stillwaters Posted July 31, 2004 Posted July 31, 2004 Hello, I know this is going to sound strange but for the last 2 weeks I have been receiving very weird emails that say they are from SpamCop. I usually submit my reports via the email system. Sometimes I will get an email back that says "SpamCop encountered errors". These used to contain helpful info concerning a report I made. The last 2 weeks I have been receiving many "SpamCop encountered errors " that contain copies of spam emails I NEVER received and therefore NEVER reported. They all contain advertisements and also MANY links and email addresses to the following domain: dimeandfive5.com I have tried in so many ways to contact SpamCop and received no response. If these emails are from SpamCop then there really is a serious problem because they involve the reporting of spam messages I never personally received and consequently could not have reported. PLEASE HELP! I receive VERY MANY each day and it is ironic because it is as though I am receiving spam from SPAMCOP !!!!!!!!!!!!!! Thank you for your help.
Merlyn Posted July 31, 2004 Posted July 31, 2004 They are virus laden email not coming from Spamcop. Why aren't you using a virus program? If you are it is not a good one because it is not scanning your inbound email and if it is, it is missing the virus.
stillwaters Posted July 31, 2004 Author Posted July 31, 2004 Dear Merlyn, The email address I receive communications from SpamCop is at YAHOO. So, as I am sure you know, my virus scanner on my computer can not possibly scan Yahoo's servers. Our PC virus software can only scan the emails we download (automatically or manually) from POP/SMTP servers to our mail clients such as Outlook Express. I am fairly up to date with current viruses and especially mailing worms. I know of none that are impersonating SpamCop. If there is a new mailing worm targeting SpamCop than this particular one would be absolutely the most incredibly sophisticated one to date. Thank you for your help but I do not believe that SpamCOP is infected with a mailing worm. I am sure their security measures are exceptional.
Wazoo Posted July 31, 2004 Posted July 31, 2004 I have tried in so many ways to contact SpamCop and received no response There really aren't that many ways to make contact, a few e-mail addresses, newsgroup postings, and these Forums. I've no knowledge of your e-mail attempts, but I can say for sure that this is the first entry of a problem such as you describe. There was a virus that made the headlines on 25/26 July that hit various search engines hard, and many, many e-mail servers, even SpamCop's own, but that wasn't "two weeks" ago, and the description of the contents was a lot different than what you're describing. A couple of these Topic discussions; Phishing from "Spamcop Tech Support team"? Possible forged email? noreply[at]spamcop.net Without seeing the headers of these items, there's no way to guess from here as to what the story actually is. On one hand, if these really are error returns from the SpamCop system, perhaps there has been some kind of glitch in the user account database and you're getting someone else's stuff ... or your account has been compromised and some one is reporting their stuff for/as you .. again, headers might explain some of this ... an e-mail to service <at> admin.spamcop.net with sufficient data for Don to check out your account particulars might help. On the other hand, perhaps you are the victim of a really, really crafty spammer, and this is something that might end up needing to be seen by Julian himself ... you'd start with providing copies of the spew to Deputies <at> admin.spamcop.net .... Again, not that many places to make contact, and without seeing what you're complaining about, this is as far as any analysis can go ....
StevenUnderwood Posted July 31, 2004 Posted July 31, 2004 Is it possible that these spam messages are going directly to your submit.*[at]spam.spamcop.net address that may have been compromised? You would have to look at the content of the spamcop error message, but sending email directly to that address will give you that error message. The entire first part of the error message should be the entire message as eceived by spamcop. The just the headers of the message as received are listed at the bottom. If you post just the part after the "The email which triggered this auto-response had the following headers:" part, we can help you with this. PLease mung any email addresses, psecifically your submit address wich should be in there as it received the message.
