dra007 Posted March 18, 2004 Share Posted March 18, 2004 I am no longer getting confirmation e-mails from spamcop when I forward the spam as attached files. Why is this happening? I am wondering if a virus/worm redirects the reports I send by e-mail. As soon as I forward the report I get bounces from unknown e-mails which report the same spam I just sent to spamcop. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 18, 2004 Share Posted March 18, 2004 Should have noticed that you had made two posts before replying to the first one. There are several posts recently about people not receiving confirmation emails. There are various reasons for that. Have you looked to see if you have Unreported spam on the web site? Are you an email customer? or reporting only? Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted March 18, 2004 Author Share Posted March 18, 2004 I am reporting on a daily basis, this problem has started yesterday, what seems odd is that my reports do not seem to make it to spamcop, when I log on to the site I do not show un-reported spam for the stuff I forwarded since yesterday. Instead I get bounces with similar contents from unknown users reporting the same spam content. Link to comment Share on other sites More sharing options...
Stroked_S-10 Posted March 18, 2004 Share Posted March 18, 2004 I had to obtain a obtain a new authorization code. But that is the message I get everytime I report spam; Report another spam? No userid found Your authorization code is invalid. Please obtain a new authorization code. Link to comment Share on other sites More sharing options...
Wazoo Posted March 18, 2004 Share Posted March 18, 2004 I get bounces with similar contents from unknown users I'm having a hard time guessing at just what you might actually mean here. How about posting the headers of one of these bounces so we can see where you're getting this "unknown user" description. Link to comment Share on other sites More sharing options...
Wazoo Posted March 18, 2004 Share Posted March 18, 2004 Your authorization code is invalid. Please obtain a new authorization code If I'm reading and guessing xcorrectly, I'm thinking that what you need to do is delete all your previous SpamCop cookies, then accept a new one at the first login with thie "new" authorization code / page. Perhaps this is also what dra007 means by "unknown users" ..??? Link to comment Share on other sites More sharing options...
dra007 Posted March 18, 2004 Author Share Posted March 18, 2004 this is an example, I have never sent e-mails to those adds: Hi. This is the qmail-send program at email04.aon.at. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <hdz[at]aon.at>: The users mailfolder is over the allowed quota (size). --- Below this line is a copy of the message. Return-Path: <ads5[at]imap.pitt.edu> Received: (qmail 68646 invoked from network); 18 Mar 2004 17:54:59 -0000 Received: from unknown ([172.18.5.84]) (envelope-sender <>) by qmail4.highway.telekom.at (qmail-ldap-1.03) with QMQP for <>; 18 Mar 2004 17:54:59 -0000 Received: (qmail 427730 invoked from network); 18 Mar 2004 17:54:58 -0000 Received: from cable-212.76.251.31.coditel.net ([212.76.251.31]) (envelope-sender <ads5[at]imap.pitt.edu>) by qmail6rs.highway.telekom.at (qmail-ldap-1.03) with SMTP for <hdors[at]aon.at>; 18 Mar 2004 17:54:58 -0000 Received: from [212.61.8.38] by cable-212.76.251.31.coditel.net for <hdors[at]aon.at>; Thu, 18 Mar 2004 17:49:31 +0000 Message-ID: <j-o1i$y6-tbg-rc0ea--uag$c[at]i9w.m63ft> From: "Luisa Jamison" <ads5[at]imap.pitt.edu> Reply-To: "Luisa Jamison" <ads5[at]imap.pitt.edu> To: hdors[at]aon.at Subject: Are you uncomfortable with the s1ze of your manhood? e Date: Thu, 18 Mar 04 17:49:31 GMT X-Mailer: Microsoft Outlook Express 6.00.2600.0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="3.__ADEDD..E18._5B5D8E" X-Priority: 3 X-MSMail-Priority: Normal --3.__ADEDD..E18._5B5D8E Content-Type: text/html; Content-Transfer-Encoding: quoted-printable </style> </head> <body> <p align=3D"center"> </p> <p align=3D"center"><span class=3D"style5"><span style=3D"background-color= : #FF0000">Our NaturalGain+ Penis Enlargement Pills Will Expand, Lengthen And Enlarge Your Penis 3+ Inches. 