Jump to content

I am inundated, what can I do next?


Recommended Posts

In the last month, I have been receiving hundreds of criminal phishing spams per day.  Almost all come from Serverion.  I am not a business or a sysadmin, this is just happening to my personal email address.  It's taking me a massive amount of time out of my days to report these.  I am at the point of seriously thinking of closing my email account, but I get my work through it so that would be a huge issue to set up a new address.  In the past when I've reported spam through Spamcop, eventually it would stop, but this has been going on for weeks and does not abate, in fact it seems to be getting worse.  I contacted the admin of where I have my email account, to ask them please block Serverion, but apparently they didn't.  I can't block them with my local email settings, because they all appear to come from fake addresses (eg, "studydepend.co") so if I blacklist "serverion", the spam still comes through.  Other than continuing to spend my hours reporting them all to Spamcop, does anyone have other thoughts on how I can make this headache stop?

Below is a teeny tiny example of some which were just analysed this hour.  In case there are clues in there.

https://www.spamcop.net/sc?id=z6735826037za4008bcb96dca874f2d9c1c6e37783c9z
https://www.spamcop.net/sc?id=z6735826038z0cf3b54147474608ac4151f2a77fac6dz
https://www.spamcop.net/sc?id=z6735826039z813fa799476c29a9ee6a10dcc2c2340az
https://www.spamcop.net/sc?id=z6735826040z856149abab53ddcfbd6988d03b3c3dedz
https://www.spamcop.net/sc?id=z6735826041z7938a2666410013d610b21f426e1bd15z
https://www.spamcop.net/sc?id=z6735826042z818f9997349599f2a01d068fe9c382ffz
https://www.spamcop.net/sc?id=z6735826043z65ceed70586c98c0f1bf67586a5c17bcz
https://www.spamcop.net/sc?id=z6735826044zfa07b290bdb36c2a65614277fe3438f6z
https://www.spamcop.net/sc?id=z6735826045z8768965612155a13f4aa284d8686bbfdz
https://www.spamcop.net/sc?id=z6735826046zfda4b7db3a24c849b328e48701faab86z

Link to comment
Share on other sites

On 1/2/2022 at 9:23 AM, Morg2 said:

Other than continuing to spend my hours reporting them all to Spamcop, does anyone have other thoughts on how I can make this headache stop?

Maybe you can convince your hosting service to add some sort of filtering option.  I have filtering turned on in my account and so far, I only get about one spam from serverion once every two months.  Filtering such as SpamAssassin can work based on keywords in the body or headers, so even if they change IP address ranges, it can still be blocked.  One thing I like about SpamAssassin is that if someone accidentally lists the wrong IP address on their block list, it could still make it through.  Once SpamAssassin adds up multiple filters and gets to a limit, it will block it at the SMTP level (which means the server doesn't accept it and also doesn't sent a bounce later).

Another filter option is similar to Yahoo or gmail's filter rules, which are based only on a keyword.

Link to comment
Share on other sites

On 1/3/2022 at 3:23 AM, Morg2 said:

In the last month, I have been receiving hundreds of criminal phishing spams per day
https://www.spamcop.net/sc?id=z6735826046zfda4b7db3a24c849b328e48701faab86z

Serverion IP's are known for Snowshoe spam and not responding to abuse complaints
https://check.spamhaus.org/listed/?searchterm=194.99.47.220
Send to the countries CERT as well

CERT ADDRESS's BELOW
https://www.first.org/members/teams/#Netherlands
Probably this one to select and get email address include in SpamCop reports
https://www.first.org/members/teams/ncsc-nl

include in notes
Criminal phishing, bogus reply address, bogus unsubscribe (NEVER subscribed), DDoS attack. Often contains malware 
email received from IP XXX.XX.XX.XXX
RESET PASSWORD

Serverion IP's are known for Snowshoe spam and not responding to abuse complaints
https://check.spamhaus.org/listed/?searchterm=194.99.47.220
>

The ">" at end of note stops SpamCop  putting it all in a one line sentence
Send to the countries CERT email address as well use extra email address box

You might consider for Windows this free program to sort your spam/from ham before you download allows one to add blocklists like spamhaus, SpamCop etc.
And will forward (one click) your selected spam to your SpamCop super secret email address for reporting.
https://www.mailwasher.net/

Edited by petzl
Link to comment
Share on other sites

On 1/3/2022 at 8:14 PM, petzl said:

Serverion IP's are known for Snowshoe spam and not responding to abuse complaints

That is one of the reasons why I built and host my own blocklist and added some ISP's entire range.  If they don't send me any valid email, then it might get blocked.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...