Merlyn Posted July 31, 2004 Posted July 31, 2004 Dear Merlyn, The email address I receive communications from SpamCop is at YAHOO. 14381[/snapback] Yes I think their virus scanners are good also. (Maybe not exceptional) Can ya post a set of headers?
stillwaters Posted August 1, 2004 Author Posted August 1, 2004 Thank you everyone for your help. Here is one of the emails that certainly looks like it is from SpamCop but I did NOT receive this particular NIKE spam and therfore did not report it. I am concerned that by posting this I am compromising my email account code with SpamCop. Should I get a new one? Also, please note the unsubscribe info at the bottom contains my SpamCop account info as well. From SpamCop AutoResponder Thu Jul 29 08:42:05 2004 X-Apparently-To: "myemailaddress" [at]yahoo.com via 66.218.78.20; Thu, 29 Jul 2004 08:42:05 -0700 X-Originating-IP: [64.74.133.250] Return-Path: <spamid.[at]bounces.spamcop.net> Received: from 64.74.133.250 (EHLO vmx2.spamcop.net) (64.74.133.250) by mta368.mail.scd.yahoo.com with SMTP; Thu, 29 Jul 2004 08:42:05 -0700 Received: from unknown (HELO spamcop.net) (192.168.19.204) by vmx2.spamcop.net with SMTP; 29 Jul 2004 08:51:28 -0700 From: "SpamCop AutoResponder" <spamcop[at]devnull.spamcop.net> Add to Address Book To: "myemailaddress" [at]yahoo.com Subject: SpamCop encountered errors Date: Thu, 29 Jul 2004 15:42:05 GMT Message-ID: <ss41091acdgd188[at]msgid.spamcop.net> Content-type: text/plain In-Reply-To: <388jje$8svlmh[at]vmx2.spamcop.net> References: <388jje$8svlmh[at]vmx2.spamcop.net> Content-Length: 2939 SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <bounce-5741-submit.KDD7estdYe9gOphe=spam.spamcop.net[at]dimeandfive5.com> Received: from vmx2.spamcop.net (sc-smtp2.eq.ironport.com [192.168.18.82]) by sc-app4.eq.ironport.com (Postfix) with ESMTP id 497F35140 for <submit.kdd7estdye9gophe[at]spam.spamcop.net>; Thu, 29 Jul 2004 08:38:43 -0700 (PDT) Received: from mta2.dimeandfive5.com (69.45.16.55) by vmx2.spamcop.net with SMTP; 29 Jul 2004 08:48:05 -0700 Message-Id: <388jje$8svlmh[at]vmx2.spamcop.net> Received: (qmail 2406 invoked by uid 0); 29 Jul 2004 12:00:02 -0000 MIME-Version: 1.0 From: marketing[at]surplusalert.com <info-5741[at]dimeandfive5.com> Subject: Nike Blowout To: submit.KDD7estdYe9gOphe[at]spam.spamcop.net Content-Type: multipart/alternative; boundary="=_ba16025c9cb6a761794b1f7f3673b904" Date: Thu, 29 Jul 2004 08:38:43 -0700 (PDT) --=_ba16025c9cb6a761794b1f7f3673b904 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit ----------------------------------------------------------------- N I K E P O R T A B L E M P 3 P L A Y E R 50% OFF! Go Here: http://www.surplusalert.com/nike_mp3_player ----------------------------------------------------------------- You can get the HOTTEST product in portable digital audio today, for over 50% off! The Nike ACT200 Portable MP3 player's sleek design gives you 64 MB of your favorite songs for half the price! - 64 MB of memory - 10 hours of continuous play - Sport headphones included - Armband and butterfly clip included - $5 coupon to cover shipping List Price: $129.99 Amazon.com Price: $99.00 ----------------------------- YOUR PRICE: $64.87 (save 50%) ----------------------------- FREE SHIPPING FOR A LIMITED TIME!******************************** If you buy in the next 72 hours, you can use coupon code 15N4Y7 to get FREE SHIPPING! The FREE SHIPPING Code is valid through Saturday July 31, 2004 ***************************************************************** Go Here: http://www.surplusalert.com/nike_mp3_player FREE SHIPPING CODE: 15N4Y7 ---- You are receiving this email as a subsciber to Dime and Five Mail. To unsubscribe you can visit this link, spam.spamcop.net]http://dimeandfive5.com/unsubscribe/?cid=2...pam.spamcop.net, or mail us at: WM inc, P.O. Box 483 Midtown Station, New York, NY 10018.
stillwaters Posted August 1, 2004 Author Posted August 1, 2004 When I cut & pasted the above email it didn't show the full path of the unsubscribe info that has my spamcop info so here it is. Thank you again. You are receiving this email as a subsciber to Dime and Five Mail. To unsubscribe you can visit this link, http://dimeandfive5.com/unsubscribe/? cid=2417&did=5741&e=submit.KDD7estdYe9gOphe[at]spam.spamcop.net, or mail us at: WM inc, P.O. Box 483 Midtown Station, New York, NY 10018.
