Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. spamtrap63

    reveal obfuscated url for reporting

    I'm afraid you'll have to preprocess the mail yourself and replace the google urls with the obfuscated ones, or add them as new links after each instance. This could get tedious if you have many of them, but you should be able to write a perl scri_pt to help. This is what I do. The code to unpack mime messages, parse each attachment, sanitize and demunge and extract payload urls from js, word and powershell macros, while also removing bayes poisoning text, resolving link shorteners, redacting innocent sites and personal information and coping with all the tricks the spammers and scammers use is truly frightening! I report hundreds of messages a day mostly automatically for over a decade and still haven't managed to catch all the edge cases and it takes up a significant amount of my time that I probably should be using to find some work that actually pays!
  3. Today
  4. Lking

    No Headers

    thanks Marley
  5. gnarlymarley

    No Headers

    I typed in your URL from the image https://www.spamcop.net/sc?id=z6598002198z8fb6021e44f26436f7ebe6fd86760940z so we can have a clickable link. I have not seen a problem on my side. I did notice your submission is missing all "Received:" header lines. When I went to check out my hotmail account on both the webmail and imap sides, I see the "Received:" header lines all intact.
  6. Without the tracking URL, I would guess this is the line that it is stopping at right above the "identified internal IP as source" message: It would appear that you need to update your mailhost configuration but resending a message to your account. Then you should be able to return to the spam report page and it should work.
  7. I have seen this before. It came in the reply of email I had forwarded to my submit address. Most email providers are doing the forward inline, where the forward is like a reply and headers are lost. Once I figured out how to forward as an attachment (Some used the ctrl key on the forward button) my problem was solved. You may find as in my case the email providers change the key regularly. It may be better to "view source" and then submit that in the reporting form.
  8. +BFsej@2n

    no TLS?

    TLS seems to be a rather common standard these days for public forums it does not seem the case for the SC forum however. Why not? Trying via https://forum.spamcop.net it then is revealed that the deloyed TLS certificate is not valid for the domain CERT_COMMON_NAME_INVALID since the Subject Alt Names are showing DNS Name cloudfront.net DNS Name *.cloudfront.net Once being on the TLS connection, having accepted a certificate exception in the browser, and clicking any link one is being kicked back to non-TLS however.
  9. Common spammer tactic is to obfuscate referring URLs with Google search domains and leveraging the USG hash (white-list) to circumvent the redicrect notification. When reporting to spamcop it fails to strip the Google portion (and USG hash) and ends up citing that Google is not interested in such reports (which is well known). As a consequence the obfuscated URLs are never being reported to the hoster. Below is a list of such obfuscated URLs used by a ROKSO actor, embedded in the spam message body, that spamcop fails to parse and strip. [1] https://www.google.de/url?sa=t&url=http%3A%2F%2Fberocosteda.com%2F&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.com/url?sa=t&url=http%3A%2F%2Fberocosteda.com%2F&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.de/url?sa=t&url=http://berocosteda.com/&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.com/url?sa=t&url=http://berocosteda.com/&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq [2] https://www.google.de/url?sa=t&url=http%3A%2F%2Fdimolgetas.com%2F&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.com/url?sa=t&url=http%3A%2F%2Fdimolgetas.com%2F&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.de/url?sa=t&url=http://dimolgetas.com/&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.com/url?sa=t&url=http://dimolgetas.com/&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc [3] https://www.google.de/url?sa=t&url=http%3A%2F%2Fjakalamas.com%2F&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.com/url?sa=t&url=http%3A%2F%2Fjakalamas.com%2F&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.de/url?sa=t&url=http://jakalamas.com/&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.com/url?sa=t&url=http://jakalamas.com/&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW [4] https://www.google.de/url?sa=t&url=http%3A%2F%2Fceranovan.com%2F&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.com/url?sa=t&url=http%3A%2F%2Fceranovan.com%2F&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.de/url?sa=t&url=http://ceranovan.com/&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.com/url?sa=t&url=http://ceranovan.com/&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ [5] https://www.google.de/url?sa=t&url=http%3A%2F%2Fonademas.com%2F&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.com/url?sa=t&url=http%3A%2F%2Fonademas.com%2F&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.de/url?sa=t&url=http://onademas.com/&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.com/url?sa=t&url=http://onademas.com/&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w [6] https://www.google.de/url?sa=t&url=http%3A%2F%2Fgastoreda.com%2F&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.com/url?sa=t&url=http%3A%2F%2Fgastoreda.com%2F&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.de/url?sa=t&url=http://gastoreda.com/&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.com/url?sa=t&url=http://gastoreda.com/&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR [7] https://www.google.de/url?sa=t&url=http%3A%2F%2Fmelabode.com%2F&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.com/url?sa=t&url=http%3A%2F%2Fmelabode.com%2F&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.de/url?sa=t&url=http://melabode.com/&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.com/url?sa=t&url=http://melabode.com/&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR [8] https://www.google.de/url?sa=t&url=http%3A%2F%2Flapederon.com%2F&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.com/url?sa=t&url=http%3A%2F%2Flapederon.com%2F&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.de/url?sa=t&url=http://lapederon.com/&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.com/url?sa=t&url=http://lapederon.com/&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO [9] https://www.google.de/url?sa=t&url=http%3A%2F%2Fozapeder.com%2F&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.com/url?sa=t&url=http%3A%2F%2Fozapeder.com%2F&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.de/url?sa=t&url=http://ozapeder.com/&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.com/url?sa=t&url=http://ozapeder.com/&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG [10] https://www.google.de/url?sa=t&url=http%3A%2F%2Fwanotera.com%2F&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.com/url?sa=t&url=http%3A%2F%2Fwanotera.com%2F&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.de/url?sa=t&url=http://wanotera.com/&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.com/url?sa=t&url=http://wanotera.com/&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG [11] https://www.google.de/url?sa=t&url=http%3A%2F%2Fsawedapos.com%2F&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.com/url?sa=t&url=http%3A%2F%2Fsawedapos.com%2F&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.de/url?sa=t&url=http://sawedapos.com/&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.com/url?sa=t&url=http://sawedapos.com/&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl
  10. It is possible that your email host (icloud.com) had changed their configuration, witch will affect your mailhost configuration on record with spamcop. Ask your ISP. If ISP servers have been reconfigured then you need to update your mailhost configuration. by logging into your spamcop account, clicking on the <Mailhosts> tab and follow the instructions. How you submit your spam, email attachment or web form, the parsing of the header will be the same an uses the same mailhost configuration.
  11. Lking

