Jump to content

Internal spamcop handling: (bondedsender)


Recommended Posts

I am seeing the same thing now, in every report, without exception.

image.png.c9f9663e57b64dd4a3d47c31f4cd0a2f.png

I am still processing through SpamCop, just to trace the source, but don't see the point in submitting when
no reports to the source are sent by SpamCop.
My suggestion to SC, drop the lookup in bondedsender, as plainly, all IP adresses are now listed in bondedsender.

Link to comment
Share on other sites

  • Replies 91
  • Created
  • Last Reply

Top Posters In This Topic

4 minutes ago, Jese said:

I am still processing through SpamCop, just to trace the source, but don't see the point in submitting when
no reports to the source are sent by SpamCop.
My suggestion to SC, drop the lookup in bondedsender, as plainly, all IP adresses are now listed in bondedsender.

SC should also drop Habeas too, as is seeams related to the same Problem.

Link to comment
Share on other sites

I've been using spamcop long time ( perhaps 20 years) and never seen this kind of issue. Almost all spam reports are going to bondedsender and all are rejected. Al bank phishes, "businesss offers", african officials, inheritance, literally all spam I get.

This needs to be resolved pretty soon as this renders whole concept as useless.

Link to comment
Share on other sites

Spamcop seems to no longer looking up the network whois for a given IP address regardless, and just putting in the 'bondedsender' in no matter who the origin network is.  How is this helpful?  Can't they just disable all reports no matter what and include that information rather than obfuscating the sender?  Seems like a nonsensical thing for spamcop to do.

Link to comment
Share on other sites

Yes, me as well.

 

Most of my spam in the last week is being listed as "bonded server confirmed opt-in", which they obviously aren't.

I think spamcop needs to update their rules, as spammers have figured out how to bypass spamcop reports entirely.

Link to comment
Share on other sites

Opening a ticket with the providers of these services is all well and good, but it's been several days now of SC not working for most of the spam I submit. Maybe SC needs to temporarily drop the use of Habeas and Bondedsender until they are no longer broken.

Link to comment
Share on other sites

2 hours ago, Tesseract said:

Maybe SC needs to temporarily drop the use of Habeas and Bondedsender until they are no longer broken.

+1 for this

At the moment reporting to SC is wasted time in my opinion

Link to comment
Share on other sites

2 hours ago, SCRE said:

At the moment reporting to SC is wasted time in my opinion

I sent a report today to test the app and I have the offending IP address and abuse email to manually forward the spam. SC is still doing all the hard work deciphering the raw message and updating the blocklist and stats except not sending reports. You're welcome!

Link to comment
Share on other sites

On 7/23/2024 at 9:38 AM, Lking said:

Did you read the earlier post in this thread?? https://forum.spamcop.net/topic/73357-internal-spamcop-handling-bondedsender/#comment-188903

there is an open ticket

Well, if there is an open ticket on this, then IMO, it's been open way too long...

image.png.3602ad11f738feb81e692e7217c333e6.png

The ironic thing with this latest, is that mailchimp was bouncing in any case,
so not much difference in this case.

Any suggestions out there, for alternatives to SC?

Link to comment
Share on other sites

1 hour ago, Jese said:

Any suggestions out there, for alternatives to SC?

I would like to know that as well. I see no sense in paying for access to SC when it is not working.

Link to comment
Share on other sites

It seems that someone has subverted the very last step of SpamCop processing: parsing proceeds normally, then at some point, no later than the moment of sending reports, the abuse address for the sender IP (which is mentioned higher up in the parser listing) is replaced unconditionally by bondedsender@admin.spamcop.net. Reports for links (if any) found in the spam body (e.g. to Google) are still sent.

Link to comment
Share on other sites

1 hour ago, A.J.Mechelynck said:

It seems that someone has subverted the very last step of SpamCop processing: parsing proceeds normally, then at some point, no later than the moment of sending reports, the abuse address for the sender IP (which is mentioned higher up in the parser listing) is replaced unconditionally by bondedsender@admin.spamcop.net. Reports for links (if any) found in the spam body (e.g. to Google) are still sent.

Interesting. As I posted above I found the sender of spam IP and abuse report email in the parse and when I pressed the send reports button I got the same IP sent to bondedsender @ admin dot spamcop dot net which is an address used for net admin to net admin previously established relationships. The special admin email has been discussed on the forum. No links in the email were processed but they are not as important as the sending IP as they are responsible for sending the spam.

