Is spamcop tracked by spammers via reporting addresses?

lets poison the gin

lets poison the gin

The zoo reports spam to spamcop not much since a lot is prefiltered and automatically deleted.  However i do wonder if spamcop is tracked by spammers. I say this as i have new spam definitions and when i report the small number of spam to the addresses on spamcop.

I do think much of spamcop is genuine and spamcop is worth supporting be it with our submissions or other ways  but maybe reporting spam to spammers is still not a good idea.

Its not a horrid problem for us but some abuse spamcop.  I guess they want reports if they do spam us again and i am happy to oblige.- after all the more the merrier.

blocklist.de in debian stretch

scumbag spammer Robert Soloway

Bananas likes to collect data for blocking be dmarc rejects and even lists of bad ranges so i decided to collect data and pass it on that spammers and probers made without me – seems only fair to pass it on to a wider audience.

The attempt was a bit botched and confusing with api keys and email.  I also wanted reports and so i had an hour of woe and really odd error messages, i even had to adjust postfix to let it send email out rather than just be a local affair on our internal instance.

citizen may the children’s entertainer

The site needed config details and once you have ‘servers’ things it kind of make more sense.  The client software is horrible and they suggest reconfiguring it there way rather than adapting what i know works.  That probably did not help but it is good to know how it works rather than have it working and consider it magical or religious with ‘faith’.

In the end i gave up with .local config files and made backups and put the revised files where the debian os put them – it probably makes nightmares for me down the road** but it sent mail.

tube recycle those 1’s and 0’s

Api keys are confusing there are two – each ‘server’ has a unique key* and a user has a key (five digits) of which one exists that is api key the config files appear to like rather than the per server thing in this regard i am just a submitter of data.

The action for blocklist_de i did not use but I kept my existing email report, whether that sends via an http(s) api rather than email was something i never quite got figured out although the log file had some interesting stuff in for a change.

Email reporting appears to work for me as well as well as the blocklist and once i provided postfix with a gateway setting [not needed until now] mail was routed rather than remain undelivered.   Oddly most of the ssh attempts we usually get appear to have dried up after all its good to tell the probers as to how there data will be shared.

It appears setup – time will tell if it makes a difference.

*remember the zoo has four domains **time for dpkg.dist files

 

.win tld

scumbag spammer Robert Soloway

Bananas was reading the mail logs one morning when a .win domain caught our attention for being deened spam. I was sure it was but knowing where it was i unzipped and read it in console.

.win is for

There is a vast array of global online gaming opportunities to suit all tastes. The new .WIN generic Top Level Domain (TLD) contains online gaming resources

no i did not know that either.

But the email was for spamming life insurance and more html than text.

The moral was .win tld is very deserving of its spam rating.

 

secondhand busses – too much email fun

metz bus

You may remember the zoo’s secondhand bus email address (my blog) which is advertised if you scalp something but does not work although it looks genuine.

Well it is still active as 185.46.165.59 which is in Metz, France (at time of writing)  had a serous go at trying to send the zoo something about second hand buses.  If you bought that list of spammer leads then you made me laugh and fulfilled my desire to see what a public transport bus in Metz looks like.  Pink!

The whois is a bit sparse but e-cgpn.com seem to be an isp.  I am amused and pleased to see idiots exist.

Do you like to see what a bus looks like worldwide – you know what you have to do and your regional bus brand might be featured.

 

seo and webdesigner spammers are weird

Kkaran Bahree indian crook of well know ill repute

Strange bunch – I would like to know

why send via outlook,com – microsoft free email it is not like microsoft are writing ie6 compatible sites for us, I hate microsoft and report it as spam and i can fuck up microsoft free email that way too..

I am amused to read (if it gets past the spam filter) that microshit only employ 10 people.  Are these indians doing this too incompetent to have a domain themselves ?

Use of return receipts  – so first thing it does is ask for a confirmation and them ….

Asks for another human reply -you just got one so what was wrong with the one from above ? you demanded .

no checking of websites – The monkey house does not give a shit that we are not number 1, and yes our design is mobile friendly.

Forward of the original email.  – er why would i reply to that ?

Anyhow

Microsoft home to paid spammers and fraudsters

Kkaran Bahree noted crook

I have in the past lamented the sad state of microsoft clients who it appears to be Nigerians wishing to donate billions of dollars to you and me are at home in the zoo.

