[Resolved]Â are emails from info[at]spamcop.com legit?

[valpal1919]

I have a user that received an email like this recent with the subject: Alert! Your email will be blacklisted soon.

I checked the users sent box and she has only emailed the typical people she emails. The message states:

We received complaints about spam coming from your network. spam bots are sending bulk emails, for the security reasons your email will be blacklisted. To avoid blacklisting please check your Sent folder for unknown emails and prove that you are human by entering this code 6087 here. Your email will be recorded and spam flag will be removed. No other data will be collected.

Thank you for cooperation.

SpamCOP SBL.

Is it possible that this is bogus and just trying to get the user to click the link within the email?

Has anyone else seen this?

[Lking]

Is it possible that this is bogus and just trying to get the user to click the link within the email?

Has anyone else seen this?

Yes it is bogus.

By responding you would confirm that the email address is valid and read by a human. As correctly stated "your email will be recorded" (and added to a new email list for sale to other spammers.)

No I have not noticed this type of spam lately.

[SpamCopAdmin]

I have not seen that sort of phishing email, either.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[valpal1919]

I have not seen that sort of phishing email, either.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

The same user who received the email regarding her email being blacklisted soon has now received an email with the subject "Abuse. Your Email is Blacklisted." Requesting for her to click a certain code to remove her from the black list. She did not click any links which is good because when I hover over the link the url shows as galaktik-design.com, which is some art, jewelry design company.

What do I need to do to report this?

[turetzsr]

<snip>

What do I need to do to report this?

...The user may sign up for her own SpamCop reporting account to report it (to have SpamCop prepare and send the complaints, this must be done within 48 hours of the arrival of the e-mail on the receiving server). I believe I have seen mention of e-mail admins reporting on behalf of their users but I do not know the details and also not sure I remember correctly that is what was being discussed. Perhaps others here have a better suggestion. Barring that, if you have a SpamCop reporting account and can get the full internet headers along with the spam body, both as received by the user, you can manually report to the abuse addresses found by the SpamCop parser. Be sure to cancel your parse, though and ensure that your manual report does not mention SpamCop in other than very general terms.

[lcampbell]

received an email from spamcop.com yesterday....and just wondering, since I do not see any bogus emails going out , has my email address been cloned? is this email that was sent to me from a bogus site?

Dear (it has my email address here),

We received complaints about spam coming from your network. spam bots are sending bulk emails, for the security reasons your email will be blacklisted. To avoid blacklisting please check your Sent folder for unknown emails and prove that you are human by entering this code 9128 here. Your email will be recorded and spam flag will be removed. No other data will be collected.

Thank you for cooperation.

SpamCOP SBL.

[SpamCop 98]

received an email from spamcop.com yesterday....

You would have to ask spamcop.com.

You are at spamcop.net.

[SpamCopAdmin]

The email is an identity theft scam, or maybe links to a malware site.

It's not from us.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

[lcampbell]

The email is an identity theft scam, or maybe links to a malware site.

It's not from us.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

thank you, Don. I was seeing enough confusion over spamcop.com that made me nervous, which is why I came here.

[josemhg]

I did just receive one of those emails:

===============================================

Dear jose[at]xxxxx.com,

We received complaints about spam coming from your network. spam bots are sending bulk emails, for the security reasons your email will be blacklisted. To avoid blacklisting please check your Sent folder for unknown emails and prove that you are human by entering this code 3683 here. Your email will be recorded and spam flag will be removed. No other data will be collected.

Thank you for cooperation.

SpamCOP SBL.

===============================================

The link included in the email as "verification" is: http://style-ultramarine.ru/images/check.php

Please report the server as phishing/spam.

Thanks,

José Manuel Hernández

[Edit - live link broken. DON'T paste dubious links in public.]

[arubin]

thank you, Don. I was seeing enough confusion over spamcop.com that made me nervous, which is why I came here.

It's still happening. I didn't notice the ".com" at first, but I did notice that the "prove that you are human" link was going to http: //apelsinbanket.ru , which seemed an unlikely site to respond to spamcop.net.

However, it would be nice if the filter blocked "spamcop.com" if it's not legitimate. The WhoIs info looks suspicious to me.

[turetzsr]

I did just receive one of those emails:

===============================================

Dear jose[at]xxxxx.com,

<snip>

SpamCOP SBL.

===============================================

The link included in the email as "verification" is: http://style-ultramarine.ru/images/check.php

<snip>

...This looks totally phony to me. Does anyone think it might be "real?"

[Edit - again, link broken. It could be malicious.]

[Farelf]

...This looks totally phony to me. Does anyone think it might be "real?"

Any answering "Yes," may also be interested in acquiring a supply of the new, handy three dollah bills.

