gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
3 hours ago, displayname said:
why can't i just forward (not as attachment)? its the same content formatted differently, but will make huge difference to users: instead of doing 1 step (forward to address) we have to do 5:
Forwarding as an attachment contains some hidden lines that track message source. When forwarding (not as attachment) those tracking lines are lost. This is why SpamCop requires it to be an attachment. The lines that get lost when forwarding not as an attachment are the "Recevied:" lines as defined by RFC2076.
-
On 4/30/2020 at 8:22 AM, Lking said:
Without any additional reports an IP will automatically be removed from the SCBL after 24 hours.
Cristian,
The IP will be automatically delisted once the problem is resolved, and may have been already. I ran across the follow post about the captcha. I have not been able to duplicate the issue with the captcha not loading. If you are still having the issue, maybe you can try hitting the refresh button to the right of the circle to see if it will allow the captcha to load.
-
Interesting, I ran across the following post about maybe the captcha could be a java scri_pt issue. Might be something to check out if you are still seeing the problem.
-
On 5/10/2020 at 2:03 PM, petzl said:On 5/10/2020 at 1:56 PM, Outernaut said:
Sorry, but that was gone after I posted the query. Yet reading everyone's response has helped me understand it better. I've no idea how, after email is checked for at minimum, 5 minutes and as for this one, as I've seen with as few others, show up two or three days late. Thanks for the help.
Without seeing a Tracking URL.
Sometimes a server is turned off when it is found spewing spamWhen turned on again it spews out remaining spam.
~o~,
A tracking URL would be able to help us debug the issue. What you will be looking for is there is a "Date:" header and a "Received:" header. SpamCop does not look at the "Date:" header. It gets it time from the "Received:" headers. If you do not have mailhosts enabled, SpamCop will attempt to find your border server. The age of an email comes from the time gathered at the border email server.
-
1 hour ago, FranklinCat said:Is there something I can check for and tweak in the submission that will avoid the problem? I submit using my submit......@spam.spamcop.net address including spam as attachment.
That sure is a lot of received lines. From what I can see, the source appears to be a fastmail user. SpamCop is really good at detecting company to company connections, but RFC9181 IPs can be assigned to every company. The source of 10.202.2.71 will need to be looked at by a fasthost admin, which is why SpamCop gives you the message "identified internal IP as source".
-
1 hour ago, ArtmakersWorlds said:
See? NOT a techno geek here. Please explain this like your talking to your grandma ok?
Lets see if this helps. Spamassassin is a computer application that integrates with the email server for parsing spam at the time it is being received. For example, someone using a hotmail account could send email to my email account. My email server and spamassassin check the email for spamminess and either will accept or reject it. This happens while hotmail still has a connection to my server still open. The rejection notice will come from hotmail's servers as it is will not be able to send.
As near as I can tell yahoo does not do any spam filtering, just address blocking. The filters only seem to be able to move spam to non-spam folders.
-
1 hour ago, ArtmakersWorlds said:
Ok, NOT being a computer tech here, how would I use spamassassin with yahoo email on a mac computer. If that's even possible? I think it's not.
Will not be possible with yahoo. Hmmm, spamassassin plugs into the border email server. I know with my yahoo account they don't do much good for spam filtering. I think yahoo's only option is to block email address, but I am not sure the asterisk is working for me. This is why I went with my own domain and email server so I could do better filtering.
-
On 5/12/2020 at 8:04 AM, KNERD said:
A week later more spams would start arriving from eonix.net, Looking, I see they are coming from a new block of IP addresses at a different location.
Some ISP do this and then return the old block and poor folks might get a spammy block when they request a new range. Years ago, I started blocking at the firewall level. Then I started blocking using a SMTP blocking list. Now I just use spamassassin and it makes the decision to block or not at the SMTP edge.
On 5/12/2020 at 8:04 AM, KNERD said:The spam from eonix.net listed on Sorbs is still getting to my email server, but legit mail such as from PayPal is getting blocked by Sorbs!
This is the reason why I use spamassassin now is because clean emails can be on the block list and still be accepted, while spammy emails with the block lists it can tell the SMTP mailer to reject it. Spamassassin also lets me do some custom parsing rules which can single out ISPs such as eonix (either via headers, message body, or just connecting host).
-
22 hours ago, remay said:
I don't know if my hosting company is correct or not! I find it hard to believe that email can be delivered like this.
Does anyone else experience this?
