Jump to content

remay

Members
  • Posts

    29
  • Joined

  • Last visited

Recent Profile Visitors

1,426 profile views

remay's Achievements

Member

Member (2/6)

0

Reputation

  1. I am getting sporadic spam/scam emails into my hosting company's email server that are MISSING the first 2-3 lines of the headers, which makes them unreportable to SC (or any other abuse contact). Below and attached is a recent email that is missing the first 2-3 lines of the headers. I have contacted my hosting company about this issue and they claim the emails are this way because of the way they have been sent, NOT by the way their email server is processing them. For emails that have this problem, the hosting company claims the following: Look at the two lines: Received by and Received from. First one say in the end "with smtp" and 2nd one says in the end "with http" a) "With smtp" means: mail server received the email from any "Email Client". Since smtp server received it directly from an external IP, it shows the IP address b) "With http" means: email is sent from Google's web interface. And google's smtp server received email from its local webmail server side scri_pt. So Google put an internal machine ID in place of IP (Since the IP would be local IP of google http server). Its common for Gmail and Hotmail. They don't disclose sender IP if email is sent from webmail. So you can just report that machine ID to google and their system will track and take care of spammer. I don't know if my hosting company is correct or not! I find it hard to believe that email can be delivered like this. Does anyone else experience this? If you look at the email headers, notice there is "X-SmarterMail" processing that has taken place. Could THAT processing be whacking the email headers? (missing: Return-Path: ... ) (missing: Received: from .... by emailserver3.[myserver].com with SMTP ... ) (missing: date/time stamp when email was received by emailserver3.[myserver].com) (Below is the COMPLETE email with headers, as retrieved from the email server) Received: by 2002:a19:ca4e:0:0:0:0:0 with HTTP; Tue, 12 May 2020 13:18:03 -0700 (PDT) From: chigozie gozie <cgozie7@gmail.com> To: undisclosed-recipients:; Subject: From Mrs mush and Daughter / Greetings to you & your Family, Date: Tue, 12 May 2020 13:18:03 -0700 Message-ID: <CAFWVug3jN-fUYxfwT-+Ke=eV1zPUC8YgAAaHqZrZggcK7Or=tA@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-Path: <cgozie7@gmail.com> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=ki1I49xVqumSL5IOZUVkhNZP/mbeTjCd55mRcc3rn0xzTzbw+XIMvhlHtHN31gL6Yy VpdVJDIGMQlQTGS5jyOBBdlFAbCR4TrAObZOn1IjUtDET/yXAxL0hIAtFn67BJeGpSq9 OVBn0jJAxVH3kvFIyuV2mJDCLsnwJvv6ZnwARFim8bsz/O8cJfcTpDm3k7tfnBDKg7pk PgwCg4SALREfPKlmBOAzNc0VLEdg2+Of6Bp4HVK6bwVdr6qTQNspkFWzn8AFB7GqfDfV lRwapEtzhFdnHK1OAQLAcVMUTYMdeuUXnC9YTgcE9I50A+oamPeI+Gcv8XyScvp/zT/+ wHUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=mLkvgeHYws87ffHFK/X7fYaD+xQCgH4q3QcQtDYKv1KexQDzqNrf7/2bOPZuOgrhtA 49jrJM+WSeQApLSGDMHpwljPaXUgwl3Su3NWCWVuXsYiLKNLYYoKluamC05iZ/SHRi78 mRmsebD9AQWbFCgUjyZS7RbB5Mj7RcqOTStWJxXZpeEHhvgf8X30GSalFvo7/Ynyk/Cv 9xrgmpnxLkPZKh0ImTjZ/WQUcU9j/Kdm4dKv+g084KXf24Tr4xZy2d/ksVHMY7pykhly Wx1LamwCoYA6qBZJsa2IxXboKRdpcdjzH0JH4euDTGnxL1inWdqiXj9UQnPtY/jrVXXn H+jA== X-Gm-Message-State: AOAM531WVDpQFIJu5hqAU+0FlfwuXQ3+ZeenhkmMzFoM946I7OtlqX9K shAXTq4XrMQ3fGPWomXBeEo3o4ySlcXZiYeUzr0= X-Google-Smtp-Source: ABdhPJwYz4FnLavDHVG8D6ByLaN1QzmMuItOFtalxTj5kOEDpcnKdry4u++7KRab0WJho9xhbLdrHNgMQt1YZDuK2K8= X-Received: by 2002:ac2:58d7:: with SMTP id u23mr6545768lfo.119.1589314683974; Tue, 12 May 2020 13:18:03 -0700 (PDT) X-CTCH-RefId: str=0001.0A09020D.5EBB0483.004D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-AVLevel: Unknown X-Rcpt-To: <x> X-SmarterMail-spam: SPF [Pass]: -2, Cyren [Unknown]: 0, SpamAssassin [raw:7]: 12, DK [None]: 0, DKIM [Pass]: -1 X-SmarterMail-SpamDetail: spam detection software, running on the system "spamassassin1.serverpoint.com", has X-SmarterMail-SpamDetail: identified this incoming email as possible spam. The original message X-SmarterMail-SpamDetail: has been attached to this so you can view it (if it isn't spam) or label X-SmarterMail-SpamDetail: similar future email. If you have any questions, see X-SmarterMail-SpamDetail: