All Activity

This stream auto-updates   

  1. Past hour
  2. See also
  3. P.S. This seems related to the following topic:
  4. How do I register an ipv6 mailhost? Trying to parse host 2002:a17:902:6881:0:0:0:0 (getting name) no name 0: Received: by 2002:a17:902:6881:: with SMTP id i1-v6mr7121788plk.323.1516767567431; Tue, 23 Jan 2018 20:19:27 -0800 (PST) No unique hostname found for source: 2002:a17:902:6881:0:0:0:0 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed.
  5. Today
  6. Yes Gmail has "upgraded(downgraded)" its headers for customers?
  7. Yes. That's what I meant when I said I went through the Spamcop registration process again. Sorry if I was unclear. It's cropped up again with, and ISP out of Malaysia. So, for the moment, it seems to be isolated to ISPs in east asia. I am certain that the problem originates with the X-Received line that Gmail throws into its headers. The usual ipv4 works fine, but an ipv6 address seems to give the parser indigestion. The X-Received line is the ONLY place that the ipv6 address appears in these problem emails. While composing this message, I did some digging, and discovered that the ipv6 address that's been causing me grief ( 2002:a17:902: xxxx) is reserved for 6to4 conversion and translates, interestingly enough, back to ipv4 So, it's starting to look like an oversight in the parser where the 6to4 conversion is concerned.
  8. Yesterday
  9. is where it came from "hm-changed [at]" in notes put compromised/forged web and or email accounts BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER Make sure you are connecting to your mail server's 'authenticated mail' port 587 and not the ordinary 'unauthenticated' port 25. (ask your ISP to check for you) FAQ see PBL >
  10. In the future please include the Tracking URL, and not the text. Looking at a related thread, It looks like may have reconfigured their mailhost. You need to log into your reporting account, click on the <Mailhosts> tab and follow the instructions. That should resolve the error. With that the correct source of your spam may be found.
  11. When trying to submit the below email for reporting, I get this result (bold text at bottom): How can this be fixed so that the emails get reported correctly? BTW, this address (2002:a17:902:2468:0:0:0:0), is registered to IANA. Steve
  12. I've reported several hundered spam messages with no let up in messages being sent from their network. Here's a recent (January 8th) auto-reply email I got from sending a report to abuse [at] through the reporting form: Whenever possible, instead of reporting emails to OCN (abuse [at] using the reporting from, I look for the X-Originating-IP at the end of the email and try to report it that way by replacing OCN's IP address in the 1st Received line such as the one below: Received: from ( []) with the one in the X-Originating-IP which is usually a and usually, the ISP's email address that comes up is netabuse [at] Steve
  13. When I checked the link you provided, I noticed this line: Have you configured the mailhost(s) for your email accounts?
  14. I've seen similar, where the message appears to be placed in the subject. It's a minor nuisance when reporting, and a good sign that you're dealing with a spammer. What lking said to do usually works for me.
  15. Hello, A few days ago, I started encountering spam messages which cannot be processed due to what appears to be a problem with resolving an ipv6 address. Here is the tracking link: The error I received with this particular one was: No unique hostname found for source: 2002:a17:902:aa4a:0:0:0:0 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source The receiving account is a gmail account, and the sending IP (according to gmail) is, which belongs to aka the ISP from Hell. There are also numerous references to ocn throughout the header, so I am confident that they are the source. The only place that the aforementioned ipv6 address occurs in the entire header is a single X-Received: line. Every gmail message I've checked has an X-Received: line (invariably with a IP address), so I don't know if it's a google error, or if ocn spammers have figured out how to spoof this field, or if the problem is internal to Spamcop. I couldn't find anybody having a similar problem in the forum. I even tried going through the spamcop registration process again, but that didn't solve the problem. The only thing that seems consistent is that these errors only occur with spams sent from ocn. Hopefully, somebody out there has some ideas.
  16. Last week
  17. Yes that is the correct approach. Another option is to add the comment "spam has no body" when reporting as above. With practice the spammer will learn how to use their tool and put the body in correct part of the forum. Rule #3
  18. no I got it .Spammmer send me spam but empty .This was only on title.Spamcop don't see body.But I select and put title for form at spamcop report .And works . The answerd is you have to split Select outlook/eudora workaround form thanks.
