Jump to content

Spamnophobic

Membera
  • Posts

    104
  • Joined

  • Last visited

Everything posted by Spamnophobic

  1. Brazilian mailserver administrators seem to be the only ones recently repeatedly sending spam over the same server. I always report, also to Brazil, of course. What e-mail address is the "invoice accounts dept."? Don't know what the "invoice accounts dept." might be. Receiving much spam from Brazillian servers (.br is the identified source). Meanwhile I'm receiving large amounts of backscatter now. Do so many so-called "administrators" still not realise that the address forged in the sender e-mail is not the source of the spam? They're clearly not worthy of the title "administrator". I still keep reporting them in the hope that once they're on the SC blacklist/blocklist they will one day understand that sending autoreplies etc (out-of-office, non-delivery etc.). back to the sender listed in the header (easy for spammers to forge) should be disabled? Perhaps they'll notice when their customers can no longer send e-mails because they're on the SC blacklist !!!@? Lazy administrators watch out. Of course the backscatter getting submitted to SpamCop is simply because my e-mail spam detection is set to forward spam to my spam aliasses to SpamCop which generates a "SpamCop errors encountered" message which does give me a heads-up to resubmit it manually as an attachment. I have nagged my e-mail provider to provide an option "forward as attachment" but they have not proved willing to do that, though to their credit they have allowed me multiple aliasses to allow me to select spam and send it manually. As long as it is included as an attachment, which it is in the case of a rejection e-mail or out-of-office reply, it is however submitted.
  2. This is known as "snowshoe spam". Spammers still appear to be trying to use as many different mail servers as possible, apparently to avoid reports accruing to any one server and get it on the Spamcop (and other) BL. Though in the current spamstorm (Dec. 4th 2023) they seem to have thrown caution to the wind and are hammering at least one server, in Brazil. It's all extortion spam, and I hope anyone on this forum knows better than to fall for that.
  3. Hi persistent spamfighters, Recent weeks have seen a "mini tsunami" of spam against my spamfiltering e-mail aliasses. They are all extortion spams of the familiar type. The addresses they are against seem to have been collected together for some sort of big effort on the part of spammers. Typical tracking URLs: https://www.spamcop.net/sc?id=z6872438022z3beec9a957231590a431826637bc21f0z typical backscatter https://www.spamcop.net/mcgi?action=gettrack&reportid=7298440529 report in Spanish of original extortion spam https://www.spamcop.net/mcgi?action=gettrack&reportid=7297979107 report in Dutch of original extortion spam There has been much backscatter, whereby spammers have inserted my e-mail aliasses as senders, and clueless e-mail systems have bounced the spam back to my alias. Interesting is however that these bounces have been forwarded to Spamcop. Spamcop normally greets inline forwards with a "SpamCop encountered errors" messages, but does accept forwards as an attachment. The clueless bouncers send the message back to "me" as an attachment. But how on earth does it get from there to SpamCop? Of course I am fine with spam or backscatter being forwarded to SpamCop. There was once a lot of discussion about whether backscatter could be reported as spam, but if I remember correctly this was resolved with the decision that any unsollicited mail, including backscatter, could be reported, and on that basis I have been diligently reporting the backscatter too. But what is the step that leads backscatter to be reported to SpamCop after "bouncing" as attachments by the clueless mail servers, without my intervention to report it? Anybody any idea? Meanwhile "my" spam tsunami seems to be slowly abating, with only backscatter reverberating around like residual waves on the sea. And I'm not too bothered as I have well-proven spam defences, even in these times of war. Alexai please note. But just curious how this particular step would have worked. Cheers. PS if this is some new line of defence by SpamCop which shouldn't be made public, I am fine with that. A PM would suffice.
