Jump to content

Spamnophobic

Members
  • Posts

    87
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://

Profile Information

  • Gender
    Female
  • Location
    Amsterdam, The Netherlands

Recent Profile Visitors

1,568 profile views

Spamnophobic's Achievements

Member

Member (2/6)

0

Reputation

  1. Thank you all for your speedy replies. @gnarlymarley 185.148.67.27 is definitely not one of my mailhosts as my latest mailhosts refresh confirms. I don't doubt that it is infected as Petzl says. @Petzl Thanks for your info on this machine. Somehow it seems to have fooled SpamCop into thinking it is one of my mailhosts. This happened to me before (and a number of other SpamCop users as I understood), and was only finally solved after administrative action by SpamCop staff. I would rather not elaborate on the technical details here, following advice by SpamCop administrators. But it was definitely a spammer trick to try to disable SpamCop reporting. Obviously this latest round of scare mails is potentially a lucrative business for these criminals and they really hope that this sort of action on (may I call them "Scareware" mails?) will hold off spam blocking long enough for them to have terrified many users worldwide into giving away, as I said, Heaven knows what. SpamCop admin, methinks urgent action is once again required. See my previous thread on this problem. Thanks.
  2. Another year, another onslaught. This example of a spam which fools SpamCop: https://www.spamcop.net/sc?id=z6711267418zdf68ad337aa8e4fc8dd805e6bbd5cb6dz is one of a particularly nasty sort of spam, which scares the living daylights out of ordinary mail users, who believe that their "accounts have been hacked" and are spooked into giving Heaven knows what away to the criminals who send these spams. Which all scares people away from communicating by e-mail, the simplest, cheapest and safest means of communication mankind ever invented, and drives them into "social media", "whatsapps" and all sorts of programmes which are more expensive and far less safe. Can we see a tendency here? Can SpamCop Admin investigate why this, and a number of similar spams, are failing to parse? Something of a spam storm seems to be going on, with all sorts of sudden failures of SpamCop reports. Yes, I did my mailhosts. Thanks, Spamnophobic
  3. @Petzl, my mailhosts haven't changed, although just to be sure I'm re-running the mailhosts "app". However, 31[dot]onefourfive[dot]190<fullstop>66 is definitely not one of my mailhosts. It is the closest the parse gets to the original spam sending address. It is a mail server in Turkey. The parse quotes one more IP, called "User", 176<dot>thirtytwo[dot]25[dot]27, which I am unable to ping (times out). My point is that SpamCop is unable to parse the spam mail ("No source IP address found") In the past spammers have tricked SpamCop into giving this error message. See my earlier posts in this forum. (This was eventually resolved with the help of a SpamCop administrator.)
  4. OK I know we have been here before, but could somebody examine my tracking url: https://www.spamcop.net/sc?id=z6634628358z460dafae0c54205ace1fe027dc2ff311z perhaps forum seniors or SpamCop staff can suggest how to get these new ones reported?
  5. Fortunately this spammer is kindly supplying plenty of spam which I can use for test purposes ((:-)((:-). I removed all dots before the lines you quoted, but the problem still persists. I pin my hopes on a reply from SC admin, and otherwise will just have to bitbucket all this technically deficient (:-) spam.
  6. Standing by to clear this submission in the next 5 minutes now ...
  7. Hi MIG and everyone, I cleared all unreported spam, re-registered my mailhosts (with success confirmations from SC) and submitted the spam again. Unfortunately with the same result: https://www.spamcop.net/sc?id=z6555694630za30fc845e6b4850c08edbf9f896ce578z As this is a potentially "live" submission I will clear it after everyone has had a chance to look at it. It had been a long time since I last registered my mailhosts, and DDS may well have introduced new hosts, especially as they have been taken over by TransIP group and Combell Group recently. Thanks to all for your help.
  8. When I submit a spam, either forwarded as an attachment or with full text pasted into the box, the parse goes no further than "Parsing header:". No "Report spam" or other button is shown. Example: https://www.spamcop.net/sc?id=z6555638759zce8ca756ddbb272131813a1b95647e30z This does not happen with all spams. Clever spammer trick to foul SpamCop's machinery, glitch in said machinery? Anyone have an idea?
  9. /devnull prevents reports going to those who would otherwise get them. That is what I mean by protecting them. In my opinion there is a very valid reason, i.e. my address and credit card details with them have been compromised, for sending these reports to amazon's inbox. SC's historical analysis is certainly worthy, but there is stuff going on on the battlefront here. I will certainly not send you any unwanted PMs, though I would have liked to prove to someone that amazon.com accounts have been compromised. NB Amazon doesn't even have a public e-mail address to which I could report abuse. A rapidly increasing tendency among the Internet behemoths.
  10. Spamcop often sends spam reports to the bitbucket (/devnull). Very often this is justified. For instance when a spam includes a link to the valid URL of a commercial bank or business, trying to make their phish pitch seem genuine. That the well-known URL has been included in the spam is in no way the fault of the bank or business and there is nothing they can do about it. However, recently some web businesses, such as amazon.com, have been compromised and e-mail addresses exclusively shared with them by their customers, such as me, have suddenly started receiving spam. And very nasty spam at that: links which if clicked will encrypt every file on my system and make me liable for extortionate payments: ransomware. This was today the case with my amazon.com account. I was therefore very disappointed to see SpamCop protecting amazon.com by not allowing my report of this serious security breach to be sent to postmaster@amazon,com Of course I could send a copy of this report myself, but amazon would simply reject my e-mail as being from an insignificant individual and not even read it, whereas SpamCop reports carry status, which as a faithful SpamCop reporter of many years standing, I feel myself entitled to leverage. SpamCop should cease to protect postmaster@amazon,com from SpamCop reports, because amazon.com has clearly been hacked and their customer confidentiality breached. Tracking URL: http://www.spamcop.net/sc?id=z6425955718ze5e589fdfe4e3c3f466cdcb069cf85fcz I can supply confidential details such as compromised e-mail address to a moderator by PM.
