Hanco Posted February 11, 2020 Share Posted February 11, 2020 14 hours ago, petzl said: I always forward my Amazon spam to abuse [AT] amazon [DOT] com I used to send to: abuse@amazonaws.com, ec2-abuse@amazon.com, ipmanagement@amazon.com, abuse@amazon.com I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work. I cannot say it reduced my spam in any way, but complaining directly to the “businesses” might be working. I think, somehow, most of my spam is from an affiliate marketeer. One that follows many very bad practices in email marketing and is also terrible at managing opt outs. Quote Link to comment Share on other sites More sharing options...
petzl Posted February 11, 2020 Share Posted February 11, 2020 (edited) 5 hours ago, Hanco said: I have found that all except “ipmanagement” are now not sent in SpamCop. I just forward to "abuse [AT] amazon [DOT] com" "stop-spoofing [AT] amazon [DOT] com" From my Gmail account directly Edited February 11, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 11, 2020 Share Posted February 11, 2020 8 hours ago, Hanco said: I have found that all except “ipmanagement” are now not sent in SpamCop. That’s ok if the ipmanagement one can work. So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs? Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 15, 2020 Share Posted February 15, 2020 (edited) On 2/11/2020 at 4:38 PM, gnarlymarley said: So, would it be worth us having someone point all the Amazon to ipmanagement or could it be possible that that group might not be in charge of all of their IPs? Dunno. One thing I did find today, and it seems to list a lot of what I have seen in terms of spam email topics: https://www.maxbounty.com/campaigns.cfm?offer_id=14005&mbs=Mailer&mba=Click Link&mbo=Medicare Guide - CPL (US)&mbc=14005&mbx1=&mbx2= Thinking of contacting those folks and asking to be added to do not mail list... not sure yet 🤔 Edited February 15, 2020 by Hanco Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 16, 2020 Share Posted February 16, 2020 Well, now this is new. I just got a bounce from amazon. Hard to tell if gmail rejected my report to amazon or if amazon did. Final-Recipient: rfc822; ec2-abuse@amazon.com Action: failed Status: 5.0.0 Diagnostic-Code: smtp; Message rejected. See https://support.google.com/mail/answer/69585 for more information. Last-Attempt-Date: Sun, 16 Feb 2020 15:23:11 -0800 (PST) Quote Link to comment Share on other sites More sharing options...
goodnerd Posted February 16, 2020 Share Posted February 16, 2020 6 minutes ago, gnarlymarley said: Well, now this is new. I just got a bounce from amazon. Hard to tell if gmail rejected my report to amazon or if amazon did. Final-Recipient: rfc822; ec2-abuse@amazon.com Action: failed Status: 5.0.0 Diagnostic-Code: smtp; Message rejected. See https://support.google.com/mail/answer/69585 for more information. Last-Attempt-Date: Sun, 16 Feb 2020 15:23:11 -0800 (PST) I occasionally get similar bounces. Gmail occasionally flags the account as being a spammer, even though we are actually trying to send spam complaints. I was told it was because I had too many addresses in the Cc section of the email. Gmail even starting bouncing the complaints sent to abuse@namecheapm phishing-report@us-cert. gov and even spam@uce.gov because I was filing so many complaints a day. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 16, 2020 Share Posted February 16, 2020 9 minutes ago, goodnerd said: I occasionally get similar bounces. Gmail occasionally flags the account as being a spammer, even though we are actually trying to send spam complaints. I was told it was because I had too many addresses in the Cc section of the email. Yep, it did come from google. I guess having one recipient is too much for them. I submitted it to amazon using a different account and it went through. Funny how the original email is not blocked, but attempts to report it are. Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 16, 2020 Share Posted February 16, 2020 1 minute ago, gnarlymarley said: Yep, it did come from google. I guess having one recipient is too much for them. I submitted it to amazon using a different account and it went through. Funny how the original email is not blocked, but attempts to report it are. Because the spam affiliate scam artist is income maybe. And AWS does like to get its income (funds its effort to dominate the online retail space?) Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 17, 2020 Share Posted February 17, 2020 My spammer switched target sites again today. Cannot use the same domain/site in California (Google) for too many spams or it risks blacklist status and gets shut down. So it’s back to .RU or other Eastern Europe for a bit I guess. Today’s fun fascinating final target spamvertized sites are rewardyoursurvey.com (I doubt the reward is enough for my time) Any of you guys been seeing this in the hops from spam link to target site? http://masscancel.site/r.php or mayattented.live site? both hosted by DigitalOcean and both were created by the spam guy via Namecheap, before being used on the same day for the emails he sends. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 17, 2020 Share Posted February 17, 2020 19 minutes ago, Hanco said: My spammer switched target sites again today. Mine has switched to using a new shortener of http ://owl.li/**********. Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 17, 2020 Share Posted February 17, 2020 Funny because all mine were either bit.ly or googleuser links (either way, it’s all about more redirects to hide behind) Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 17, 2020 Share Posted February 17, 2020 I use those sites that scan the url for the redirects and see where they end up (if I have the time) Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 18, 2020 Share Posted February 18, 2020 (edited) Well, I hope my spamming jerk of a friend is ok and did not get Coronavirus.... but today was pleasantly uninterrupted! Yesterday I had a mail from them and for the first time in a LONG time it did not show SPF fail in the headers. In fact it reportedly associated itself with a well respected marketing outfit called ActiveCampaign. Why do I rate AC so highly? Well they do at very least have an actually comprehensive guide on their long established site about how not to be classed as a spammer. All of which, I think I can truthfully say, my spammer friend(s) flaunt ignorance of! https://www.activecampaign.com/legal/anti-spam-policy Of course this may have been their last ditch attempt to list wash and maybe “Jason at ActiveCampaign d o t c o.m” was happy to give them my info to take me off their list. Who knows eh? At least it might be done with. So what now? One day of nil spam does not maketh tranquility... it could be Coronavirus or something less scary. They may be back tomorrow. If they are, I’ll do everything I can to make their marketing ineffective and and as fruitless as can be. Alternatively, if that is my lot, I’ll dance a jig, pour something cool and clear to drink, and store the folder of junk they’ve sent me away until they mess up and restart. Fingers and toes crossed. Good luck all you spam warriors! Edited February 18, 2020 by Hanco Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 29, 2020 Share Posted February 29, 2020 And finally! The source: strategiccompulytics.com I may never know how they got my email address to send me periodic newsletters for these products or services.: “We have the internet cornered in all categories, from solar power, to credit repair, to dating, financial services, to senior care, and even health, life and auto insurance – so there is no shortage of opportunities to get the latest savings and new products to the market. Our job is to serve you, so we will continue to find the best direct partners and match them to your needs.” If they are so keen on “serving” why do NONE of their “periodic newsletters” (sometimes sent up to 27 times in a day) mention Strategic Compulytics on them? For anyone else getting the same junk, maybe these super friendly guys are the true source. I hope this is useful to folks who might be dealing with never ending email arrival on the topics above and others that they don’t mention (tinnitus, erectile dysfunction, fungal nails, all of which have miracle cures doctors wish they understood and pharmaceutical companies want to hide from the public - allegedly!!) Note: Better Business Bureau says Strategic Compulytics they have not responded to their ask, to stop claiming BBB accreditation My current spam levels are now down to <0.5 per day average. The ones I get now are 419 Scam emails. They will stop one the sender isolates who is reporting their junk and gets their gmail/yahoo accounts closed. Quote Link to comment Share on other sites More sharing options...
Hanco Posted February 29, 2020 Share Posted February 29, 2020 https://domainbigdata.com/nj/mZHpadbrnAFQT4F6G79g4w Paul Goldstein strategiccompulytics.com Registers a lot of random domains. We’ve seen that behavior a lot! And the topics in many are familiar spammy email ones. Quote Link to comment Share on other sites More sharing options...
