Jump to content


  • Posts

  • Joined

  • Last visited

About washmail

  • Birthday 10/11/1962

Contact Methods

  • Website URL

Profile Information

  • Location
    Johannesburg, South Africa
  • Interests
    Finding positive meaning & options in life

washmail's Achievements


Member (2/6)



  1. Thanks Wazoo, that makes complete sense - my MailHosts could do with a tweak. Sorry, I didn't have time to search for the other, no doubt parallel example. Nor did I think of looking at the tech details for clues - definitely rusty due to lack of spam these days ;-) [Added for anyone interested; This was a MailHosts problem caused by my service provider switching me to an alternative Unix server option which thereby changed some related addresses. The spam concerned was then succesfully reported - see http://www.spamcop.net/sc?id=z2587756130za...f471973bdaa411z ] pseudo-sub-topic ended.
  2. I'm having a similar (?) problem with the last 2 submissions I've made (I believe they're from 2 different sources). Both were made manually. I'm certain I've done nothing wrong... http://www.spamcop.net/sc?id=z2587181818zb...6553d0e4857342z Error given: 'No source IP address found, cannot proceed.' Does anyone have a possible explanation? [Edited to correct the URL given - washmail]
  3. I decided I was probably well enough protected to download a specimen, so did so on one of my less vital pcs. Contrary to previous results, my AV reported the following; Viruses found in the attached files. The file postcard.zip: Trojan horse SpamTool.BZL. The attachment was moved to the virus vault. It's probably the same / similar content as the first example, but of course couldn't be properly examined by the SC AV due to the truncation. This specimen can be examined (without attachment) at: http://www.spamcop.net/sc?id=z2106980622z4...79e8108d8f1de6z
  4. Ok, that seems to be the answer. Although MailWasher doesn't appear to have a Kb limitation, it only allows the first 800 lines to be viewed, and that must also apply to its SC reporting feature (they were mostly short lines). So I will need to find another way to view a new example safely without MailWasher (the Recycle Bin feature also truncates), and hope that it's not larger than 50Kb. But DavidT is probably right - it's unlikely to be anything worth the time...
  5. No, not in this case. Fortunately MailWasher has a 'Recycle Bin' feature; here's the text from the recovered email: Subject: Fwd: Big Virus on its way Just beware! Freda Send to everyone you know. This has been validated on snopes, = check it out for yourself. It will DESTROY your computer. Tell the kids = and grandkids too!!! Please read the message below. It may save your computer! Subject: FW: SNOPES HAS CONFIRM - BIG VIRUS COMING !!! PLEASE READ = & FORWARD !!! =20 =20 (http://www .snopes.com/computer/virus/postcard.asp) Hi All, I checked with Norton Anti-Virus, and they are gearing up for = this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any = message with an attachment entitled=20 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is = a virus which opens=20 A POSTCARD IMAGE, which 'burns' the whole hard disc C of your = computer. This virus will be=20 received from someone who has your e-mail address in his/her = contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to = receive this message 25 times than to receive=20 the virus and open it. If you receive a mail called' POSTCARD,' even though sent to = you by a friend, do not open it!=20 Shut down your computer immediately. This is the worst virus = announced by CNN. =20 It has been classified by Microsoft as the most destructive virus = ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of = virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital = information is kept. COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU = SEND IT TO THEM, YOU WILL BENEFIT ALL OF US Snopes lists all the names it could come in. =20
  6. That's what I did originally, but the parser always truncates larger emails - unless there's a way to prevent that, the zip cannot be of use to anyone here. I thought I could try fudging the header myself, but leave the body intact. I presume doing so is considered too long & messy for the forums. So unless there's another way I will post it on a page at one of my domains and supply a (broken) link. That's if I find a way to get it properly.... In the meantime, we've had some feedback from colleagues who are now also concerned by the same situation. As both the 'warning' and the spam are definately making their rounds locally, I think the spammer may have seen the same 'warning' and decided to play with the idea. We're suggesting that the warning at least is almost certainly false.
  7. I thought of offering a copy of such an email at a temporary box, but some 'fun-loving' idiot visiting these shores would probably delete it or do who knows what. If it's not objected to, I plan to later add the full header concerned to this thread (that's if I receive another example, can find a way to view the header, and if it's not too long for my technical options). Or does someone have another idea for capturing it and passing it on complete? (I won't download it.) In the meantime I've asked the author of MailWasher to investigate the associated view-header problem. Unfortunately in my experience most of these "Chicken Little" type participants never seem to learn anything from feedback, and as they're usually clients, I'd rather not rock the income boat.
  8. I received what I believed to be one of those typical panic-creating 'warnings' that go around, claiming to warn recipients that emails titled "xxx" contain a virus that will destroy your hard drive's contents, and that such has been supposedly confirmed by respected anti-virus companies, Microsoft etc. as very dangerous, and that no current protection is available. As is usual I deleted this 'warning' email without a second thought. However today, a few days later, I received a number of such warned-about(?) emails titled "HallMark Greeting Card". What was most strange about them is that I was unable to view any of the headers on my email control monitor 'MailWasher' - something not previously experienced. I've no idea how this has been achieved... I sent the first one through to SpamCop to examine the headers, and later reported all of them. Sure enough one of them contained an invalid reverse DNS, but the virus scan was clear despite there being a fairly large attachment to each called "postcard.zip". At this stage this is not on my Service Provider's blocklist(s) (which they are using is unknown). My SP appears to use excellent blocklist(s) as I encounter almost no false positives or false negatives. So far the SPs from whom the emails originate are all South African, so this may not (yet) be of international concern. Not surprisingly the SP involved with hallmark[dot]com is refusing any related SC reports. Is it possible that this is a real new threat, and that there is any truth in the warning received? I doubt it, but thought it would be interesting to share this experience and to learn from any feedback. To view: http://www.spamcop.net/sc?id=z2087717778zf...9560e6fa571eb3z
