ArtmakersWorlds Posted January 7, 2019 Share Posted January 7, 2019 Hi all, About a month or maybe two ago, seems my one email that I use in places that will likely be hyjacked got hammered. Spamcop really must work because I'm back down to the usual 2 or so a day. BUT almost every bit that is still coming shows a reporting address of some long name at gmail. SO WHY isn't google included in the list of reports sent to? Wouldn't google want to know someone using gmail is violating TOS? Or... does google even care? (Well they must, when I was being flooded almost all of them went to google network abuse. It's stopped so they must have done something.) Thanks. Link to comment Share on other sites More sharing options...
RobiBue Posted January 7, 2019 Share Posted January 7, 2019 Hi ArtmakersWorlds, I suppose you are talking about the IPv6 address in the email header's "Received:" line beginning with "2002:", otherwise it would be helpful if you could post the "TRACKING URL" you received when submitting the spam to better understand what you mean. i.e. the URL you receive when reporting the spam (my link depicted in indigo purple) If it's the IPv6 (6to4) address, then see the threads here and here about the reasons why some of it isn't working and what Google is or isn't doing about it... HTH Link to comment Share on other sites More sharing options...
petzl Posted January 8, 2019 Share Posted January 8, 2019 8 hours ago, ArtmakersWorlds said: Or... does google even care? (Well they must, when I was being flooded almost all of them went to google network abuse. It's stopped so they must have done something.) Gmail/Google don't care about customers, to them they are just data fodder! Aside from reporting spam mark it phishing Link to comment Share on other sites More sharing options...
ArtmakersWorlds Posted January 8, 2019 Author Share Posted January 8, 2019 23 hours ago, RobiBue said: Hi ArtmakersWorlds, I suppose you are talking about the IPv6 address in the email header's "Received:" line beginning with "2002:", otherwise it would be helpful if you could post the "TRACKING URL" you received when submitting the spam to better understand what you mean. i.e. the URL you receive when reporting the spam (my link depicted in indigo purple) If it's the IPv6 (6to4) address, then see the threads here and here about the reasons why some of it isn't working and what Google is or isn't doing about it... HTH Ok, had to wait for the next one to arrive. here... SpamCop v 4.9.0 © 2019 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0zSkip to Reports Link to comment Share on other sites More sharing options...
petzl Posted January 9, 2019 Share Posted January 9, 2019 5 hours ago, ArtmakersWorlds said: https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z Add INCIDENT[ AT ] cert-in.org.in To you report "pracharnamapvtltd - gmail*com" is a apparent bit bin Link to comment Share on other sites More sharing options...
ArtmakersWorlds Posted January 9, 2019 Author Share Posted January 9, 2019 1 hour ago, petzl said: Add INCIDENT[ AT ] cert-in.org.in To you report "pracharnamapvtltd - gmail*com" is a apparent bit bin Ok, so what is a bit bin??? Link to comment Share on other sites More sharing options...
RobiBue Posted January 9, 2019 Share Posted January 9, 2019 1 hour ago, ArtmakersWorlds said: Ok, so what is a bit bin??? same as garbage can (a.k.a. /dev/nul) adding a report to incident@cert-in.org.in is described in https://www.cert-in.org.in/SecurityIncident.jsp from https://dnslytics.com/ip/103.111.41.221, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well... that is, a report also to 'admin@rackbank.com' at least for the spam just provided in https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z Link to comment Share on other sites More sharing options...
RobiBue Posted January 9, 2019 Share Posted January 9, 2019 btw, if you click on [past reports] tab/button/link, you can find past TRACKING URLs by clicking on the number link provided for the report, and then on the [parse] link in the resulting screen. just for future reference Link to comment Share on other sites More sharing options...
petzl Posted January 9, 2019 Share Posted January 9, 2019 2 hours ago, ArtmakersWorlds said: Ok, so what is a bit bin??? Rubbish bin never read. The Cert address is run by the Government who can get criminals arrested Link to comment Share on other sites More sharing options...