Thorin Posted November 5, 2020 Share Posted November 5, 2020 On 10/28/2019 at 1:49 AM, Steve said: I've also been getting amazonaws spam. It seems another IP address is included in the spam. It's 143.220.15.131 and registered to the Association of Medical Colleges (AAMC). I have tried reporting the IP address via SC to AAMC to both the dns AT aamc DOT org (which the SC parser forwards to postmaster AT aamc DOT org) and the postmaster address postmaster AT aamc DOT org on several occasions. with no response/effect. I was almost tempted a few times to write a letter and send it to them asking why their IP address appears in AmazonAWS spam. It's also ALWAYS the same content with the SAME links that aren't valid such as {spam link removed} (which the parser doesn't pick up. It only detects t.co/bit.ly links which even those get redirected and dev/nulled to twitterdoesntcareaboutspamreports@devnull.spamcop.net) or in the case of bit.ly links, sent to abuse AT bitly DOT com. Previous emails were coming from Parsec Cloud, Inc. Citrix is now being used as the bottom of the emails. Here's the original tracking url: https://www.spamcop.net/sc?id=z6585617008z355af39de650b47648e218409deb1a46z {Quote of spam Deleted} -- To view the deleted material follow the tracking URL above. Here's the parsing results for the AAMC IP address and the tracking URL: https://www.spamcop.net/sc?id=z6585618727zdf96eb88f2edb7ba97b2dad603fed48ez Tracking message source: 143.220.15.131: Routing details for 143.220.15.131[refresh/show] Cached whois for 143.220.15.131 : dnsadministrator@aamc.orgUsing abuse net on dnsadministrator@aamc.orgNo abuse net record for aamc.orgUsing default postmaster contacts postmaster@aamc.org Clicking on the calendly link results in this: with the links being reported to abuse AT cloudflare DOT com. Not that CF can do anything to take down the link. Steve Hi Steve I have been getting unwanted crap from AAMC since many many months... they are recently using Azure spam hosts (from 1 to 3 different IP addresses each time). After I immediately report them not only via SC (last reports are following) https://members.spamcop.net/mcgi?action=gettrack&reportid=7093189629 https://members.spamcop.net/mcgi?action=gettrack&reportid=7093074814 https://members.spamcop.net/mcgi?action=gettrack&reportid=7093074009 but also via cert.microsoft.com they are stopping for a while then come back again). Problem is when I am reporting the AAMC spamming address (same you all reported, always the same e.g. 143.220.15.131 ) never comes out and all reports go to Microsoft, meaning /dev/null. Isn't there a way to make reports go to the damned dnsadministrator@aamc.org or jbartell@aamc.org which is another contact reported by whois? AAMC.txt Quote Link to comment Share on other sites More sharing options...
petzl Posted November 5, 2020 Share Posted November 5, 2020 (edited) 1 hour ago, Thorin said: Hi Steve I have been getting unwanted crap from AAMC since many many months... they are recently using Azure spam hosts (from 1 to 3 different IP addresses each time). After I immediately report them not only via SC (last reports are following) https://members.spamcop.net/mcgi?action=gettrack&reportid=7093189629 https://members.spamcop.net/mcgi?action=gettrack&reportid=7093074814 https://members.spamcop.net/mcgi?action=gettrack&reportid=7093074009 but also via cert.microsoft.com they are stopping for a while then come back again). Problem is when I am reporting the AAMC spamming address (same you all reported, always the same e.g. 143.220.15.131 ) never comes out and all reports go to Microsoft, meaning /dev/null. Isn't there a way to make reports go to the damned dnsadministrator@aamc.org or jbartell@aamc.org which is another contact reported by whois? AAMC.txt If it is Azure spam include reporting to cert[AT] microsoft[DOT]com For ALL hotmail spam I do. Also learn to include a Tracking URL, these are at top of page BEFORE you submit spam Edited November 5, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted November 5, 2020 Share Posted November 5, 2020 1 hour ago, Thorin said: Isn't there a way to make reports go to the damned dnsadministrator@aamc.org or jbartell@aamc.org which is another contact reported by whois? I believe this is what the forum subsection for reporting address issues is for. http://forum.spamcop.net/forum/39-routing-report-address-issues/ Quote Link to comment Share on other sites More sharing options...
