Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
674 posts

Ultimate Geek
+1 received by user: 98

Trusted

  # 2028136 4-Jun-2018 10:05
Send private message

Oblivian:

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

 

Spam out of VPS ranges is probably now the worlds biggest vector (as opposed to, perhaps, botnetted home connections).

 

 

(No facts to back that up, but I agree it's prolific these days. OVH in particular spring to mind)

 

 

I have no first-hand knowledge of Spark's UI for customer purposes, but my chief advice is: keep reporting false negatives. Do it diligently and you will see improvement over time.




No signature to see here, move along...

449 posts

Ultimate Geek
+1 received by user: 11


  # 2028173 4-Jun-2018 10:45
Send private message

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 
 
 
 


15928 posts

Uber Geek
+1 received by user: 3137

Trusted

  # 2028181 4-Jun-2018 10:59
Send private message

GEOMAX:

 

Oblivian:

 

Re being super cautious not to make false positives by total IP/Domain blanket slapping

 

You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.

 

Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%

 

Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.

 

http://geoiplookup.net/ip/185.116.237.167 

 

I agree but nothing except marking as spam puts it into the spam folder. Filters do nothing for me. Note the earlier post where he had to put the email into the bulk folder where he then sees the spam icon and can mark as spam. Something else may be wrong?

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently unallocated domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Bolded was me, it was the Not Spam button.

 

I've been marking as spam, goes to spam folder. What also is going there are genuine KFC, Dominoes, and my local high school. The .tk etc spam has dropped off for me, so as spam is now going to the spam folder, it may be that these spam SMX have 100% set as spam, may be dropped off and not get to spam folder now?. Maybe they targeted that 185.116.237.xxx IP range but I also see similar from 93.118.32.xxx this was a PakNSave from .ml


349 posts

Ultimate Geek
+1 received by user: 201

Lifetime subscriber

  # 2028183 4-Jun-2018 11:03
Send private message

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.


15928 posts

Uber Geek
+1 received by user: 3137

Trusted

  # 2029203 4-Jun-2018 13:24
Send private message

Maybe some progress. I just got a Kiwibank bad login email. Looks a genuine warning email. Except it should not have quoted the date/time of the failed login. It does show the correct image of the Kiwibank login button. Its from noreply@spark.co.nz :-)  Its also from here  Received: from rinconepalcon ([80.247.66.101])  so  a new IP range, but happily it went straight to my webmail spam folder.


60 posts

Master Geek
+1 received by user: 3


  # 2029234 4-Jun-2018 14:42
Send private message

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.


674 posts

Ultimate Geek
+1 received by user: 98

Trusted

  # 2029307 4-Jun-2018 15:46
Send private message

PolicyGuy:

GEOMAX:

 

(snip)

 

All I get(spam) is in my in box from ML, TK, CF, GA, GQ countries or recently allocated (FTFY) domain names from .co.nz.

 

Nothing (spam) from any where else in the world. Is this the same for others?

 

 

 

Yes, true

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this.

 

 

All the DNC can do is enforce their own Terms and Conditions.




No signature to see here, move along...

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

  # 2029309 4-Jun-2018 15:49
Send private message

lisati:

The .tk and .ml emails have dropped off for me too, and I haven't had a fake Kiwibank one for a while either.

 

If I'm using webmail, I do the "Mark as spam" bit, otherwise my usual procedure is to flick off a copy of unwanted emails to the Department of Internal Affairs and to Spamcop. Either way, word gets out that there's unwanted email making a nuisance of itself.

 

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.




No signature to see here, move along...

60 posts

Master Geek
+1 received by user: 3


  # 2029315 4-Jun-2018 16:13
Send private message

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.


349 posts

Ultimate Geek
+1 received by user: 201

Lifetime subscriber

  # 2029325 4-Jun-2018 16:42
Send private message

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.


674 posts

Ultimate Geek
+1 received by user: 98

Trusted

  # 2029340 4-Jun-2018 17:39
Send private message

PolicyGuy:

BlakJak:
PolicyGuy:

 

I reported "ibkiwibanklogin.co.nz" to the NZ Domain Names Commission and they said "dear oh dear, we'll have to talk to the registrar about having proper whois records for admin and technical contacts"
The fact that this was a clear but visually convincing fake of KiwiBank (their real login is at ib.kiwibank.co.nz, see the similarity) and gave addresses in Hamburg Germany & Florida USA seemed to escape them. Or maybe they have no process for precautionary / immediate takedown of fake domains.

 

The DNC has no role in take-downs. Kiwibank themselves would be a better place to report that. Netsafe publish a list of contact email addresses that the Banks operate to allow them to receive reports like this. All the DNC can do is enforce their own Terms and Conditions.

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

You'd be talking about RFC2142. Still, I provided the above URL so that you can report them to the place where they actually look for and expect this sort of thing. Don't presume you'll get a personalized response however.




No signature to see here, move along...

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

  # 2029342 4-Jun-2018 17:43
Send private message

lisati:

BlakJak:

 

<snip>

 

DIA EMCU can only help you if the spam is sourced domestically. So advise them if you think there's a Kiwi connection. Otherwise there's not much they can do.

 

I'm no lawyer, but if I have understood section 4.2 (c) of the Unsolicited Electronic Messages Act correctly, there is a New Zealand link: the devices on which I normally check my email are located in New Zealand. 4.2 (d) also applies: I'm definitely in New Zealand.

 

Be that as it may, I totally agree, the DIA EMCU are likely to have limited ability to help if the mail actually originates overseas.

 

 

More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

If I see an NZ link in any spam that gets through to me, then the EMCU get a notice - but if the only link is that I was a recipient, there's little point, as EMCU have no jurisdiction, no teeth as such.

 

 

I do know that they work in closely with offshore counterparts, so it may be that they remain interested in collecting information about spammers who are targeting NZ'rs in order to share that information with overseas jurisdictions. But i'd be impressed if that's the case.




No signature to see here, move along...

60 posts

Master Geek
+1 received by user: 3


  # 2029355 4-Jun-2018 18:01
Send private message

PolicyGuy:

 

I reported it to "abuse@kiwibank.co.nz", no response.

 

Seems like every banking service provider has a different mailbox for this, whereas I thought "abuse@" was supposed to be a 'standard'. Sigh.

 

 

Forwarding an email to an abuse@ or postmaster@ address is understandable, but doesn't always achieve useful results.

 

Many of the banks I've seen mentioned in phishing emails have a separate email address. Based on what I've read on their website, I believe the appropriate one for Kiwibank is suspicious.email@kiwibank.co.nz .


60 posts

Master Geek
+1 received by user: 3


  # 2029359 4-Jun-2018 18:06
Send private message

BlakJak: More specifically, persons operating outside of NZ are not realistically subject to NZ law, as much as we'd like them to be.

 

Fair call, which is why I also report to Spamcop. It hasn't happened often, but in the time I've been using Spamcop, I have occasionally received a response from the spammer's provider, probably for about 1% (or less) of the emails I've reported.


449 posts

Ultimate Geek
+1 received by user: 11


  # 2029550 5-Jun-2018 02:40
Send private message

is all the spam you have to mark as spam in your inbox (excepting some unallocated domains  from New Zealand only from these five new countries. I have 80+ I have marked as spam since 12th May. Nothing from the rest of the world all year.

 

 

 

 

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.