  9. As best as I can understand it, spamjadoo[dot]com appears to claim that they can accurately identify resent spam based on the reply's delay duration, but what you explain above makes it (IMO) likely that such ability would be short lived at best. Fortunately senders of any such false positives would at least receive a server response. I am unfortunately unable to participate further. Best wishes for all your anti-spam endevours.
  10. This thread branches off in new directions from the previous thread "Tackling the world's worst..." (viewing from post #25 would suffice) at http://forum.spamcop.net/forums/index.php?...9152&st=20# spamjadoo[dot]com hasn't responded to my long list of questions, so I've looked beyond for other automated, harmless bouncing options. It appears to me that the main tool of advantage in these type of spam eradicating options on offer is what is referred to as greylisting at server level, a system used to technically identify spam resulting in high eradication success rates. I found a number of articles which discuss this method. I recommend starting with the short article at greylisting[dot]org which also debates it's long term effectiveness. There seems to be quite a bit of software available for server level implementation, but not much could be found regarding individual MX outsourcing to services offering this method. I'm awaiting a response from the only other one I've found so far that seems to fit the need - seiretto[dot]com in the UK. But the question is does greylisting deliver what it promises?
  11. You may also want to try placing a link to http://www.spampoison.com/ on your website. (No need to break this link - bots are welcome to digest it. ) To quote from their website (which generates new, random links offered for use to each visitor); "These links will redirect email harvesting bots to trap sites that will feed it with an almost infinite loop of dynamically generated fake email addresses, mostly on known spammer owned domains! This will render their harvested lists practically useless and of no commercial value." I've got one of those websites that offer literally hundreds of legitimate email links, and despite the negative opinions that abound about this method's long term effectiveness, it continues to work in my experience. It also stopped the abused web forms I and many others on our server were receiving. Sometimes we still get spam via web form, but only once per instance... I went as far as generating my own random list of 10000 nonsense email addresses too. My partner then added some known spammers' addresses, as well as naming the links to such webpage "...poison.htm". All this appears to have helped further, either poisoning the lists or causing the bots to abort and 'flee'. But talking of shooting ourselves in the collective foot, we also inadvertantly help educate up and coming spammers by offering such solutions publicly. Such is the cycle. [Edited for accuracy and extra info]
  12. There's also the different types of spammers. When I first started reporting I had a fair number of 'over-zealous businesses' type spammers who were just trying to cash in on the opportunities of mass emailing, often not realizing the consequences. These quickly disappeared, with a few needing an extra push such as phoning or writing to them directly with threats of SC reporting & the consequences. (The only exception for us was the online software dealer ashampoo.com , and I give their domain without concern as they deserve the mention. The end solution was simply to blacklist their domain.) So in this respect, spam WAS conquered via spam Cop. I decided to take the 'brave' route of not munging my reports in order to get past those ISPs refusing to accept such, but it definitely did increase my spam iro the career spammers. It got worse when I gave detailed reports, and eventually even personal. I take my hat off to those that keep reporting year after year. They've made a serious difference for everyone. Perhaps some BL contributions have now become more automated though. I'm thinking of gmail in particular with their 'report spam' feature; just a simple click. Although considering how many unknowing individuals may report their friends if annoyed with them today etc., who knows how much it may be a contaminated process as well. I don't know if gmail (or any other independent public systems) share/combine their BLs. (IMO) What is really needed is a re-design of the whole system. Unfortunately that requires a degree of cooperation seldom seen in the world. And the dynamics of spam activity will continue to challenge regardless.
  13. In all fairness I must just add that I did hear from them shortly after, and the test-server response of concern was due to them having not set me up yet. I got a very pleasant & professional response, & have sent back a long list of questions & concerns. We will see... But it's up to anyone interested to find out for themselves. I will only post again if there's serious concern (and do so in the correct forum for software issues).
  14. My Spamjadoo summary; Pros: * I consulted some professionals who thought the product's combined offers were impressive and unique, potentialy a best solution. * I googled it briefly and found only positive comment, including some professional opinion (from a user) which offered deeper insight, especially on their "greylisting" concept. * My sign up for free trial was responded to immediately. Cons: * The initial instructions seem to be in the wrong order (first importance placed last?); quite a concern for someone who's never adjusted his MX settings before... (still hasn't) * A suggestion to try their SMTP server first as a precaution made sense, but no SMTP address was given, and nothing obvious worked. The closest to connectivety I got was "550 Sender is Spammer" * An initial webform enquiry hasn't been answered 2 days later. * There's a lack of clear definition and needed basic info on the site. So not for me at this stage. But it's a glimmer of light... I'm done, topic, thread and all.
  15. Can't go into details, but there's been personal communication from the spammer for some time. I think he thinks I'm his toy or pet. Filtering is not the concern, but rather finding a maintenance free option without loosing too much (or anything - obviously preferred) on the false positive side.
  • Create New...