gnarlymarley

Some browsers might call this mode "incognito". And yes, I use it too.

I also find it interesting that they hid the real spam link in the visible text instead of making it a clickable link using the HTML tags like they did with the nopammer.net section. Probably to hide it from parsers that report the links.

hank, it is a good idea to make sure it was munged before sending the reports to the admins. (The admins that "could be" the actual spammers.)

A few ways to do this. One is traceroute. If they have a firewall, then this may not get you to their border servers. The other way is to use a looking glass, such as http://lg.he.net. I also use http://bgp.he.net to find the upstream AS number and then I can use it to find the peers. It appears that hetzner.de is much larger than I though as they have 216 peers. That would take way too much time to get their ISPs to chat with them about their spam hosting. It is interesting that all their networks all point to abuse[at]hetzner.de.

This is because the abuse address of the domain itself is usually the spammer themselves. So SpamCop reports it to the abuse address where the content is stored, which is on the IP. The domain is pointed to an IP that seems to be in a Microsoft data center. Host hipmie.com (checking ip) = 40.71.252.90Routing details for 40.71.252.90[refresh/show] Cached whois for 40.71.252.90 : abuse@microsoft.com

Apparently, there was a problem between the database and the email servers. Works for me now. You will want to try your old tracking URLs.

apparently, there was an issue between the database and one of the mail servers. Your tracking URL seems to be working for me now.

Was intermittent for me and maybe was prod-sc-app007. It is working for me now and all my old links that were broken are fixed. You may need to note down if this was a different server than app007 and get the deputies to put in a trouble ticket.

It was only a handful of spammers that tried to figure out who I was. They kept sending similar emails to my hotmail at the time while changing the To: header and a number at the bottom of the body. Been a while since I have seen their attempt to detect me. Awesome!

The spammers will try to change headers or unique identifiers to try to figure out who is reporting. Hopefully they get shutdown first instead. About two decades ago, I was seeing it jump from 5 to around 70 seconds. At that time there were factors such as DB speed and webservers and it would try to detect high loads and put in a higher time. The amount of reports would change that wait number. The spamgraph might be good for you to check out to see if that is still happening with the number of reports and the wait time. https://www.spamcop.net/spamgraph.shtml?spamstats

spammers like to make their stuff look legitimate. I believe gmail has fallen to the spammers level. If they are paid enough, they will probably continue to have the domain unblocked.

I wonder if this has something to do with mailhosts. It almost seems the parser might be dying on this line: Received: from singlehosti.com (singlehosti.com. 216.244.76.116) Does it change if you remove only that one line?

When you add fuel to your account, there is a third party report option that shows up on each report that you can add your ISP's email. I am not sure I would use it as your ISP would probably just turn off the reports such as noted with sendgrid in this forum post.

Also, the (Notes) portion is a link to some text boxes further down on the page where you can add some information to the particular report that goes out. The group text box for is up by the "Send Reports" button, and the individual text boxes are below.

That edit button could also be based on either time signed up or amount of posts. I have the edit button for some posts of mine in this forum going back to before June 8th. I suspect a forum admin might be able to do it if you no longer have edit access when you are logged in.

This is in part why I have to check my whois for my domain every few months to make sure it is correct. I am not sure if they have the same requirement for the whois for IP addresses.

Might be good to have this as a new feature since most of these reports are not going any where any way.

I am excited for the time when the whois portion gets fixed and properly redirects on its own.

This is in part why I try to put a note for the reports going to legitimate hosters such as "You might want to work with your customer to clean up their compromised system."

I guess I have a scri_pt to do this for me before the spam gets submitted for reporting. Probably a good idea to have.

Interesting. I still see the same thing too with both of your links, but all mine work fine. If you have not had any luck figuring this out, I would suggest to contact the deputies: https://www.spamcop.net/fom-serve/cache/12.html

I have had much thought on this, and I no longer trust much of the addresses that are called abuse or postmaster anymore. I figure that as long as my address is munged in the report and I give out the minimal headers in the report (meaning the spam gets pulled from my border server and reported), they I am not sure it matters as they already have that information from when they connected to my email server. I myself have not seen any repeat spam to be reported to vvsg180@gmail.com, so it very well could be legit.

Yep, the admins are trying to resolve that issue by curbing some spam that seems to be affecting gmail's rules. This thread appears to be related to:

I see a dot at the beginning of the domain at right after the "by".

It has been a long time since I got spam at my abuse address. With mine being an alias, I still like the ability to know what address the email was sent to. It sure would be nice if the whois cache could be sync'ed and be more accurate.