  4. I recently obtained a new SpamCop reporting account. The old one always used to show me an extra field in the report form which I could use to send an extra report. Typically I would use this to send a report to postmaster@[whatever gmail or hotmail account spammer used] only of course for scam spams where the scammer typically needed my reply to sign up, so that the mail address had to really exist. I would ask the postmaster to close the account, and this would typically be succesful. However, with my new account this field is no longer shown. Does anyone know why not and how I could retrieve this possibility? Tracking URL without this possibility: https://www.spamcop.net/sc?id=z6754026074z61bb1c52cba0a8aa80d58b4086861910z Unfortunately I can no longer obtain a tracking URL with this possibilty as reports are now too old, and also older reports are under an older SpamCop Login which I can no longer access. Can anyone appraise me of the situation? Thanks.
  5. Once again seem to be locked out of my account, with long and strong password. Have emailed deputies again.
  6. Issue with my account has hopefully been resolved by resetting everything. Thanks to all above and administrators.
  7. The original problem, it is becoming clear, was backscatter spam. spam was sent from "my address", which had been distinguished by being chosen as spamsender of the month by the United Spammers' League, to among others an address with a default reply to all rule. However there is also an ongoing issue with my account, which the administrator is investigating at the moment. I'll supply updates as appropriate.
  8. How do I contact the deputies these days?
  9. Changed. Was always strong and random as possible. It always struck me that SC wouldn't accept a properly strong password. I'd have to log in with the old cqmail user name and weak PW. That cqmail account disappeared owing me about 100 dollars and ceased communicating. Now SC apparently does accept cqmail with strong and long PW. Now perhaps a new, secure, inlog name, and an apology for those who lost out on cqmail? Has someone been spoofing my account?
  10. And just now a report I just submitted, sent to a former Adobe address (disowned and added to spamlist after the attack several years ago and received many spams) can so-called not be processed due to it being "153.3 days old". https://www.spamcop.net/sc?id=z6743096695zd1ddd3a8cfa3eff552d206e6e4e549d2z You would almost think it was enemy action. I've no idea what held mail in someone's queue would mean for me. I only submit "my" spams. This is certainly an issue with reporting, and I'd appreciate alerting of Admins, if they still exist here. Update: on the SpamCop website I now have many "Unreported spam saved: Report Now" links, and following them leads to reportable spams, which I have industriously been reporting. They're all "21' or '20' hours old" and I didn't submit them, as noted in my original post. Parser glitch or enemy action? Who shall say?
  11. Correction, on February 28th I did submit 2 spams which I reported succesfully before the situation described above. One of them was one of the nasty extortion spams currently popular: https://www.spamcop.net/sc?id=z6742955709z4f00dcbac36aa591aa7964af32506b6cz https://www.spamcop.net/sc?id=z6742918672z77166b98dfdb432b0109d515a6155c17z
  12. This morning I received 19 "...accepted 1 email..." and 1 "...accepted 2 emails..." notifications, dated 28/02/2022 between 22:21 and 23:24. All contain links to emails which on the website give "Nothing to do" messages, due to "identified internal IP as source" and similar errors. A sample of the tracking URLs: https://www.spamcop.net/sc?id=z6742978693zd183f9bd14331d8753ba623686d9183fz https://www.spamcop.net/sc?id=z6742982072z43f384c3bc1d8c3115203a2a05f3b425z https://www.spamcop.net/sc?id=z6742982954z20c8c95ac54af6051dfa2691c357fb65z Interestingly, I did not send any e-mails for processing. Does anyone know what is going on?
  13. Unreportable spams are thudding in by the minute. https://www.spamcop.net/sc?id=z6732205759z7eb130638516cdc223210ae24513a1b9z https://www.spamcop.net/sc?id=z6732205761z991de4a16b0886373c94dc960a28a8aaz Are they winning?
  14. New example: https://www.spamcop.net/sc?id=z6732201120z69df5d94abc21c007a353e49e646e6ecz
  15. There is now an onslaught going on consisting mainly of extortion spams. See: https://www.spamcop.net/sc?id=z6732174328z808349d644c89f02960be5c4ffd7445dz Run the Dutch through Google Translate if you need more convincing. Also, another attempt is under way to undermine SpamCop reporting. My reports are being neutralised as in tracking ID: https://www.spamcop.net/sc?id=z6732188769zd789666583b273187fe5295f18b28669z Can someone help?