100% Satisfaction = Guaranteed! Or Your Money Back! </span> </span><br> <span class=3D"style2"> <br> <span class=3D"style8"> <img style=3D"FLOAT: left; MARGIN-RIGHT: 10px" src=3D"http://www.natural-h= erbs.info/images/bottle4.jpg" width=3D"92" height=3D"170"><b><font color=3D= "#000080">=FFFFFFBB</font></b></span><b><font color=3D"#000080"> </font></b> </span><b><font color=3D"#000080"><span class=3D"style5">Gain 3+ Full Inch= es In Length. </span> <span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span><span class=3D"style5"> Increase Y= our Penis Width (Girth) By 20%.</span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Stop Prema= ture Ejaculation!</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Produce St= ronger, Rock Hard Erections.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">100= % Safe To Take, With NO Side Effects.</span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Fast Prior= ity USPS Shipping WorldWide.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">USPS track= ing numbers</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Doctor App= roved And Recommended</span><span class=3D"style2">.<br> </span><span class=3D"style8">=FFFFFFBB</span><span class=3D"style5"> No Pumps! = No Surgery! No Exercises! </span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">100= % Money Back Guarantee.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Get Bottle= Of NaturalGain+ Worth Over $50 at no cost. </span><span class=3D"style2"><br>= </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Get a &quo= t;Male Help E-Book" Worth Over $50 at no cost.</span></font></b></p> <p align=3D"center"><font color=3D"#FF0000"><b><span class=3D"style8"><fon= t size=3D"5"> <span style=3D"background-color: #FFFFFF">=FFFFFFBB</span></font></span><span st= yle=3D"background-color: #FFFFFF"><font size=3D"5"> </font></span> <font size=3D"5"> <span style=3D"background-color: #FFFFFF">We are so sure our product will = work, we are prepared to give you a 100% money back guarantee incase it doesn't. Who else offers you that kind of guarantee?</span></font></b></font></p> <p align=3D"center"><font size=3D"6" color=3D"#000080"> <a href=3D"http://www.lindstrom.natural-herbs.info/cgi-bin/log/p1.cgi?i= d=3Dpharm">CLICK HERE TO ENLARGE YOUR PENIS</a></font></p> <p> </p> </body> </html> --3.__ADEDD..E18._5B5D8E-- Link to comment Share on other sites More sharing options...
dra007 Posted March 18, 2004 Author Share Posted March 18, 2004 this is another example, same spam that I get 20 times a day now bounced back to me: This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. Evdvmail[at]evdv.com Return-path: ads5[at]imap.pitt.edu Received: from pcp05919776pcs.derbrn01.mi.comcast.net ([68.40.160.211]) by kirk.evdv.com with Microsoft SMTPSVC(5.0.2195.5329); Thu, 18 Mar 2004 18:41:00 +0100 Received: from [4.14.164.200] by pcp05919776pcs.derbrn01.mi.comcast.net with ESMTP id <051794-59639> for <evdv[at]evdv.com>; Thu, 18 Mar 2004 22:35:33 +0500 Date: Thu, 18 Mar 04 22:35:33 GMT From: "Cecile Schulz" <ads5[at]imap.pitt.edu> Subject: We have been helping MEN worldwide with... vlncx sq tsdvb To: evdv[at]evdv.com Reply-to: "Cecile Schulz" <ads5[at]imap.pitt.edu> Message-id: <av54$158f4$h4241mn05$48-sr0v$75[at]os7gw5.r.t.sd4> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-type: multipart/alternative; boundary="Boundary_(ID_4rFj4abTdBRDww6sSJZb/Q)" X-Priority: 3 X-MSMail-priority: Normal X-OriginalArrivalTime: 18 Mar 2004 17:41:01.0224 (UTC) FILETIME=[2DCCA280:01C40D10] --Boundary_(ID_4rFj4abTdBRDww6sSJZb/Q) Content-type: text/html; Content-transfer-encoding: quoted-printable </style> </head> <body> <p align=3D"center"> </p> <p align=3D"center"><span class=3D"style5"><span style=3D"background-color= : #FF0000">Our NaturalGain+ Penis Enlargement Pills Will Expand, Lengthen And Enlarge Your Penis 3+ Inches. 100% Satisfaction = Guaranteed! Or Your Money Back! </span> </span><br> <span class=3D"style2"> <br> <span class=3D"style8"> <img style=3D"FLOAT: left; MARGIN-RIGHT: 10px" src=3D"http://www.natural-h= erbs.info/images/bottle4.jpg" width=3D"92" height=3D"170"><b><font color=3D= "#000080">=FFFFFFBB</font></b></span><b><font color=3D"#000080"> </font></b> </span><b><font color=3D"#000080"><span class=3D"style5">Gain 3+ Full Inch= es In Length. </span> <span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span><span class=3D"style5"> Increase Y= our Penis Width (Girth) By 20%.</span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Stop Prema= ture Ejaculation!</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Produce St= ronger, Rock Hard Erections.