Jump to content

gnarlymarley

Memberp
  • Posts

    837
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. Be nice if we could get the big companies to realize who is fighting spam. Back when gmail did invites, I was the fifth invite away from Eric Schmidt. So, if we tell our friends about SpamCop (and they tell their friends), maybe we could get google to know about SpamCop.
  2. I have not seen this myself. When I added my final address where I would check the emails and then added others that would forward to it later, I show multiple in my list. Are you forwarding from one of the addresses to another?
  3. The trick that some of the spammers use is to have a invalid DNS server in their list. Then the results are intermittently returned. I have found that I could just reload the tracking URL and it would usually pick up the address. C:>dig snpb.xuoatkaa.com ; <<>> DiG 9.7.3 <<>> snpb.xuoatkaa.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9848 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;snpb.xuoatkaa.com. IN A ;; Query time: 128 msec ;; SERVER: 179.60.149.119#53(179.60.149.119) ;; WHEN: Mon Nov 07 11:28:35 2022 ;; MSG SIZE rcvd: 35 C:>
  4. The helo received by my server seems to show up as vmx2.spamcop.net, vmx1.spamcop.net, or vmx.spamcop.net. Last time I saw something from prod-sc-www2.spamcop.net, was around 2009. From what I can see in the DNS, it looks like it might have an IP. ;; ANSWER SECTION: prod-sc-www2.spamcop.net. 300 IN MX 10 adminmx.spamcop.net. prod-sc-www2.spamcop.net. 300 IN A 204.15.81.110
  5. For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire.
  6. I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs.
  7. Looks like the issue might be the "-B", as per the refresh page. https://forum.spamcop.net/topic/38075-ripe-whois-b/ % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to 'VA16-AFRINIC'
  8. Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again.
  9. There is a part of this with the free trials. I think there is also part of this that might be when Microsoft added IPv6, but mailhosts only appears to accept the last 20 IPs. There are more than that on their internal relay server space.
  10. I will list my understanding and a quick explanation of mailhosts to hopefully clarify some items. SpamCop appears to track the servers listed in the Received lines. By doing this, I believe it attempts to discover the border inbound email server and report the IP that the server got the email from. Mailhosts appears to have been created in response to spammers trying to spoof extra received lines, so that SpamCop reports the email with the wrong IP to the wrong system administrator. As previously mentioned about the relays and the hand offs from server to server, the breadcrumb trail is used to track a message. Spammers know about this and have tried to inject their spam into someone else's server and add fake breadcrumb trails to trick the SpamCop parser. SpamCop's response was to add mailhosts. The issue can be that the breadcrumb trailchanges over time as e-mail businesses implement new servers and decommission older "border servers". Since those changing IPs and server names might not match what mailhosts has recorded, the parser will reject those reports. I don't get issues very often, but when I did in the past I would just have the email resent to me to add it to the parser without deleting and it would update my entries. Once I had updated my mailhosts, I could go back to the previous report and it would send.
  11. Is the basic authentication realm is different for you? I see they were changing servers recently. They may have the "realm" setup different for the new servers. https://forum.spamcop.net/announcement/50-system-outages-tuesday-october-18-2022/
  12. Interesting that the abuse address was manually entered around 2010. The whois appears to be updated as of 2020 to abuse@sysgroup.com. If you don't hear anything, you can try email the deputies[at]admin.spamcop.net.
  13. What an interesting bug. You can try email the deputies[at]admin.spamcop.net to help with bug resolution: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/
  14. Hopefully a deputy sees this and fixes the manual route. There is a forum topics on this going back a while. If you don't hear anything, it maybe good to send an email to the deputies. per the following, email deputies[at]admin.spamcop.net: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/
  15. Per, https://www.spamcop.net/sc?action=showroute;ip=117.50.185.130, it appears that someone intentionally added anti-spam[at]chinatelecom.cn in August. Looks like it is a wider range than the manual route tied to pas[at]cnnic.cn.
  16. I also don't click the links. Ever since a spammer tried to get revenge and had a server of mine in the message body, I tend to ignore the links in the body and try to concentrate mainly on getting the smtp source reporting.
  17. When I get mailhosts problems like this, I just go to the mailhosts tab and add a new host. That usually fixes it for me. Though I have deleted and added the hosts again as well.
  18. Looks like 10.253.234.152 might not be part of your mailhosts. When I see something like this, I can turn off mailhosts and then submit it (which it usually will submit) and go back and turn mailhosts back on.
  19. I have never seen SpamCop mail servers reject email, but I have seen gmail, hotmail, and yahoo all reject email being forwarded to SpamCop's servers. The bounce should have something in it that will tell you what server rejected it. If it was SpamCop's servers, then I would suggest you contact the deputies.
  20. Are you talking about cesmail? My reporting account does not have folders.
  21. I added my own blocking list. My spam filter doesn't reject email from any single list. I has to be on multiple lists. (I no longer have seen false positives.) Also to note that when properly reporting, it feeds spamcop's blocking list. The list can also add to the spam score.
  22. This is why in gmail I use the "Download Original", so I can get the image in what I report.
  23. When I setup mine, I need to include any forwarders. I setup my mailbox first and then the forwarders. If you do not have separate email addresses and email forwarders in the chain, then you might want to contact the deputies for help on this. If so, send a email to deputies [AT]spamcop[DOT]net asking to fix.
  24. I have been using SpamCop since the logo and background were yellow instead of blue. One thing I noticed, is there was a period of time where spammers would end up figuring out my address and do "revenge spamming" to me. One day I got about 400 and got worried I was going to hit the 500/day limit. Since I was persistent, I won out and now I only get about one spam seven spams a week.
  25. I still have the ability to report. Last time I lost the ability to report was because google has blocked the email from spamcop. I just had to create a rule to never mark as spam and select that the issue was resolved to get my reporting back.
×
×
  • Create New...