Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by rconner

  1. Actually, very little of what is in the header is trustworthy, other than the relay information (and only those lines added after the message left the spammer's control). This is clearly gibberish. Actually, it does seem to be an IP address in a weird form (first octet decimal, second in hex, last two in octal). Not worth decoding it, though, since it is undoubtedly forged. This might be enough to get past any server that tries a basic sanity check on the return path. -- rick
  2. As nearly as I can tell, the contribution link seems to point to an actual Republican Party website (action.gop.com), and the name of the mail host mail3.action.gop.com does properly trace to the address so on that basis I am assuming it is not some third-party scammer who wants $35.00 from you. You could call this a "mainsleaze" spam if you like, a "legitimate" organization brazenly using unsolicited e-mail for promotion. As you know, it's election season here in the U.S., and this sort of thing happens a lot. I wouldn't expect much response from the providers or even from the GOP itself, unfortunately. There is a removal link visible in the header you posted, you can try it if you like, but personally I would not use it myself. It might not be in full compliance with the CAN-spam law here in the U.S., but that doesn't mean much these days. The best thing you could do for now is to put the e-mail addresses email@gop.com and teamtrump@trump2016.com on a "blacklist" in your mail client so at least the messages will be discarded on your machine before you have to look at them. Or, like me, you could report them all through SpamCop with hopes that the provider will take some action.
  3. Oops, never mind again. See replies below. Oops, never mind, I found the info..."Preferences" -> "Add Fuel" I'm now on the other side of a decade or more of $30/yr Spamcop mail service. It occurs to me that I have no earthly idea how to pay for any of this now (or if I even have to). I see I've been "converted" to a "flat rate" account but I have no idea what this means. I see that I have some "fuel" left from the last big CES meltdown, and I recall in the dim and distant past paying for fuel. Is this still how things work? And, if so, where do I pay for it? I've looked around the site and darned if I can find any info anywhere about payment. Maybe I missed something obvious. Of course, I left nearly all of my July $30 payment on the table when CES withdrew, maybe I ought to somehow get that credited back to me (yeah, futile I suspect). -- rick
  4. Perhaps some observations from a grizzled old combatant might be of interest: They are not interested in whether you change your mind. They have zillion of e-mail addresses to spam, and they don't really care whether any of them responds except to place orders (which are handled elsewhere on a website, thus "disconnected" from the actual mail operation). These lists are so large that spammers can't be bothered to track their response or non-response individually (except for a few who engage in "list washing" of chronic complainers). To use an analogy, the guy who puts leaflets under your windshield at the shopping mall really doesn't care whether you read them or not, he just wants to pass them out and get paid for his efforts. Signing up in good faith for an e-mail account and then using it to send spam is not really the way it gets done (as you say, the spammer would then be easily detected). I think much or most of the spam sent to day goes by a technique known as "direct-to-MX" from subverted users' machines (hence all those viruses out there today). The spam is sent outside the ken of the ISPs mail facilities, so it becomes harder to detect. Pick one or more: (1) ignorance, (2) insufficient resources devoted to curing abuse problems, (3) incompetence, (4) apathy, (5) predisposition against "anti-spam zealots," (6) complaisance or even (7) willful collusion with spammers. The ISP is not under any obligation to do anything with repots it might get from SpamCop. I don't think SpamCop claims to be able to reduce your personal spam load; what it does do is to provide you with a means to report spam, and to join your reports with others to identify recalcitrant spam sources. As a SpamCop user, I don't submit my spam reports to reduce MY spam, I submit them to reduce EVERYONE'S spam (by identifying miscreant addresses so other ISPs can more easily detect and deal with incoming spam). After 15 or so years of educating myself on the spam problem, I've come to the conclusion that the best thing to do with the spam you get is to report it and move on. I don't reply to spam messages, and only in exceptional cases do I even talk to the "upstream" ISPs. I don't want to burn a bearing over every dick pill shill I get, because there will doubtless be many more coning in the future. -- rick
  5. Well, at least in that case the customer was offered a bus pass. That's more than I stand to get here. - rick
  6. Possibly the spammer forged your address into some of his outgoing messages. He does this to improve chances of delivery. Any bounces that result go to you and not to him, but he doesn't care about this. He doesn't need any information about you to do this, just your address. So, it shouldn't be terribly worrisome and is not by itself evidence that you have been "hacked" (or whatever the current term may be). This stuff happens from time to time, if you just sit it out then it will probably fade in a few days when the last mail server gives up trying to deliver the last of the forged messages. -- rick
  7. I also inquired after a refund (I renewed by sub back in May) and was also told that none would be provided. I’m disappointed but not surprised. Fortunately I’m not out a great deal of money on the deal. At least the folks who are approaching renewal may get a month or so of free service out of the deal, that’s something. I’ve been using the service since it was first started, I’m sorry to see it go (although less sorry than I would have been a year or two back before all the strange outages). Now on to figure out how the hell to untangle my mail chain. — rick
  8. Possibly the problem might be that the name server for this domain was a bit slow, and timed out the parser. This wouldn't be the case for a "manual" lookup, which probably tolerates much greater delay. Sometimes if you shift-reload the parser page (to force a new parse) then the site will show up. -- rick