    No Headers

    sure wish you had included the Tracking URL as a link vs just in a graphic so others could follow the link without typing in those random char. What is visible in the graphic must not be all the email and header. What did the rest of the email look like? at least down to the first blank line (end of header).
  12. Dracosse

    No Headers

    I have been submitting spam to SpamCop for years. The last few days have really shocked me. Normally in a month I may see an error message from the SpamCop server that states no header information was found, this might happen perhaps 1 or 2 times [per month]. A week ago without warning I started receiving hundreds of spam messages on 4 different email accounts that I own, Hotmail, Outlook and Comcast. I dutifully reported all of the messages that came into my Thunderbird email client [right click - Forward as Attachment]. Starting 3 days ago at least 98% of the 100’s of messages I submitted return with this "no header" error. Thinking that maybe I had reached a SpamCop ceiling I used mxtoolbox to check the headers… These messages do NOT have an originating IPAddress. My question is simply this. Has anyone else noticed the same problem? If spammers have devised a way to send spam without headers what good would it do to continue to use SpamCop in the future? How can the Block list continue to be useful?
  13. Yesterday
  14. I've been reporting spam using spamcop.net for years. A few weeks ago, all of the spam that I receive through my @icloud.com address is no longer able to be processed by spamcop. I receive the error, "Mailhost configuration problem, identified internal IP as source" and cannot proceed. I typically post the email source into the online form. I've tried using the email submission as well ... no change. Here are the top headers of the email I just received (with my account removed) Return-path: <bounce@sansat.online> Original-recipient: rfc822;*******@icloud.com Received: from st42p59im-ztdg12250601 by st42p59ic-ztdg12240101 (mailgateway 1922B206) with SMTP id 183f8e09-ae71-4b00-baa3-458a228427ab for <*******@icloud.com>; Wed, 4 Dec 2019 22:57:59 GMT Received: from by (mailnotify 1916B19:12:18:22:57:59:60); Wed, 4 Dec 2019 22:57:59 GMT X-Apple-MoveToFolder: Junk (36) uid 12 user ******* modseq 0 X-Apple-Action: JUNK/Junk X-Apple-UUID: 183f8e09-ae71-4b00-baa3-458a228427ab Received: from ip21.ip-178-32-48.eu (ip21.ip-178-32-48.eu []) by pv33p00im-smtpin029.me.com (Postfix) with ESMTPS id 4845BAA00C2 for <*******@icloud.com>; Wed, 4 Dec 2019 22:57:56 +0000 (UTC) Would someone please offer a suggestion for how I can get this to work again?
  15. Hi JoJo, Welcome to the SpamCop forum. Sorry you joining is under such stressful conditions. I think you post identifies three issues. Sorry you have gotten onto the emailing list of one that has such a poor business model. Unfortunately, at this point unsubscribing from their email list only validate that a real person reads the email. Have you reported the problem with freebizmag/com to your credit card company and your bank that issued the card? You are their paying customer. This may not stop the spam in the short run but (frebizmag.com has your email) but it may affect their bottom line. If enough people report the servers sending the spam, this also can affect them directly. This seems to be the easiest (effective) way for you to report spam. After cutting and pasting the spam into the online form and clicking the submit button, your done. Before you click the submit, just above the button you should see one or more check boxes beside where the spam reports will be sent. For example: On the other hand The success of forwarding spam as an attachment, depends on the email application and server you are using. Some email apps modify the header before attaching, attaching inline will also prevent SpamCop from processing your spam. and result in the response you received
  16. I've been trying to report spam from freebizmag.com. (I never signed up & they started spamming me many times a day after I redeemed some credit card points for some magazines; I've unsubscribed multiple times; had email correspondence where they promised to unsubscribe me, and didn't; even called them on the phone & they promised to unsubscribe me, and didn't.) I've reported several of their recent spams to SpamCop yesterday and today both by copying & pasting the header info & body of email into the online form, AND by forwarding the email to the email address provided for this. In all cases, I've received an email back from SpamCop that says: SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: What can I do about this? Thanks, JoJo
  17. Last week
  18. If you are a paid subscriber I believe it still counts/deletes your megabytes.
  19. gnarlymarley

