A.J.Mechelynck Posted April 7, 2013 Share Posted April 7, 2013 Since a few days, I'm getting a lot of spam from China. Here's my latest one: http://www.spamcop.net/sc?id=z5486059763z0...e8ef8310c852cdz Are other people seeing the same thing or is it just me? Link to comment Share on other sites More sharing options...
ananda Posted April 7, 2013 Share Posted April 7, 2013 Most of my spam is coming from Belarus. George Link to comment Share on other sites More sharing options...
Farelf Posted April 7, 2013 Share Posted April 7, 2013 I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really. Link to comment Share on other sites More sharing options...
A.J.Mechelynck Posted April 7, 2013 Author Share Posted April 7, 2013 I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really. Most of my spam is also “easily identified†and “pretty pathetic†but these days (this week, let's say) I'm seeing an increase by an order of magnitude or so, with subjects usually either in Chinese or in gobbledygook, and coming from IP sources in .cn — It's the increase that alarms me. What did I do wrong? Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go! Link to comment Share on other sites More sharing options...
lisati Posted April 7, 2013 Share Posted April 7, 2013 Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either. Link to comment Share on other sites More sharing options...
A.J.Mechelynck Posted April 7, 2013 Author Share Posted April 7, 2013 Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either. Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows. Link to comment Share on other sites More sharing options...
petzl Posted April 8, 2013 Share Posted April 8, 2013 Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows. try MailWasher to POP for you In Settings spam Tools/Origin of spam Click "+ ADD" button in "Filter Name" box call it China in "domain to validate" box put cn.countries.nerd.dk And no spam will go to your inbox, it ill be ready for reporting to you super secret spamcop email address MailWasher can also detect Chinese characters in spam Tools//My Filters Yes it's Freeware Link to comment Share on other sites More sharing options...
Geek Posted April 8, 2013 Share Posted April 8, 2013 Since a few days, I'm getting a lot of spam from China. ... Are other people seeing the same thing or is it just me? Here too Link to comment Share on other sites More sharing options...
A.J.Mechelynck Posted April 8, 2013 Author Share Posted April 8, 2013 [...] try MailWasher to POP for you [...] Operating System: Works with Windows 7 and 8, Windows Vista, XP I'm on openSUSE Linux. Link to comment Share on other sites More sharing options...
petzl Posted April 8, 2013 Share Posted April 8, 2013 I'm on openSUSE Linux. OK the countrywide block list for China is cn.countries.nerd.dk Not sure what options Linux have for spam filtering? Gmail I've found they are quite good at keeping spam from inbox As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers To add the CBL to spam fitter add cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213 http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148 http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100 And so-on Link to comment Share on other sites More sharing options...
A.J.Mechelynck Posted April 8, 2013 Author Share Posted April 8, 2013 OK the countrywide block list for China is cn.countries.nerd.dk Not sure what options Linux have for spam filtering? Gmail I've found they are quite good at keeping spam from inbox As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers To add the CBL to spam fitter add cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213 http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148 http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100 And so-on I use the "Junk" filtering facilities built into SeaMonkey (and Thunderbird). For instance I could create a filter (just as I would for any email filter) but with as action "Set Junk Status To" "Junk" (for a blacklist) or "Set Junk Status To" "Not Junk" (for a whitelist). But anyway most of those Chinese spam messages are already correctly filtered away to my Junk folder (inside SeaMonkey) with no particular intervention on my part, that's how "pathetic" they are, as Farelf said above. The few that aren't correctly detected I mark as Junk manually, thus teaching the Bayesian filters. Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say). Link to comment Share on other sites More sharing options...
Farelf Posted April 8, 2013 Share Posted April 8, 2013 ... Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go! Like your spirit, Tony! ... Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless. "Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think Link to comment Share on other sites More sharing options...
