I have been noticing in some of my manual reports the line:

Possible forgery. Supposed receiving system not associated with any of your mailhosts

This doesn't happen all the time, just on some emails. So, I decided to redo my mailhosts for some of my alternate SC accounts. I did Hushmail, and it seems to have added more hosts now, so that may have been one of the problems (since the error above occurs often on manually reported Hushmail UCEs). But, I also noticed something strange on Gmail. I selected all the servers, which were 5 in total, to send test emails to Gmail. I followed the directions exactly and copied and pasted the entire plaintext of email into the mailhost box. I went and looked at my hosts for Gmail after the first email, but then after the 2nd, 3rd, and so forth, they were all different from the first. Is this common?

I don't have a screenshot or example of what I'm talking about (since I didn't expect that effect while I was in the process), so I don't recall which servers it identified as mailhosts for Gmail. But now, it lists the following:

• mxes.net
• mx.gmail.com
• aspmx5.googlemail.com
• mx.google.com
• google.com
• gmail.com

Notice that I was sent out 5 test emails, but now am showing 6 mailhosts.



I don't know if those servers are specific per account or location of being accessed or what. If they are, a mod can delete them. I also have saved the test emails sent to me if anyone would like to examine them.

Then, I was looking over my SC mailhosts and noticed a few strange entries. For example, I see listed as one of my mailhosts in SC xts.no-ip.org. I don't recall ever seeing that as a receiving server. Should I redo my SC mailhosts too?

So, in summary, my questions are as follows:

• How often should you reconfigure your mailhosts?
• How should you know when it's time to reconfigure your mailhosts?
• Is there any way to test for abnormalities in your mailhost configuration or know what to expect when looking at your mailhosts (ie: should you run a check for MX servers for the mail domain or something to see if they match?)?

Thanks in advance,
jongrose

The error you noticed SHOULD be somewhere on any parse that is being forwarded through another machine.

You should not have to reconfigure your mailhosts. They should be automatically reconfigured everytime anyone from gmail (in this instance) updates and the mailhost finds a new host or IP. My current gmail config:

Mailhost name: gmail
Email address: x[at]gmail.com
Hosts/Domains: mxes.net mx.gmail.com aspmx5.googlemail.com mx.google.com google.com gmail.com
Relaying IPs: 64.233.183.27 64.233.184.196 64.233.170.205 64.233.182.191 64.233.185.114 64.233.184.224 66.249.82.231 72.14.247.27 64.233.184.239 64.233.184.207 66.249.92.172 66.249.82.237 64.233.170.194 66.249.82.234 64.233.162.199 216.239.57.27 66.249.82.206 64.233.170.204 64.233.184.197 64.233.184.238 66.249.82.197 66.249.92.195 66.249.82.224 64.233.184.201 72.14.204.195 64.233.166.178 66.249.92.171 64.233.166.181 64.233.170.207 64.233.170.200 64.233.162.193 72.14.205.27 64.233.185.27 72.14.247.16 64.233.166.179 66.249.92.202 66.249.92.206 64.233.167.27 66.249.82.200 64.233.184.198 64.233.184.200 64.233.184.225 72.14.204.197 66.249.82.239 64.233.182.189 66.249.92.174 64.233.163.114 64.233.184.233 66.249.83.27 64.233.184.228 64.233.170.203 209.85.133.27 64.233.170.197 64.233.163.27 72.14.204.196 66.249.92.203 64.233.162.200 64.233.184.199 66.249.82.203 72.14.215.114 64.233.163.109 66.249.92.173 72.14.204.205 64.233.184.231 64.233.171.109 64.233.184.206 64.233.184.192 64.233.184.234 66.249.92.169 64.233.182.188 64.233.162.198 205.237.194.56 64.233.166.176 64.233.170.202 64.233.162.192 72.14.215.27 66.249.82.202 64.233.182.187 64.233.170.199 64.233.184.232 64.233.162.194 66.249.92.199 66.249.82.207 66.249.82.195 66.249.93.27 72.14.204.198 64.233.162.205 64.233.171.27 66.249.93.114 64.233.166.180 64.233.166.177 64.233.184.204 64.233.162.201 64.233.162.233 72.14.204.202 66.249.82.201 66.249.82.227 64.233.183.114 64.233.162.195 64.233.184.205 66.249.82.230 66.249.82.196 64.233.182.186 64.233.184.226 64.233.162.202 64.233.183.16 64.233.184.193 64.233.170.196 66.249.83.109 64.233.184.227 209.85.133.114 66.249.83.111 64.233.167.114 64.233.171.114 64.233.162.207 64.233.162.203 64.233.185.111 64.233.170.201 66.249.92.170 64.233.162.206 64.233.182.185 64.233.184.194 66.249.92.175 64.233.170.192 64.233.162.197 66.249.83.114 64.233.182.184 64.233.185.109 64.233.184.202 64.233.170.206 64.233.170.198 64.233.166.182 64.233.184.230 66.249.82.228 64.233.182.190 66.249.82.232 66.249.82.192 64.233.184.235 66.249.92.168 64.233.184.229 64.233.162.196 66.249.82.198 64.233.184.237 64.233.184.236 64.233.170.193 64.233.184.203 64.233.166.183 64.233.184.195 66.249.82.238 72.14.205.109 64.233.162.204