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">100= % Safe To Take, With NO Side Effects.</span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Fast Prior= ity USPS Shipping WorldWide.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">USPS track= ing numbers</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Doctor App= roved And Recommended</span><span class=3D"style2">.<br> </span><span class=3D"style8">=FFFFFFBB</span><span class=3D"style5"> No Pumps! = No Surgery! No Exercises! </span><span class=3D"style2"><br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">100= % Money Back Guarantee.</span><span class=3D"style2"> <br> </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Get Bottle= Of NaturalGain+ Worth Over $50 at no cost. </span><span class=3D"style2"><br>= </span><span class=3D"style8">=FFFFFFBB</span> <span class=3D"style5">Get a &quo= t;Male Help E-Book" Worth Over $50 at no cost.</span></font></b></p> <p align=3D"center"><font color=3D"#FF0000"><b><span class=3D"style8"><fon= t size=3D"5"> <span style=3D"background-color: #FFFFFF">=FFFFFFBB</span></font></span><span st= yle=3D"background-color: #FFFFFF"><font size=3D"5"> </font></span> <font size=3D"5"> <span style=3D"background-color: #FFFFFF">We are so sure our product will = work, we are prepared to give you a 100% money back guarantee incase it doesn't. Who else offers you that kind of guarantee?</span></font></b></font></p> <p align=3D"center"><font size=3D"6" color=3D"#000080"> <a href=3D"http://www.ouagadougou.natural-herbs.info/cgi-bin/log/p1.cgi?i= d=3Dpharm">CLICK HERE TO ENLARGE YOUR PENIS</a></font></p> <p> </p> </body> </html> --Boundary_(ID_4rFj4abTdBRDww6sSJZb/Q)-- Link to comment Share on other sites More sharing options...
steph569 Posted March 18, 2004 Share Posted March 18, 2004 my reports are not getting to spamcop either, I am a webtv user so I unchecked my block spam box and still nothing, please advise, oh I am also getting bounced mail that I never sent Link to comment Share on other sites More sharing options...
Wazoo Posted March 18, 2004 Share Posted March 18, 2004 as far as the bounces go, please read http://forum.spamcop.net/forums/index.php?showtopic=203 to see if that at least partially answers that problem. The report issue, odd, over in the newsgroups, someone just made the complaint that s/he's getting something like 20 response for every spam submittal ... kind of hard to balance these complaints of "no response" with that "overloaded with responses" <g> Link to comment Share on other sites More sharing options...
dra007 Posted March 19, 2004 Author Share Posted March 19, 2004 this was not very helpful, but thanks for trying. Link to comment Share on other sites More sharing options...
dra007 Posted March 19, 2004 Author Share Posted March 19, 2004 Return-path: ads5[at]imap.pitt.edu Received: from pcp05919776pcs.derbrn01.mi.comcast.net ([68.40.160.211]) by kirk.evdv.com with Microsoft SMTPSVC(5.0.2195.5329); Thu, 18 Mar 2004 18:41:00 +0100 Received: from [4.14.164.200] by pcp05919776pcs.derbrn01.mi.comcast.net with ESMTP id <051794-59639> for <evdv[at]evdv.com>; Thu, 18 Mar 2004 22:35:33 +0500 Date: Thu, 18 Mar 04 22:35:33 GMT From: "Cecile Schulz" <ads5[at]imap.pitt.edu> Subject: We have been helping MEN worldwide with... vlncx sq tsdvb To: evdv[at]evdv.com Reply-to: "Cecile Schulz" <ads5[at]imap.pitt.edu> my name is not Cecile, and I do not use comcast.net, I have not bounced any mail since the 15, regardless this is the typical e-mail send to me 20-80 times a day. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2004 Share Posted March 19, 2004 This is exactly what is being described to you. A spammer sent the message to the user at evdv.com with your address (The name could be any text and is not relevant) forged in the From:, Reply-to:, and most importantly Return-path: headers. The actual sender probably bounced the message off of the comcast machine which is acting as a relay, possibly after being infected with a virus. The actual sender is probably NOT the IP in the previous line (4.14.164.200) but is being protected because of the relay. When the message bounced for whatever reason (user does not exist, IP on some BL, etc.) it is returned to the address in the Return-path: field and ended up in your email box. Usually, these will subside within a week or so. Link to comment Share on other sites More sharing options...
