gnarlymarley
-
Posts
843 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
On 6/2/2019 at 4:26 AM, MIG said:
The table table/pinned topic I'm "promoting" is for email addys that SC NEVER identifes and NEVER will
I will explain further.
Yes, I believe this does need to be updated as long as SC is not identifying the proper email addys. I also believe we should be able to figure out "why SC is not identifying the proper source" and we should be able to fix it.
The "NEVER will" part needs human intervention with "both" the programmers to fix SC and also putting manual entries. I believe if SC could be fixed, it would automatically determine "most of the proper addys", but there would still be a smaller percentage that needs to be manually entered (due to bad whois or some other circumstance).
-
On 6/6/2019 at 7:31 AM, MIG said:
So, unless I'm mistaken, we've concluded the parser can process if the . is removed and or can process using a NO-MAILHOSTS configured account.
Yes. I suspect the function that they expect that rather than the parser dying, it would come up with something like "Not one of your mailhosts". Then they could continue their submissions with one account that has mailhosts enabled.
-
On 6/3/2019 at 9:31 PM, petzl said:
I are not getting any spam.
I went through my logs and noticed I didn't have any from the the IP range of 2402:bc00::/32. The last time I had anything from 2402::/16 was in 2017. So I definitely missed this.
-
On 5/29/2019 at 10:01 AM, gnarlymarley said:
I have seen occasional updates there
This also does pose a question since much of the updates (such as the IP 150.107.103.51 shows) are manually entered from whois. I believe should be automatically picked up from the whois system. If the programmers could fix whois, I do not believe it will fully eliminate manual entries. However, that would greatly reduce the amount of manual entries.
-
On 5/20/2019 at 12:30 AM, MIG said:
No, I wasn't referring to https://www.spamcop.net/sc?action=showroute x
I was suggesting a pinned topic/table exist in SC Forum, collating addresses that SC doesn't identify BUT SC members have shown to be effective spam fighting endpoints.
MIG,
Yeah, that does need to be updated. I have seen occasional updates there, which could be Richard doing the updates. I would probably suggest more than one person who can do those updates.
-
37 minutes ago, Lking said:
I would also suggest you contact your ISP to see if others share that IP. If so others could be the cause of the listing. In either case, you should review your operation.
Wilma,
I have also seen routers that had been hacked. You might always want to check your routers and IoT devices such as IP cameras. Anything that is sharing that same IP could have been used to send the unwanted email.
-
4 hours ago, Lking said:
This is unfortunate. Don, you will also be remembered.
-
4 hours ago, MIG said:
(I offered to do the grunt work if SCF Admins or whomever currently carries the work/maintenance burden wanted some willing assistance). This translates to, the table/topic existing, any identified addresses forwarded to SCFA who'd then update the table/pinned topic.
I am just trying to understand. So if I understand correctly, you are offering to update the current tables that Don D'Minion (I haven't seen him for a while) used to update such as can be seen at https://www.spamcop.net/sc?action=showroute;ip=150.107.103.51;typecodes=16?
-
On 5/17/2019 at 2:31 PM, lisati said:
Having some kind of table for us to use does sound like it might have some merit. There's also a section of this forum that some contributors use to submit updates and corrections. under Spamcop Reporting Help -> Routing/Report Address issues
Lisati/MIG,
Though I would like this access, I would prefer not to give spammers more access than they really need.
On 5/17/2019 at 7:17 PM, MIG said:Yep, the SCR Help R&RA is there, is a good resource, and (my understanding) is that it's for corrections,
While it would be nice to be able to correct addresses in our own table, it is not a good idea to open it up to people that are using the forums to put in their spam, or even to paste in bad abuse addresses. Forum spam posted in the R&RA is why I like the deputies to act as a double check what shows up there.
-
On 4/26/2019 at 3:39 AM, Jelmer Jellema said:
If I understand this correctly, it is because of the dot in the seconds Received header?
I believe if it because that dot. At least mine was.