Thorin Posted November 6, 2020 Share Posted November 6, 2020 9 hours ago, petzl said: If it is Azure spam include reporting to cert[AT] microsoft[DOT]com For ALL hotmail spam I do. Also learn to include a Tracking URL, these are at top of page BEFORE you submit spam Ehm, I already told I am always reporting to Microsoft regarding Azure spam both via e-mail (junk@office365.microsoft.com, abuse@microsoft.com, secure@microsoft.com, msndcc@microsoft.com, IOC@microsoft.com, report_spam@hotmail.com), SC and cert.microsoft.com website but it's always just like writing to /dev/null, they don't seem to take it seriously since the AAMC spamming rats always come back with new IP addresses to spam from. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 6, 2020 Share Posted November 6, 2020 11 hours ago, Thorin said: Ehm, I already told I am always reporting to Microsoft regarding Azure spam both via e-mail (junk@office365.microsoft.com, abuse@microsoft.com, secure@microsoft.com, msndcc@microsoft.com, IOC@microsoft.com, report_spam@hotmail.com), SC and cert.microsoft.com website but it's always just like writing to /dev/null, they don't seem to take it seriously since the AAMC spamming rats always come back with new IP addresses to spam from. spam stops when I report to Cert for me but takes microsoft around a month to reply? I don't use SpamCop to report this they all need truncating. Microsoft claim they need full headers and body, I forward message name their IP and past headers and body a space below. Quote Link to comment Share on other sites More sharing options...
Thorin Posted November 12, 2020 Share Posted November 12, 2020 On 11/6/2020 at 10:34 PM, petzl said: spam stops when I report to Cert for me but takes microsoft around a month to reply? I don't use SpamCop to report this they all need truncating. Microsoft claim they need full headers and body, I forward message name their IP and past headers and body a space below. Actually Microsoft did something: after reporting any of the spamming hosts hosted by Azure belonging to the AAMC house of spamming rats they may have taken down since every spam run I got after was originated from a different IP address. Same goes for the spamming assholes at Wowrack.com, my old date spam companions since years (not over numbering, it is years they go on sending me their crap): the last one I reported was this one ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com Return-Path: <nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com> Received: from a7vp.j9glM2hEsnKgKqRD.COM (bqsqtintn-14.northeurope.cloudapp.azure.com. [13.79.243.243]) by mx.google.com with ESMTP id z4si2987582wmi.27.2020.11.11.10.13.22 for <xxx.xxx@gmail.com>; Wed, 11 Nov 2020 10:13:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) client-ip=13.79.243.243; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com Received: from efianalytics.com (efianalytics.com. 216.244.76.116) List-Unsubscribe: <zMqRVfXQsini-hPIgoLQwVVoQ@[dom]> From: "Melania" <xxx.xxx.zNDxUaxOIVsY@RpiLylERPzCP.edu.se> Date: [Date] Subject: CONFIRM YOUR "UNSUBSCIBE" PLEASE xxx.xxx. and seemed to hit since on the following spam run they came back using their german spamming rats associates, xsserver.gmbh: this is a sample of two days ago Delivered-To: xxx.xxx@gmail.com Received: by 2002:ac9:686:0:0:0:0:0 with SMTP id o6csp292041oco; Tue, 10 Nov 2020 21:19:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJztzuLv5vnsJfVUnMWp3RtQyNHtoS7WajK+8o7FBtLUZRW3u29YCqyBD11SIxCZk0tk518g X-Received: by 2002:adf:f246:: with SMTP id b6mr27298463wrp.111.1605071993246; Tue, 10 Nov 2020 