Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About enigma1

  • Rank
  1. Maybe it wasn't accidental, given the type of spam I got, sc perhaps was trying to avoid listwashing.
  2. enigma1

    /dev/null'ing report

    I was able to see the mail headers of your url. I had to login with my account and see it. I guess the www version can be seen by everyone. I get quite few emails like this. And for some hosts the references go back to 2003 plus listings can be found in other sbls like spamhaus. Now the thing I am not sure about is how often these hosts rotate the IPs. But I would think they need to keep them for sometime. Something else I noticed is mail lists spammers use they must exchange with others right after they see the emails are rejected - as I block ip ranges if I see persistent spam coming from a particular host. So there are quite a few of those not listed in sc.
  3. enigma1

    /dev/null'ing report

    Well the spam I was referring to, is coming from various popular hosts. http://www.spamcop.net/sc?id=z54593705...b2bc2ce7fd09f0z And from the notes seems like it's pointless to notify them because they either bounce the reports there is no recipient.
  4. enigma1

    /dev/null'ing report

    I am also having lots of spam mail with no abuse recipient via the sc report. For most of the cases seems the host doesn't want the sc reports so what I do I'll ban the IP range the host has from my server for a month or so. For many cases devnull is a flag for friendly spam hosts.
  5. enigma1

    Those Romanian bastards again!

    FF with some plugins to block cookies, js, redirections etc is enough. The thing is you never know who you're attacking. The spam IP is likely a compromised system. The spamadvertized domain can be a portal pointing to another portal and in the end it could be some legit business who paid "somebody" for advertizing. Or they just try to compromise other systems in the process. Or they hope by having the victim's browser with js enabled to do something malicious towards another site. And many other combinations and in the attack process you may affect hosts or ISPs who have no idea at the time what's happening (although they should be more vigilant they aren't).
  6. enigma1

    NetworkWorld article blasts Spamcop

    I see plenty of hack attempts in my server logs from the 173.201 gd range so surely it's not just a couple of IPs sending spam
  7. enigma1

    Those Romanian bastards again!

    There is no specific country responsible for spam or hacks. I guess depends on the temporary system acquisitions of the C&Cs at any given time.
  8. enigma1


    There are some ways for hosts to pay attention. They have representatives in the WHT forum so you can go there and open a thread about it, in the security or hosting sections. They have the capability to discipline their customers at anytime and the last thing they need is bad reputation of compromised boxes or blacklisted IPs which will then circulate among their clients. Hosts have less resources than ISPs and tend to address issues faster in many cases. Of course there are exceptions but worth to try.
  9. enigma1

    IPv6 Routing Support

    How's the IPv6 support is progressing? Any chance to see sc supporting the format this year? I cannot report any spam message since the last update.
  10. Everything is possible but I said its the incoming emails that contain the attachments. The weakness is you open up scripting in order to use gmail. Maybe you don't browse too many sites. Even with the most effective av you still run the risk of getting malware. If they're so immune why you think they make all these security updates every other day. Browsers and O/Ses Opening an HTML email in the browser with scripting disabled will do nothing. But when you open it in gmail scripting has to be on.
  11. Actually this is the other way around. In order to get to gmail, you need to allow your browser to run all kinds of active scripting. That means an attachment or jscript or other attacking techniques attached or integrated with emails must be filtered via the browser first because gmail won't work without active scripting enabled. I won't use gmail for anything serious. And downloading malware into your computer has no effect unless you run it in someway (via browser or execute it as a program etc).
  12. Well the bad news is all a spamer now has to do to evade the sc form processing is to insert a received header with an ipv6 format.
  13. I believe something was changed in the SC form processing the past day or so, because older mails from my list that were successfully processed are now give the same error. Here is one that was successfully submitted on the 23rd of March. It now gives the ipv6 error http://www.spamcop.net/sc?id=z4951592112za...7d1347ec862128z
  14. Here is the tracking url http://www.spamcop.net/sc?id=z4951929098zc...a37d342d18e94bz The received line has an additional double column but that's how I received it. [::ffff:..... Seems the filtering mechanism of the SC form processing assumes its an IPV6
  15. enigma1

    Is SpamCop still relevant?

    There should be a "Received" header and that is missing from your reports JMark. One other issue that I figured out the hard-way though is that if the "from" header is empty the SC form won't process the mail. Makes you wonder how an ISP will ever allow the mail to be dispatched with an empty from.