gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
On 3/16/2021 at 1:32 PM, DRSpalding said:
% Abuse contact for '193.27.228.0 - 193.27.228.255' is 'info@starcrecium.com'
From what I can see, it appears to start out with that, then the abuse.net moves it over. If this is not the case, then if you would have a track URL that shows it that you would be willing to share.
whois: 193.27.228.0 - 193.27.228.255 = info@starcrecium.com Routing details for 193.27.228.255 Using abuse net on info@starcrecium.com No abuse net record for starcrecium.com Using default postmaster contacts postmaster@starcrecium.com postmaster@starcrecium.com bounces (31 sent : 16 bounces) Using postmaster#starcrecium.com@devnull.spamcop.net for statistical tracking.
-
14 hours ago, readefries said:
I wanted to send spam reports via mail, but due the the lack of TLS of the receiving mailhost of Spamcop this gets bounced.
Probably would be a good feature to have. Is your system not capable of sending without SMTP encryption?
-
16 hours ago, GBond said:
What exactly does "Received via a relay in bl.spamcop.net" mean?
I checked out the site and this appears to be coming from the SpamAssassin section. It really means "IP listed in bl.spamcop.net". This means your outbound IP is/was listed in bl.spamcop.net. See what petzl said to look up your email server's IP on bl.spamcop.net.
3 hours ago, petzl said:Try checking Blocklist
https://www.spamcop.net/bl.shtml -
4 hours ago, Outernaut said:
It looks like your spammer has an old date in their spam but the email is being sent today.
Your ISP received: Mon, 15 Mar 2021 15:43:46 -0600 Spammer trick Date: Thu, 11 Mar 2021 02:42:49 +0100
Seems the spammer is trying to trick you into thinking it is old, when it is new. Looking at the Received headers, I don't understand why the spammer would do this.
-
7 hours ago, Rohan said:
After reporting spam, I mostly get more spam, which after two days or so minimize. Can you tell me what the cause of that can be?
This could also be a form a listwashing where the spammer might be trying to figure out who is reporting. So they increase their spam on certain people until the figure out who is reporting them. Also could be some sort of retaliation if they know your address already.
-
8 hours ago, Outernaut said:
In a shell, does that mean we will no longer be able to report spam to SC, or does the change affect how we report?
If I see the correct one, It is talking about the blacklist mirrors.
3 hours ago, Lking said:The way I read the notice, they are talking about the SCBL, not reporting spam that feeds the SCBL.
I think I read the same, where this should not affect reporting. But it might affect blacklist look ups.
-
3 hours ago, ewv said:
What is a practical reporting address for cloudflare.com? My reports to abuse@cloudflare.com, the standard spamcop address, are ignored.
That is a good question. I did find an abuse form at https: //www.cloudflare.com/abuse/form, but I also searched and found some articles saying that the abuse email doesn't work for some time. It maybe that they have abandoned the abuse email.
-
Don't worry. One of my oldest email accounts had stopped receiving lots of spam years ago and now is back to receiving about four spams a day again and it seems to be going up. My guess is maybe the spammers are doing some listwashing to try to figure out who is reporting.
-
13 hours ago, Outernaut said:
This is a example: https://www.spamcop.net/sc?id=z6706167000zcd603f42bf470b11f07d5489c8829d4dz (rejected saying it was to large (not! Rejected because it appears old?)
I went back and looked at this example and I do see why your email client has an old date. So the email client might be displaying an old date, but the spammer has added their old date. Stuff like this is all reportable, but maybe the spammer is banking your ISP has an issue and you don't report all the spam.
Received: by cmsmtp; Sun, 14 Mar 2021 14:02:22 -0600
Date added by spammer:
Date: Thu, 11 Mar 2021 02:42:49 +0100
P.S. Thank you for your help too!
-
4 hours ago, Outernaut said:
This is a example: https://www.spamcop.net/sc?id=z6706167000zcd603f42bf470b11f07d5489c8829d4dz (rejected saying it was to large (not! Rejected because it appears old?)
