Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. RobiBue
    I believe that Paerhc is actually subscribed to that blogspot site; iow he wants the information coming from there. At least that's how I understand it... The problem is, that apparently some spammers are using that blogspot as delivery engine. The only ones that can prevent that, are the blogspot owners/admins.
  3. Yesterday
  4. gnarlymarley started following reciveing spam through a blogspot account
  5. gnarlymarley

    reciveing spam through a blogspot account

    gnarlymarley replied to Paerhc's topic in SpamCop Reporting Help

    What I do is to block it on my server so I no longer get it but I have my own physical server that I can do so. Otherwise all you could do is to have it marked as spam so it goes to your spam folder. My question is, why is this not reportable? Looking at https://www.spamcop.net/fom-serve/cache/125.html it says if you signed up and after you tried to unsubscribe, you can report it as spam. If you never signed up with them, then it would be spam. I take it from your statement that you probably have already read this page I listed above to find the difference between reportable and non-reportable. If this is some sort of spat between friends, then it would not be reportable using spamcop. What you can do then is to find out who to report it to and forward as an attachment (without using spamcop) to that administrator. Since the administrator could be the spammer, you should also get this "marked as spam" so it goes to your spam folder.
  6. solia200 solia200 joined the community
  7. C2H5OH
    Abuse contact for '27.121.64.0 - 27.121.71.255' is 'abuse[at]netregistry.com.au'
  8. Paerhc
    Can anyone tell me how to stop spam coming to me through this blogspot site: https;\\enklabloggen,blogspot,com/ I'm getting tired of it. It's always about loans. The spammers post their spam on that site and I can't stop it from coming to my e-mail account. If spam comes through an blogspot account like this, is it still something I can report as spam? I don't want to ruin things by reporting spam that is not something I should report.
  9. julia945 julia945 joined the community
  10. albert2

    Reporting Issue's reason Fake Headers

    albert2 replied to albert2's topic in SpamCop Reporting Help

    Lets hope they come with a solution quickly then !
  11. KevinTrue KevinTrue joined the community
  12. bopxertas bopxertas joined the community
  13. ChuckGary61

    Spamcop cannot find source IP

    ChuckGary61 replied to klappa's topic in SpamCop Reporting Help

    yup, you keep klunging I'll keep munging, friend. just a little copy/paste isn't that big a hassle. but I would rather SpamCop would parse all spam correctly, since I'm paying for it. But maybe not for much longer...
  14. Marytark Marytark joined the community
  15. qoia233 qoia233 joined the community
  16. SpamStoolie

    Spamcop cannot find source IP

    SpamStoolie replied to klappa's topic in SpamCop Reporting Help

    Well, I guess we need to define “munge.” If you mean “modify” that's what my kludge does. It modifies the header, in an automated fashion, maintaining all relevant information, and warning that (in fact) the header has been modified. I supplied it only to save others a bit of work. If you prefer to do it manually, be my guest!
  17. ChuckGary61