eewanco Posted March 19, 2004 Share Posted March 19, 2004 Most of my mails are going into a black hole as well. After several months of using it just fine, now my mails during the day are not being acknowledged, and do not show up as unsent reports. Some mails in the evening are getting through (in fact one just showed up right now). The reports are not just getting delayed. I sent a bunch yesterday morning, got nothing, sent one yesterday evening, almost immediately got it back, sent a bunch this morning, again nothing more, then sent a few this evening, and immediately those went through. I talked to a friend of mine and he's having a similar problem. Link to comment Share on other sites More sharing options...
eewanco Posted March 19, 2004 Share Posted March 19, 2004 It's working this morning, so far. Link to comment Share on other sites More sharing options...
steph569 Posted March 19, 2004 Share Posted March 19, 2004 yeah, I reactivated my link and now its working, weird Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 19, 2004 Share Posted March 19, 2004 There is a limit on how many spam you can send at one time if you are attaching several spam to one submission. It is something like 50 KB. If the individual spam add up to more than that, the submission just disappears. Since there have several questions about this recently, it may not be that, but some other glitch. Just thought I would mention it. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted March 19, 2004 Author Share Posted March 19, 2004 the message bellow was blocked twice when I reported it manually, alarm, message taking too lon to report, same spam I have been getting 20-80 times a day and reporting for a month: Obviously spammer is using my IP resources to send the spam to me, and as me. Yesterday the all my colleagues on this server were sent a virus by the same spammer, masquarading as our administrator. SpamCop version 1.3.4 © SpamCop.net, Inc. 1998-2004 All Rights Reserved spam Header This page may be saved for future reference: http://www.spamcop.net/sc?id=z360019584z13...a1e9c35e34c7ddz Skip to Reports Return-Path: <NPVPBIFONOQA[at]hotmail.com> Received: from mb2i1.ns.pitt.edu (mb2i1.ns.pitt.edu [136.142.185.162]) by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4) ID <KAA22638[at]imap.srv.cis.pitt.edu>; Fri, 19 Mar 2004 10:22:52 -0500 (EST) Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462) id <01L7WP1CBZ68004M2X[at]mb2i1.ns.pitt.edu>; Fri, 19 Mar 2004 10:20:35 EST Received: from 136.142.185.164 ([220.64.24.124]) by pitt.edu (PMDF V5.2-32 #41462) with SMTP id <01L7WP0E2WEI004L8I[at]mb2i1.ns.pitt.edu>; Fri, 19 Mar 2004 10:19:21 -0500 (EST) Received: from 72.144.22.252 by 136.142.185.164; Fri, 19 Mar 2004 17:14:23 +0200 Date: Fri, 19 Mar 2004 14:14:23 -0100 From: Frederick Ouellette <NPVPBIFONOQA[at]hotmail.com> Subject: Produce Stronger and Rock Hard Erections To: x Cc: x Reply-to: Frederick Ouellette <NPVPBIFONOQA[at]hotmail.com> Message-id: <JKGM____________LCHU[at]hotmail.com> MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_VCuYaY5Vsr+JerYKJ2Qt+g)" X-Priority: 3 X-CS-IP: 111.139.250.22 View entire message Parsing header: Received: from mb2i1.ns.pitt.edu (mb2i1.ns.pitt.edu [136.142.185.162]) by imap.srv.cis.pitt.edu with ESMTP (8.8.8/8.8.8/cisimap-7.2.2.4) ID <KAA22638[at]imap.srv.cis.pitt.edu>; Fri, 19 Mar 2004 10:22:52 -0500 (EST) 136.142.185.162 found host 136.142.185.162 = mb2i1.ns.pitt.edu (cached) host mb2i1.ns.pitt.edu (checking ip) = 136.142.185.162 Possible spammer: 136.142.185.162 ips are close enough 136.142.185.162 is close to an MX (136.142.185.164) for pitt.edu 136.142.185.162 is mx Received line accepted Received: from CONVERSION-DAEMON by pitt.edu (PMDF V5.2-32 #41462) id <01L7WP1CBZ68004M2X[at]mb2i1.ns.pitt.edu>; Fri, 19 Mar 2004 10:20:35 EST Ignored Received: from 136.142.185.164 ([220.64.24.124]) by pitt.edu (PMDF V5.2-32 #41462) with SMTP id <01L7WP0E2WEI004L8I[at]mb2i1.ns.pitt.edu>; Fri, 19 Mar 2004 10:19:21 -0500 (EST) 220.64.24.124 found host 220.64.24.124 (getting name) no name 136.142.185.162 not listed in dnsbl.njabl.org 