All Activity

This stream auto-updates   

  1. Past hour
  2. I suggest a search (upper right of this page) fir "Too many links" without the quotes. Others have commented on this. Links in the body of the spam are the lowest priority.
  3. I'm getting quite a bit of spam which is just a mime encoded block but when Spamcop parses it it finds a block of links at the top ... which it tries to check but then falls over with "Too many links". None of the sites seem to be real - they're just just strings of 7 characters set up as .com urls. This means that Spamcop never actually finds the real url which is at the bottom of the message and so never reports it.
  4. Today
  5. Last week
  6. I look forward to seeing their upcoming final report, if it provides more details.
  7. The problem seems to be cured < knockonwood target=head /> : my spam reported as had an IPv6 X-Received line and it was parsed correctly even with that header in place.
  8. A shame Now only a shaky SpamCop left
  9. A project of passion, with limited financial support. A loss.
  10. Email providers should have a warning "Get ready to avert your eyes" not all images are invisible!
  11. Just a heads up for anyone forwarding spam to, they are shutting down their servers. I am posting what they posted on their servers recently as I was receiving error messages back from their mail server the last few days. One less effort in the fight. Dear KnujOn members, friends and visitors, This project will cease accepting samples from the public on 22 May 2018. The will stop accepting email samples and the server will be shut down. The servers at will stop forwarding email. will cease accepting new memberships and donations as of 8 March 2018. will remain active to maintain historical information about the project but no sample data will be accepted. All currently held samples and all samples accepted up until 22 May 2018 will be processed. This research was started by Dr. Robert Bruen and Garth Bruen in 2003. After 15 years we have reached clear fundamental conclusions concerning the management of the Internet, findings which are neither pleasing nor surprising. We have taken this work as far as we can at this stage. A final comprehensive report of KnujOn findings will be published and maintained at We thank everyone for their dedication and participation in this project and hope you will join us when we start our next project which will be based on KnujOn findings. The details of this further research will be announced on
  12. Earlier
  13. Ah. It's the scri_pt I'm using to upload the spam to SpamCop. I thought it was SpamCop itself. Thanks.
  14. Seem a number of variants copy from including this line down ARC-Authentication-Results: i=1;; spf=pass ( domain of designates as permitted sender) Then copy and paste the above bit in notes' After SpamCop has parsed it.
  15. Yea! Still continuing getting this spam with the fake ipv6 address. Now they even faked it in the Received line. Should i snippet out that too and type it in the comment section?
  16. From reporting page Attention SpamCop Community: To standardize procedures across our Talos product lines, we will be changing our payment processor from PayPal to Stripe effective March 12, 2018. Payment confirmations will be coming from the SpamCop Stripe Processing System as of that date.
  17. contains no date. An incorrectly configured server breaks the chain.
  18. The system won't let me submit this, saying "This email contains no date", which is clearly not true ... Received: from by with HTTP/1.1 (Lisa V5-1-1-0.14292 on API V5-10-0-0) Received: from by; Sun, 11 Mar 2018 20:53:24 +0100 (CET) Date: Sun, 11 Mar 2018 20:53:24 +0100 (CET) From: John Dashwood <> Sender: John Dashwood <> ... AFAICT this email doesn't look any different structurally from other emails the system accepted. What's up?
  19. would like to know the actual Youtube video these/this spam uses in received spam? Java scrip hides the source, tried right click video source no-good. These criminals have 100's posted under bogus names on youtube example "" on the right shows from all same crime gang they go through heres my last abuse report Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe provided to this Russian (?) Crime gang by FaceBook posted from is an open proxy URL Resolves to Redirects to Resolves to : linked via phishing spam bogus reply address, bogus unsubscribe numerous youtube videos posted anon no listed owner/channel?
