Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by waugh

  1. DavidT, thanks for pointing out the Twitter address.
  2. I use sneakemail.com in front. I might try making sneakemail direct the likely spam to spamcop.net, and the mail that comes on non-spam addresses elsewhere (e. g. Yahoo or Google). But my immediate problem is I tried to register an online account with a firm with which I already have a relationship, and their web software doesn't provide a way to resend the confirmation e-mail.
  3. It has been several minutes since I sent test mail to myself, but it's not showing up in my inbox on webmail.spamcop.net. The last spam I received is from 1 3/4 hr. ago.
  4. Spamcop Webmail Down -- Can't Get In Via the Web
  5. By "webmail", I meant Spamcop webmail. Now when I go to both of the links given by petzl, it shows my reports that I made after discovering the problem. When I discovered the problem, when I logged in, the page I reached right after login told me that there had been bounces from my mail address (which is Spamcop webmail). I pressed the button that indicates that the problem is "resolved". So maybe the Spamcop reporting interface drops all reports that come from a bouncing e-mail address. So, anyway, it looks as though whatever the problem was, it is resolved now. I can see the reports that come from my reporting now. Thanks for the help. Jack Waugh
  6. When I go to my "Past Reports" tab, it shows no reports, even though I made some recently via webmail. The reporting account I'm logged into has the same credentials as my webmail account. Jack Waugh
  7. I did another partial de-obfuscation of another malware delivery vector. The result is still quite obfuscated and amounts to 15022 characters of JS. I don't know of any place to post my partial result for in case anyone wants to take it further.
  8. I, too, am struck by how much our reports differ. Some of the entities such that my address with them has somehow leaked are: - Ameritrade - Zecco Trading - Smartgroups (defunct web service) - ContrarianPicks (not surprising; an obvious scam in the first place) - Return Path (not surprising) - StuffIt (software for Microsoft O/S) - this forum None of the addresses produces any hits in Google search.
  9. Had to unfriend TPB chums to get unblocked. http://www.theregister.co.uk/2011/10/13/du...cuses_spamhaus/
  10. These are just remarks in passing; I'm not asking for solutions. Today I received a spam to an address of mine that I have published continuously all over the web for the last at least 13 to maybe 15 years, and it reminded me how infrequently that happens. By far most of the spams I receive (maybe 20 or 25 a day) come on addresses that I gave to corporations when signing up for their services. An intermediate number (a few a month) come to an address that I used (stupidly) as my name on Wikipedia. All the latter are in Chinese.
  11. Well, I think that if anyone wanted to submit it to said rating sites (which I won't take the time to do; sorry), they'd be standing on firm ground. I have not the slightest doubt that it is malware of some kind.
  12. If anyone reading this has the time and inclination to decode an obfuscated JS program, you can "curl" it from http://upqwtqkzt.www1.biz/main.php (referenced in spam) (if it hasn't already been taken down or changed). It shouldn't be that hard to substitute for the E V A L something that will display the embedded code, if you know java scri_pt and the DOM. [edit] live link removed
  13. Despite all the limitations I asserted (correctly or not) above about switching to using a virtual folder for highlighting spam, I now do exactly that. I don't have the redirection to "Held Mail" turned on. Everything comes to my inbox. I still have filters that send to Trash anything flagged from the Spamcop blacklist or having above a certain SpamAssassin score. These leave in my inbox the messages I really want to report. So I go to my "spam" virtual folder, which exposes just the messages in my Inbox that came on the addresses that only spammers use. I report those messages as spam quite fast and regularly. Once that virtual folder looks empty, I can go to my Inbox and see my real mail almost free of spam. A "Thank you" to the person who first brought up here the idea of using a virtual folder for highlighting spam to report.
  14. Yum, pork shoulder. OK, thanks. There's a great scene in the movie _The Prizewinner of Defiance, Ohio_, a move I highly recommend. The wife and children are eating caviar from a spree through a store that the wife won in some jingle contest (it's set in the 1950's). The husband just wants to eat Hormel pam brand canned pork shoulder.
  15. Continuing the side conversation about virtual folders vs. "filters" -- In a "filter", you can include a predicate that observes any arbitrary mail header you choose. That lets me filter on spam Assassin ratings. Virtual folders cannot do the same.