136.142.185.162 not listed in cbl.abuseat.org 136.142.185.162 not listed in dnsbl.sorbs.net 136.142.185.162 is not an MX for imap.srv.cis.pitt.edu ips are close enough 136.142.185.162 is close to an MX (136.142.185.164) for pitt.edu Possible spammer: 220.64.24.124 host pitt.edu (checking ip) = 136.142.185.162 136.142.185.162 not listed in dnsbl.njabl.org 136.142.185.162 not listed in cbl.abuseat.org 136.142.185.162 not listed in dnsbl.sorbs.net Chain test:pitt.edu =? mb2i1.ns.pitt.edu host mb2i1.ns.pitt.edu (checking ip) = 136.142.185.162 ips are close enough 136.142.185.162 is close to an MX (136.142.185.164) for pitt.edu 136.142.185.162 is mx pitt.edu and mb2i1.ns.pitt.edu have close IP addresses - chain verified Possible relay: 136.142.185.162 136.142.185.162 not listed in relays.ordb.org. 136.142.185.162 has already been sent to relay testers Received line accepted Received: from 72.144.22.252 by 136.142.185.164; Fri, 19 Mar 2004 17:14:23 +0200 72.144.22.252 found host 72.144.22.252 (getting name) no name 220.64.24.124 not listed in dnsbl.njabl.org 220.64.24.124 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays Tracking message source: 220.64.24.124: Routing details for 220.64.24.124 [refresh/show] Cached whois for 220.64.24.124 : 20001004[at]dreamx.net ip[at]dreamline.co.kr mackerel[at]dreamline.co.kr Using last resort contacts 20001004[at]dreamx.net ip[at]dreamline.co.kr mackerel[at]dreamline.co.kr Yum, this spam is fresh! 220.64.24.124 not listed in dnsbl.njabl.org 220.64.24.124 not listed in dnsbl.njabl.org 220.64.24.124 listed in cbl.abuseat.org ( 127.0.0.2 ) 220.64.24.124 is an open proxy 220.64.24.124 not listed in plus.bondedsender.org 220.64.24.124 not listed in query.bondedsender.org Finding links in message body Recurse multipart: Parsing HTML part Resolving link obfuscation http://zss4.info/p1/?id=sash host 220.175.8.33 (getting name) no name http://zss4.info/oz.html host 220.175.8.33 (getting name) no name Tracking link: http://zss4.info/p1/?id=sash Resolves to 220.175.8.33 Tracking ip 220.175.8.33 Routing details for 220.175.8.33 [refresh/show] Cached whois for 220.175.8.33 : hostmaster[at]ns.chinanet.cn.net anti-spam[at]ns.chinanet.cn.net yzxu[at]publicf.bta.net.cn abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net Using last resort contacts postmaster[at]chinanet.cn.net anti-spam[at]chinanet.cn.net ctsummary[at]special.abuse.net yzxu[at]publicf.bta.net.cn postmaster[at]chinanet.cn.net bounces (99 sent : 20164 bounces) Using postmaster#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. anti-spam[at]chinanet.cn.net bounces (142 sent : 100 bounces) Using anti-spam#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. yzxu[at]publicf.bta.net.cn bounces (1 sent : 99 bounces) Using yzxu#publicf.bta.net.cn[at]devnull.spamcop.net for statistical tracking. Tracking link: http://zss4.info/oz.html Resolves to 220.175.8.33 Tracking ip 220.175.8.33 Cached masters for 220.175.8.33: ctsummary[at]special.abuse.net anti-spam#chinanet.cn.net[at]devnull.spamcop.net yzxu#publicf.bta.net.cn[at]devnull.spamcop.net postmaster#chinanet.cn.net[at]devnull.spamcop.net Please make sure this email IS spam: From: Frederick Ouellette <NPVPBIFONOQA[at]hotmail.com> (Produce Stronger and Rock Hard Erections) --Boundary_(ID_VCuYaY5Vsr+JerYKJ2Qt+g) Content-type: text/html; View full message Report spam to: Re: 220.64.24.124 (Silent report about source of mail) Re: http://zss4.info/oz.html (Silent report about spamvertisement) Re: http://zss4.info/p1/?id=sash (Silent report about spamvertisement) Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2004 Share Posted March 19, 2004 the message below was blocked twice when I reported it manually, alarm, message taking too lon to report The actual message you posted is from spamcop, confirming that your mole account sent a report about the spam with the Subject: Produce Stronger and Rock Hard Erections. If you are trying to report that message, you will be hearing from the deputies soon about losing your account. While I do not have a mole account, it is very similar to the reports I get when I quick report