georgestama Posted February 21, 2018 Share Posted February 21, 2018 (edited) For the last coupe of weeks, i’ve been getting tons (10 per day) of spam emails from different IP’s from ovh.net (Administrator of network where email originates) and cloudfare.com (Administrator of network hosting website referenced in spam). (FYI: I use AirMail as my e-mail client.: http://airmailapp.com ) I’ve done many reports through SpamCop but haven’t seen any results. Are they ignoring the reporting? Is SpamCop working? Is there anything else that can be done? * Attached are the reports I have done. Thanks for all of your help - George Edited February 21, 2018 by georgestama Quote Link to comment Share on other sites More sharing options...
Lking Posted February 21, 2018 Share Posted February 21, 2018 Unfortunately only you can see the spam reports referenced by the 10 digit report number. If you would have provided the Tracking URL we all could see the action taken. 3 hours ago, georgestama said: Are they ignoring the reporting? Yes, I'm afraid they are. 3 hours ago, georgestama said: Is SpamCop working? Yes. SpamCop of course can not directly block any spam. SC does create a block list (SCBL) that, if used by (your) ISP, can be used to filter emails delivered to your inbox that are from IPs know to be spammers. In the hope that the manager of the source IP is a "good" member of the internet community SC also sends a spam Report to them so they can work to stop the spam coming from their IP. Of course if the revenue from the spammer is more important than good citizenship, they will not take responsible action. Quote Link to comment Share on other sites More sharing options...
kolor Posted February 21, 2018 Share Posted February 21, 2018 Why spamcop ignore this spam https://www.talosintelligence.com/reputation_center/lookup?search=54.37.141.7#whois Quote Link to comment Share on other sites More sharing options...
Lking Posted February 21, 2018 Share Posted February 21, 2018 kolor you will have to explain more completely what you mean. Looking at the link you provided, currently that IP address has a "spam level" of none for today and last month. Today the IP has a email level of 0.0 for today. Although the IP does have an email reputation of "poor" but many not be on any current block list because it has timed off the list. For how the SCBL works go to https://www.spamcop.net/fom-serve/cache/297.html and scroll down to "How the SCBL Works" and " SCBL Rules " Quote Link to comment Share on other sites More sharing options...
petzl Posted February 22, 2018 Share Posted February 22, 2018 18 hours ago, georgestama said: I’ve done many reports through SpamCop but haven’t seen any results. Are they ignoring the reporting? Is SpamCop working? Is there anything else that can be done? Try adding "cert-fr.cossi@ssi.gouv.fr" to report can't read French buy maybe a Canadian can? Also give tracking URL OVH have gone back to being blackhathttps://www.cert.ssi.gouv.fr Quote Link to comment Share on other sites More sharing options...
georgestama Posted February 22, 2018 Author Share Posted February 22, 2018 Lking as requested: Tracking URL: 6791260025 6791260020 6791260019 6791258474 6791258473 6791258472 6791258471 6791258470 Quote Link to comment Share on other sites More sharing options...
lisati Posted February 23, 2018 Share Posted February 23, 2018 Almost there, but not quite. Most of us won't be able to view those reports. The tracking URL that's more useful to the rest of us typically appears below this: SpamCop v 4.8.7 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: Quote Link to comment Share on other sites More sharing options...
georgestama Posted February 23, 2018 Author Share Posted February 23, 2018 https://www.spamcop.net/sc?id=z6447443078z76c26941889f393df5766fdfab23fae9z https://www.spamcop.net/sc?id=z6447442825z11a27b055e6578dd72f699255fecb209z https://www.spamcop.net/sc?id=z6447442733z459371cf1f4f8901af35b3076e04322ez https://www.spamcop.net/sc?id=z6447057569zc143bcfe5291429a32b76e73ffec53cfz Quote Link to comment Share on other sites More sharing options...
petzl Posted February 23, 2018 Share Posted February 23, 2018 6 hours ago, georgestama said: https://www.spamcop.net/sc?id=z6447443078z76c26941889f393df5766fdfab23fae9z phishing spam I would also attack rhe URL http://trk.bestschoolguide.com/campaigns/bk12218xfw81e/track-url/er221nbtj4141/6bc357f9cb098f50b5608061a558cf3605577d04 104.18.63.84 abuse@cloudflare.com redirects to http://www.indiabullsventures.com/AQGEN/ 115.112.249.189 4755abuse@tatacommunications.com Quote Link to comment Share on other sites More sharing options...
