I am receiving bounced back messages (for e-mail that I have not sent), and for e-mail addresses not defined to my domain. I.e. a^tg&h[at]vanity-domain.net. This bounced message includes the original e-mail. I am using the original e-mail to e-mail into the spamcop spam reporting tool. All these e-mail are NOT reported, according to the error message below:
"Possible forgery. Supposed receiving system not associated with any of your mailhosts. Will not trust anything beyond this header"

Technically, this may be true. However, it's still spam, and it still allows a spammer to use my domain for bounced messages. Now I look like the 'baddie'.....

Any thoughts?

Many thanks in advance!

All the best,
Paul.

Hi, Paul!

...It is a violation of the rules to which you agreed when you signed up for SpamCop to report bounces.
...Did you read Pinned: FAQ Entry: Why am I getting all these bounces?? That may answer some of your questions.
...If you still have questions after reading it, please do come on back here and post a follow-up.
...FYI, in spite of the message you quoted, I don't think this really has anything to do with mailhosts, per se, although someone else might be able to correct me if I'm guilty of a misconception....

Noone with any experience with spam will think you the 'baddie' because everyone has had bounces with their email address in the From:

Many people think that these are as bad as spam and those ISP's who send email bounces are guilty of aiding and abetting the spammer. However, they cannot be reported through spamcop.

It used to be that you could parse the headers and find out where to send manual abuse reports if you wanted to. However, I don't know whether that will be a feature or not since the advent of mailhosts. If you can find the IP address of the sender of the bounce, you can notify them what you think of the practice. You can also find the IP address of the original spam and complain to that ISP that your email address is being forged by the spammer. But not thru spamcop.

It seems hard that you cannot use spamcop for bounces and virus/worms, but spamcop has a defined mission and the remedies for correcting these abuses are different than the remedies for stopping spam.

If you can't block these bounces at the server level yourself (so they go back to where they came from or are dropped), then you might be able to ask your ISP to do it for you if they are a major problem. Otherwise, you can set up a filter for them and JHD. Usually though, they slack off after a few days.


Miss Betsy

...FWIW, I'm one of those.


...But I believe that you can still use the SpamCop parser to find the abuse address of the sending IP and cancel the report.

Apparently not since he got an error message.

I have not experimented so I don't know what it can do and can't do since the mailhosts advent.

Miss Betsy

...Did he tell you that privately, or is it in his post somwhere that I'm not seeing? I thought the bounce he was referring to was for e-mail he did *not send*, not for reports to SpamCop.

With a mailhosts configuration, you will not be able to use spamcop to parse headers for a message which was not sent through your mail servers. You can parse where the bounce came from, but not how the original was sent to the "bouncing" server. If the headers are present, you can still parse it manually and use spamcop to find the reporting address for the IP you believe is responsible. Another way you could currently do this is to sign up for another free accoutn (different email address) and not configure mailhosts. This will work until mailhosts become mandatory.

I will repeat my request for a single parser page that will trace the source of a message without using the mailhost system, even if no reporting is available from that parse. I often find myself manually parsing viruses or spam which have bounced off of a third party in order to inform the originating administrator. It would also help to assist other people with inding the source of their problems.

I interpret this to mean that the spam message (contained in the bounce) could not be parsed and returned an error message.

If he tries to parse the bounce message, he will get an error message too, I believe, rather than a report.

I don't know what happens if he just tries to parse the headers. If it were successful, then he might get the report addresses, but not checkboxes so there would be no report to cancel (at least that's the way I remember it happening, but I am too tired to confirm it).

Miss Betsy

...Ah, good point! I get the "Possible forgery" warnings on some of my reports but which then continue on to generate the reports.
...So I guess what the original poster would have to do is to manually remove from her/his submission all header information that cause the parser to fail to complete. Having thus changed the headers, it would then be essential to cancel the reports so as not to run afoul of the SpamCop rules.

In the case of a bounce, there may be 2 sets of headers.

The headers of the bounce message itself that route from the bouncing server to the final destination. These are not reportable through spamcop because they are a bounce. You can parse these headers and determine the server that is bouncing the message and ask them to modify the way they do things.

There may also be the headers of the original message from the original sender to the bouncing server. These headers are not reportable through the spamcop system because the spam was not sent to you, it was sent to a user at the bouncing server. In addition, if you have mailhosts configured, you can not even use SpamCop to parse these headers because none of the servers will be in your mailhost configuration.

For line 0: of the parse, you will get:
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust anything beyond this header
No source IP address found, cannot proceed.