my spam. Obviously spammer is using my IP resources to send the spam to me, and as me. The spammer is not using your IP to send spam to you. The spam is coming from 220.64.24.124 as stated in the parse you posted. Tracking message source: 220.64.24.124: Routing details for 220.64.24.124 Please ignore the names and email addresses in any spam as they are almost always forged as you have been told several times on this message board. Yesterday the all my colleagues on this server were sent a virus by the same spammer, masquarading as our administrator. If the virus can be traced back to the same IP (220.64.24.124) that would explain how the spam is coming through. That machine is infected with a virus that opens a hole for the spammers to use to send their spam. It is possible that the virus picked up your addresses from the spam coming through that machine. This is simply a theory. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 19, 2004 Share Posted March 19, 2004 dra007 Please stop posting the entire messages. You do not understand how email and reporting works. Stop reporting spam until you understand. Each server has an IP address. An email that is sent gets the IP address of the server that sends it. The server does not check to see if the domain part of the email address (the part after the [at]) matches the IP address. Therefore a server with one IP address can send email that has lots of different email addresses xxx[at]domain.xxx However, the server cannot hide its IP address. The receiving server does not check the email addresses either. The receiving server decides to receive email based on the IP address. Sometimes, the receiving server will also check to make sure that the email address that the email is going *to* really exists on their network. If not, they reject it. Spammers have found ways to use other people's computers to send their spam. Then the receiving server thinks the email came from those computers, not the spammer. NONE of the email you have described or shown comes from the IP address of your server. The spammer is forging your email address as the sender. This happens to everyone who gets spam. Viruses get the email addresses from lots of places. One recent virus sent virus email to all the domains they could find with "administrator" before the [at] What you received is that virus which lots and lots of people received. Until you can understand the basics, there will be no point to answering your posts anymore. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted March 19, 2004 Author Share Posted March 19, 2004 Thanks, that is why I am hre, trying to figure out how they work. I have got on a spammer list only recently so I was feeling like I was being targetted. I have been using the same e-mail address for >5years. It seems more than coincidental that I have been overwhelemed with abusive e-mails all of a sudden and any countermeasure I am attempting only results in more abuse. Link to comment Share on other sites More sharing options...
eewanco Posted March 19, 2004 Share Posted March 19, 2004 Oops, back to black hole mode today. I am only sending one email per submission, by the way. Eric Link to comment Share on other sites More sharing options...
dra007 Posted March 20, 2004 Author Share Posted March 20, 2004 I have re-registered my e-mail add, still not getting reports back! Link to comment Share on other sites More sharing options...
dra007 Posted March 20, 2004 Author Share Posted March 20, 2004 strange, I am just getting report requst for e-mail I forwarded on Friday. Oviously, too late to report them. Anyone else? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 20, 2004 Share Posted March 20, 2004 If you mean this Friday, 20-mar-2004, they should not be too old unless they were a couple days old when you submitted them. You have 3 full days (72 ours) from when your ISP received the message to hitting the report button. To answer your question, I was seeing a few hour delay receiving the message, but it was atually ready to report hours before that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.