Morg2 Posted January 2, 2022 Posted January 2, 2022 In the last month, I have been receiving hundreds of criminal phishing spams per day. Almost all come from Serverion. I am not a business or a sysadmin, this is just happening to my personal email address. It's taking me a massive amount of time out of my days to report these. I am at the point of seriously thinking of closing my email account, but I get my work through it so that would be a huge issue to set up a new address. In the past when I've reported spam through Spamcop, eventually it would stop, but this has been going on for weeks and does not abate, in fact it seems to be getting worse. I contacted the admin of where I have my email account, to ask them please block Serverion, but apparently they didn't. I can't block them with my local email settings, because they all appear to come from fake addresses (eg, "studydepend.co") so if I blacklist "serverion", the spam still comes through. Other than continuing to spend my hours reporting them all to Spamcop, does anyone have other thoughts on how I can make this headache stop? Below is a teeny tiny example of some which were just analysed this hour. In case there are clues in there. https://www.spamcop.net/sc?id=z6735826037za4008bcb96dca874f2d9c1c6e37783c9zhttps://www.spamcop.net/sc?id=z6735826038z0cf3b54147474608ac4151f2a77fac6dzhttps://www.spamcop.net/sc?id=z6735826039z813fa799476c29a9ee6a10dcc2c2340azhttps://www.spamcop.net/sc?id=z6735826040z856149abab53ddcfbd6988d03b3c3dedzhttps://www.spamcop.net/sc?id=z6735826041z7938a2666410013d610b21f426e1bd15zhttps://www.spamcop.net/sc?id=z6735826042z818f9997349599f2a01d068fe9c382ffzhttps://www.spamcop.net/sc?id=z6735826043z65ceed70586c98c0f1bf67586a5c17bczhttps://www.spamcop.net/sc?id=z6735826044zfa07b290bdb36c2a65614277fe3438f6zhttps://www.spamcop.net/sc?id=z6735826045z8768965612155a13f4aa284d8686bbfdzhttps://www.spamcop.net/sc?id=z6735826046zfda4b7db3a24c849b328e48701faab86z Quote
gnarlymarley Posted January 3, 2022 Posted January 3, 2022 On 1/2/2022 at 9:23 AM, Morg2 said: Other than continuing to spend my hours reporting them all to Spamcop, does anyone have other thoughts on how I can make this headache stop? Maybe you can convince your hosting service to add some sort of filtering option. I have filtering turned on in my account and so far, I only get about one spam from serverion once every two months. Filtering such as SpamAssassin can work based on keywords in the body or headers, so even if they change IP address ranges, it can still be blocked. One thing I like about SpamAssassin is that if someone accidentally lists the wrong IP address on their block list, it could still make it through. Once SpamAssassin adds up multiple filters and gets to a limit, it will block it at the SMTP level (which means the server doesn't accept it and also doesn't sent a bounce later). Another filter option is similar to Yahoo or gmail's filter rules, which are based only on a keyword. Quote
petzl Posted January 4, 2022 Posted January 4, 2022 (edited) On 1/3/2022 at 3:23 AM, Morg2 said: In the last month, I have been receiving hundreds of criminal phishing spams per day. https://www.spamcop.net/sc?id=z6735826046zfda4b7db3a24c849b328e48701faab86z Serverion IP's are known for Snowshoe spam and not responding to abuse complaintshttps://check.spamhaus.org/listed/?searchterm=194.99.47.220 Send to the countries CERT as well CERT ADDRESS's BELOWhttps://www.first.org/members/teams/#Netherlands Probably this one to select and get email address include in SpamCop reportshttps://www.first.org/members/teams/ncsc-nl include in notes Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS attack. Often contains malware email received from IP XXX.XX.XX.XXX RESET PASSWORD Serverion IP's are known for Snowshoe spam and not responding to abuse complaintshttps://check.spamhaus.org/listed/?searchterm=194.99.47.220 > The ">" at end of note stops SpamCop putting it all in a one line sentence Send to the countries CERT email address as well use extra email address box You might consider for Windows this free program to sort your spam/from ham before you download allows one to add blocklists like spamhaus, SpamCop etc. And will forward (one click) your selected spam to your SpamCop super secret email address for reporting.https://www.mailwasher.net/ Edited January 4, 2022 by petzl Quote
gnarlymarley Posted January 10, 2022 Posted January 10, 2022 On 1/3/2022 at 8:14 PM, petzl said: Serverion IP's are known for Snowshoe spam and not responding to abuse complaints That is one of the reasons why I built and host my own blocklist and added some ISP's entire range. If they don't send me any valid email, then it might get blocked. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.