ArtmakersWorlds Posted January 9, 2019 Author Share Posted January 9, 2019 13 hours ago, RobiBue said: same as garbage can (a.k.a. /dev/nul) adding a report to incident@cert-in.org.in is described in https://www.cert-in.org.in/SecurityIncident.jsp from https://dnslytics.com/ip/103.111.41.221, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well... that is, a report also to 'admin@rackbank.com' at least for the spam just provided in https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z Ok, guys, I'm NOT a computer geek here. Beyond some very basic and dated HTML code, that's it. I do get dev/nul so ok, basically I've been wasting my time reporting these at all? They are going nowhere??? Then... TRYING to figure out what your telling me here, "described in https://www.cert-in.org.in/SecurityIncident.jsp" Well get "Requested URL not found." from https://dnslytics.com/ip/103.111.41.221, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well... that is, a report also to 'admin@rackbank.com' Not a clue what to do with this. "I would add a report to..." HOW? Through spamcop? Listen, I have used spamcop for years now. I've promoted using it to many others. Take the time to send spam through it. But that's about all the time I care to waste on this. Especially if the spammers found a way to send through some non address that is the same as dev/nul Spamcop must be doing SOMETHING though. It only took a matter of weeks until my sudden flood of spam dwindled down to one a day. (That one yesterday and an unrelated "fed ex can't deliver your atm card" bs that also seems to report to nowhere. Here in case your interested in this one. Seems I get that message on a regular basis. (Spammers really are a stupid lot aren't they? An ATM card? Fed Ex has to deliver something that could fit in an envelope? That I KNOW is not mine? Must be enough people even dumber to fall for this and probably have to send someone money first.) SpamCop v 4.9.0 © 2019 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6512217806z2094f4fdceb045889e1ad82b10175152zSkip to Reports I did once attempt to contact fed ex to see if they have an abuse reporting address. Apple does, pay pal does, but they do not. Kinda drifted off topic but the point is I only got one piece of spam today. So this site really does work. Even if I don't understand just how. And the email I'm using is one I use everywhere I think it might be harvested. Survey sites I do, or if I want to bite on what I think is likely a scam, I'll use my trashable email. So it's out there. That I'm down to one spam in the morning is fantastic. Maybe I just have to wait until this particular spammer dies of old age before it stops then because I sure don't know what else to do. Thanks for trying though. But unless someone can post 1. Do this.. 2. do that... I'm out. Spamcop then delete. Move on. Life is too short. Link to comment Share on other sites More sharing options...
RobiBue Posted January 9, 2019 Share Posted January 9, 2019 2 hours ago, ArtmakersWorlds said: "described in https://www.cert-in.org.in/SecurityIncident.jsp" Well get "Requested URL not found." Sorry about that, I just copied the link without testing it "stand-alone" it was supposed to be https://www.cert-in.org.in, and then clicking on the link in the left menu [* Incident Reporting] (which ends up being that .jsp link that seems to go nowhere without context...) 2 hours ago, ArtmakersWorlds said: [...] I have used spamcop for years now. I've promoted using it to many others. Take the time to send spam through it. But that's about all the time I care to waste on this. [...] Spamcop must be doing SOMETHING though. It only took a matter of weeks until my sudden flood of spam dwindled down to one a day. (That one yesterday and an unrelated "fed ex can't deliver your atm card" bs that also seems to report to nowhere. Here in case your interested in this one. Seems I get that message on a regular basis. (Spammers really are a stupid lot aren't they? An ATM card? Fed Ex has to deliver something that could fit in an envelope? That I KNOW is not mine? Must be enough people even dumber to fall for this and probably have to send someone money first.) https://www.spamcop.net/sc?id=z6512217806z2094f4fdceb045889e1ad82b10175152z Confirmation of Spammer's Rules Rule #3: Spammers are stupid, and Spinosa's Corollary: Spammers assume everybody is more stupid than themselves. 2 hours ago, ArtmakersWorlds said: I did once attempt to contact fed ex to see if they have an abuse reporting address. Apple does, pay pal does, but they do not. (no need to contact them, as it's not from them anyway) Kinda drifted off topic but the point is I only got one piece of spam today. So this site really does work. Even if I don't understand just how. And the email I'm using is one I use everywhere I think it might be harvested. Survey sites I do, or if I want to bite on what I think is likely a scam, I'll use my trashable email. So it's out there. That I'm down to one spam in the morning is fantastic. Maybe I just have to wait until this particular spammer dies of old age before it stops then because I sure don't know what else to do. Thanks for trying though. But unless someone can post 1. Do this.. 2. do that... I'm out. Spamcop then delete. Move on. Life is too short. well, all I can say now: it works, and if it works for you , then great 👍 mission accomplished! Link to comment Share on other sites More sharing options...