  16. Thank you all for your speedy replies. @gnarlymarley 185.148.67.27 is definitely not one of my mailhosts as my latest mailhosts refresh confirms. I don't doubt that it is infected as Petzl says. @Petzl Thanks for your info on this machine. Somehow it seems to have fooled SpamCop into thinking it is one of my mailhosts. This happened to me before (and a number of other SpamCop users as I understood), and was only finally solved after administrative action by SpamCop staff. I would rather not elaborate on the technical details here, following advice by SpamCop administrators. But it was definitely a spammer trick to try to disable SpamCop reporting. Obviously this latest round of scare mails is potentially a lucrative business for these criminals and they really hope that this sort of action on (may I call them "Scareware" mails?) will hold off spam blocking long enough for them to have terrified many users worldwide into giving away, as I said, Heaven knows what. SpamCop admin, methinks urgent action is once again required. See my previous thread on this problem. Thanks.
  17. Another year, another onslaught. This example of a spam which fools SpamCop: https://www.spamcop.net/sc?id=z6711267418zdf68ad337aa8e4fc8dd805e6bbd5cb6dz is one of a particularly nasty sort of spam, which scares the living daylights out of ordinary mail users, who believe that their "accounts have been hacked" and are spooked into giving Heaven knows what away to the criminals who send these spams. Which all scares people away from communicating by e-mail, the simplest, cheapest and safest means of communication mankind ever invented, and drives them into "social media", "whatsapps" and all sorts of programmes which are more expensive and far less safe. Can we see a tendency here? Can SpamCop Admin investigate why this, and a number of similar spams, are failing to parse? Something of a spam storm seems to be going on, with all sorts of sudden failures of SpamCop reports. Yes, I did my mailhosts. Thanks, Spamnophobic
  18. @Petzl, my mailhosts haven't changed, although just to be sure I'm re-running the mailhosts "app". However, 31[dot]onefourfive[dot]190<fullstop>66 is definitely not one of my mailhosts. It is the closest the parse gets to the original spam sending address. It is a mail server in Turkey. The parse quotes one more IP, called "User", 176<dot>thirtytwo[dot]25[dot]27, which I am unable to ping (times out). My point is that SpamCop is unable to parse the spam mail ("No source IP address found") In the past spammers have tricked SpamCop into giving this error message. See my earlier posts in this forum. (This was eventually resolved with the help of a SpamCop administrator.)
  19. OK I know we have been here before, but could somebody examine my tracking url: https://www.spamcop.net/sc?id=z6634628358z460dafae0c54205ace1fe027dc2ff311z perhaps forum seniors or SpamCop staff can suggest how to get these new ones reported?
  20. Fortunately this spammer is kindly supplying plenty of spam which I can use for test purposes ((:-)((:-). I removed all dots before the lines you quoted, but the problem still persists. I pin my hopes on a reply from SC admin, and otherwise will just have to bitbucket all this technically deficient (:-) spam.
  21. Standing by to clear this submission in the next 5 minutes now ...
  22. Hi MIG and everyone, I cleared all unreported spam, re-registered my mailhosts (with success confirmations from SC) and submitted the spam again. Unfortunately with the same result: https://www.spamcop.net/sc?id=z6555694630za30fc845e6b4850c08edbf9f896ce578z As this is a potentially "live" submission I will clear it after everyone has had a chance to look at it. It had been a long time since I last registered my mailhosts, and DDS may well have introduced new hosts, especially as they have been taken over by TransIP group and Combell Group recently. Thanks to all for your help.
  23. When I submit a spam, either forwarded as an attachment or with full text pasted into the box, the parse goes no further than "Parsing header:". No "Report spam" or other button is shown. Example: https://www.spamcop.net/sc?id=z6555638759zce8ca756ddbb272131813a1b95647e30z This does not happen with all spams. Clever spammer trick to foul SpamCop's machinery, glitch in said machinery? Anyone have an idea?
×
×
  • Create New...