdirect.com with local (Exim 4.93) (envelope-from <info@domainregistrationcorp.com>) id 1lT0m1-0006Jl-Cb for x; Sun, 04 Apr 2021 07:18:33 -0400

I don't see a refresh button on the page. After some research, it appears that this is plagued bu the whois "-B" bug. Refreshing is not going to bring it up. You will need want to contact the deputies[at]admin[dot]spamcop[dot]net or just submit it manually.

Sounds like someone is attached 18 emails and sent to your reporting address. Yes, you can email the deputies[at]admin[dot]spamcop[dot]net and they can change it for you.

Yeah, probably a good idea to send the link to this forum to the deputies at deputies[at]admin[dot[spamcop[dot]net.