Hanco Posted October 14, 2019 Share Posted October 14, 2019 Has this happened before? Look at that green “spam submitted” line in the screenshot I attached. Normally spam submitted leads to a higher volume of reports. October though? We see a significant amount of spam reported with reports not sent. If my experience is anything to go by, there was a major increase from one group of spammers (phishing activity actually, but not the overt fake Apple sites, Amazon, Walmart, Netflix etc login pages) And it was mostly email coming from Amazon IP addressees, which I always see SpamCop track but not send reports. Instead, I send the reports directly myself. But is that what this month’s driver was? The group behind these daily deals of loan offers, warranty offers, cures for bizarre conditions etc.? They seemed to be quiet, then boom, daily 12-25 emails. Mostly sites with domain names from Namecheap (they said to someone in response to a domain abuse report, that they have a “huge volume” of support requests at the moment) It seems like volume is down now (or the jerks behind the flow do not work weekends) and Amazon are “caught up” on the backlog of reports. Maybe the green line will go back below the blue... Quote Link to comment Share on other sites More sharing options...
RobiBue Posted October 15, 2019 Share Posted October 15, 2019 I don't know, but as of late, I submit spams (to seekrit.email@spamcop.com) but only occasionally am able to submit the spam. the others are lost in limbo... maybe that has to do with the green spikes? Quote Link to comment Share on other sites More sharing options...
C2H5OH Posted October 21, 2019 Share Posted October 21, 2019 Such a high level of reports to a spammer's ISP might generate a high level of bounces. We know that spamcop won't keep sending reports that are bound to bounce (and only waste more email bandwidth). Maybe that's the reason for a high submitted:sent ratio? Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 21, 2019 Author Share Posted October 21, 2019 It’s even more pronounced now. From 29 Sept through about 10 days, then back to normal. It aligns with a huge spike of email abuse I saw from AWS and other Amazon IPs. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 22, 2019 Share Posted October 22, 2019 I did notice on the source of spam page lately there are a lot of "ISP has indicated spam will cease" from IP ranges such as 89.34.26.0/24 and 195.29.0.0/16 where it appears that they are just marking the option to prevent reports from being submitted. (It seems to be more than one IP in their range.) It appears they have been doing this for more than 48 hours and marking this maybe every six hours as the time after the message seems to jump up by around six hours. Could this be part of the why the spikes have changed? Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 26, 2019 Author Share Posted October 26, 2019 Seems like my email abuser has switched to using now-dns.com Reports are sent by SpamCop to the host of the subdomains, but that is VPSVILLE.RU which doesn’t seem bothered to act with any level of pace. That’s one source. The other.. Much of the email volume is repetitive and has links to a Google Storage API location... there I can view XML showing all the subject lines and outline content they generate. And ALL of them redirect to “hwManyMore.com” (how many more? Well at least the jerk has a sense of humour I suppose? Quote Link to comment Share on other sites More sharing options...
goodnerd Posted November 23, 2019 Share Posted November 23, 2019 A lot of the spams that I reported that were originating from the AmazonAWS servers were never sent to any address at Amazon but instead used addresses like abuse#amazonaws.com@devnull.spamcop.net I also filed every spam complaint directly on the AmazonAWS reporting page, even when I was getting 50+ a day from this spammer. Amazon took it a little more serious when the spammer started forging their name and logos in the fake Amazon Gift Card spam attack. I got some virus spams from the spammer after getting that one shut down. They always seem to point back to a common registrar. Quote Link to comment Share on other sites More sharing options...
petzl Posted November 24, 2019 Share Posted November 24, 2019 4 hours ago, goodnerd said: A lot of the spams that I reported that were originating from the AmazonAWS servers were never sent to any address at Amazon but instead used addresses like abuse#amazonaws.com@devnull.spamcop.net I also filed every spam complaint directly on the AmazonAWS reporting page, even when I was getting 50+ a day from this spammer. Amazon took it a little more serious when the spammer started forging their name and logos in the fake Amazon Gift Card spam attack. I got some virus spams from the spammer after getting that one shut down. They always seem to point back to a common registrar. Always helps with a SpamCop Trackhttps://www.spamcop.net/sc?id=z6594340561z125f42ee61982fdb92980529b765f19bz always put in abuse report been going on for many many months.Banned all Amazon and subsidiaries purchases because of inept AWS abuse responses to AmazonAWS DDoS multiple IP email attacks Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS 52.45.175.153 abuse[AT]amazonaws.com spam text headers and body Quote Link to comment Share on other sites More sharing options...
goodnerd Posted November 24, 2019 Share Posted November 24, 2019 I didn't bother posting any tracking links because I was not sure others could see historical data from reports I filed. The party that utilizes AmazonAWS, numerous exposed Twitter accounts, Bit.ly and imgur image hostings now seems to be shrinking back to smaller country servers like vspnet.lt, home.pl, arax.md, and occasionally krypt.com. I've been dealing with this little man for quite a while now. That spammer even set up a fake Twitter account under my Gmail email address and occasionally sends me direct virus spams but yet he still can't stop spamming me. Go figure. I guess it's like the old Robert Soloway case where the man thought he was untouchable and above the law. Their account at digitalocean.com wasterminated on 11/22 (outlandisher.pw): Quote Hi there, Thanks for making this report. We identified and terminated the user responsible for this incident. Regards, Security Operations Digital Ocean Security Quote Link to comment Share on other sites More sharing options...
petzl Posted November 24, 2019 Share Posted November 24, 2019 1 hour ago, goodnerd said: Their account at digitalocean.com was terminated on 11/22 (outlandisher.pw): They can get millions of different email accounts herehttps://sendgrid.com/marketing/sendgrid-services-cro/ Try it out! Send 40,000 emails for 30 days, then 100/day forever. Sign up for free. No credit card required. Quote Link to comment Share on other sites More sharing options...
Hanco Posted November 24, 2019 Author Share Posted November 24, 2019 Pleased to see “hwManyMore.com” was shut down. That one wen on too long. There are so many domains in this racket though smh. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.