One day i noticed that one set a spammers where using the newish microsoft ‘cloud’ which i believe is paid for rather than hotmail ‘free’.

At least they are paying microsoft after all free spam is not on is it 104.40.0.0/13.  Lets hope they got paid rather than indicate a security hole in shit software.

I am happy to associate both scammer and microsoft as both shady and this evidence i once saw made me very happy and it proved it the collusion which i am sure somebody at microsoft sales will regret selling

I was very happy that day.

2017 targetted whois spam

well there was n bomb and ….

The zoo’s (plus zoo1 -3) domain owner account is not handled by the zoo, but a separate email system that i do not control. Just in case things go apocalyptic.

So i do get some spam

I login about once a week and clear the crap which strangely appears to be supermarket vouchers and i doubt these ‘organisations’ pay out and they are data phishing scams of which the monkey house has no interest in discovering and probably need a facebook thing that i do not have – most things need facebook if its scammy/marketing.

I never look at them except at the brand names being ripped off – why would a discount German based supermarket be offering more money off on its ‘low’ prices*.

scumbag spammer Robert Soloway

Anyhow its very boring compared to the crap Robert Soloway (my blog) sent and who i helped play a part in his downfall.

Anyhow since role accounts are hosted by us and they get no spam it is good way to judge our email system. ssl confirmations and other stuff do get through.

*an exercise left to the reader to figure out

Zimbabwean isps in the wild

the boss of unemployment

Zimbabwe sends the zoo some odd attempted email traffic considering that 96% of its people are unemployed and the chinese rmb (my blog) is its currency last time i checked.

Those Chinese people are sure generous with money and the family who run it.

The more exotic the country (my blog) then the more fun these are to do

197.221.237.138 attempts 56

/smtpd[*]: warning: hostname 16.138.telone.co.zw does not resolve to address 197.221.237.138: No address associated with hostname

197.221.240.250 attempts 4

smtpd[*]: warning: hostname 16.250.telone.co.zw does not resolve to address 197.221.240.250: No address associated with hostname

196.27.127.154 attempts 2

policyd-spf[*0]: None; identity=helo; client-ip=196.27.127.154; helo=307311.customer.zol.co.zw; envelope-from=karrycristinajm@excite.it; receiver=ape@zoo
smtpd[*]: NOQUEUE: reject: RCPT from unknown[196.27.127.154]: 554 5.7.1 Service unavailable; Client host [196.27.127.154] blocked using xbl.spamhaus.org; https://www.spamhaus.org/query/ip/196.27.127.154;

The last one is kind of interesting but it has deemed spammy and quite why an Italian domain is sending mail from there confirms it.

Surely they cannot all be unemployed spammers, or perhaps the best ones emigrate to Nigeria ?

The .zw tld does not help being one of the last so they kind of deserve the attention being my geoip script lists it last and so sticks out like a sore thumb..Anyhow it is amusing that its leader who hates the english (not americans) allows his citizens to try and email the zoo i mean that being a really shit despot mind you there’s the 4% he still has to make jobless.

Try harder Grace Mugabe.

Afghanistan internet favourites

So another .af address (my blog) had a quick chat with the email server.

smtpd[*]: connect from unknown[117.55.207.29]
policyd-spf[*]: None; identity=helo; client-ip=117.55.207.29; helo=[117.55.207.4]; envelope-from=mfd@thezoo; receiver=user@thezoo
policyd-spf[*]: Fail; identity=mailfrom; client-ip=117.55.207.29; helo=[117.55.207.4]; envelope-from=mfd@thezoo; receiver=user@thezoo
smtpd[*]: NOQUEUE: reject: RCPT from unknown[117.55.207.29]: 554 5.7.1 Service unavailable; Client host [117.55.207.29] blocked using xbl.spamhaus.org; https://www.spamhaus.org/query/ip/117.55.207.29; from=<MFD@thezoo> to=<user@thezoo> proto=ESMTP helo=<[117.55.207.4]>
smtpd[*]: disconnect from unknown[117.55.207.29]

the man who became a pig

So lets say a big hello to

address: Neda Telecommunications 13, Esmat Muslim Street,Shar-e-Naw Kabul, Afghanistan
e-mail: abuse@neda.af

Oddly there pretending to be the zoo – Probably not pork product spam then.