    Spamcop cannot find source IP

    ChuckGary61 replied to klappa's topic in SpamCop Reporting Help

    ... so I'll keep munging the headers from Gmail spam.
  18. SpamStoolie

    Spamcop cannot find source IP

    SpamStoolie replied to klappa's topic in SpamCop Reporting Help

    FWIW: there are a few differences here. The G-Mail header is received by a 6to4 address, for an internal address (with no FQDN, and none can be resolved for it.) The header you quote is received from a FQDN. The IPv6 address is commented out (parenthesized) so, effectively it is only the FQDN which is used. It is also received by a FQDN (with no IPv6 address.) The G-Mail header uses a relaxed syntax. Notice how these examples from the RFC supply both a from and a by host. Notice also that host names are used, as in the example you gave. https://tools.ietf.org/html/rfc2822#appendix-A.4 A.4. Messages with trace fields As messages are sent through the transport system as described in [RFC2821], trace fields are prepended to the message. The following is an example of what those trace fields might look like. Note that there is some folding white space in the first one since these lines can be long. ---- Received: from x.y.test by example.net via TCP with ESMTP id ABC12345 for <mary@example.net>; 21 Nov 1997 10:05:43 -0600 Received: from machine.example by x.y.test; 21 Nov 1997 10:01:22 -0600 From: John Doe <jdoe@machine.example> To: Mary Smith <mary@example.net> Subject: Saying Hello Date: Fri, 21 Nov 1997 09:55:06 -0600 Message-ID: <1234@local.machine.example> This is a message just to say hello. So, "Hello". ---- Compare those to this: Received: by 2002:a02:2115:0:0:0:0:0 with SMTP id e21-v6csp2430371jaa; Sat, 23 Jun 2018 18:14:27 -0700 (PDT) However, the specification allows the syntax used by G-Mail. https://tools.ietf.org/html/rfc2822#section-3.6.7 3.6.7. Trace fields The trace fields are a group of header fields consisting of an optional "Return-Path:" field, and one or more "Received:" fields. The "Return-Path:" header field contains a pair of angle brackets that enclose an optional addr-spec. The "Received:" field contains a (possibly empty) list of name/value pairs followed by a semicolon and a date-time specification. The first item of the name/value pair is defined by item-name, and the second item is either an addr-spec, an atom, a domain, or a msg-id. Further restrictions may be applied to the syntax of the trace fields by standards that provide for their use, such as [RFC2821]. https://tools.ietf.org/html/rfc2822#appendix-B Appendix B. Differences from earlier standards This appendix contains a list of changes that have been made in the Internet Message Format from earlier standards, specifically [RFC822] and [STD3]. Items marked with an asterisk (*) below are items which appear in section 4 of this document and therefore can no longer be generated. 1. Period allowed in obsolete form of phrase. 2. ABNF moved out of document to [RFC2234]. 3. Four or more digits allowed for year. 4. Header field ordering (and lack thereof) made explicit. 5. Encrypted header field removed. 6. Received syntax loosened to allow any token/value pair. Regardless, yes, I agree, SpamCop should handle the G-Mail headers. Yes, my scri_pt is a self-proclaimed kludge. Like all good kludges it is written out of pragmatism. I would like to report spam received by my G-Mail accounts, and this method allows me to do that.
  19. ChuckGary61

    Spamcop cannot find source IP

    ChuckGary61 replied to klappa's topic in SpamCop Reporting Help

    parenthesis being handshake-kosher or not, Hotmail spam with IPv6 format works! "Received: from AM5EUR02HT112.eop-EUR02.prod.protection.outlook.com (2603:10a6:3:cf::25) by HE1PR03MB1338.eurprd03.prod.outlook.com with HTTPS via HE1P191CA0015.EURP191.PROD.OUTLOOK.COM; Sat, 23 Jun 2018 13:10:24 +0000" parses correctly as: Report spam to: Re: 2603:10a6:3:cf:0:0:0:25 (Administrator of network where email originates) To: report_spam@hotmail.com (Notes) so WHY doesn't Gmail's IPv6 header spam work? munging headers seems to be much less "kosher", IMO!
  20. Last week
  21. RobiBue

    Reporting Issue's reason Fake Headers

    RobiBue replied to albert2's topic in SpamCop Reporting Help

    The line tells that the message was received by the mail server at IPv6 address 2002:a9d:21b7:0:0:0:0:0 which is actually a 6to4 address translated from the IPv4 address 10.157.33.183. In short, the mail server at google that received the message before displaying it to you in your gmail account has the IP address 10.157.33.183. I received the following message from SpamCop: <quote> Gmail has broken their headers, not showing who received the mail and using IP addresses that do not resolve. Google has promised to fix the issue but have not provided an ETA of a fix. We looked at programming around it but that option was rejected by our CERT board as it would have opened a security hole in our system. We can just sit and wait for Gmail. </quote>
  22. albert2

