Jump to content

[Resolved] Spoof Emails?


Barry BURBs

Recommended Posts

Can we report spoof Emails? ie. Emails pretending to be from Ebay/Paypal or banks in an attempt to get your personal information? I have looked around for this answer, please forgive me if I've missed it.

40063[/snapback]

...It's kind of easy to miss and also implicit:
  • Navigate to SpamCop FAQ (see link near top of this page)
  • click on link labeled On what type of email should I (not) use SpamCop?

<snip>

We define spam as Unsolicited Bulk Email (UBE). To be considered spam, a message must be:

  1. Unsolicited (I didn't request it explicitly or implicitly); and,

  2. Bulk (the same message was sent to many people at once).

<snip>

Since you did not request this e-mail (at least, certainly not from the spammer!), it meets the first criterion. Since it certainly would have gone to more than just you (otherwise the chances of success of the "phish" [meaning e-mail pretending to be from an enterprise with whom you do business attempting to get personal information] would be almost nil), it may (IMHO) be presumed to meet the second criterion.
Link to comment
Share on other sites

I've just had a load of boucned messages for emails i did not send. This is someone pretending to be from my domain to send spam. Sorry to be a PITA but direct me what to do with these (i tried reporting as normal but spam cop said NOTHING TO DO). Im not an ISP just a bod with MS OE6

Link to comment
Share on other sites

I've just had a load of boucned messages for emails i did not send. This is someone pretending to be from my domain to send spam. Sorry to be a PITA but direct me what to do with these (i tried reporting as normal but spam cop said NOTHING TO DO). Im not an ISP just a bod with MS OE6

40119[/snapback]

Hi Barry!

It rather depends on how you are trying to report them. Presuming you have registered for a SpamCop free reporting account then you can forward the messages as attachments to your spam reporting Email address or you can copy the full text and headers and report via the normal website interface.

These FAQ entries may assist you...

How to Forward as attachment

Forwarding as attachment from OE6

Andrew

Link to comment
Share on other sites

...That works fine for me, offering to send a complaint to the abuse address of 208.31.41.115.

...Have you configured Mailhosts yet?

40129[/snapback]

OK, I will have a go at setting up mailhosts but at present my domain is in middle of a transfer so will wait a few days first. I think I understand it (think) ;-)

Thanks for all the help people. :)

Link to comment
Share on other sites

OK, I will have a go at setting up mailhosts but at present my domain is in middle of a transfer so will wait a few days first.  I think I understand it (think) ;-)

Thanks for all the help people.  :)

40130[/snapback]

OK, I followed through the mailhosts config with reported success. It lists the ISP where my emails get mapped too first and then the ISP that does the mapping second. I then reported all the bounced messages and although there is more data on the report it still says "NOTHING TO DO". Here's a tracking URL for one of them:

http://www.spamcop.net/sc?id=z870912009zbf...1a637e3610bc12z

:unsure:

Link to comment
Share on other sites

OK, I followed through the mailhosts config with reported success. It lists the ISP where my emails get mapped too first and then the ISP that does the mapping second.  I then reported all the bounced messages and although there is more data on the report it still says "NOTHING TO DO". Here's a tracking URL for one of them:

http://www.spamcop.net/sc?id=z870912009zbf...1a637e3610bc12z

:unsure:

40143[/snapback]

Hi Barry!

It would still help o know how you're submitting your reports. I checked the link provided and could have submitted your report which would have been sent to: abuse[at]allstream.com

In order to reproduce the issue as you are seeing it we'll need to know the process you're following.

Andrew

Link to comment
Share on other sites

OK, I followed through the mailhosts config with reported success. It lists the ISP where my emails get mapped too first and then the ISP that does the mapping second.  I then reported all the bounced messages and although there is more data on the report it still says "NOTHING TO DO". Here's a tracking URL for one of them:

http://www.spamcop.net/sc?id=z870912009zbf...1a637e3610bc12z

40143[/snapback]

No way to understand what you're saying here ... the Tracking URL you provide here is actually still "live" .... normally, I would cancel such a thing, so as to prevent someone else from sending it out as you .... but I don't see how you could be seeing anything different ....

Link to comment
Share on other sites

No way to understand what you're saying here ... the Tracking URL you provide here is actually still "live" .... normally, I would cancel such a thing, so as to prevent someone else from sending it out as you .... but I don't see how you could be seeing anything different ....

40160[/snapback]

Dont know how to cancel it. I've took a screen grab and uploaded it to http://www.burbs.co.uk/Image1.jpg if that helps? :unsure:

Link to comment
Share on other sites

Dont know how to cancel it.  I've took a screen grab and uploaded it to http://www.burbs.co.uk/Image1.jpg if that helps?  :unsure:

40174[/snapback]

Well I'm unsure too! The link is still live although no doubt it will time out soon as the 48 hours is approaching.

Like Wazoo, I can't imagine why you see something different to the rest of us.

Again, please tell us how you get to this screen, just in case we're doing something different to you.

Andrew

Link to comment
Share on other sites

Well I'm unsure too!  The link is still live although no doubt it will time out soon as the 48 hours is approaching.