  9. I suspect you are the victim of a coincidence. I followed the link in your post and found that the client is a hotmail outgoing mail host. If you are using a hotmail address, or a domain that uses Hotmail services, then this will make sense. What Spamcop has blocklisted is not you personally, but the hotmail host that tried to deliver the mail on your behalf. There are of course zillions of hotmail users who share the same set of outgoing mail hosts, and this now likely includes you. Some of them, apparently, have been trying to send mail to "secret" spam trap addresses maintained by SpamCop, and this seems to be a speedy shortcut to getting that address listed in SpamCop's block list (i.e., no one but a spammer has any reason to try communicating with an unknown, unused address). I suspect that these entries disappear automatically if there is no further abuse, but they likely get replaced by other Hotmail hosts. For your rude correspondent to have engineered this state of affairs just to avoid hearing from you seems pretty far fetched. You might try sending the message again from the same address, or using another (non-hotmail) address you might have. Or, you might wait to see whether the condition clears after a couple of days or so. -- rick
  10. I got a lot of spam once from an outfit that made the mistake of using the same forged from-addresses or domains over and over. I got sick of their nonsense, so I set up a filter on my provider's webmail site that would route them straight to the bit bucket on receipt. Mind you, I did examine a lot of these messages and developed a fairly well targeted Regular Expression to catch them, and I had to tweak it once afterward. Still, it did accomplish the goal of keeping them out of my inbox (though it did not stop them from sending, I am sure). Also, on reflection, I'm not sure I shouldn't have received the messages anyway and then reported them (that's what I'd tend to do now). -- rick
  11. "Blacklisting" mail based on any e-mail addresses that appear in it (like the return path) is seldom effective for any length of lime. This is because these addresses are easily forged and do not have to correspond to the actual origins of the message. Nor do these addresses really tell you where a message came from in most cases. What you need are the IP addresses of the services that allowed the spam to be sent, and for this you need to look elsewhere in the message. This is what SpamCop does when you give it a spam message to trace. If you have some of these messages laying around, you might consider submitting a couple to get a tracking URL and then post this URL here so that folks can get a better look at the header. -- rick
  12. Indeed. I gotta think that the time needed to set up something like this, and the inherent unreliability of such a chain, would overwhelm any possible profit gained thereby. However, that's why spammers are spammers and not IT executives. It seems to me (it's been awhile) that in HTTP there was a max number of redirects that the browser would be subjected to before it could give up. However, this limit may not apply to redirects that don't happen in the HTTP header (i.e. those in the HTTP-refresh line or in JavaScripts, etc.). -- rick
  13. Unfortunate that BSD doesn't show up there -- it has a reputation of being very solid. -- rick
  14. SpamCop really doesn't help you very much with your own personal spam problems; what it does is to take the information that you and I and all the other reports provide and put it into a real-time blocking list so that future spamming may be detected and dealt with. As one of our late friends here often said, using SpamCop is a bit altruistic because you are helping others (maybe also yourself) in the future more than getting immediate action now. SpamCop also forwards reports to the responsible providers that turn up in your reports. They can, if they wish, use this information to deal with the spamming within their domains. If the providers don't care whether they end up on a blocking list, and don't want to be bothered refusing service to spammers, there isn't that much more that SpamCop can do about it. You are running into the reality of the spam industry: it is full of crooks who don't care much about complaints until the the complaints start to eat into their bottom line. Outside of complaining to ICANN, I'm not sure. And, we have seen that ICANN can't or won't do anything about crooked registrars except in the most flagrant cases. Unless you know where they live and have some big friends who can help you, I'm not sure. On the other hand, these waves do eventually ebb. If you are just sick of seeing the messages, you may be able to construct a content filter of some sort that can exclude them from your mailbox. I finally did this a couple years back with a particularly persistent spammer. -- rick
  15. If nothing else, this sad vignette brings out the following points: It is unwise to depend for your business' health on the delivery of any given SMTP message. E-mail is not and has never been a public utility or a secure, guaranteed-delivery service. You simply don't know from whom the messages come from and to whom your replies will go. Messages are exchanged among thousands of individual domains, each of which has a right to set its own polices for the sending and receiving of mail. At best, the sender may get a bounce notice to alert him to delivery problems, but don't count on it. Doctors don't use SMTP mail for sensitive customer data, neither do banks. Get an alternate e-mail address from a different provider, use web-based communications, or just use a damn telephone. The assertion was made that a mail provider can't tell bulk users from spammers. This is simply untrue. First of all, no one here to my knowledge has conflated "bulk mail" with "spam." It is the "unsolicitedness" that makes spam, not merely the fact that it was delivered in bulk. Competent mail providers should be keeping outgoing mail logs and address lease info (at least for a short time after transmission), and if you hand them a spam message they should be able to track it down to a specific user at a specific time and date. Yes, there is a potential for false positives in which an innocent sender's mail is blocked just because he happens to share an outgoing MTA with a drive-by spammer. The SMTP protocol is notoriously lacking in means to validate the origins of messages, and provides no verifiable means to distinguish one user of the domain from another. One issue not taken up here is the fact that many spams (if not most of them) come from botnets rather than actual outgoing MTA hosts; these represent abusive attempts to get around a provider's outgoing mail security. SpamCop is very good at identifying these "spewing IPs" so they can be dealt with, and these cases have little potential for false positives.