23 hours ago, MIG said:fully resolved, this surprised me, so, I tried a different account & browser, same result.
Now that is weird. My suspicion is that maybe with mailhosts turned on, it fails at the dot and with mailhosts turned off it works?
-
On 4/24/2019 at 6:59 PM, RobiBue said:
I like Idea #2!, especially if everybody is on-board.
a) it would convince amazon to clean up their act with spammers and hosting them,
b) especially if they start losing legitimate clientele
The sad part is many folks are not willing to part with their perks in order to block the spams. Probably not very many business would change either.
6 hours ago, HeatherReid43 said:. email-abuse at amazon.com
. ipmanagement at amazon.com
I did notice spamcop has been sending reports to the ipmanagment address.
-
On 7/4/2018 at 2:29 AM, petzl said:
compromised/forged web and or email accounts
If Microsoft Windows Defender is available to you, use it
Scan for Malware!
THEN
Change log-on to a more secure password-Phrase!unidress, Also one quick note you might want to make sure your routers are also secure. I have seen email that actually came from a hacked router to my email account.
-
On 3/6/2019 at 4:58 PM, dennis562 said:
spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?198.61.254.91. - https://community.mimecast.com/docs/DOC-1369#550 [bEjCcA39P3SxsOV3CZ9qSw.us331]"
Looks like mimecast may have setup their own blacklist.
On 3/6/2019 at 5:11 PM, petzl said:Or it could be a fake bounce from someone you are mailing too?
dennis562, When I first looked at adding a blacklist to my MTA about twenty years ago, I had to key in the deny message into mailer configuration file. As you can see from this link (https://www.spamcop.net/fom-serve/cache/294.html), anyone can put anything they want into that message. This is what petzl means about a fake bounce.
-
5 hours ago, petzl said:
They always use free accounts doubt if they give AmazonAWS contact info
AmazonAWS are not the only ones to stupid to fix this Google another.There are a few options you have left when the adminstrator is useless if you really want to stop the spam.
- Keep reporting for two or three years and the spammer will give up.
- Block the whole IP range. (this could be a problem as the emails from this forum appear to come from amazon, so this could block legitimate email.)
- Implement SPF checks on the MTA and hopes that blocks it (only works if you have the ability to control the MTA.)
- Use greylisting to make sure that only servers can connect and send you email (again, only works if you can change the MTA behavior.)
The reason most businesses offer the free accounts is it falls under the idea of advertising. If someone cannot check out the service, then they are less likely to use it. Kind of problem as it pulls in the jerks, but also pulls in paid accounts as well......
-
On 4/15/2019 at 4:15 AM, MIG said:
I was referring to your comment: "about the webapp, I can only get it to show me headers"
What "webapp"?
jimmywalter,
See post from MIG above.
-
On 4/11/2019 at 11:42 PM, MIG said:
via https://outlook.live.com/ in/on a web browser. What used to be called [Hotmail].
I am unable to tell if jimmywalter is using office365 webmail or if using outlook.live.com.
On 4/11/2019 at 11:42 PM, MIG said:When you say "about the webapp, I can only get it to show me headers", I don't understand.
- I call it hotmail, but in outlook.live.com over by the sign out button is three dots that once clicked will have a "source message" link that has the full source.
- In offfice 365 web outlook, there is only an options and properties tab that gives the headers. The outlook application gives the same.
So if jimmywalter is using office365 webapp, there is no forward as attachment and no message source. If jimmywalter is using outlook.live.com, there is no forward but is a message source that can allow the full headers and body to be copied/pasted into the spamcop webform.
-
On 4/13/2019 at 11:07 AM, nh905 said:
Received: from localhost (127.0.0.1) by .tFPOSZzTeEdkt6@facebook.com id
A tracking URL would be helpful. Last time I got this, it turned out to be a dot in a domainname that was not supposed to be there. Parsing your output mentally, I suspect it is the dot starting above. Mine was a double dot that the spammers put in to prevent parsing. If you remove the dot at the beginning of that hostname, does it parse?