    Reporting Issue's reason Fake Headers

    albert2 replied to albert2's topic in SpamCop Reporting Help

    Thanks Petzl, Seems you have pinpointed the problem to the second header line. Do you or someone else knows what exactly is caused by this line & what this line tells ? Again maybe Spamcop systems can be altered to remove or ignore this line automatically when present so users won't need to take care of it anymore for each mail. If this line is specific to mailboxes from gmail, maybe spamcop could contact google and ask for a solution. Albert
  23. adrewand adrewand joined the community
  24. kkfvacad kkfvacad joined the community
  25. bopryunopefg bopryunopefg joined the community
  26. RobiBue
    yeah, that's right, they need the full headers, but the problem is within SpamCop, where the parsing of said Received: line causes havoc within the next (previous actually) Received: lines. The 2002:a02:b4d7:0:0:0:0:0 address is called a 6to4 address, but according to RFC-3056, section#2: [A] subscriber site has at least one valid, globally unique 32-bit IPv4 address, referred to in this document as V4ADDR. This address MUST be duly allocated to the site by an address registry (possibly via a service provider) and it MUST NOT be a private address [RFC 1918]. and Google is inserting their private addresses into the IPv6 6to4 address. That would in fact be a violation of the aforementioned RFC-3056 as :a02:b4d7: translates to 10.2.180.215 which is definitely a private address according to RFC-1918, section#3. In theory, they should (if they want to use private IPv6 addresses) use, according to RFC-4193, section#3, addresses in the fc00::/7 or fd00::/8 address ranges. Unfortunately SpamCop has the same problem with the fd00:/8 addresses and does not identify those addresses as local private addresses like the 10/8, 172/12, and 192.168/16 address ranges. I have written a crude program that replaces the 6to4 addresses with the actual IPv4 counterpart and places the original IPv6 address in parentheses. The program works for me, but I have not tested it with a larger group of gmail users, and am reluctant to do so, as munging headers is mostly a "no-no" and could cause SpamCop to disable user accounts, although this type of munging is necessary for SpamCop to correctly identify the actual spammer (or the proxy they are using). Until SpamCop gets an update to correctly identify those IPv6 addresses as local/private addresses, the aforementioned removal or change of the address is necessary to get SpamCop to work correctly with gmail accounts. To add some workarounds: remove the topmost Received: line with the address beginning with 2002:a or change the address beginning with 2002:a to its IPv4 address using http://www.potaroo.net/cgi-bin/ipv6addr or replace the address beginning with 2002:a with mx.google.com I have seen these three options in action before, and they work. HTH
  27. halberstadt
    I'll bet "past" was meant to be "paste". If so, was "comments" meant to be the "additional notes" box? And, if so, do we just need to paste in that one line? Bill Halberstadt
  28. halberstadt
    Thanks, petzl. As I understand, we should edit the raw "headers plus text" before submitting, to delete its second line (similar to above example). I don't understand, however, "...ISP's need FULL headers as evidence so past deleted line in comments". Bill Halberstadt
  29. klgiger76
    Ok will do thanks
  30. petzl
    presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments Delivered-To: x Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE
  31. petzl
    presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments Delivered-To: x Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE
  32. petzl
    presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments Delivered-To: x Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE
  33. Art101
    Thanks much, Mr. Halberstadt. Your tracking URL will (hopefully) help get things rolling while I search for one that might be useful. I'm still in crazy deadline mode, but will try to get back to this issue over the weekend. Weekend? What's that? I vaguely remember the concept. Cheers. [insert wink emoticon here]
  34. halberstadt started following Ongoing Mail-host problems with Gmail
  35. halberstadt
    I have exactly the same problem as Art101. I use a MacBook Pro, with the latest OS and use Apple Mail. One of my seldom used mail accounts is with Gmail. It is not auto forwarded, but accessed directly via Apple Mail. Every Gmail spam I report (via pasting raw text into the SpamCop site) results just as mentioned above. I deleted the mailhost record and reprocessed the new sample emails from Spamcop. Same results. Here is a tracking URL: https://www.spamcop.net/sc?id=z6470279948zca815870453010d3fb71188df9523981z I note that I specified "Gmail" as the mailhost name, but it shows in my mailhost list as "SpamCop", not "Gmail". Bill Halberstadt
  36. klgiger76
    so remove it when i report?
  37. Borgholio

    So what's up with this forum spammer?

    Borgholio replied to Borgholio's topic in SpamCop Lounge

    Well it seems the amount of spam is easily a 10 : 1 ratio compared with legitimate posts, so maybe you may want to consider tightening things up a bit? The recent activity feed is useless due to the amount of spam.
  38. albert2 started following Reporting Issue's reason Fake Headers
  39. albert2
    Hello, Since a while i have problems reporting spam while before i never had issue's. On my side nothing has changed so it's certainly not a mail host issue. This are the exact errors spamcop gives me: No unique hostname found for source: xxxxxxx Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost:Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Nothing to do. I first ignored the spams & did no efforts to report them but now every spam i received get bounced for this reason & spams send to me grow in numbers. So i needed to take action and looked for above errors on this forum. I found a solution and with it i can report again but doing this for every spam is a time consuming workaround, besides that there is each time the risk i forget to mungle out my own email address & face retributions from the spammer if he receives a copy of the report. This is the solution: Seem a number of variants copy from including this line down ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of www.@vanilla.ocn.ne.jp designates 153.149.236.39 as permitted sender) Then copy and paste the above bit in notes' After SpamCop has parsed it. I hope Spamcop could do an effort in including a process that automates this on their side so users can simply copy paste their mail source, in this case the mingling would also be automatically performed by spamcop as it was done before. Thanks for looking into this & providing a permanent solution. Albert PS if you require samples please respond to me & i will provide a few
  40. petzl
    Delivered-To: x Received: by 2002:a4f:cd93:0:0:0:0:0 with SMTP id g19-v6csp111694ivm; DELETE this line Thu, 21 Jun 2018 08:50:34 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJm7SPYy08N6+s3/lNkYLtcWSkKPdxvvqYFYwbJyoaQaLp5RqRyUGeajuZVN9AW+qb+XkYe Gmail have a strange received line? remove it and it parses https://www.spamcop.net/sc?id=z6470189730zb41f52ebe6e0e09a1227dc796c313857z
  1. Load more activity
×