petzl Posted January 9, 2019 Share Posted January 9, 2019 4 hours ago, ArtmakersWorlds said: Thanks for trying though. But unless someone can post 1. Do this.. 2. do that... Forward as attachment from your email to abuse address is another way botnet source 88.198.112.174 'abuse@hetzner.de Email server change password 62.172.235.230 abuse@bt.com Received: from 127.0.0.1 (EHLO our.madebysonder.com) (62.172.235.230) your email server to you by mta4452.mail.bf1.yahoo.com with SMTP; Wed, 09 Jan 2019 11:52:48 +0000 Received: from User (static.88-198-112-174.clients.your-server.de [88.198.112.174]) source to your email server by our.madebysonder.com (Postfix) with ESMTPA id 1306A30601B9; Tue, 8 Jan 2019 12:00:03 +0000 (GMT) reference urls https://www.talosintelligence.com https://mxtoolbox.com/diagnostic.aspx https://dnslytics.com/whois-lookup Link to comment Share on other sites More sharing options...
petzl Posted January 9, 2019 Share Posted January 9, 2019 18 minutes ago, petzl said: Forward as attachment from your email to abuse address is another way botnet source 88.198.112.174 'abuse@hetzner.de Email server change password 62.172.235.230 abuse@bt.com child porn source 182.111.98.3 anti-spam@ns.chinanet.cn.net 113.140.86.66 anti-spam@ns.chinanet.cn.net offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader example just forwarded as attachment from my email account Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB for <xxx[AT]spamcop.net>; Wed, 9 Jan 2019 13:31:08 -0800 (PST) Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source email server seems a fake one https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a113.140.86.66&run=toolpage Link to comment Share on other sites More sharing options...
ArtmakersWorlds Posted January 10, 2019 Author Share Posted January 10, 2019 petzl I seem to remember that bt.com coming up in the past. When I see an email address I sometimes DO forward copies directly. Pretty sure that one only sends back some long winded BS auto responder which I don't even bother reading. I don't know if they care or not. RobiBue LOVE THIS... "Confirmation of Spammer's Rules Rule #3: Spammers are stupid, and Spinosa's Corollary: Spammers assume everybody is more stupid than themselves." So sad though that there are actually people even stupider than spammers. Must be or they would be out of business. Meanwhile.... today, in my out there for everyone junk email address I got NOT ONE spam message today. (so far.) So spamcop really does work. Seems even the ones that are dev/nul or where ever, must be doing something somehow huh? I got hammered right around Christmas, and barely mid Jan it's stopped. WOOHOOO!!!!! Link to comment Share on other sites More sharing options...
petzl Posted January 10, 2019 Share Posted January 10, 2019 32 minutes ago, ArtmakersWorlds said: petzl I seem to remember that bt.com coming up in the past. When I see an email address I sometimes DO forward copies directly. Pretty sure that one only sends back some long winded BS auto responder which I don't even bother reading. I don't know if they care or not. https://www.talosintelligence.com/reputation_center/lookup?search=62.172.235.230 Shows some one don't care UK military server compromised https://www.raf.mod.uk/our-organisation/stations/raf-marham/ https://www.spamhaus.org/sbl/query/SBL428795 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.