  11. Nice for the spammers though. Any evidence of enemy action? Spams are pretty important these days for pushing ransomware.
  12. Sorry I mean the return is decreasing (or the cost is increasing).
  13. Recently I made an interesting discovery about "my" spam. It has lead me to some new ideas. My system essentially consists of using disposable addresses (see Sneakemail for the principle). Once too much spam comes in on a given address, it goes into my spam management system. This consists of two phases. Phase I: intensive reporting As I award a new address to each person/firm/activity (PFA), I can easily see which of these has been responsible, inadvertently or otherwise, for passing on the address to criminals a.k.a. spammers. From then on I report every such spam via SpamCop, sending copies of the report with appropriate messages to the PFA to whom the address was awarded, alerting them to the breach of confidentiality. This I continue to do for as long as I feel like, but certainly until I am sure that the PFA has got the message. Sometimes it leads to interesting exchanges. Phase II: the bitbucket Once I deem the reporting period described in Phase I for a given address to have expired, I set my system to completely /dev/null (delete) any further mail sent to this address unread. Before making this change I usually send the PFA concerned a new e-mail address, on the strict understanding that they will now be more careful with it (which they usually are), or set in place other new measures as appropriate. This limits the spam received considerably, makes it manageable, but thanks to SpamCop gives me a way of fighting back at the same time. It has served me very well over the years. Recently I took a new step. Out of curiosity, about 3 months ago, I removed one of my first, old, bit-bucketing measures. At the centre of this was an address that in its heyday was sending me 10-15 spam per day. To my surprise I have only received 1 spam to this address in 3 months! This has given me food for thought about what may be behind it. Why should a spammer ever drop an address? Well, first of all of course there is listwashing. However, since the move to Phase II meant that these spam were no longer being reported, there would have been no further incentive from this point on for the spammer to listwash my address. I have now formulated an hypothesis - and it is only that - about how this may come about. When spamming started, "certain individuals" discovered that using open relays etc., and a bit of SMTP scripting, they could send a mass e-mail to as many addresses as they had, for free. Cue spammers' Eldorado. Response in the arms race was limiting open relays (open proxies, etc. etc.). Spammers' response: enlist hackers to recruit compromised machines to botnets, and continue as before. Response: combat botnets (somewhat succesful, but "snowshoe" techniques etc. still give spammers "bandwidth"). Frankly I've rather lost track of the current state of the art in the arms race, but my general impression is that while we've no way won the war yet, for spammers the law of diminishing returns is perhaps finally setting in. As spam has become a more and more widely recognised problem, more and more countermeasures have come into place. These days every free mail account even, comes with a spam filter of sorts, for instance. But everywhere more and varied countermeasures can be seen (not least SpamCop!), none of which stop spam, but all of which are gradually pushing up the cost per spam sent. Where once the sky was the limit, now the return in terms of dollar earned or sucker found per unit cost of spam sent is slowly, but inexorably increasing. We as fighters against spam and criminality have one great advantage over spammers/criminals which we should never forget. We work together, whereas spammers/criminals have to fight against each other. You can see evidence of this for instance where spammers sell each other lists of "100% valid e-mail addresses" but sometimes carefully include known SpamCop reporters in them, so simultaneously sabotaging the efforts of their competitors, a little. It's like the ecosystem of parasites vs. symbionts in the biological world (I once posted on this, hyperlink is http://forum.spamcop.net/topic/9935-resolved%C2%A0multiple-hosts-for-the-same-spamvertised-site/#comment-68121). At the same time Boris the Botnet Renter isn't getting any cheaper either. So any spammer with even half a thought for their business model, will eventually have to look at their lists, and try to figure out some way of sorting out their highest value addresses from others, with a view to perhaps limiting their spew volume. This is what I believe is happening, slowly. Well, your mileage may and will of course vary. I freely admit that it's quite a sweeping conclusion to reach on the basis of one spammable e-mail address which seems to have gone out of fashion. It may have been on CDs or DVDs which have since oxidised away, and never made it on to little Alexei's database. But his administrator will be charging him more and more to use the database, or using his bandwidth more productively, fixing elections for instance. Anyway, as I said it's just an hypothesis. These are just my thoughts, and I don't really have the resources to do more forensic analysis. Like most people, I'm just trying to get by and to manage "my" spam as intelligently as I can.
  14. I only just read this, with great shock. He was one of the funniest, wisest and kindest people this forum ever had. His insightful and witty contributions were always a joy to read. Sometimes the penny would only drop for me at the third reading and I would burst out laughing. From what Mike says above, and from the person with whom I became acquainted from the several PMs we exchanged, I think the best tribute I can pay is to keep in mind the patience and knowledge he would always offer when posting. Penny
×
×
  • Create New...