  20. only sometimes works! This one has have ONLY the headers copied from and below, the link show what needs to be posted ARC-Authentication-Results: i=1;;;action=display the "headers" above that are copied and put in notes
  21. The issue is with this blank line here: X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack) Delivered-To: x Which the parser cannot find the from, to, and subject lines above that blank line. In all my years, I have never seen a spam with the X-SpamCop-note header in it. That blank line in the middle of the headers leads me to believe that this is a mutliple copy/paste headers, possibly from different emails.
  22. ok but this is wrong address ,Sorry for my limit English understanding . Received: from ( []) by with SMTPS id t81-v6sor677032lff.33.2018.
  23. You need to cut the post (yhen past) in notes, after you copy the rest for parsing Delivered-To: x Received: by with SMTP id f8csp2123766wrh; Sat, 10 Mar 2018 03:20:26 -0800 (PST) X-Received: by 2002:a19:4f13:: with SMTP id d19-v6mr1066967lfb.59.1520680826479; Sat, 10 Mar 2018 03:20:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520680826; cv=none;; s=arc-20160816; b=P7TdXGavTfbFddBKoAk45QuiOQMYIy63/m8SeRSw9gq8o141uxioRpVtcyGGZLAXUd v5+9sp8/fPduSl8O0ipNT+8FEtUUXPNDUAoqWmOk2skh4OZL7WLHM06V2tqNRh2JTaoT OOVgjfAk1maFMU3XfRX+Y8uJUksZ2wQIIClfcbcB/ogzV1wyWIQGk05o/KIlDuA2Se6f u242J6KH1aXlRPlAoNHPHaxpFtx6Djv4yMf5cIOnNUa06HN7QSXaPxvgOk5z8z6aP1Qf n21KEciqCNWUsQzVDY8ylBw8F0kFtnL1AFmRusWP1Gzpd5sV+bbHeqvq1bdJNw1gjRid tDng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816; h=to:subject:message-id:date:from:reply-to:mime-version :dkim-signature:arc-authentication-results; bh=mJPni5t3wrzB2pC259Guvd85UzX0iE/CzbIPS4vPCws=; b=E76LVMupyIlJ2IIbta3Hw9IvXEN+PYxHLz1zNGhG60yGJqVK/BrZ2AJDAG6RKTYHR9 vL6dEnXmXgwSRWCwEJdlKgJI8JSMV9Ang8y/5e8H4qS6EUsIyYWeOnzlnXWrXDcGK3Zg Fd5FkQUOURbL/S36gVI7fG1mK7hDLCHHVO6Pka2dClu0JaSr26/KS2sx/4TDzZ8hUQil Gk5XTijkD7Dyp8dbWwdYVHsgoEEMlF2VzZWvXUfUTpHzhKfGM0o8sGHKwiRdY1sisO8D txnJLD89f1VkcLojlE+HByvleR0vdesfGJH+bvAu1uvKW8kJXdJvcce1+8M805wt+Y4f 7Jug== Results are no whois/abuse info but a search by me gives "support[at} info[at] abuse[at]he.nett" for your "z_User_Notification" put ip address in these notes As they appear to be in USA also report to phishing-report[at]us-cert[dot]gov
  24. Hi I would like ask about spam header .Spamcop parsal refuse send me spam . This header is incomplete. Please supply the full headers of the spam you're trying to report. No source IP address found, cannot proceed.;action=display What part start and finish header .For two form .
  25. tracking images are often invisible pictures linked by spammers to verify your email address. It would be your email provider not loading image source. Most allow you to click a "load images" button?
  26. I have never see that. Have you looked at the full text of the spam you submitted? The body of the email may have been deleted by your ISP, email app, or email host in the current "protect us from ourselves" environment to "avoid" a detected tracking images. I would just uncheck the phishing report and move on.
  28. There are several possible reasons why reports are not sent (I assume that is what you are referencing).
  29. Could you provide a Tracking URL so all on the forum could see the details of your question. The Tracking URL is located at the top of the screen with the parser output.
  1. Load more activity