Like Wazoo, I can't imagine why you see something different to the rest of us.

Again, please tell us how you get to this screen, just in case we're doing something different to you.

Andrew

40176[/snapback]

1> I get a bounced email message to a username I don't use (and surely am not responsible for sending the mail that resulted in the bounce in the 1st place).

2> I forward as attachment to my spamcop address (normal spam works fine in this manner).

3> I get an Email back from SpamCop saying it is ready for processing, I click the link and end up at the screenshot.

As I said, normal spam to me works fine through spamcop.

Im pretty sure my mailhosts are set up properly as it's a pretty fool proof system.

Link to comment
Share on other sites

Im pretty sure my mailhosts are set up properly as it's a pretty fool proof system.

40181[/snapback]

Hi Barry!

Thanks for posting the steps followed. I don't see anything unduly strange in the process you're following.

I'm sure it isn't a Mailhost thing. Others, like Wazoo and I, see the correct submission screen and could, if we wished, press the submit button. I can't imagine why this doesn't work for you - especially when you say other reports work fine.

Personally, I'd say life was too short to worry about this. Hit delete on these bounces or beter still filter them to the waste bin if you can. They will no doubt stop coming within a day or two. Use the time saved to read a book, drink a coffee, or just chill :D

Andrew

Link to comment
Share on other sites

Well, I see the "Nothing to do" message Barry mentions - last bit of the parse on the provided tracking URL

Tracking message source: 206.222.92.126:

Routing details for 206.222.92.126

[refresh/show] Cached whois for 206.222.92.126 : abuse[at]allstream.com

Using abuse net on abuse[at]allstream.com

abuse net allstream.com = securitysupport[at]allstream.com, abuse[at]allstream.com

Using best contacts securitysupport[at]allstream.com abuse[at]allstream.com

securitysupport[at]allstream.com refuses SpamCop reports

Using securitysupport#allstream.com[at]devnull.spamcop.net for statistical tracking.

Message is 11 hours old

206.222.92.126 not listed in dnsbl.njabl.org

206.222.92.126 not listed in dnsbl.njabl.org

206.222.92.126 not listed in cbl.abuseat.org

206.222.92.126 not listed in dnsbl.sorbs.net

206.222.92.126 not listed in relays.ordb.org.

206.222.92.126 not listed in accredit.habeas.com

206.222.92.126 not listed in plus.bondedsender.org

206.222.92.126 not listed in iadb.isipp.com

Nothing to do.

So - why the difference?
Link to comment
Share on other sites

Well, I see the "Nothing to do" message Barry mentions - last bit of the parse on the provided tracking URL So - why the difference?

40188[/snapback]

I just checked and I've still got the option to press Send spam Report(s) Now.

I'm using Windows 2000, on a cable modem connection with Firefox (v1.5.0.1). Then I checked with IE (v6.0.28) and, like Barry I find a nothing to do message.

On closer examination, though, I found that with IE I was not logged into my account. So I logged in by clicking the log-in menu tab and got the submission options as expected.

Assuming Barry is logged in, I still can't imagine the reasons for this issue.

Farelf, I 'm wondering if there is anything in your config which might be similar to Barry?

Andrew

Link to comment
Share on other sites

On closer examination, though, I found that with IE I was not logged into my account.  So I logged in by clicking the log-in menu tab and got the submission options as expected.

Assuming Barry is logged in, I still can't imagine the reasons for this issue.

Andrew

40189[/snapback]

Just tried another and definately logged in as I see my username and log out at top right of screen.

Im on win2k(sp4) msie 6.0.280.1106 There are no java/privacy errors in my status bar. Im on broadband via a router with built in firewall and no other firewall software running. I'll do some more tests and report back if anything changes.

Link to comment
Share on other sites

Just tried another and definately logged in as I see my username and log out at top right of screen.

Im on win2k(sp4) msie 6.0.280.1106 There are no java/privacy errors in my status bar. Im on broadband via a router with built in firewall and no other firewall software running. I'll do some more tests and report back if anything changes.

40192[/snapback]

I've downloaded Firefox and it works fine! :huh:

Link to comment
Share on other sites

I've downloaded Firefox and it works fine!  :huh:

40195[/snapback]

But .... http://www.spamcop.net/sc?id=z870912009zbf...1a637e3610bc12z is still showing as "live" for me ...????

Please make sure this email IS spam:

From: postmaster[at]redknee.com (Delivery Status Notification (Failure))

This is a MIME-formatted message.

Portions of this message may be unreadable without a MIME-capable mail program.

View full message

Report spam to:

Re: 206.222.92.126 (Bounce)

To: securitysupport#allstream.com[at]devnull.spamcop.net (Notes)

To: abuse[at]allstream.com (Notes)

Re: 206.222.92.126 (Third party interested in email source)

To: Cyveillance spam collection (Notes)

Checked with;

IE6 under Win98-SE

FF 1.07 under Win-98SE

IE6 under Win-XP

FF 1.5x under Win-XP

Safari 1.03 under OS-X 10.2.xxx

I can only come up with that there may be some kind of issue with am Akamai server and a cache being involved, but .... something like this would have generated mcuh complaining over the years ....?????

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...