  16. When I only use the virtual folders, they don't disappear. I have seen them disappear when I attempted to add new ones. I cannot reproduce this behavior; the occurrence of it was spurious. But it happened enough that I won't invest much effort into building them for antispam purposes. Also, the system doesn't provide a way to transfer information between the virtual folders and the "filters" (of course, both are filters). So, if I have invested effort in "filters", if I wanted to use "virtual folders" with the same predicates, I'd have to re-enter the predicates (leaf and branch) by hand. So that places before me a barrier to switching techniques.
  17. I have seen the system forget virtual folders, not very long ago.
  18. I, too, felt surprise when I first noticed this trend by the spammers. It would seem to work against their purposes. Pretty soon I added some filter terms so that mail sent to me "from" some of my public addresses would go into the folder I use for reviewing very probable spam before reporting it. I also filter into this folder on terms in the subject line, such as "rod", "instrument", "little friend", "virility", "manhood", "stick", "watch", "timepiece", and "we will call you back". Also, on addresses of mine that no longer have a legitimate use. I put the union of all that in that folder. A quick look through the subjects or in a few cases a tag in the "from" part (from Sneakemail) indicating which address of mine the spammer reached me through, catches any false positives from this filtering. Which brings up another interesting evolution in spamming practice. A while back, the subject lines of spam used to be just about all noise. Now they have gone back to laying out in the subject what they are trying to sell. This makes it easier for us, so I don't know why they changed course in that direction.
  19. petzl, I wasn't arguing a point, just remarking about how typical it is for me to get spam that I would like to report automatically. Thank you for reporting how well greylisting works for you. I will turn greylisting on for more of my addresses.
  20. Message Filter activity: The message "Get an upgrade of Adobe Creative Suite right now for only $179,95." from ""[censored] |former Ameritrade|" <[censored]t[at]sneakemail.com>" has been moved to the folder "INBOX.Trash". Message Filter activity: The message "FW: Global job vacancy-apply now" from ""[censored]-at-sneakemail.com |former Ameritrade|" <[censored]t[at]sneakemail.com>" has been moved to the folder "INBOX.Held Mail". Message Filter activity: The message "FW: Global job vacancy-apply now" from ""[censored]-at-sneakemail.com |former Ameritrade|" <[censored]t[at]sneakemail.com>" has been moved to the folder "INBOX.Held Mail". The above greeted me immediately when I returned to my mailbox after having posted my message here of a couple of minutes ago. The message that went to my trash did so because it came from source that is already blacklisted, and that's how I set up my filters. The ones that went to my held mail are about to be reported as spam by me. They came on my former Ameritrade address, and from sources not currently on the Spamcop blacklist.
  21. OK, I eventually looked up "honeypot" and "spamtrap" on Wikipedia. I am a client of TD Ameritrade, a stock broker. The address I originally registered with them started to receive spam some time ago, all of which specifically had to do with investment scams. I think at least half the spam I receive today that is not filtered via the blacklist, comes on my original address for Ameritrade. I never published that address nor gave it to anyone else (this time I'm sure). I eventually registered a new address with Ameritrade. The new address has never received any spam. I received a notice (by paper mail!) that Ameritrade had been sued in class action, and lost, for having leaked many of their clients' addresses to the spam industry. So, now I know an address that cannot be used for any legitimate purpose. Anything that arrives on it is spam for sure. Evidently it is good to report spam, and the faster the better. However, I have to intervene manually for every case of receiving spam on that address, before the spam can be reported on my behalf via Spamcop. But I suppose the basic lesson of this thread is that if Spamcop offered an easy way for clients who have not studied these matters carefully to set up automatic reporting of any class of mail as spam, the fear is that in too many instances clients would accidentally cause the reporting of legitimate mail as spam. And of course that would run counter to our common purpose of defeating the purposes of the spammers. Let me take this opportunity to thank Spamcop and all the volunteers who help them for their dilligence in working to wipe out the social ill that spamming is.
  22. Thanks for that reference; it helps me understand under what conditions Spamcop's experts believe that automatic reporting is worthwhile.
  • Create New...