Jump to content

gw1500se

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

0 Neutral

About gw1500se

  • Rank
    Member
  1. I am trying to automate reporting spam by redirecting it. Since redirection keeps the headers in tact, I thought spamcop could handle it. However, the spam is being returned with an error. I know that the sender (wtriker.ffe[at]gmail.com) is not the same as the recipient (i_was_yah00ed[at]yahoo.com) of the original spam. Is that the cause of the error (I need to figure out why that is happening anyway) or is there an inherent problem doing this with a redirect? TIA. SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <wtriker.ffe[at]gmail.com> Received: from vmx.spamcop.net (prod-sc-smtp13.sv4.ironport.com [10.8.129.223]) by prod-sc-app5.sv4.ironport.com (Postfix) with ESMTP id B9BF21EE912 for <submit.xxxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=[at]gmail.com X-IronPort-AV: E=McAfee;i="5600,1067,7567"; a="334702800" X-IronPort-AV: E=Sophos;i="5.04,562,1406617200"; d="scan'208,217";a="334702800" Received: from mail-yh0-f50.google.com ([209.85.213.50]) by vmx.spamcop.net with ESMTP; 20 Sep 2014 16:07:20 -0700 Received: by mail-yh0-f50.google.com with SMTP id f10so1319318yha.9 for <submit.xxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:resent-from:to:date:reply-to :content-transfer-encoding:content-type:mime-version:subject; bh=iRGRcj6CKDW+jxQ0gnist3sD+dnb/iuMklN7843M3f8=; b=ycLEmjRj5CyV8sW9EAex0cJrXiWAORUKvj6JCoT7/UFHoXKK2rpMrxjYtelEal7aSR AqrOztlJze0p3jstyIMf7ZlqQ4BD1M5bYvwcA78i7euCzLt3PxN3da9uwYzTr7yva+j1 gaaoBxEM9PJX4vlEmlLN9XhtsvyEfcNd+zFP8/1cKT9aY/4tbtuQc70/fw7LRQPVLiX/ ljbK8bQjcDUdyipYMMzfJ2K3OVJaIcwqQuiDDKpGlwnKu9vKioX0S7tITIzStmtDnAYl RTt/2iuAYu8QMAz+W+C+C4DPvhPONZex50CaHmhxujHayKZFqKx+coSQUN+TfJjYIqIs gyXw== X-Received: by 10.236.75.99 with SMTP id y63mr27437yhd.105.1411254439101; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) Received: from [192.168.0.102] (162-230-29-95.lightspeed.tukrga.sbcglobal.net. [162.230.29.95]) by mx.google.com with ESMTPSA id t35sm2506485yho.56.2014.09.20.16.07.18 for <submit.xxxxxxxxxxxx[at]spam.spamcop.net> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 20 Sep 2014 16:07:18 -0700 (PDT) Message-ID: <541e08a6.2fd2ec0a.3acd.ffff92db[at]mx.google.com> From: Student Loan Specialist <wtriker.ffe[at]gmail.com> X-Google-Original-From: Student Loan Specialist <sloan_yRZIO[at]email-delivery-1.com> Resent-from: i_was_yah00ed[at]yahoo.com To: submit.xxxxxxxxxxxx[at]spam.spamcop.net Date: Sat, 20 Sep 2014 19:07:00 -0400 (Eastern Standard Time) Reply-To: Student Loan Specialist <sloan_mAZVi[at]email-delivery-1.com> Content-Transfer-Encoding: 8bit Content-Type: multipart/mixed; boundary="----=sloan1" Mime-Version: 1.0 Subject: Legally ELIMINATE your student loans. ------=sloan1 Content-Type: multipart/alternative; boundary="----=sloan2" ------=sloan2 Content-Type: text/html; charset=UTF-8; Content-Transfer-Encoding: quoted-printable <html> <body> <div align="center"> <form name=3D"sloan_1MI" method=3D"get" action=3D" http://www.email-delivery-1.com/g8zzUTqWy....t;><input type=3D"SUBMIT" value=3D"CLICK HERE TO TAKE CARE OF YOUR STUDENT LOANS"></form><br><br> <IMG src="http://www.email-delivery-1.com/slo.gif" border=0 usemap="#sloan_1MI" style="display:block !important; line-height:0 !important; font-size:0 !important;" /></A><br><br><br><br> <map name="sloan_1MI" id="sloan_1MI"> <area