gnarlymarley
Memberp-
Posts
837 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Everything posted by gnarlymarley
-
Be nice if we could get the big companies to realize who is fighting spam. Back when gmail did invites, I was the fifth invite away from Eric Schmidt. So, if we tell our friends about SpamCop (and they tell their friends), maybe we could get google to know about SpamCop.
-
Issue adding multiple Mailhosts
gnarlymarley replied to DigitalGnome's topic in SpamCop Email System & Accounts
I have not seen this myself. When I added my final address where I would check the emails and then added others that would forward to it later, I show multiple in my list. Are you forwarding from one of the addresses to another? -
New domains regularly used, host of site not found
gnarlymarley replied to Hanco's topic in SpamCop Reporting Help
The trick that some of the spammers use is to have a invalid DNS server in their list. Then the results are intermittently returned. I have found that I could just reload the tracking URL and it would usually pick up the address. C:>dig snpb.xuoatkaa.com ; <<>> DiG 9.7.3 <<>> snpb.xuoatkaa.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9848 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;snpb.xuoatkaa.com. IN A ;; Query time: 128 msec ;; SERVER: 179.60.149.119#53(179.60.149.119) ;; WHEN: Mon Nov 07 11:28:35 2022 ;; MSG SIZE rcvd: 35 C:> -
The helo received by my server seems to show up as vmx2.spamcop.net, vmx1.spamcop.net, or vmx.spamcop.net. Last time I saw something from prod-sc-www2.spamcop.net, was around 2009. From what I can see in the DNS, it looks like it might have an IP. ;; ANSWER SECTION: prod-sc-www2.spamcop.net. 300 IN MX 10 adminmx.spamcop.net. prod-sc-www2.spamcop.net. 300 IN A 204.15.81.110
-
Cannot Register Original Email
gnarlymarley replied to emanmb's topic in Mailhost Configuration of your Reporting Account
For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire. -
No reporting address found for 137.255.9.1
gnarlymarley replied to Steve's topic in Routing / Report Address Issues
Looks like the issue might be the "-B", as per the refresh page. https://forum.spamcop.net/topic/38075-ripe-whois-b/ % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to 'VA16-AFRINIC' -
Cannot Register Original Email
gnarlymarley replied to emanmb's topic in Mailhost Configuration of your Reporting Account
Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again. -
There is a part of this with the free trials. I think there is also part of this that might be when Microsoft added IPv6, but mailhosts only appears to accept the last 20 IPs. There are more than that on their internal relay server space.
-
I will list my understanding and a quick explanation of mailhosts to hopefully clarify some items. SpamCop appears to track the servers listed in the Received lines. By doing this, I believe it attempts to discover the border inbound email server and report the IP that the server got the email from. Mailhosts appears to have been created in response to spammers trying to spoof extra received lines, so that SpamCop reports the email with the wrong IP to the wrong system administrator. As previously mentioned about the relays and the hand offs from server to server, the breadcrumb trail is used to track a message. Spammers know about this and have tried to inject their spam into someone else's server and add fake breadcrumb trails to trick the SpamCop parser. SpamCop's response was to add mailhosts. The issue can be that the breadcrumb trailchanges over time as e-mail businesses implement new servers and decommission older "border servers". Since those changing IPs and server names might not match what mailhosts has recorded, the parser will reject those reports. I don't get issues very often, but when I did in the past I would just have the email resent to me to add it to the parser without deleting and it would update my entries. Once I had updated my mailhosts, I could go back to the previous report and it would send.
-
multiple httpd basic authentication requests on submission
gnarlymarley replied to fliptop's topic in SpamCop Forum
Is the basic authentication realm is different for you? I see they were changing servers recently. They may have the "realm" setup different for the new servers. https://forum.spamcop.net/announcement/50-system-outages-tuesday-october-18-2022/ -
Incorrect abuse contact for IP address 93.95.8.245
gnarlymarley replied to Steve's topic in Routing / Report Address Issues
Interesting that the abuse address was manually entered around 2010. The whois appears to be updated as of 2020 to abuse@sysgroup.com. If you don't hear anything, you can try email the deputies[at]admin.spamcop.net. -
Abuse contact for 43.228.126.0/24
gnarlymarley replied to Takeo_Ichinose's topic in SpamCop Reporting Help
Hopefully a deputy sees this and fixes the manual route. There is a forum topics on this going back a while. If you don't hear anything, it maybe good to send an email to the deputies. per the following, email deputies[at]admin.spamcop.net: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/ -
Abuse contacts for 117.50.0.0/19
gnarlymarley replied to Takeo_Ichinose's topic in SpamCop Reporting Help
Per, https://www.spamcop.net/sc?action=showroute;ip=117.50.185.130, it appears that someone intentionally added anti-spam[at]chinatelecom.cn in August. Looks like it is a wider range than the manual route tied to pas[at]cnnic.cn. -
I also don't click the links. Ever since a spammer tried to get revenge and had a server of mine in the message body, I tend to ignore the links in the body and try to concentrate mainly on getting the smtp source reporting.
-
Spamcop reporting email rejected
gnarlymarley replied to Denisem's topic in Routing / Report Address Issues
I have never seen SpamCop mail servers reject email, but I have seen gmail, hotmail, and yahoo all reject email being forwarded to SpamCop's servers. The bounce should have something in it that will tell you what server rejected it. If it was SpamCop's servers, then I would suggest you contact the deputies. -
Are you talking about cesmail? My reporting account does not have folders.
-
I added my own blocking list. My spam filter doesn't reject email from any single list. I has to be on multiple lists. (I no longer have seen false positives.) Also to note that when properly reporting, it feeds spamcop's blocking list. The list can also add to the spam score.
-
When I setup mine, I need to include any forwarders. I setup my mailbox first and then the forwarders. If you do not have separate email addresses and email forwarders in the chain, then you might want to contact the deputies for help on this. If so, send a email to deputies [AT]spamcop[DOT]net asking to fix.
-
I have been using SpamCop since the logo and background were yellow instead of blue. One thing I noticed, is there was a period of time where spammers would end up figuring out my address and do "revenge spamming" to me. One day I got about 400 and got worried I was going to hit the 500/day limit. Since I was persistent, I won out and now I only get about one spam seven spams a week.
-
I still have the ability to report. Last time I lost the ability to report was because google has blocked the email from spamcop. I just had to create a rule to never mark as spam and select that the issue was resolved to get my reporting back.