Hmmm, the example says it is only 5 hours old and came in on 14 Mar 2021. I tried refreshing a couple of times. I wonder if it says it is old when you first go to report it?
Tracking message source: 99.79.57.23: Routing details for 99.79.57.23 [refresh/show] Cached whois for 99.79.57.23 : abuse@amazonaws.com Using abuse net on abuse@amazonaws.com abuse net amazonaws.com = abuse@amazonaws.com Using best contacts abuse@amazonaws.com Reports disabled for abuse@amazonaws.com Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking. Message is 5 hours old
How an email might possibly be old is for instance, the 10.0.153.220 server could have held it internally for a few days. SpamCop goes off the date on the Received line where it picks up the spammers IP. This means if your ISP hold an email for four days, SpamCop would call it old, even though it may have just barely arrived.
-
7 hours ago, pusser_uk said:
Reporting to abuse@microsoft.com or report_spam@hotmail.com, where it originates, seems obviously not to work but just to multiply the amount of spam that returns.
My dot-xyz spam has lasted a few months and now it has dropped. It could be list washing. Probably more like petzl said it could be working and the administrators turning off the sites. It is interesting that for me, yesterday the links changed to dot-im.
6 hours ago, petzl said:I suspect your reports are working (tried a link and came up dead) Appears you are/maybe being spammed by a "hosting site"
-
Perhaps amazon doesn't like the format of SpamCops reports. If you do not hear anything you can the deputies at deputies[at]admin[dot]spamcop[dot]net.
-
3 hours ago, Tau said:
Here are all the URls with the websites SC wants to report. I'm a noob in html and many other things related to internet, but it seems to me that these URl's structure is strange: they ALL include another website into them, and a subdomain related to image hosting, but they are not tagged with html code related to images, thus identified by SC parsing process.
For a quick crash course, everything between the "://" and the first "/" is the domain. The part immediately after the first "/" is there to make you think it is someone else's domain in order to add confusion. So as below, example,com is the what will get reported, even though they are trying to get you to think this is a valid image site.
https :// example,com /i.pinimg,com/
2 hours ago, Lking said:One of the disadvantages of a well indexed internet content is that the bots/spiders that craw the internet for content do not read the content quite the same way you, a human does.
This is what Lking means when he sayd bots. As the bots add a separate domain name after the first "/" in the URL of where they stole the image/content from.
-
On 2/8/2021 at 7:34 PM, anyone8 said:
Well, if we both reached the same conclusion at the same time, we can't both be wrong, right? Thanks!
✔️
-
On 2/8/2021 at 10:55 AM, Tau said:
These urls have pinimg.com in them (except the first one that has pynimg, which obviously is a typo), and this is a Pinterest alias, there URL are fake images links, and these domains are not involved with the spam, so yes it seems irrelevant that SC proposes to report to the hosts admins.
I suppose that SC proposes to report them because in html view, they appear to be clickable (it's only one digit in the body), I think I understand that now.As an administrator of my own server, I want to know when a link is being abused. If I can tell it is not spam, I may chose to ignore that report. This is why even though my items are not spam, I still want the reports. I get to make the final decision whether I take down the items, not SpamCop.
-
On 2/12/2021 at 7:17 PM, RobiBue said:
I don't know if @Richard W or @Lking or another forum admin could figure out where your "nothing to do" problem lies... several years ago Don D'Minion (3rd message in following thread:
I wonder, if you kept up the page that gave you a "nothing to do" and reloaded it later if it would work for you. It seems strange that the page would just start working.
On 2/12/2021 at 7:17 PM, RobiBue said:added a yahoo host to the account, but from what I understand, you have no mailhosts in your account (neither have I FWIW) so the problem must lie elsewhere...
Last time I looked at someone else's tracking URL, it used their mailhosts setup, not mine.