-
On 3/29/2019 at 10:14 PM, MIG said:
Outlook web mail,
It's not possible to:
- [Save email as .eml] or any other format.
- When using Outlook web mail there's no [key sequences] to [forward an attachment].
MIG,
For the outlook office365 webapp, you are absolutely correct. The hotmail version of the web app will let me view the source. What sucks about the webapp, is that I can only get it to show me the headers. Apparently what Jimmywalter might need to do (and what I have been doing for a while) is access it over imap using both fetchmail and thunderbird.
-
18 hours ago, JohnS said:
Now there is so much extra stuff in the first part of the body, it never finds the source links because it is truncated.
I used to want to have a higher reporting preference for the links in the body, until the spammer one day about two decades ago used an website from my company in one of their spams. The spam came from a prominent university and the administrator mistook the link for the source of the spam. This nearly got me fired for being the recipient of the spam during the argument that ensued. Since then, I don't care as much about the links in the body and I know those can be spoofed (as well as the Received lines in the header), but the IP that my mail server records as the source is the only one I know that I can trust as being accurate.
-
On 3/6/2019 at 7:58 PM, MIG said:
Are you able to post a SpamCop Report URL, it will start with https://www.spamcop.net/sc?id= , please?
MIG, To answer your question jimmywalter will not be able to post a tracking URL because I believe the error of "SpamCop could not find your spam message in this email" is in the response email that would normally contain the tracking URL. When the forwarded message is not an attachment, instead of a tracking URL, SpamCop provides this error.
On 3/6/2019 at 7:58 PM, MIG said:May I ask, are you using Outlook application or Outlook via a web browser?
jimmywalter, this might useful to know. I use the Outlook application to create a new message and drag in the email to the forwarded message when I want to "forward as an attachment". Doing a google search yields results such as save the email as a eml file and then attach that to a new message, so I am not sure it is possible with the web application. There might be some key sequence such as something like ctrl+shif+F that might do a forward as an attachment that I am not aware of.
-
On 2/25/2019 at 4:45 AM, jimmywalter said:
Thanks, working better now, but still getting rejections saying they cannot find the spam. I definitely sent the original emails as attachments. I got only 6 accepted out of 13 I sent this morning. I got 7 with the not able to find message.
Outlook by defaut does not support forwarding as an attachment. The "forward" button is misleading. What I do to forward as an attachment is to create a new email that will be sent to spamcop, then drag the message I want to attach to the body of my new email.
-
On 11/28/2018 at 5:51 PM, klappa said:
So you're telling me i have to remove the top most Recieve line header to get Spamcop to parse the email spam right? Just like with Gmail?
yep, I do remove the top line, just like I do with gmail. I think this is a mailhosts problem where the mailhost section probably records every address. It seems to be too many address for it the parser to be able to detect that any address for 2603:1000::/24 is a valid mailhosts. I think the problem becomes that 20,282,409,603,651,670,423,947,251,286,016 (2^104) is just too many addresses for the mailhosts entry to record.
-
11 hours ago, klappa said:
Then what is the point using Spamcop when it's not even compatible with the two biggest e-mail webhosts today? Mailing the Spamcop devs doesn't fix the problem either. Cisco just doesn't care about Spamcop anymore.
I use hotmail and I do not see any problems with spamcop, if I strip off the top broken piece.
-
I also have done the drag and drop method in thunderbird in the past, but I find it actually supports the forward as attachment. Thanks for the heads up for when I they force the new OL junk on me in a few years.
email-abuse@amazon.com - is this spam
in SpamCop Reporting Help
Posted
MIG,
This is one that does nearly sound legitimate and had me going for about 10 days now, but I think I have cracked it. It appears that the bounce should be coming from 162.255.118.61 or 162.255.118.62 and not 54.240.8.31. The MX record for client76701.host appears to be namecheap.com, not amazon. The more I look at this, the more I think backscatter