  19. hi I would like ask how to report spam if spam is only on topic.Spamcop don't see it.
  20. The best form of defense is attack! By adding to "submission notes" upgrades your report. Send yourself a copy to see what your sending, spamcop reformats a lot of notes on the last line I put a > symbol. Rhis seems to make your notes better formated.
  21. Good work! Being relentless does work. I know the effort is time consuming, I just spend 1/2 hour to clear the spam out of this forum and will not start on my private accounts. The fight goes on, Thanks.
  22. warned, blocked and post moved from "Email system & accounts"
  23. Supreme Boostr :- Supreme Boostr is another male enhancement supplement that with the careful determination of fixings the outcomes are in a general sense ensured. With each settling being subjected to cross-clinical trials for their adequacy. One of a kind Boostr wires are with everything taken into account incredible, show upheld fixings . In the occasion that you're chasing down broadened sex drive, more prominent and firmer erections, enhanced stamina, a more pleasurable trouble, and a general executioner room execution, you can't turn out gravely with Supreme Boostr.
  24. Thanks Petxl, I followed your advice about adding notes with the IP address as well as other information. This was the basic content: *** This is a CHILD PORN spammer! Pictures of girls under 18, or made to look under 18. NO PROOF OF AGE available on the site! THIS spam WAS SENT TO MINORS! IP Address: Please investigate and stop this disgusting spammer! Thank you! *** For spam from I manually sent a spam report with the full content of the email via my email application to (I copied everything in: "View full message" into the email): This was effective as Amazon is very diligent, and within a day or two they'd get back to me and report: ...We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report... etc. After about 10 or 15 of such submits, the spam from Amazon stopped! Regardless, the spam from Google continued unabated. At the beginning, all the spam from this spammer had different subjects and content, but then whoever it was started to send each spam out in duplicate or triplicate. I guess they were pushing me, thinking I would give up reporting, given the amount of spam they were sending... Nevertheless, I was relentless in reporting every single one, sometimes it would take me an hour or more each day! But good news, finally, three of four days ago it all stopped! Who knows what happened, maybe whoever it was took a vacation... but for now there is no more spam from that entity!! It may be a bit early, but thanks to everyone for their advice.
  25. Can someone point me to the nearest wall so I can bang my head against it? You're whoising ARIN for an IP in the APNIC pool (just as Spamcop is doing). Anytime you do that, you will get . APNIC is NOT an ISP. If you whois APNIC at for that IP, you will get current ISP information about role: Manager Admin address: 485-A/15,1st floor,G.T. Road, Dilshad garden,New Delhi,Delhi-110095 country: IN phone: +91 9958033533 e-mail: admin-c: AA1235-AP tech-c: AA1235-AP nic-hdl: MA965-AP mnt-by: MAINT-IN-APNAINFO last-modified: 2016-04-29T09:31:10Z source: APNIC (edit: P.S. The abuse contact for via APNIC is still
  26. Checking another Whois I find for This IP seems to be part of a large block of IPs in India used for VPN (hiding the location of the source) Going back to tjsynkral's old post on146.196.52.181 the block of IPs has a different abuse contact now. I have no idea what was a valid abuse address for Oct 2017. Those who seem to support spammers do try to change blocks of IPs all the time to avoid being blocked. Both blocks 146.196.52.- and the block - are managed by APNIC. Those who had in October could now have control of There is a considerable body of anecdotal evidence that APNIC does not strongly enforce the rules. If you have more valid information for an IP or block of IPs <Reporting Help> <Reporting Address Issues> would be the correct (sub) forum to post current updated information.
  27. In the case of this IP, they're trying to send mail to a black hole created to trap broken software that searched the wrong IP registry. Perhaps the abuse contact for would like to know about the spam report and take action on it before it gets to SCBL. There's no chance that search-apnic-not-arin is a deliberate thing.
  28. Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given. When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.
  1. Load more activity