gnarlymarley
-
Posts
843 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
I think the most I have attached to one email to forward to my submit address was 17 email attachments.
-
Good luck on the fix. Looks like the second link has a temporary solution.
https://forum.spamcop.net/topic/45578-broken-captcha-in-signup-page/
https://forum.spamcop.net/topic/29780-captcha-problem-on-registering/ -
I myself have added multiple hosts, but only one email per host. I have seen that SpamCop munges the To: field for emails that I have not added. I don't believe you need to add all email addresses.
-
I believe the reason why Spamcop doesn't report the whole chain is it could cause a connection to the spammers server and let the spammer know you got the email. There are so many URL shorteners that keep popping up, I would imagine that SpamCop would have a hard time keeping up with them too. But then one would need to trust the admin of the URL shortening service in order to look up the next chain.
-
When you see the "IP not found" and "discarded as fake", but it shows up with a nslookup or a dig then you can just refresh the page before you report it and most of the time SpamCop will see the IP address.
I will try an quick explanation. It is suggested for a group to setup multiple DNS servers, especially to get around outages. DNS can have a few responses, such as good domain (you get the internet address), timeout (no reply in allotted time), or bad domain (NXDOMAIN). Each DNS lookup is expected to rotate between servers.
The timeout for one server can cause an attempt to look up the domain on an alternate server.
The NXDOMAIN will cause the lookup to immediately to stop and not try other servers. This is when SpamCop reports the "IP not found". If the spammers know the IP address where the SpamCop lookup attempt is coming from, then they can turn off the responses to cause SpamCop to think it is a bad address. -
Be nice if we could get the big companies to realize who is fighting spam. Back when gmail did invites, I was the fifth invite away from Eric Schmidt. So, if we tell our friends about SpamCop (and they tell their friends), maybe we could get google to know about SpamCop.
-
I have not seen this myself. When I added my final address where I would check the emails and then added others that would forward to it later, I show multiple in my list. Are you forwarding from one of the addresses to another?
-
The trick that some of the spammers use is to have a invalid DNS server in their list. Then the results are intermittently returned. I have found that I could just reload the tracking URL and it would usually pick up the address.
C:>dig snpb.xuoatkaa.com
; <<>> DiG 9.7.3 <<>> snpb.xuoatkaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9848
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;snpb.xuoatkaa.com. IN A
;; Query time: 128 msec
;; SERVER: 179.60.149.119#53(179.60.149.119)
;; WHEN: Mon Nov 07 11:28:35 2022
;; MSG SIZE rcvd: 35
C:> -
The helo received by my server seems to show up as vmx2.spamcop.net, vmx1.spamcop.net, or vmx.spamcop.net. Last time I saw something from prod-sc-www2.spamcop.net, was around 2009. From what I can see in the DNS, it looks like it might have an IP.
;; ANSWER SECTION:
prod-sc-www2.spamcop.net. 300 IN MX 10 adminmx.spamcop.net.
prod-sc-www2.spamcop.net. 300 IN A 204.15.81.110
-
For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire.
-
I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs.
-
Looks like the issue might be the "-B", as per the refresh page.
https://forum.spamcop.net/topic/38075-ripe-whois-b/
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to 'VA16-AFRINIC' -
Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again.
-
There is a part of this with the free trials. I think there is also part of this that might be when Microsoft added IPv6, but mailhosts only appears to accept the last 20 IPs. There are more than that on their internal relay server space.
-
I will list my understanding and a quick explanation of mailhosts to hopefully clarify some items.
SpamCop appears to track the servers listed in the Received lines. By doing this, I believe it attempts to discover the border inbound email server and report the IP that the server got the email from. Mailhosts appears to have been created in response to spammers trying to spoof extra received lines, so that SpamCop reports the email with the wrong IP to the wrong system administrator.
As previously mentioned about the relays and the hand offs from server to server, the breadcrumb trail is used to track a message. Spammers know about this and have tried to inject their spam into someone else's server and add fake breadcrumb trails to trick the SpamCop parser. SpamCop's response was to add mailhosts. The issue can be that the breadcrumb trailchanges over time as e-mail businesses implement new servers and decommission older "border servers". Since those changing IPs and server names might not match what mailhosts has recorded, the parser will reject those reports. I don't get issues very often, but when I did in the past I would just have the email resent to me to add it to the parser without deleting and it would update my entries. Once I had updated my mailhosts, I could go back to the previous report and it would send. -
Is the basic authentication realm is different for you? I see they were changing servers recently. They may have the "realm" setup different for the new servers.
https://forum.spamcop.net/announcement/50-system-outages-tuesday-october-18-2022/ -
Interesting that the abuse address was manually entered around 2010. The whois appears to be updated as of 2020 to abuse@sysgroup.com. If you don't hear anything, you can try email the deputies[at]admin.spamcop.net.
-
What an interesting bug. You can try email the deputies[at]admin.spamcop.net to help with bug resolution: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/
-
Hopefully a deputy sees this and fixes the manual route. There is a forum topics on this going back a while. If you don't hear anything, it maybe good to send an email to the deputies.
per the following, email deputies[at]admin.spamcop.net: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/ -
Per, https://www.spamcop.net/sc?action=showroute;ip=117.50.185.130, it appears that someone intentionally added anti-spam[at]chinatelecom.cn in August. Looks like it is a wider range than the manual route tied to pas[at]cnnic.cn.
-
I also don't click the links. Ever since a spammer tried to get revenge and had a server of mine in the message body, I tend to ignore the links in the body and try to concentrate mainly on getting the smtp source reporting.
-
When I get mailhosts problems like this, I just go to the mailhosts tab and add a new host. That usually fixes it for me. Though I have deleted and added the hosts again as well.
-
Looks like 10.253.234.152 might not be part of your mailhosts. When I see something like this, I can turn off mailhosts and then submit it (which it usually will submit) and go back and turn mailhosts back on.
-
I have never seen SpamCop mail servers reject email, but I have seen gmail, hotmail, and yahoo all reject email being forwarded to SpamCop's servers. The bounce should have something in it that will tell you what server rejected it. If it was SpamCop's servers, then I would suggest you contact the deputies.
Header is incomplete (mails received from outlook.com)
in SpamCop Reporting Help
Posted