If you look at the email headers, notice there is "X-SmarterMail" processing that has taken place. Could THAT processing be whacking the email headers?
I have not seen any missing headers in my emails. It is customary to place the headers by the receiving email server. The problem you will have with your hosting company not providing that information is you do not know the IP of where the spam came from. Not knowing the IP makes it unreportable.
Per RFC2076 section 3.4, your hosting company should not be modifying any existing headers, but per the email, it does appear they are modifying and removing them. If might be good if they were to bring their server into RFC compliance.
-
2 hours ago, ArtmakersWorlds said:
I really wish someone would come up with a way of bouncing spam right back to who ever sent it. And if it's not bounceable? say some wanky forged return address? Then it's not deliverable either. Never would get any if this were the case.
I use exim and spamassassin for that bouncing spam during the SMTP connection. Once an email is sent on the SMTP communication it is scanned by spamassassin and if good, the SMTP accept command is sent. This way, the sending server has to deal with the spam. If the sending server wrongfully accept to relay the email and didn't verify the address, then it will be bounced to the server admin so they can fix the hole.
-
1 hour ago, RobiBue said:
I don't know how an "opt-in check" could work...
Ooops. Sorry, by "opt-in check" I meant single or double opt-in. Some of the big social media sites are not even doing the single opt-in.
1 hour ago, RobiBue said:'ve been fighting spam now for close to 20 years, and even back in the day, double opt-in was suggested to the companies affected by these malicious login attempts. I just don't understand how short the memory of some people is. I am sure some of these IT guys were also affected by these spamming opt-ins...
Yeah, some picked it up and starting doing the double opt-in, but only took a few years and they all forgot about it. Sometimes I wish people didn't have a short memory. In one spam report, I put a note that they should delete their email list and should be using "double opt-in" and then the spam stopped very quickly.
-
On 4/27/2020 at 11:50 PM, Appleseed said:
Now i keep getting new kind of spam what i cant report to spamcop. Outlook wont allow copy that email source code.
That is why I prefer imap/ssl when possible because thunderbird always seems to work for me. Maybe a webmail version of outlook might work for you, if you have one.
-
On 4/27/2020 at 8:15 PM, gnarlymarley said:
If it is still not working for you, you might want to try the deputies[at]admin.spamcop.net as I believe the have access to the mail server logs.
Bob, I am getting the reporting noticed that it accepted my attachments as normal.
On 4/27/2020 at 11:40 AM, Bob said:I submitted 4 spam messages this morning with the same result: no email received that reports were ready, went to website, found them as Reports Saved, cleared by reported them.
Are you still having issues with this?
-
On 4/24/2020 at 4:52 PM, RobiBue said:Quote
Why are you receiving this? You subscribed to Must Reads at Seeking Alpha.
yeah, sure
Rule #1
Sounds like a business might not know about the double-opt-ins. If they don't have any opt-in check, they they really should change their wording to "some subscribed using your email address to....."
-
On 4/22/2020 at 11:29 AM, Phineas Fudrucker said:
The Proofpoint agents are named scapp04.lereta.net and scapp05.lereta.net whereas the MX is mx02.lereta.com so I guess the confusion is understandable. How can I work around this?
It also might take the email address in each received line and try to compare it. If your ISP adds something like .local to the host that might be something that could make the parser think it is a completely different domain/email address. Might be able to make sure that email is the same for every received line.
On 4/23/2020 at 10:53 AM, Phineas Fudrucker said:I may have found a solution.
We can hope your solution works.
-
2 hours ago, Lking said:
A spammer can of course forge the "Date:" header entry visible to all, and if they control their ISP they could control the date in the first "Received:" line in the header visible using the source with a ctrl-U
~o~,
I have seen it where the spammers inject a Received line with an old date. It might be good to check that you have mailhosts enabled too where spamcop will only trust the header added by your ISP. If it is getting to that header, then the spammer should not be able to affect your ISP's date. I have also seen some ISP border servers "hold" the emails for more than two days, which will make them old.
-
6 hours ago, kolor said:
My report is just useless.
I don't think it is useless either. In researching the whole /24, it does appear this might be some snowshow spamming. Hopefully other people will report their spam soon too so it can be listed. Too bad they haven't sent any to me.
5 hours ago, Lking said:I do not think so. Your report must me one of many/several reports to add an IP to the blocklist.
I agree. It may take some time for this to be listed.
-
On 4/26/2020 at 2:04 PM, Bob said:
I don't see a bounce flag when I log into Spamcop.
