Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by priruss

  1. Today, I received occurrence number 12 of these "identified internal IP as source" spam emails that Spamcop cannot seem to trace without human intervention. WHILE I APPRECIATE SPAMCOP ADMIN'S CONTINUING AND ONGOING ASSISTANCE WITH THEM, I simply do not have the time or inclination to continue to submit these spam emails "back-channel", as doing so introduces an inordinate and unacceptable delay in correctly identifying their true source. Changing email providers is not a viable option for me at this point either.

    Spamcop is obviously vulnerable to being bamboozled by what appears to be an issue with flawed Yahoo! headers, and I therefore cannot continue to utilize Spamcop to parse spam I receive in my Yahoo! email until this issue is rectified. I will therefore use my own devices as best I can to trace the spam headers and submit reports to the originating ISPs. Or, failing in that and as appears much more likely, I will simply shut up and eat my spam.

    Good luck with fixing this, Spamcop. I really do like your service and hope you can one day rectify this situation.

  2. Note: Being posted in Announcements, there was no way for us "ordinary" users to weigh in on the topic at the place where it actually occurred, so I chose this venue to do so. Indeed, the item was the only pinned item that I saw that did not permit replies of any kind. If that was inappropriate of me, I will happily accept correction and will move or accept the movement of this discussion to wherever it IS appropriate.

    Executive Summary: In a nutshell, Wazoo's Announcement was a public spanking of a frustrated user who apparently used the PM functionality provided by Spamcop to contact other multiple users in a perhaps inappropriate attempt to get an answer to his or her question. The aforementioned user apparently had his or her PM privileges suspended for a couple of days as well.

    Full disclosure: I am not the publicly spanked user in question, nor do I know him or her from Adam or Eve. I do still have "reporting fuel" on the books and currently intend to acquire more as the need arises.

    Repeated readings of Wazoo's announcement left me asking several questions about how this matter was (or wasn't) handled:

    - Was an attempt made by Wazoo or anybody else to actually answer the user's question in that or any other venue? If so, a link to that attempt would have been usefully deployed in the Announcement.

    - Is there a stated and codified limit on the number of PMs that an individual user may send over (X) amount of time? Again, this is information that would have been useful in the Announcement.

    - The spanked user referenced his or her attempts to receive an answer to his or her question being thwarted by "smug" and apparently unhelpful replies by other Spamcop users. Did this actually occur? If so, is such behavior permitted, and were these users disciplined as well?

    Remembering back when I was a new user, I can confirm that the way that the FAQs and forum topics are laid out can be utterly baffling and really do constitute a "wall of text" that only the bravest and most determined have a prayer of navigating successfully. This is not as much criticism as it is an acknowledgement that the topic of spam itself is complicated and can be "a maze of twisty little passages, all alike".

  3. Just FYI, as of today (10/8), shift alt F no longer works in Yahoo! for forwarding spam. It now opens the File pulldown at the top of the screen instead. Haven't found the "new" sequence that will let you do it yet, but will update this if I do.

    Absolutely brilliant fragile, THANKS!

    Just to paraphrase, in the "new" Yahoo

    • select spam in Yahoo Inbox (without opening)
    • Shift-Alt-F to bring up forwarding screen
    • enter To: SC submit address
    • send
    • go to member page to complete submission
    • (or await SC confirmation mail and follow link)

    Yes, yes, it works! Pinning a link to your solution, adding link to previous discussion too.

  4. I'm getting inundated by spam containing links pointing to IPs and The closest I can get a traceroute to get to these IPs is:

    TraceRoute from Network-Tools.com to

    Hop (ms) (ms) (ms) IP Address Host name

    1 24 0 0 -

    2 0 0 0 xe-4-2-0.er2.dfw2.us.above.net

    3 25 0 0 xe-0-1-0.cr2.dfw2.us.above.net

    4 0 0 0 xe-0-2-0.er3.dfw2.us.above.net

    5 0 0 0

    6 1 1 1 switchport1.hostwindsdns.com

    7 0 0 0 -

    8 Timed out Timed out Timed out -

    9 Timed out Timed out Timed out -

    10 Timed out Timed out Timed out -

    11 Timed out Timed out Timed out -

    Trace aborted.

    hostwindsdns.com is obviously an upstream DNS provider for these IPs. So why when I add abuse[at]hostwindsdns.com to my spam complaints is Spamcop not allowing them to be sent? I'll happily accept correction if hostwindsdns.com isn't involved, but please tell me why they would show up on the traceroute as an upstream if they're not. And, if they're not the DNS provider, then who is?

    Edit: Some tracking URLs for these turds:





  5. tippingthescalesinyourflavor.com





    And many many more. spam complaints to these entities go to the titled email address and subsequently straight into the bit bucket. Is this a spam gang who just registered a bunch of dot coms with some poor schlub's email address?

