Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
666 posts

Ultimate Geek
+1 received by user: 93

Trusted

  Reply # 2028136 4-Jun-2018 10:05
Send private message

Oblivian:

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

 

Spam out of VPS ranges is probably now the worlds biggest vector (as opposed to, perhaps, botnetted home connections).

 

 

(No facts to back that up, but I agree it's prolific these days. OVH in particular spring to mind)

 

 

I have no first-hand knowledge of Spark's UI for customer purposes, but my chief advice is: keep reporting false negatives. Do it diligently and you will see improvement over time.




449 posts

Ultimate Geek
+1 received by user: 11


  Reply # 2028173 4-Jun-2018 10:45
Send private message

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 
 
 
 


15615 posts

Uber Geek
+1 received by user: 3044

Trusted

  Reply # 2028181 4-Jun-2018 10:59
Send private message

GEOMAX:

 

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Bolded was me, it was the Not Spam button.

 

I've been marking as spam, goes to spam folder. What also is going there are genuine KFC, Dominoes, and my local high school. The .tk etc spam has dropped off for me, so as spam is now going to the spam folder, it may be that these spam SMX have 100% set as spam, may be dropped off and not get to spam folder now?. Maybe they targeted that 185.116.237.xxx IP range but I also see similar from 93.118.32.xxx this was a PakNSave from .ml


307 posts

Ultimate Geek
+1 received by user: 166

Lifetime subscriber

  Reply # 2028183 4-Jun-2018 11:03
Send private message

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.


15615 posts

Uber Geek
+1 received by user: 3044

Trusted

  Reply # 2029203 4-Jun-2018 13:24
Send private message

Maybe some progress. I just got a Kiwibank bad login email. Looks a genuine warning email. Except it should not have quoted the date/time of the failed login. It does show the correct image of the Kiwibank login button. Its from noreply@spark.co.nz :-)  Its also from here  Received: from rinconepalcon ([80.247.66.101])  so  a new IP range, but happily it went straight to my webmail spam folder.


58 posts

Master Geek
+1 received by user: 3


  Reply # 2029234 4-Jun-2018 14:42
Send private message

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.


666 posts

Ultimate Geek
+1 received by user: 93

Trusted

  Reply # 2029307 4-Jun-2018 15:46
Send private message

PolicyGuy:

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this.

 

 

All the DNC can do is enforce their own Terms and Conditions.




666 posts

Ultimate Geek
+1 received by user: 93

Trusted

  Reply # 2029309 4-Jun-2018 15:49
Send private message

lisati:

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.

 

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.




58 posts

Master Geek
+1 received by user: 3


  Reply # 2029315 4-Jun-2018 16:13
Send private message

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.


307 posts

Ultimate Geek
+1 received by user: 166

Lifetime subscriber

  Reply # 2029325 4-Jun-2018 16:42
Send private message

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.


666 posts

Ultimate Geek
+1 received by user: 93

Trusted

  Reply # 2029340 4-Jun-2018 17:39
Send private message

PolicyGuy:

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

You'd be talking about RFC2142. Still, I provided the above URL so that you can report them to the place where they actually look for and expect this sort of thing. Don't presume you'll get a personalized response however.




666 posts

Ultimate Geek
+1 received by user: 93

Trusted

  Reply # 2029342 4-Jun-2018 17:43
Send private message

lisati:

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.

 

 

More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

If I see an NZ link in any spam that gets through to me, then the EMCU get a notice - but if the only link is that I was a recipient, there's little point, as EMCU have no jurisdiction, no teeth as such.

 

 

I do know that they work in closely with offshore counterparts, so it may be that they remain interested in collecting information about spammers who are targeting NZ'rs in order to share that information with overseas jurisdictions. But i'd be impressed if that's the case.




58 posts

Master Geek
+1 received by user: 3


  Reply # 2029355 4-Jun-2018 18:01
Send private message

PolicyGuy:

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

Forwarding an email to an abuse@ or postmaster@ address is understandable, but doesn't always achieve useful results.

 

Many of the banks I've seen mentioned in phishing emails have a separate email address. Based on what I've read on their website, I believe the appropriate one for Kiwibank is suspicious.email@kiwibank.co.nz .


58 posts

Master Geek
+1 received by user: 3


  Reply # 2029359 4-Jun-2018 18:06
Send private message

BlakJak: More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

Fair call, which is why I also report to Spamcop. It hasn't happened often, but in the time I've been using Spamcop, I have occasionally received a response from the spammer's provider, probably for about 1% (or less) of the emails I've reported.


449 posts

Ultimate Geek
+1 received by user: 11


  Reply # 2029550 5-Jun-2018 02:40
Send private message

is all the spam you have to mark as spam in your inbox (excepting some unallocated domains  from New Zealand only from these five new countries. I have 80+ I have marked as spam since 12th May. Nothing from the rest of the world all year.

 

 

 

 

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

NZ and France seek to end use of social media for acts of terrorism
Posted 24-Apr-2019 12:13


Intel introduces the 9th Gen Intel Core mobile processors
Posted 24-Apr-2019 12:03


Spark partners with OPPO to bring new AX5s smartphone to New Zealand
Posted 24-Apr-2019 09:54


Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.