Art101 Posted January 31, 2019 Share Posted January 31, 2019 I know this thread is a year old, but perhaps the following is still useful. I recently received and reported spam that resolves to ovh.net. I looked them up at The Spamhaus Project. Their SBL Advisory found 74 listings listings for IPs under the responsibility of ovh.net — starting from today and going back to October 2018. See: https://www.spamhaus.org/sbl/listings/ovh.net My mail host has a section where users can build and edit a personal blacklist. I added @ovh.net (the @ symbol tells the server to block everything associated with them, not just specific email addresses). Works great. Quote Link to comment Share on other sites More sharing options...
petzl Posted January 31, 2019 Share Posted January 31, 2019 Not getting much OVH spam they never used to react to abuse reports but found they seem to if you use their web form?https://www.ovh.com/world/abuse/ Quote Link to comment Share on other sites More sharing options...
lisati Posted February 1, 2019 Share Posted February 1, 2019 I get the occasional email from ovh.net and generally report it. Even if they don't respond to our satisfaction to reports, the data provided will still help Spamcop maintain its blacklist. Quote Link to comment Share on other sites More sharing options...
petzl Posted February 1, 2019 Share Posted February 1, 2019 (edited) Just got one with a OVH link have to truncate as it's full of base 64 gibberhttps://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z I also sent full report from my email account Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe provided to this Russian (?) Crime gang by FaceBook .. Received from 185.252.147.144 abuse[AT]firstbyte.ru link obfuscation https://aiplotnic.ru/yqjutzsgrfuwz Resolves to 51.38.186.24 abuse[AT]ovh.net offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader > Edited February 1, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Art101 Posted February 1, 2019 Share Posted February 1, 2019 It's so sad. The Internet — the most important advance in human communication since the invention of the printing press — is highjacked by crazy, money-grubbing, jerkoff spammers. Quote Link to comment Share on other sites More sharing options...
lisati Posted February 2, 2019 Share Posted February 2, 2019 Spammers are not only annoying, they tend to be stupid. I've even had one (can't remember which provider the original email was traced back to) where the sender claimed to be Donald Duck. I couldn't resist having a little bit of fun with them....... There's a humorous post on how stupid they are in the Lounge section of the forum. Quote Link to comment Share on other sites More sharing options...
petzl Posted February 6, 2019 Share Posted February 6, 2019 On 2/2/2019 at 9:35 AM, Art101 said: It's so sad. The Internet — the most important advance in human communication since the invention of the printing press — is highjacked by crazy, money-grubbing, jerkoff spammers. Seems Facebook are still selling info to criminals. I do not have any financial accounts connected to my Mobile phone.https://www.itnews.com.au/news/45k-stolen-in-phone-porting-scam-282310/page0 Quote Link to comment Share on other sites More sharing options...
Art101 Posted February 6, 2019 Share Posted February 6, 2019 Thanks, petzl... good info. We'll all bumble through the spam nightmare, thanks to services like Spamcop and Spamhaus. The fun never ends. [insert ironic emoji here] Totally off-topic (but maybe not)... good song by a longtime client/friend. Potential inspiration to maybe help brighten our days... http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob... In our sukkot of bone through this wondrous land we roam, ever lost — always home. Quote Link to comment Share on other sites More sharing options...