-
Due to link tracking (where spammers note if you click a link), SpamCop does not follow links. It only looks up the hostname and reports the link to the administrator. As for the missing content, it is possible that someone else had the same link, reported it, and the administrator probably already removed it.
-
I think I found it.
Received: from beactive.it (5.149.249.179) by xHRZDMoSZQtTgIAffdczjrWWwatOgPNzFmircaawrvITFdBVQxutRnEWUepKPlOSwGJOqJfGFYyixSZjQnQWiQxqdPmvWeFgxrYmbRuJHWQgniKgFaMzPNMarqJOpuDIqmBFzSYld.mail.protection.outlook.com id pDAvY7enim86 for <x>; Tue, 09 Feb 2021 01:00:58 +0100 (envelope-from <return@nvse2fv2dfx.work>
The hostname appears to be too long on the above line.
C:\>dig any xHRZDMoSZQtTgIAffdczjrWWwatOgPNzFmircaawrvITFdBVQxutRnEWUepKPlOSwGJOqJfGFYyixSZjQnQWiQxqdPmvWeFgxrYmbRuJHWQgniKgFaMzPNMarqJOpuDIqmBFzSYld.mail.protection.outlook.com dig: 'xHRZDMoSZQtTgIAffdczjrWWwatOgPNzFmircaawrvITFdBVQxutRnEWUepKPlOSwGJOqJfGFYyixSZjQnQWiQxqdPmvWeFgxrYmbRuJHWQgniKgFaMzPNMarqJOpuDIqmBFzSYld.mail.protection.outlook.com' is not a legal name (label too long) C:\>
-
1 hour ago, anyone8 said:
Here's one of the tracking URLs: https://www.spamcop.net/sc?id=z6702233527zbcd30846d6b3149bd78570af38518361z
Last time I had seen this it was a double period in a hostname, but I have yet to find one in this tracking URL.
-
2 hours ago, Tau said:
It seems that the URLs with these domains are invalid, with the format: https://punita=
henna.com/i.pinymg.com/150x150/3d/2c/86/xxxxxxxxxxxxxxxThe "=" at the end of the line is a RFC email standard. It, in combination with the new line, are not displayed in the actual body of the email. This is why the domain looks invalid in the raw format, but is valid in the when viewing.
2 hours ago, Tau said:I try to check by myself before sending a report, so I didn't report them, as it seems that this is an error and it would be a false report.
Am I right? And if so, I there a way for SC to improve the parsing and avoid there fake links?
For a previous spam, I was also proposed to report Facebook, and it was obviously wrong...If the link was included in a spam email, why would it be a false report? Some people want to know when someone else abuse their links in spam. Links are not put into the blocking list, only the source IP of the spam is put there.
-
I posted a new feature request for this, so hopefully it gets resolved.
-
11 minutes ago, Rasmus167 said:
You blocked an entire ISP with all there 10 k customers. None of my customers receives email, not even in spam. We send important communication to our customers who don't have access to this information now. You FUC*ED us and our customers.
A reminder that this is a user to user forum. If you don't hear anything from SpamCop staff, you may want to contact them at deputies[at]admin[dot]spamcop[dot]net.
-
2 hours ago, gmacar said:
The captcha is broken and should be fixed. Thank you.
I agree with your statement, but this issue seems to happening with different browsers. From this other post, they tried a different browser. If you could verify that the java scri_pt issue is also the problem, then maybe that can narrow it down.
http://forum.spamcop.net/topic/29780-captcha-problem-on-registering/
-
I don't have an IP or tracking URL so I am not able to duplicate a look up, but my memory remembers that I never got a reply from salesforce spam. It did stop after a while, but maybe they were list washing their single opt-in lists.
tinyurl.com spam links report to abuse@cloudflare.com rather than abuse@tinyurl.com
in SpamCop Reporting Help
Posted
This is because tinyurl[dot]com is hosting their services at cloudflare rather than at their own data center.