If I remember correctly, this bounce flag button was very noticeable. It had replaced the field where you can paste in your spam. I think this is something you would have noticed.
6 hours ago, Bob said:Got it -- thanks. Logged into reporting>preferences and the email address is correct.
If it is still not working for you, you might want to try the deputies[at]admin.spamcop.net as I believe the have access to the mail server logs.
-
2 hours ago, petzl said:
Snoeshoe spam dodges block list by using different IP's from same provider.
One benefit of snowshoe spam that I can see, is the spammer is not able to put in a single IP where the "ISP has resolved this issue". This means that I am able to report every spam.
I have seen where the ISP/spammer marks "The issue is resolved" and by the time I go to report the spam, SpamCop doesn't let me further report as the issue has been "resolved". (Mole reporting just changes the resolution time to the current time.) This also prevents me from adding to the block list statistics.
-
Looks like they are striking back with a new set of links for me. (Google is not the source of the email, but the links inside point there.) I am starting to see a number of links in the body where one of the following domains appears multiple times with a different four character alpha numeric code.
https://kolw.page.link/4_digit_alpha_numeric https://lopw.page.link/4_digit_alpha_numeric https://johr.page.link/4_digit_alpha_numericI will see how long it takes to for google to respond. With each message containing 10+ unique links it would appear that they can sign up faster than we would ever be able to shut them down.
-
15 hours ago, Hanco said:
It takes over a week, maybe ten days before they shutdown his account unfortunately. Then he just switches mode of operation to another method.
That time can be damaging. Amazon is four days and I think theirs is too long. By the time a week goes by a spammer could have already moved on anyway, so the account could be abandoned by the time they shut it down.
9 hours ago, ArtmakersWorlds said:I really wish instead of just deleting the users account someone would go after them legally.
For me, I would make it no longer economically viable. If I could speed up the disable process, then the captcha alone would deter them. It may be they figured out who I was and dropped me off their list, but not likely. Probably what is more likely is mine was different spammer.
-
On 3/25/2020 at 12:03 PM, ArtmakersWorlds said:
My spam has been increasing. From yesterday to today, doubled! And so far ALL coming from google.
I think my reports were successful. All my spam coming from the google cloud seems to have stopped.
-
21 hours ago, RobiBue said:
what does this mean? [WARNING: UNSCANNABLE EXTRACTION FAILED]
I have seen this a few times in the reply email after I forwarded something to my submit address. As near as I can tell, the submitted spam seemed intact and I was able to report it. Judging how it moved the subject line of line up to between when vmx.spamcop.net got it from me and sent it onto the next node, I would guess this was done by the external vmx.spamcop.net node.
Received: from vmx.spamcop.net (prod-sc-smtp8.sv4.ironport.com [10.8.129.218]) by prod-sc-app010.sv4.ironport.com (Postfix) with ESMTP id B579451B67 for <submit.xxxxxxxxxxxxxx@spam.spamcop.net>; Mon, 6 Apr 2020 20:02:23 -0700 (PDT) Subject: [WARNING: UNSCANNABLE EXTRACTION FAILED](Ma
-
14 hours ago, RobiBue said:
oddly enough, spotify sent me an activation link which I never clicked on, but it seems that whoever created the account was able to log in anyway, twice even...
I can say it was weird that both spotify and pinterest had weird interests picked, but I didn't pay attention to netflix.
14 hours ago, RobiBue said:and I am fairly sure that my email account isn't being accessed without my knowledge
my email address has definitely been used several times though...
I can verify that my gmail accounts were not accessed as at the bottom of webmail there is a details button to tell me where the last logins came from. Spotify and pinterest ask me to confirm only once, while the acounts were being used, but netflix spammed me daily to confirm. So I can say that noone of mine had emails that were confirmed (I know this when I opened up the confirm email the link said it was still waiting for me to confirm), but clearly the accounts were being used.
14 hours ago, RobiBue said:there seems to be something badly wrong if spotify sends me a confirmation to activate email and then the activation happens anyway... anyway, that is not spamcop's problem
that is Spotify and yes, I ain't a fan of neither certain ways of opt-in/opt-out either
Interesting that netflix didn't care about me reporting all their confirm email notices through SpamCop. With pinterest I got a human on real quick.
Rule #1 
No Headers
in New Feature Request
Posted
For me, if I copy the message to notepad first and maximize the window and then copy all again, I don't seem to have a problem. There appears to be a really long line added that has weird line breaks if copied straight across.