petzl Posted February 7, 2019 Share Posted February 7, 2019 (edited) 2 hours ago, Art101 said: Totally off-topic (but maybe not)... good song by a longtime client/friend. Potential inspiration to maybe help brighten our days... http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob... In our sukkot of bone through this wondrous land we roam, ever lost — always home. Found him on youtube your link no sound for me?https://youtu.be/rV32KmxMCic As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal Edited February 7, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
Lking Posted February 7, 2019 Share Posted February 7, 2019 2 hours ago, Art101 said: http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob... Nice (Art101 too). Quote Link to comment Share on other sites More sharing options...
petzl Posted February 8, 2019 Share Posted February 8, 2019 23 hours ago, petzl said: As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal The Scam in Australia regarding Mobile phone bank fraudhttps://youtu.be/sABVEHUhx8k Quote Link to comment Share on other sites More sharing options...
nei1_j Posted July 25, 2020 Share Posted July 25, 2020 (edited) > ovh.net Me too. If you wanna hear a nightmare: I went to Googlemaps to find a doctor near me. I found a nearby listing, but the address was a private residence, but they provided a cellphone number. So I sent a text message with damn near my life's story in it, including my ever-clean [google] email address that I use for friends and family. One clue that the listing was fake was that the Dr.'s name was Dibbledydibble, or something like that. But, y'know, I needed a doctor, and who ever heard of people using Googlemaps to harvest information like that? That fake "doctor's" listing disappeared. Within a couple of days, I started getting ovh.net and some other spams to my "clean" email address. Anyway, google does a good job of keeping spam out of the Inbox. I haven't anti-spammed in a long time, but this guy forced me back into it with a vengeance. I'm even setting my alarm clock for 2:30 AM to catch his 1:30 AM spams, so I can report them Fresh. Based on this thread, I wouldn't expect this unstoppable behavior to come out of a civilized country as France. It's disappointing that there's no authority there to affect ovh.net. I just noticed, an interesting line from my most recent report: Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. [51.79.145.214]) by mx.google.com with ESMTPS id l3si5139590plb.379.2020.07.24.22.53.52 for <x> According to ipinfo.io, 51.79.145.214 is ovh.net. They report a Canadian flag. The report was not copied to Newegg. I'll have to send a copy on my own. "Dear Newegg, I found your name in the header of a spam-email, if you might be interested..." I don't understand how the spammer got Newegg tied up with his shenanigans. Thanks for anti-spamming. Edited July 25, 2020 by nei1_j Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted July 25, 2020 Share Posted July 25, 2020 7 hours ago, nei1_j said: Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. [51.79.145.214]) Two decades ago, spammers were advertising the wrong hostname to get past blocking filters. When spam filtering kept getting them, some of them went to using their real hostname of the computer they had hacked. I think most of the OVH spammers might be the "fly by night" salesman, where the OVH computers are not patched. I think that by the time we file a report, they may have already abandoned the machine. Quote Link to comment Share on other sites More sharing options...
nei1_j Posted July 25, 2020 Share Posted July 25, 2020 (edited) Hi Gnarly. Thanks for the reply. I think I understand some of that. Are you saying that Newegg was hacked?!? But what you say suggests that it would indeed be beneficial if I can send in those SpamCop reports ASAP. Perhaps if someone can invent a SpamCop Alarm, so that my computer would beep when stuff shows up in my spam folder. That would certainly cut down on my reporting delays. Edited July 25, 2020 by nei1_j OCD Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted July 27, 2020 Share Posted July 27, 2020 On 7/25/2020 at 2:48 PM, nei1_j said: Are you saying that Newegg was hacked?!? Nope, I am saying that OVH customers were probably hacked. The spammer is just using the Newegg hostname to try to get past spam filters. (Some people who get a spam report that supposedly came from their discount it and ignore it because they "didn't send it".) Quote Link to comment Share on other sites More sharing options...
nei1_j Posted July 27, 2020 Share Posted July 27, 2020 (edited) Ok. So the whole "Received:" line is a forgery. If anyone's interested: https://www.spamcop.net/sc?id=z6643327190zb33a603c90f8edb039ee9fc7ef49ffd1z Edited July 27, 2020 by nei1_j s'more Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.