the administrator of that system for details. X-SmarterMail-SpamDetail: Content preview: Dearest, This mail might come to you as a surprise and the X-SmarterMail-SpamDetail: temptation to ignore it, I am Mrs Joyce mush and Daughter, from Cote D'Ivoire. X-SmarterMail-SpamDetail: I want to transfer the sum of $3,500,000 Usd in your account, you help me X-SmarterMail-SpamDetail: invest it in your country for my daughter future education. [...] X-SmarterMail-SpamDetail: Content analysis details: (7.3 points, 6.0 required) X-SmarterMail-SpamDetail: pts rule name description X-SmarterMail-SpamDetail: ---- ---------------------- -------------------------------------------------- X-SmarterMail-SpamDetail: 0.0 T_WHOAMI EmailFilter1 X-SmarterMail-SpamDetail: 3.0 SUBJ_YOUR_FAMILY Subject contains "Your Family" X-SmarterMail-SpamDetail: 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider X-SmarterMail-SpamDetail: (cgozie7[at]gmail.com) X-SmarterMail-SpamDetail: 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in X-SmarterMail-SpamDetail: digit (cgozie7[at]gmail.com) X-SmarterMail-SpamDetail: 0.0 LOTS_OF_MONEY Huge... sums of money X-SmarterMail-SpamDetail: 1.0 FREEMAIL_REPLY From and body contain different freemails X-SmarterMail-SpamDetail: 0.0 FILL_THIS_FORM Fill in a form with personal information X-SmarterMail-SpamDetail: 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information X-SmarterMail-SpamDetail: 1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-SmarterMail-TotalSpamWeight: 9 Dearest, This mail might come to you as a surprise and the temptation to ignore it, I am Mrs Joyce mush and Daughter, from Cote D'Ivoire. I want to transfer the sum of $3,500,000 Usd in your account, you help me invest it in your country for my daughter future education. Recently my doctor told me that my health condition is very bad due to cancer problem having known my condition i decided to contact you. Send me these informations; Full name, Address, Sex, Age, Occupation, Phone/Mobile,State of origin, Country.I am waiting for your reply so that i give you more details . Hoping to receive your response immediately, E-mail Reply To; joycemush3@gmail.com Thanks. Sincerely . From Mrs mush and Daughter. 0-2-2.txt
  2. re: " the header is processed and reports sent " No report was "sent" or processed. There was nothing in the report history webpage. See below. So... I doubt anyone is looking into the issue. I guess I submitted to the wrong forum... Submitted: 10/23/2016, 11:57:18 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:46:21 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:42:44 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:33:20 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:32:53 AM -0500: DEAR FRIEND, CAN I TRUST YOU? SPF: PASS with IP 2a00:1450:400c:c09:0:0:0:243... No reports filed Submitted: 10/23/2016, 11:32:19 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:26:39 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed
  3. That post did not apply to my issue at all. As I indicated: "Submitted email directly at spamcop website" " There is one blank line separating the headers from the body. I tried adding more, with no better result. "
  4. Submitted email directly at spamcop website using the " Paste entire spam (headers, blank line, body) " method, like I do with all the other submissions I make. But this one produced: 2a00:1450:400c:c09:0:0:0:243 not listed in cbl.abuseat.org 2a00:1450:400c:c09:0:0:0:243 not listed in dnsbl.sorbs.net 2a00:1450:400c:c09:0:0:0:243 not listed in accredit.habeas.com 2a00:1450:400c:c09:0:0:0:243 not listed in plus.bondedsender.org 2a00:1450:400c:c09:0:0:0:243 not listed in iadb.isipp.com No body text provided, check format of submission. spam must have body text. When viewing the email, there is clearly a body. The email was retrieved directly from gmail's "Original message" output, and pasted into the website field, just like others that I have submitted. There is one blank line separating the headers from the body. I tried adding more, with no better result. Seems spamcop has an issue processing this email: https://www.spamcop.net/sc?id=z6322627898zb99bde9cef22f4244354756ef95903c3z
×
×
  • Create New...