21:19:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605071993; cv=none; d=google.com; s=arc-20160816; b=bZNM3+3jdF4rkMz9lTocNi2BVWO3/gf+prBqKbx+TqakiDF2hxVGc2GBa/Devw/mAP ZEGwezR+ndZ9wENzeRUeRh1/EwpyoUOn9/pZi6E8FuwLHh6Pcjoen2KPj0lZOdKzJ679 c71MTrZxgJwKt/R0ZfuOVuvwijXPPCapENDVMBEjZhlDRfbiJLKFbiqaRhTMJW0YkMTn PTCHgqaId7e6QsiJ+UGS9NpY1O+xNCzV01hUfq1AIUa2+ekTcinJXFxVTtNTaxkNnP5/ lJ7P7pSrtg7MVt3HF3pVLA8W5BCnJoPpnZWPkwOySy2prcZxOg5AkRiM6iS9fAm/eFWe 0ueg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:to:subject:date:from:list-unsubscribe :domainkey-signature:dkim-signature; bh=FcDs18rHaqo4LJ7x5Wp9kyyTbjq22dbZ7+yVDxCfJIo=; b=da6yXO+HBBgxvJqd22/cKrI0fjx6ge07ExSDX5EWJ13GhwroTnm3/P5sCwLmhbh1eU A+csULMWjSPniqdDsW0dHFHvhSM25I4mkQe509x6aqyX+E3Enf0uIAsUhPsBZnwjWRta VXj7Yb0Ofm0ZXd8nqKTjv5eMoIGklFR0Yaez1mSjyhHkvHB1CbpyFLHRESeXZDhXZ+f5 rdWQxevaxOrmV8AG/a1f9zb+YkVAgIXzSTAg+D8ft01na1C8mNNlac+usfoI/Vn1FNmQ IYXz3IwgNXsK0m/uxpcnoPlaKK/Pxjjle2qMFqxbyvXcVqldI3mTJzJB4KBS8wf1o/Qt a/ZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@spotnika.com header.s=mail header.b=jrWGr7Fx; spf=neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) smtp.mailfrom=abuse@chacha.com Return-Path: <abuse@chacha.com> Received: from spotnika.com (spotnika.com. [195.62.46.23]) by mx.google.com with ESMTP id x184si1107042wmx.89.2020.11.10.21.19.52 for <xxx.xxx@gmail.com>; Tue, 10 Nov 2020 21:19:53 -0800 (PST) Received-SPF: neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) client-ip=195.62.46.23; Authentication-Results: mx.google.com; dkim=pass header.i=@spotnika.com header.s=mail header.b=jrWGr7Fx; spf=neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) smtp.mailfrom=abuse@chacha.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail; d=spotnika.com; h=List-Unsubscribe:From:Date:Subject:To:Message-Id:Content-Type; i=replyin@spotnika.com; bh=V07rnCA3cx7MJcl9lmTySlHt7EU=; b=jrWGr7FxYhiOm1OFdEwoF/lTpDPt16JdqW+phWTXcLn5Zh1GFNIaob1orlYXrLJiT3E1yYEUcimG fBhzb5vgGx5fMQMZMlNoPrqWnYOlBHLBqXZaOqje+y+SaLb+Tri9zRHq6NM4X7U8RQraJ0pl4xRR KBPzlAN5XRIG/7DTi9Q= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=spotnika.com; b=f+PMNcWX1nExvD8FxJ2mi8A7KzpArc3JfPbg9avARBzePrxN4K1T0f5aOnbJX2GTFFsPRf0GnliJ ol0wFV/akOFWQcBfrdj7d2xwidZizqIHHWPnM84EaT4nAPpj8ci16v6FaBrVsUdvPZzYWte/2w7r /Hc5PXivOMp30zKPZng=; Received: from efianalytics.com (efianalytics.com. 216.244.76.116) List-Unsubscribe: <Ukvp3bFB8gLt3ZzBr-KLo7x3HcafaJ@spotnika.com> From: LawsuitWinning <replyin@spotnika.com> Date: Tue, 10 Nov 2020 14:35:58 -0600 Subject: Boy Scouts Abuse Victims, Read This! Free Legal Review and Potential Compensation To: xxx.xxx@gmail.com Message-Id: <Ukvp3bFB8gLt3ZzBr-KLo7x3HcafaJ@spotnika.com> X-EMMAIL: xxx.xxx@spotnika.com Content-Type: text/html; charset=utf-8 Quote Link to comment Share on other sites More sharing options...
petzl Posted November 12, 2020 Share Posted November 12, 2020 (edited) 10 hours ago, Thorin said: and seemed to hit since on the following spam run they came back using their german spamming rats associates, xsserver.gmbh: this is a sample of two days ago Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6690533908ze72fd31a4dff786edaf29eccae16c308z Seeing forged headers! Hotmail never show originating IP. With Gmail a powerful tool is to mark it as "Phishing" Usually/often if you click unsubscribe it tries to get you to send a mail bomb to 50 reply addresses Azure are offering spammers free throwaway cloud accounts, for couple of years now. They need to get a valid credit card number to stop this spammer, SpamCop parse picked up Azure in headers spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com Edited November 12, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.