shape="default" href="http://www.email-delivery-1.com/g8zzUTqWy.d3_l.RQd8pQgn5p9y3J4dmHQjtuLLBVOI=/studentloans-link"> </map> </div> <br><br> <IMG src="http://www.email-delivery-1.com/mindfulness.png" border=0 usemap="#finished_1MI" style="display:block !important; line-height:0 !important; font-size:0 !important;" /></A> <map name="finished_1MI" id="finished_1MI"> <area shape="default" href="http://www.email-delivery-1.com/g8zzUTqWy.d3_l.RQd8pQgn5p9y3J4dmHQjtuLLBVOI=/finished"> </map><br><br> </div> Trouble seeing this message? Copy & paste this into your web browser: <br> <br> http://www.email-delivery-1.com/g8zzUTqWy....udentloans-link </body> </html> The email which triggered this auto-response had the following headers: Return-Path: <wtriker.ffe[at]gmail.com> Received: from vmx.spamcop.net (prod-sc-smtp13.sv4.ironport.com [10.8.129.223]) by prod-sc-app5.sv4.ironport.com (Postfix) with ESMTP id B9BF21EE912 for <submit.xxxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=[at]gmail.com X-IronPort-AV: E=McAfee;i="5600,1067,7567"; a="334702800" X-IronPort-AV: E=Sophos;i="5.04,562,1406617200"; d="scan'208,217";a="334702800" Received: from mail-yh0-f50.google.com ([209.85.213.50]) by vmx.spamcop.net with ESMTP; 20 Sep 2014 16:07:20 -0700 Received: by mail-yh0-f50.google.com with SMTP id f10so1319318yha.9 for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:resent-from:to:date:reply-to :content-transfer-encoding:content-type:mime-version:subject; bh=iRGRcj6CKDW+jxQ0gnist3sD+dnb/iuMklN7843M3f8=; b=ycLEmjRj5CyV8sW9EAex0cJrXiWAORUKvj6JCoT7/UFHoXKK2rpMrxjYtelEal7aSR AqrOztlJze0p3jstyIMf7ZlqQ4BD1M5bYvwcA78i7euCzLt3PxN3da9uwYzTr7yva+j1 gaaoBxEM9PJX4vlEmlLN9XhtsvyEfcNd+zFP8/1cKT9aY/4tbtuQc70/fw7LRQPVLiX/ ljbK8bQjcDUdyipYMMzfJ2K3OVJaIcwqQuiDDKpGlwnKu9vKioX0S7tITIzStmtDnAYl RTt/2iuAYu8QMAz+W+C+C4DPvhPONZex50CaHmhxujHayKZFqKx+coSQUN+TfJjYIqIs gyXw== X-Received: by 10.236.75.99 with SMTP id y63mr27437yhd.105.1411254439101; Sat, 20 Sep 2014 16:07:19 -0700 (PDT) Received: from [192.168.0.102] (162-230-29-95.lightspeed.tukrga.sbcglobal.net. [162.230.29.95]) by mx.google.com with ESMTPSA id t35sm2506485yho.56.2014.09.20.16.07.18 for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 20 Sep 2014 16:07:18 -0700 (PDT) Message-ID: <541e08a6.2fd2ec0a.3acd.ffff92db[at]mx.google.com> From: Student Loan Specialist <wtriker.ffe[at]gmail.com> X-Google-Original-From: Student Loan Specialist <sloan_yRZIO[at]email-delivery-1.com> Resent-from: i_was_yah00ed[at]yahoo.com To: submit.xxxxxxxxxxxxxxx[at]spam.spamcop.net Date: Sat, 20 Sep 2014 19:07:00 -0400 (Eastern Standard Time) Reply-To: Student Loan Specialist <sloan_mAZVi[at]email-delivery-1.com> Content-Transfer-Encoding: 8bit Content-Type: multipart/mixed; boundary="----=sloan1" Mime-Version: 1.0 Subject: Legally ELIMINATE your student loans.
  2. How in the world do I find the IP address I need to modify an email address from the unsorted list of hundreds of IPs? I cannot find, or don't know how to find, 68.142.231.17 in that list.