  16. Again, I think your best bet is to find out why your outgoing mail service is (by your own account) a serial failure at staying off spam blocking lists. -- rick
  17. I can understand your consternation (and will look past the intemperate language), however I think you have your targets mixed up. First of all, you've reached a board composed mainly of SpamCop users, although administrators can and do show up to handle problems (perhaps that will happen here). You should weigh any responses you get here accordingly. SpamCop is an advisory service, it cannot "block" anything (except for certain of its paid users, but that's a very tiny subset of people on the internet at large). Basically, SpamCop collects verifiable facts of the form "x persons received spam from IP address y in the past z hours." and makes this information available to providers for their use. It is the action of the internet providers who use the SpamCop block list that causes mail to be blocked. They are told not to block mail based on nothing more than a blacklist entry, but they often do it anyway. Worse, they may sometimes block the mail for some other reason (e.g., another block list) but misidentify the reason as a SpamCop blocklist entry. Most internet providers send all their customers' mail through a small number (sometimes one) of IP addresses. If these addresses show evidence of having sent spam (via user reports or via spam trap), then they may wind up on the blocking list. So, yes, all of that provider's users can be affected if other providers decide to block mail based on what SpamCop says. Unfortunately, for largely technical reasons, it may be impossible to accurately or precisely discriminate individual mail users behind that mail server address. The solution is for the blacklisted provider to get rid of the spammers. If he does so, then the blacklist entry usually disappears automatically within a short time. Obviously, in order to do anything about your own problem, you'd need to approach a SpamCop admin with details of the problem. -- rick
  18. 1. I believe SpamCop primarily uses the origin IP address of the message to determine its bona fides; it does not really look at the content of the message (although those of us who are paid SC mail users can set up something like that for ourselves). So, even if the message is very spammyt, it might be passed if it came from an address that was not (yet) on SC's "black list." 2. What you are seeing are "MIME encoded words," which are normally done to allow character sets other than ASCII to be used in the subject line. It can, as you point out, also be used as a cheap and desperate form of obfuscation, although it won't fool anyone who can do MIME decoding.
  19. Me too, all day today. -- rick
  20. Just got another carder spam to try out...SpamCop seems to have digested it, reported it, and cleared it. -- rick
  21. Some more symptoms that may be pertinent: The spam that was (or was not?) reported is not cleared from my stack, and the held-mail button times out "Cannot connect to imap server." --rick
  22. Maybe this is part of the problems arising from the maintenance today, if so I apologize for starting a new topic, but I didn't want to scan 36 pages of replies to find out. I didn't find anything current when searching the forum for the title phrase. After submitting spam for reporting, I now get angry red notes at the top of the page like: Can't send report: smtpEnvelope (5992958575.3213cfa1[at]bounces.spamcop.net, postmaster[at]belpak.by): smtpTo rcpt to:postmaster[at]belpak.by (550 #5.7.1 Your access to submit messages to this e-mail system has been rejected. ) Looks like I get one of these for each report recipient (including bounces.spamcop.net). However, the page indicates that "messages have been sent." Never seen this before. Does the "Your" refers to me personally? I don't know who's doing the rejecting, but since it seems to apply to every outgoing address (again, including bounces.spamcop.net) I guess it must be a SC problem. Anyone else seeing this? -- rick On edit: I neglected to provide a tracking URL -- here's one.
  23. Yeah, I just found two messages of the kind posted by the OP when I fired up the computer this morning. Oh well, grist for the mill... -- rick
  24. I think they are innocent of sending me spam. Of their other sins, I know not. Do you mean that the malekal site mentioned in the OP's post is distributing malware? I've been there a couple of times (with my Mac) and saw nothing of concern. -- rick
  25. I think we are in violent agreement. The crooks are the ones sending the e-mail from whatever botnet they have (hence all the different reporting addresses you see). They appear to have acquired lists of known spam complainers, and they've hit on a clever way to "monetize" these lists. Apparently they offer to send Joe Job spam for other crooks who want to make trouble for their competitors or enemies, and by sending them to the spam haters they figure they will make more trouble for the victim. The "victim" (innocent or no) is the webmaster whose site is named in the spam. Most of the spam I get now seems to be of this variety. Accordingly, I choose to report the spam sources but NOT the website address that appear in the body. Breaking news: Looking at http:// blog.dynamoo.com/2013/08/malekalcom-joe-job-part-ii.html (link is munged) I see that the OP's message seems to be a second level of Joe-Job recursion, in which new spam is being sent from a botnet to declare innocence of the old spam. Never seen this before! In any case, it is all spam, and it is safe to report the spam source, and strictly optional (for me) to report the web links. -- rick
  • Create New...