[nelgin]

I got a similar email message. Here's the headers if you want to investigate:

Return-Path: <information[at]spamcop.com>

Delivered-To: hidden[at]hidden.com

Received: (qmail 23756 invoked by uid 89); 21 Nov 2012 15:05:29 -0000

Received: by simscan 1.4.0 ppid: 23748, pid: 23750, t: 0.7725s

scanners: attach: 1.4.0 clamav: 0.97.3/m:54/d:14601 spam: 3.3.2

X-spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on

host.hidden.com

X-spam-Level: **

X-spam-Status: No, score=2.8 required=5.0 tests=BAYES_60,HTML_MESSAGE,

MISSING_MID,RDNS_NONE autolearn=no version=3.3.2

Received: from unknown (HELO new.urologysavannah.com) (64.40.150.224)

by host.hidden.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 21 Nov 2012 15:05:28 -0000

Received-SPF: none (host.hidden.com: domain at spamcop.com does not designate permitted sender hosts)

Received: (qmail 17991 invoked from network); 21 Nov 2012 08:28:19 -0600

Received: from unknown (HELO lon-dip-198-185.wrproxy.com) (82.43.21.98)

by new.urologysavannah.com with SMTP; 21 Nov 2012 08:28:19 -0600

From: "information[at]spamcop.com" <information[at]spamcop.com>

Subject: Your email is blacklisted

To: "nelgin" <hidden[at]hidden.com>

Content-Type: multipart/alternative; boundary="n2DQwCBWLN=_1bcSdH4tMSnyTRCX7aeFjU"

MIME-Version: 1.0

Organization: SpamCopBSL

Date: Wed, 21 Nov 2012 14:28:19 +0000

[turetzsr]

Hi, nelgin,

...Thanks, this information would seem to confirm that it has nothing to do with spamcop.net and (probably) not even the unrelated spamcop.com.

<snip>

Received: from unknown (HELO new.urologysavannah.com) (64.40.150.224)

<snip>

From: "information[at]spamcop.com" <information[at]spamcop.com>

<snip>

[Farelf]

... Here's the headers ...

This appears to be a crude forgery of a spamcop.com e-mail address, completely unsupported by the headers - and has even less to do with spamcop.net.

If parsed (without mailhosting) through a free SpamCop reporting account, the result would look like this:

http://www.spamcop.net/sc?id=z5432501433z7...568c7ccfbf7257z

Apparent source "lon-dip-198-185.wrproxy.com" (82.43.21.98) - which could also be forged, who could tell? the (bogus) server name might indicate a proxy.

WITH mailhosting, the blame would be laid at the feet of the relay new.urologysavannah.com (64.40.150.224) which is a "safe" assignment.

[Farelf]

Two topics discussing the same now merged.

[dawntodd]

good morning. I too received an email stating that my email would be blacklisted. When I clicked the link it is broken, this is the original link http:/ /automag66.ru/images/check.php

but taking it back to the .com I got this: http:/ /automag66.ru/

I don't use this email for marketing, only inbound emails. I also registered for this forum with the email that was supposedly blacklisted.

Thanks for providing information to clear this up. Very upsetting!

[Edit by SteveT - again, links broken, as they could be malicious.]

[kimbaslair]

I received an email just like that today, however it went straight to my spam folder; it was signed SpamCOP SBL- looked legit but I couldn't click on the link (broken?) so I googled spamcop.com & found this link regarding the same email (I notice this in spamcop.net NOT the .com link - I guess it's another phishing site, I wouldn't normally click on those type of links anyway, I just mouse over them & see what site it is going to but that didn't even work (I'm using the Chrome browser) so that's what basically got me suspicious, plus the fact that if it was a legit site, especially one dealing w/spam issues how did it end up in my spam folder? - I rarely send out any emails (everything's FaceBook or message boards) but if I do, it's to close friends or family - Glad I found this site

[turetzsr]

Hi, kimbaslair, and welcome!

<snip>

I wouldn't normally click on those type of links anyway,

...Smart!

I just mouse over them & see what site it is going to

<snip>

...A smart spammer will code the link so that it displays a URL that is not the one to which it will navigate if you click on it! To get the information you want, I'd suggest you capture the URL to which it would navigate and then display it safely (in Windows, you can right-click on the link, then paste it into an application like Microsoft Notepad or Word or even the address line of your browser -- but be careful not to transmit it!).

if it was a legit site, especially one dealing w/spam issues how did it end up in my spam folder?

<snip>

...It could if it were a "false positive" -- spam identification is never 100% accurate and sometimes spam winds up in one's Inbox and non-spam winds up in one's "spam" folder.