A.J.Mechelynck Posted April 8, 2013 Author Share Posted April 8, 2013 Like your spirit, Tony! Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless. "Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think I used to report by forward-as-attachment, then a few years ago my ISP (who blocks any connection to an SMTP server other than its own ones) decided to blackhole any outgoing email with attached spam. I didn't like it at first, but now I've taken to the routine: I order my spam most-recent-first in my mailer's Junk folder, then, one by one, I "View source" on them (without opening them, of course) and paste that in the SC form — for those which are newer than my "average reporting time" (7 hours at the moment) by the time I get to them. Older ones I move to Trash without reporting. This way I still get time to do something else than reporting spam, and the most important ones (those likely to be "caught in the act") get reported in priority. Yes, those "nomaster[at]devnull" reports puzzled me — how can someone send mail without a registered service provider? But as you said, they still get entered into the blocking lists, all the more so since there's nobody at the other end of the line to tell you that action has been taken; so, I report them just like the rest, no special treatment for or against. spam as instrument of state policy — yes, it has turned up in the news a couple of times recently, about different (but always totalitarian) countries. Well, that's several floors above me, let's let the diplomats, secret services, and investigation journalists handle that as best they can, I'm not going to complain about things I can obviously do nothing about. As Marcus Aurelius said: “O Gods! Give me patience to endure what I cannot change, strength to change what I can and must, and wisdom to tell them apart from each other.†Link to comment Share on other sites More sharing options...
andre77 Posted July 8, 2014 Share Posted July 8, 2014 i am too receiving many chinese spam and i have report it everytime to spamcop but to no avail over the month. does spamcop follow up my report about this chinese spam? it doesnt decrease at all while other spam from other countries decrease at least 50%. can any of spamcop representative give an explanation about this? Thank you in advance, Andre Link to comment Share on other sites More sharing options...
techie Posted July 8, 2014 Share Posted July 8, 2014 I would like to reiterate my suggestion that spamcop should create a new blocklist containing all sites that have non-functional abuse addresses, either because they refuse spamcop reports, pass the reports to the spammer, all addresses bounce, or no addresses can be found. Tag each type separately, and let the users decide if we want to accept them or not. The data already exists in spamcop's database, it just needs to be made available to the end users. Link to comment Share on other sites More sharing options...
turetzsr Posted July 8, 2014 Share Posted July 8, 2014 Hi, Andre, ...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist. ...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section. Link to comment Share on other sites More sharing options...
andre77 Posted July 10, 2014 Share Posted July 10, 2014 Hi, Andre, ...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist. ...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section. dear Steve, my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam. i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow? thank you for coresponding my post. Link to comment Share on other sites More sharing options...
petzl Posted July 10, 2014 Share Posted July 10, 2014 dear Steve, my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam. i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow? thank you for coresponding my post. send a SC tracking URL One can get better than just SpamCop reporting SpamCop by itself is not bad and does try to contact the ISP involved Link to comment Share on other sites More sharing options...
turetzsr Posted July 10, 2014 Share Posted July 10, 2014 <snip> SpamCop by itself is not bad and does try to contact the ISP involved ...True but only as a result of SpamCop reporter (our) submissions and only if we or SpamCop don't turn off the reporting; not in the way that Andre seems to believe they may:<snip> i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow? <snip> Unless the ISP abuse desk contacts SpamCop, SpamCop does not follow up on the spam reports (at least that I am aware). ...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient. Link to comment Share on other sites More sharing options...
andre77 Posted July 11, 2014 Share Posted July 11, 2014 ...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient. I guess its true because the american government once complaint about the attack from china and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. :angry: i guess i have to block any incoming from chinese ISP and also email in kanji (fortunately my company not in business with china, hk, or japan) Link to comment Share on other sites More sharing options...
turetzsr Posted July 11, 2014 Share Posted July 11, 2014 I guess its true because the american government once complaint about the attack from china <snip> ...A little different -- I doubt that t he US authorities were complaining to China about spam (noting that you did not mention "spam" here).and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. :angry:...Unless, of course, it involves cracking or hacking against China's interests or to proliferate information that the Chinese government deems offensive.i guess i have to block any incoming ... email in kanji <snip> ...That's one of my tricks! Also Cyrillic for the East European spammers. Link to comment Share on other sites More sharing options...
andre77 Posted July 12, 2014 Share Posted July 12, 2014 ...A little different -- I doubt that t he US authorities were complaining to China about spam (noting that you did not mention "spam" here) ofcourse the US not complaining about spam from china (somehow i imagine pentagon staff were mad because spamming advertise from china ). i mean the china authorities not interested on blocking their spammer, crackers and hackers that attack other countries . maybe they consider them as their ninja digital soldier. ok, good day to you steve. back to adding settings to my mail server. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.