    How to automatically submit spam?

    There are some ways to accomplish this. Since not all of my email providers support forwarding as an attachment, I did it using a unix program called fetchmail and a perl scri_pt. (The perl scri_pt encapsulates the email as an attachment and sends it to the reporting address.) I will offer a word of caution about full automation of reporting, as I have recently had one group send me an email fifteen years after I had signed up on the list to my main email address. (Yes, they went quiet for more than a decade.) If someone were to do a restore or grab the old email address, then you could be trying to report legitimate email. That said, I have not had any problems with reporting from my accounts I signed up and never used for email.
  20. gnarlymarley

    How Do I Use SC on MY Mail Server?

    Outernaut, For me, I have migrated away from the spamcop filter when I found that SpamAssassin contains a spamcop rule called RCVD_IN_BL_SPAMCOP_NET. (I abandoned filtering at the SMTP level when I found emails I was interested showed up on the blocklist.) Since you already have spam Assassin, you may have this rule already enabled. If you have it, you may need to use the "score" keyword to manipulate the rankings. (I currently just use the defaults for this one item.)
  21. No, I saw what I posted above on Nov. 26th. Reports waiting for me to finish. I assumed it was due to the possible IP Address of the SMTP server so I added the SMTP sever, and it finally started to work again. It sent the return e-mails to GMAIL.COM, but I've since edited that to go where I wanted it.
  22. I have not seen this happen to me when I changed servers. IrvSp, When you logged into your reporting account, were you greeted with a reject or bounce message on the reporting page? I have seen gmail bounce the replies for me and it stopped the replies.
  23. dr_bobbs, One thing to note if you forward as an attachment to your submit address, submit.XXXXXXXX@spam.spamcop.net, then it will automatically truncate for you.
  24. Yeh, I took a look at the .eml with a text reader. If I copy and paste from the opened headers, then line-wrap or word-wrap seems to get used and breaks up the long lines of garbage the scum-spammer has inserted (....kcfrsxkiugdsetujhfedfjiu...), which upsets SpamCop no end 😕 Recent example that does now get processed after sending .eml.... https://www.spamcop.net/sc?id=z6596879593zbf4fdf5a105382e3c3e542f528681ab6z Save-as .eml leaves everything intact. Obviously I'll use this method from now on. Much easier to simply send in .eml as attachment without even forwarding using the original spam.
  25. That's the easiest, You should be able to open a *.eml file with "Notepad" or text viewer
  26. Success ... I think. I changed my method for the type of incoming spam that always failed to be processed (where other spam reports succeed) - commonly coming in from "headlines @ Trib•••" Just found that on webmail for Virgin, I can save email as a file (.eml). Send as attachment, and it appears to get processed successfully. At last. So, no copying & pasting (which appears to get lengthy headers scrambled using my email app) for at least these & probably any other styles of crud-mail.
  27. No, not really. SpamCop.net uses cookies with your reporting account.
  28. Harlon

    How to automatically submit spam?

    Regards the above email message, can someone tell me what the request, "members use cookie-login please!" means? Is that different from a standard SpamCop login? Thanks!
  29. Hi Lking: FINALLY, I got another example where this happened again. (The previous one had gotten too old to report.) I tried your suggestion, and yes, it did work! Thanks!
  1. Load more activity