  6. Several times I have tried to report one specific email I received in my Yahoo account but each time I get this error:

    Your message could not be sent.

    Error sending message [sendMessageFailed]

    Every other message I report to Spamcop from this Yahoo account works fine. Any ideas?

    I've seen other discussions here that seem to indicate that this is a Yahoo! problem, not a Spamcop problem. They have said that Yahoo! is seeing this email as spam itself and not allowing it to be sent. I've run across several of these, and the only remedy I've found is manual copy-and-paste into the Spamcop interface. I await and will accept correction if I'm wrong about this.

  7. Notice the "devnull" part of that address.

    Noted, and noted the rationale for this. However, unlike almost every other Spamcop reporting

    breakout I've seen, no mention is made in the report that reports are being forwarded to


    Here's the breakout of the response I received:

    Tracking message source:

    Routing details for

    [refresh/show] Cached whois for : tanetadm[at]moe.edu.tw

    Using best contacts tanetadm#moe.edu.tw[at]devnull.spamcop.net

    Message is 35 hours old not listed in dnsbl.njabl.org ( ) not listed in dnsbl.njabl.org ( ) not listed in cbl.abuseat.org not listed in dnsbl.sorbs.net not listed in accredit.habeas.com not listed in plus.bondedsender.org not listed in iadb.isipp.com

    Finding links in message body

    Parsing text part

    no links found

    Reports regarding this spam have already been sent:

    Re: (Administrator of network where email originates)

    Reportid: 4939297280 To: tanetadm#moe.edu.tw[at]devnull.spamcop.net

    If reported today, reports would be sent to:

    Re: (Administrator of network where email originates)


    Nowhere in the above report does it indicate that the report was forwarded

    to abuse[at]ntu.edu.tw. In other words, there is no way I could have known

    that the report was being forwarded to abuse[at]ntu.edu.tw if you hadn't told me here.

  8. oitc.com' post='71640' date='May 25 2009, 10:12 AM']The correct reporting address is abuse[at]ntu.edu.tw...

    Spamcop is still forwarding complaints to tanetadm[at]moe.edu.tw

    Submitted: Sunday, May 09, 2010 7:19:48 PM -0500:

    ATM Card Value is $1,000,000,00 Million USD

    * 4939297280 ( ) To: tanetadm#moe.edu.tw[at]devnull.spamcop.net

    Apparently not enough spam coming from Taiwanese sources for Spamcop to bother fixing this, even

    after over a year?

  9. Yet, if you give some more data, some useful insights may emerge. I suggest you provide some tracking links so 'we' can see what is actually happening with one or two actual IP addresses without too much guesswork and basic research.

    Thanks for the reply. Here are several tracking links for the Forona/Swift/Yipes spam. I had to let my mouse cool off because you only get 10 or so reports on each page, so I only went back a couple of weeks (but there are many more of these things, all within the IP ranges I mentioned in the OP).




    September 1


    August 28


    August 22


    August 16


    I think you called it correctly that Forona/Swift/Yipes might be "snowshoe spamming" (rotating through the large number of IPs within their range) - there are a few exact IP number matches, but not that many.

    Generally it takes more than a few member reports to get an IP address on to the SCbl and, even when a number of other reporters are seeing the same spam, the senders may keep off the blocklist by rotating the addresses. It sounds like this could be the case with 'your' spam. Yes, it seems a little different from the 'run of the mill' spam churned out in huge numbers through botnets. If so, there may be other actions indicated that people 'here' might be able to suggest (and maybe more direct than SC reporting, maybe not).

    Just looking for the netblocks you name, in Worst /24 blocks based on total spam count (Stats pages) it is evident they're not appearing on the 'radar' as a major source. That's one datum.

    That information increases my pessimism that anything can be done about these unrepentant repeat spammers. I guess it IS just me, so shut up and eat your spam.

    Thanks again. Rant off.

  10. I have been getting hammered with spam, as many as 20 per day, from the 67.159.193.* and 74.55.187.* netblocks for the past 90 days. These blocks belong to Forona Technologies, Swiftco, and are downstream from Yipes. I carefully report each and every one via Spamcop, but these netblocks never seem to end up on any kind of blocklist and the spam continues to flow.

    Am I spinning my wheels by reporting these netblocks? Are they protected or special somehow? Spamcop assures me that LARTs are being dispatched to abuse[at]yipes.com (forona's and swift's contact email addresses bounce). Is Spamcop simply dev nulling these reports? What can I do to put these spam complaints into the hands of somebody who can actually do something about the Forona/Swift/Yipes spam?

    Thanks for letting me rant.