Link to comment
Share on other sites

I've also been losing most of me reports to this bonded sender.  Some go through.  Most do not. Sometimes it performs an endless loop where "Report next" goes back to the same report without evern getting removed from the queue

Link to comment
Share on other sites

Complaining and whining will get us nowhere. Let us try to find something useful (and preferably something new, so let's read the older posts in this thread first), or otherwise let us silently hope that the SpamCop admins will (soon) find out what went wrong and fix it.

Link to comment
Share on other sites

After more than two weeks of this problem it looks like Cisco has abandoned Spamcop. Pity. I think I will abandon Cisco at work - there are other providers of networking hardware who can satisfy my customers' needs.

Link to comment
Share on other sites

I agree this has gone on for too long.
I am looking at the parse, scraping out the reporting email for the spam's origin, and pasting that in a User Notification.
That seems to work, but it tedious.

Link to comment
Share on other sites

It is tedious, but I did it before I used SC, and now that it looks like SC is no longer being maintained I can do it again.

Link to comment
Share on other sites

On 7/26/2024 at 1:45 AM, Jese said:

Well, if there is an open ticket on this, then IMO, it's been open way too long...

image.png.3602ad11f738feb81e692e7217c333e6.png

The ironic thing with this latest, is that mailchimp was bouncing in any case,
so not much difference in this case.

Any suggestions out there, for alternatives to SC?

My minimal experience of reporting stuff sent via mailchimp in the past is that sending a copy of the offending email directly to their abuse[at] email address usually elicits a response from them. It has been a couple of years since I have had to do so.

Link to comment
Share on other sites

14 hours ago, Dale H. Cook said:

After more than two weeks of this problem it looks like Cisco has abandoned Spamcop. Pity. I think I will abandon Cisco at work - there are other providers of networking hardware who can satisfy my customers' needs.

Goto community dot cisco dot com

Link to comment
Share on other sites

On 7/21/2024 at 8:34 PM, Richard W said:

We started getting false positives on accredit.habeas.com and plus.bondedsender.org last week. This seems to have jumped to 100% fail now. I have a ticket open and trying to figure this out with Validity.

Is there an update from a Spamcop admin or representative? I may have missed it, there's hundreds of threads on this topic & no way to sort by newest, dont see the 'by date' sort helps, not a very efficient forum environment.

Link to comment
Share on other sites

8 hours ago, S-J said:

Is there an update from a Spamcop admin or representative? I may have missed it, there's hundreds of threads on this topic & no way to sort by newest, dont see the 'by date' sort helps, not a very efficient forum environment.

Been one as soon as Bonded Sender started not sending reports?

Reports count towards SpamCop Block List and count a lot higher than it's poisoned spamtrap email addresses
So pays to keep reporting
You might put in comments as you use SpamCop for reporting
"IP sending to poisoned spamtrap email addresses"

Bonded sender (owned by CISCO SpamCop's owners) are "whitelisted". providers mainly "Cloud" providers who have or had zero tolerance for spammers.

Now comes Microsoft 365 "free offer" which get many spambots signing up a deluging the world with spam;

https://abcnews.go.com/Business/wireStory/internet-outage-latest-airlines-businesses-hit-global-technology-112097254
Microsoft 365 I suspect (my conspiracy theory?) were blocked deliberately/unintentionally not knowing it was Microsoft bombing the world with spam.
Microsoft appear using it's own massive range of IP's in hoping/swapping IP to stop IP's being identified and blocked. They are now using worldwide Cloud storage which used to be spam free

My views and could be erroneous are my own not SpamCop's. I'm a member with no affiliation than that

CISCO/SpamCop are aware of the problem and are trying to get a solution

 

Edited by petzl
Link to comment
Share on other sites

On 7/26/2024 at 8:20 PM, A.J.Mechelynck said:

Complaining and whining will get us nowhere. Let us try to find something useful (and preferably something new, so let's read the older posts in this thread first), or otherwise let us silently hope that the SpamCop admins will (soon) find out what went wrong and fix it.

That is the job of SpamCop. Not all of us are technical experts. Spamcop has all the detail. They should be able to fix this.

This is still happening!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...