Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Anyone else having issues with spam showing up in the Xtra Webmail inbox?
View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
BlakJak
1275 posts

Uber Geek

Trusted

  #2028136 4-Jun-2018 10:05
Send private message

Oblivian:

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

 

Spam out of VPS ranges is probably now the worlds biggest vector (as opposed to, perhaps, botnetted home connections).

 

 

(No facts to back that up, but I agree it's prolific these days. OVH in particular spring to mind)

 

 

I have no first-hand knowledge of Spark's UI for customer purposes, but my chief advice is: keep reporting false negatives. Do it diligently and you will see improvement over time.




No signature to see here, move along...



GEOMAX
450 posts

Ultimate Geek


  #2028173 4-Jun-2018 10:45
Send private message

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

tdgeek
29746 posts

Uber Geek

Trusted
Lifetime subscriber

  #2028181 4-Jun-2018 10:59
Send private message

GEOMAX:

 

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Bolded was me, it was the Not Spam button.

 

I've been marking as spam, goes to spam folder. What also is going there are genuine KFC, Dominoes, and my local high school. The .tk etc spam has dropped off for me, so as spam is now going to the spam folder, it may be that these spam SMX have 100% set as spam, may be dropped off and not get to spam folder now?. Maybe they targeted that 185.116.237.xxx IP range but I also see similar from 93.118.32.xxx this was a PakNSave from .ml



PolicyGuy
1726 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2028183 4-Jun-2018 11:03
Send private message

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

tdgeek
29746 posts

Uber Geek

Trusted
Lifetime subscriber

  #2029203 4-Jun-2018 13:24
Send private message

Maybe some progress. I just got a Kiwibank bad login email. Looks a genuine warning email. Except it should not have quoted the date/time of the failed login. It does show the correct image of the Kiwibank login button. Its from noreply@spark.co.nz :-)  Its also from here  Received: from rinconepalcon ([80.247.66.101])  so  a new IP range, but happily it went straight to my webmail spam folder.

lisati
63 posts

Master Geek


  #2029234 4-Jun-2018 14:42
Send private message

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.

BlakJak
1275 posts

Uber Geek

Trusted

  #2029307 4-Jun-2018 15:46
Send private message

PolicyGuy:

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this.

 

 

All the DNC can do is enforce their own Terms and Conditions.




No signature to see here, move along...

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
BlakJak
1275 posts

Uber Geek

Trusted

  #2029309 4-Jun-2018 15:49
Send private message

lisati:

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.

 

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.




No signature to see here, move along...

lisati
63 posts

Master Geek


  #2029315 4-Jun-2018 16:13
Send private message

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.

PolicyGuy
1726 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2029325 4-Jun-2018 16:42
Send private message

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

BlakJak
1275 posts

Uber Geek

Trusted

  #2029340 4-Jun-2018 17:39
Send private message

PolicyGuy:

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

You'd be talking about RFC2142. Still, I provided the above URL so that you can report them to the place where they actually look for and expect this sort of thing. Don't presume you'll get a personalized response however.




No signature to see here, move along...

BlakJak
1275 posts

Uber Geek

Trusted

  #2029342 4-Jun-2018 17:43
Send private message

lisati:

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.

 

 

More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

If I see an NZ link in any spam that gets through to me, then the EMCU get a notice - but if the only link is that I was a recipient, there's little point, as EMCU have no jurisdiction, no teeth as such.

 

 

I do know that they work in closely with offshore counterparts, so it may be that they remain interested in collecting information about spammers who are targeting NZ'rs in order to share that information with overseas jurisdictions. But i'd be impressed if that's the case.




No signature to see here, move along...

lisati
63 posts

Master Geek


  #2029355 4-Jun-2018 18:01
Send private message

PolicyGuy:

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

Forwarding an email to an abuse@ or postmaster@ address is understandable, but doesn't always achieve useful results.

 

Many of the banks I've seen mentioned in phishing emails have a separate email address. Based on what I've read on their website, I believe the appropriate one for Kiwibank is suspicious.email@kiwibank.co.nz .

lisati
63 posts

Master Geek


  #2029359 4-Jun-2018 18:06
Send private message

BlakJak: More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

Fair call, which is why I also report to Spamcop. It hasn't happened often, but in the time I've been using Spamcop, I have occasionally received a response from the spammer's provider, probably for about 1% (or less) of the emails I've reported.

GEOMAX
450 posts

Ultimate Geek


  #2029550 5-Jun-2018 02:40
Send private message

is all the spam you have to mark as spam in your inbox (excepting some unallocated domains  from New Zealand only from these five new countries. I have 80+ I have marked as spam since 12th May. Nothing from the rest of the world all year.

 

 

 

 

1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright