Jump to content

MisterBill

Members
  • Content Count

    32
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MisterBill

  • Rank
    Member

Recent Profile Visitors

1,117 profile views
  1. Yes, and the spam has stopped. But I still do not have the answer to my question of where they got all of my addresses from. Like i said, these were custom addresses only used on a single site, and more than one of them was compromised.
  2. One more…and AOL/Verizon isn't even detecting most of these as spam. https://www.spamcop.net/sc?id=z6710065633z192f91b1f7193305693b068e59643ee1z
  3. Here's another https://www.spamcop.net/sc?id=z6710032794z03f4d1b80cc92f5fae783a52e9092ac4z
  4. Thanks. Here's the link. https://www.spamcop.net/sc?id=z6710032672z2e5edeb821389227f9c6126db5290b12z
  5. Background: I have my own domain and use a different address at each site so I know where the address was compromised. I use wildcard forwarding so I get all email sent to that domain. I have started getting a bunch of spam to multiple email addresses on my domain and they are being sent to addresses that I have used on other sites, not just random ids. They all have 8888 in the subject line and are a similar format, with a URL pointing to a site in the Philippines. The emails are sent through different servers per Spamcop. It almost seems like some site that manages mailing lists got hacked and addresses got stolen. Is there anyone who actually investigates spammers anymore, or somewhere to discuss this other than here? I can't be the only one seeing this. I looked on Reddit and was unable to find an appropriate place to discuss so I came back here as a fallback, but even these boards don't seem to be very busy anymore.
  6. MisterBill

    Spamcop not finding link in encoded message

    Except that I am not seeing that message, and there obviously is a link in my mail body. BTW after sending the URL thru Spamcop and getting the abuse address, I added it as the "Public standard report recipients" option in Spamcop. I selected that address to get a couple of reports of the spam sent to them (it's not checked by default) and included some comments in one of the reports. Knock on wood and all that, but it's been two days since the last piece of spam was received, and I was getting at least 5 per day. So maybe it did something to at least get my address removed (not sure if the URL was personalized and they would have known who the report came from, I guess it would have to be to be removed, unless they actually shut down the spammer).
  7. MisterBill

    Spamcop not finding link in encoded message

    Thanks for the info on decoding the message. And maybe it's not obfuscation in the strict definition of the word but it's not in clear text. And the bottom line is that Spamcop is not recognizing and reporting on it, for whatever reason that may be.
  8. MisterBill

    Spamcop not finding link in encoded message

    Couldn't you just cancel the processing and resubmit the email? What significance does clearing the browser cookies have? BTW I tried submitting it via e-mail figuring maybe it would take the time to process the body, same result.
  9. MisterBill

    Spamcop not finding link in encoded message

    I'm pretty sure it used to de-obfuscate hidden links like that. It was a way to beat spammers who resorted to stuff like that. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/bom-obfuscation-in-spam/ The good news is that AOL is still picking it up as spam. Bad news is that whenever I went to the spam folder previously, it was false positives. Now it's mostly this crap.
  10. MisterBill

    Spamcop not finding link in encoded message

    Good point, but if you try going to the site (without the stuff after the first slash) it actually is a valid address.
  11. MisterBill

    Spamcop not finding link in encoded message

    Good idea to include a SC link with the contents of the email. Here's one of mine so folks can see what the mail looks like. https://www.spamcop.net/sc?id=z6526542656z686e6200afbb5e1b095fea9160ee8108z
  12. I've recently managed to get one of my email addresses added to a spammer's list, getting several piece a day, generally for bogus medical cures. The emails always have an encoded body and it appears that Spamcop is not decoding it and finding the link that is part of it. When I opened a recent email (and obviously not showing the image), I saw Who knew you could regular blood sugar this easy You May Safely Display Content of Message and the second line is a link to http://131. 107.193.85joanny.info.boyman.space/205/3-2-2019-clickersin (space added after the first dot to break the link) Yet when I feed the email thru Spamcop, it doesn't find or report on the link. Has the spammer adjusted their behavior so that Spamcop cannot pick up and report the email to their host? In this case, the report is only going to network-abuse@google.com (where the email apparently originated from), which I'm assuming isn't doing anything about it.
  13. Sorry, here's the link: https://www.spamcop.net/sc?id=z6372706844z03952f3bb4595463ae09c956c7b4d131z I don't want it to be deleted automatically before I can view the messages but in normal cases where SC decides it is unable to send any reports, it takes it out of the queue. In this case, it just seems like it aborts processing rather than deciding that it cannot send reports. And this isn't the first time I've run into this.
  14. I tried to report spam, and apparently it's not reportable. However, the email doesn't get cleared from the queue, and when I go back to the site, it tells me "Unreported spam Saved: Report Now". It seems like Spamcop should be deleting this from my queue when it realizes that it can't send any reports. I should not have to remove it myself. Here is the end of the processing screen that I get. Suggestions? Bill Tracking link: http://www.fedex.com/?location=home No recent reports, no history available ISP does not wish to receive report regarding www.fedex.com Host www.fedex.com (checking ip) = 23.72.27.113 Resolves to 23.72.27.113 Routing details for 23.72.27.113 [refresh/show] Cached whois for 23.72.27.113 : ip-admin@akamai.com Using abuse net on ip-admin@akamai.com abuse net akamai.com = abuse@akamai.com Using best contacts abuse@akamai.com abuse@akamai.com redirects to abuse-spamcop@akamai.com ISP does not wish to receive reports regarding http://www.fedex.com/?location=home - no date available http://www.fedex.com/?location=home has been appealed previously. Tracking link: http://www.fedex..com/us/legal/ No recent reports, no history available Host www.fedex..com (checking ip)
  15. I have my own domain, and I use different email addresses at different sites (like starbucks[at]mydomain.us) so I can tell where my address came from if/when their mailing list gets stolen (I use wildcard forwarding so I don't need to define each address). It turns out that this happens a lot more often than you'd think and I've been getting emails at addresses used at only a single site for a while now. They seem to come in batches, typically it's some of the nasty stuff with attachments and thanks to Spamcop I've determined that it comes from different sites, so I'm guessing it's being sent by zombie machines. Interestingly, I rarely get this spam at addresses that I've never used, so this says to me that something is getting these addresses and I'd like to know how. I've always figured that it was various sites that got hacked. My email addresses from sites like Consumerist, Couponmom and Opentable that routinely get spam. Some of those that have been compromised for a while I've set up dummy forwarding for (to a non-existent address) so I don't get those anymore. I got a really huge batch of this spam today (it's been bad for the past week), and included in it was one sent to a "citi" address, which I've used for Citibank and nothing else (and this is the first time I've seen spam sent to it). So this means that either their database has been hacked, or else the spammers are getting my addresses from some other source. My mail is forwarded thru Namecheap's forwarding service to my Verizon mailbox. It seems like they'd be getting it from one of those sources, or from my machine, and I think that the latter is pretty unlikely. Fortunately all of this stuff ends up in my Verizon spam folder, but I would love to figure out how this is happening. Any ideas?
×