Merlyn Posted August 1, 2004 Posted August 1, 2004 Wow, knock me down, I was way off on this one. Looks like StevenUnderwood hit the nail on the head!
StevenUnderwood Posted August 1, 2004 Posted August 1, 2004 I am concerned that by posting this I am compromising my email account code with SpamCop. Should I get a new one? Looks like it is already comprimised. If this is a reporting-only account, contact deputies<at>spamcop.net. I would start there as well, even if it is an email account as they might be the ones to issue new submit addresses. Good luck and keep us posted.
stillwaters Posted August 1, 2004 Author Posted August 1, 2004 Oh boy, I misunderstood Steve's instructions. I did NOT mung the submit email address like he said to. I need to get this account cancelled with SpamCop ASAP. Does anyone know how? Also - I found the part of the e-mail at the bottom after A LOT of HTML source code that Steve was talking about. Here it is: The email which triggered this auto-response had the following headers: Return-Path: <bounce-5741-submit.KDD7estdYe9gOphe=spam.spamcop.net[at]dimeandfive5.com> Received: from vmx2.spamcop.net (sc-smtp2.eq.ironport.com [192.168.18.82]) by sc-app4.eq.ironport.com (Postfix) with ESMTP id 497F35140 for <submit.kdd7estdye9gophe[at]spam.spamcop.net>; Thu, 29 Jul 2004 08:38:43 -0700 (PDT) Received: from mta2.dimeandfive5.com (69.45.16.55) by vmx2.spamcop.net with SMTP; 29 Jul 2004 08:48:05 -0700 Message-Id: <388jje$8svlmh[at]vmx2.spamcop.net> Received: (qmail 2406 invoked by uid 0); 29 Jul 2004 12:00:02 -0000 MIME-Version: 1.0 From: marketing[at]surplusalert.com <info-5741[at]dimeandfive5.com> Subject: Nike Blowout To: submit.KDD7estdYe9gOphe[at]spam.spamcop.net Content-Type: multipart/alternative; boundary="=_ba16025c9cb6a761794b1f7f3673b904" Date: Thu, 29 Jul 2004 08:38:43 -0700 (PDT) SORRY ABOUT MY MISTAKE. THanks for the help.
stillwaters Posted August 1, 2004 Author Posted August 1, 2004 Thank you Steve. I emailed them. I look forward to getting this straightened out.
Merlyn Posted August 1, 2004 Posted August 1, 2004 It is interesting, the payloaad surplusalert.com is Ref: SBL6725 204.246.128.208/28 is listed on the Spamhaus Block List (SBL) 28-May-2004 05:28 GMT | SR ebaymyway / secureapprove opt-out spammers 2004-04-28 Hired "Brilliant Marketing" on Richter's Wholesalebandwidth to spam for them. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL6725 but the Opt out link dimeandfive5.com belongs Ref: SBL13583 209.213.200.0/24 is listed on the Spamhaus Block List (SBL) 24-Jan-2004 19:23 GMT | SR12 joimailertoo.com / Endai Networks http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13583 -------------------------------------------- So, who is sleeping with whom in this spam mess?
stillwaters Posted August 1, 2004 Author Posted August 1, 2004 Dear Steve & Merlyn, Thanks for your help. I can't believe how quickly SpamCop responded. I am very relieved. Now I can go back to spam reporting business as usual!
Merlyn Posted August 1, 2004 Posted August 1, 2004 Thanks, I am very happy your problem is solved and Steve was great at uncovering it. Wish everyone went this way. Keep up the reporting.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.