Sorry, could you clarify this? Do you mean another machine, as in another PC that I am passing the report through? Or another mailhost?

As stated ... "another machine" ..... this might be an ISP adding/switching another machines/servers in the handling of your e-mail ... it might be becasue you choose to forward your e-mail to/through another server somewhere else .... ot might be because your host sold out to another ISP that then reconfigures everything ...

As we have tried to indicate in the various FAQs, definitions, descriptons, etc. 'here' ..... SpamCop.net Reporting should not be performed under an "automaic & blind" mode. So any time there is an issue with your parse results, something needs to be done to resolve the issue.

By another machine, I meant a server that is forwarding a message into your mailhost tree for another machine. That "error" (actually it is a warning to look at) will occur even with a properly configured mailhost.

User of machine [A] sends a message through his ISP's SMTP server [B] and adds a header stating this (second header spamcop will evaluate). Your ISP SMTP server [C] (in mailhost) receives the message and adds a header stating this (firsat header spamcop will evaluate).

You will get a warning on the second header spamcop evaluates because the senders ISP's SMTP server is not in your mailhost configuration. "receiving system not associated with any of your mailhosts" Any server that received your message on the path to you that is not part of your standard mail route will generate this warning.

Okay, well I appreciate your responses, but now I'm more confused. Basically all I'm doing is taking the plaintext of the emails I receive from the services I use, with entire headers included, and pasting them into the SpamCop reporting system. These are emails that haven't been forwarded or modified in any way.

So, for example, if I'm in my Gmail webmail account and I receive a spam, I will click on "Show Original", which brings open a new window with the entire email in plaintext, including headers, and copy and paste that into the SC manual reporting system. Since I use webmail for all my email accounts, this is essentially the same process I do for all my other accounts, with the exception of Yahoo, which doesn't allow for this, and so I don't report their emails.

So, I guess what I'm asking is, is there something in this process that I'm doing wrong or am I reporting these emails incorrectly when I see that error? All the emails I report are from systems which I've added to my mailhosts config.

I apologize (especially to Wazoo ) if this is covered in the FAQ, but perhaps you could point me to what I should be looking for? Otherwise, perhaps I can paste in some URLs where this error was generated and we can see if there is some troubleshooting that needs to occur?

Thanks again for your help.

The forward I am talking about is before it gets to your ISP. Some email will traverse several machines before reaching the final destination. It is possible (though rare) to go from an end user, to a small ISP to a large ISP before being sent to your ISP.
You do not appear to be doing anything wrong. And again, this is NOT an error. It is a warning. As long as the "receiving system" in the line being discussed is not part of your mail path, there is nothing to worry about. There is nothing you can do to eliminate this message. It is based on the path the message took to get to you.