  3. I keep getting spam that I cannot report because it results in the error: Unable to process message. IPv6 addresses are not supported. No source IP address found, cannot proceed. I may have asked this question before but I don't think I was able to produce the headers at the time so it was really never resolved. This time I have posted the full headers below. I can see the X-Originating-IP header but I don't understand why this cannot be processed. Can someone shed any light on this and suggest what I might do? TIA. X-Account-Key: account1 X-Mozilla-Keys: X-Apparently-To: x via 98.138.213.185; Fri, 16 Dec 2011 04:55:43 -0800 Received-SPF: none (domain of frederickcountymd.gov does not designate permitted sender hosts) X-YMailISG: QxBAIiYWLDsTRb0vX4H3O8YESsj39aUyP0BORMk7tItHihyn jZlOpcwDIV7ioPjYQZ6RcUvQufWVeqbRYXV4eDjmviAITmlKUMmHx7RhO3Fo Edq_Fu9NSlCKA4IAPGdegq5cLIriR8Xyw3tbTpckW5eY3R.wvShWJWpZGwHd asp6qLrEvwzko9FWFUsBP4Scj4JXGYMm.7eeMIZwka.n5gcrcXh47VS9x5rk Mpn9e81wWEEYGW5jCMLU_izzJboNQv5AipZWslqoZlufrG2PdsWzfV6h X-Originating-IP: [199.248.201.241] Authentication-Results: mta1013.sbc.mail.sp1.yahoo.com from=FrederickCountyMD.gov; domainkeys=neutral (no sig); from=FrederickCountyMD.gov; dkim=neutral (no sig) Received: from 204.127.217.78 (EHLO fgateway08.isp.att.net) (204.127.217.78) by mta1013.sbc.mail.sp1.yahoo.com with SMTP; Fri, 16 Dec 2011 04:55:43 -0800 Received: from mailgw2.frederickcountymd.gov ([199.248.201.241]) by isp.att.net (frfwmxc08) with ESMTP id <20111216125543M080041q79e>; Fri, 16 Dec 2011 12:55:43 +0000 X-ATT-UNSOLICITED: OK Received: from mailgw2.frederickcountymd.gov ([199.248.201.241]) by isp.att.net (frfwmxc08) with ESMTP id <20111216125543M080041q79e>; Fri, 16 Dec 2011 12:55:43 +0000 X-Originating-IP: [199.248.201.241] Received: from mailgw2.frederickcountymd.gov (localhost.localdomain [127.0.0.1]) by mailgw2.frederickcountymd.gov (8.13.8/8.13.8) with SMTP id pBGCtglv003558 for <x>; Fri, 16 Dec 2011 07:55:42 -0500 Received: from NT1S21.nt1.local ([10.12.20.123] helo=NT1S21.nt1.local) with IPv4:25 by mailgw2.frederickcountymd.gov; 16 Dec 2011 07:55:42 -0500 Received: from nt1s21.nt1.local ([::1]) by NT1S21.nt1.local ([::1]) with mapi; Fri, 16 Dec 2011 07:55:42 -0500 From: "Coleman, Sherman" <SColeman[at]FrederickCountyMD.gov> To: "x" <x> Date: Fri, 16 Dec 2011 07:55:41 -0500 Subject: Fw: Thread-Index: Acy750wZMu3TXA60RKyg4fRMjhDnwAACrfzm Message-ID: <D828__________________________________0D98[at]NT1S21.nt1.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US x-tm-as-product-ver: SMEX-10.2.0.1135-6.800.1017-18586.004 x-tm-as-result: No--46.194300-0.000000-31 x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_D828BBBC7AA3CF49B52C756F07A2A3EF0CFBF80D98NT1S21nt1loca_" MIME-Version: 1.0 X-Assp-Version: 1.8.1.7(1.0.06 on mailgw2.frederickcountymd.gov X-Assp-Passing: acceptAllMail X-Assp-ID: mailgw2.frederickcountymd.gov 13240-50489 X-Assp-Intended-For: x X-Assp-Envelope-From: scoleman[at]frederickcountymd.gov
  4. gw1500se

    Unable to report spam

    I don't have all my Google email accounts registered but the one that got this spam is registered. I'll try doing all of them and see what happens. Thanks.
  5. I've been getting a lot of spam that I am unable to report. Here is one such spam From - Tue Oct 04 04:00:35 2011 X-Account-Key: account5 X-UIDL: GmailId132cc0100dd1723e X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Delivered-To: x Received: by 10.142.225.6 with SMTP id x6cs49188wfg; Mon, 3 Oct 2011 15:56:50 -0700 (PDT) Received: by 10.68.19.225 with SMTP id i1mr4689257pbe.63.1317682610332; Mon, 03 Oct 2011 15:56:50 -0700 (PDT) Return-Path: &lt;bounce[at]filefactory.com&gt; Received: from us-mgr.filefactory.com (mail.filefactory.com. [98.143.146.34]) by mx.google.com with ESMTPS id n8si16503373pbg.272.2011.10.03.15.56.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 03 Oct 2011 15:56:50 -0700 (PDT) Received-SPF: pass (google.com: domain of bounce[at]filefactory.com designates 98.143.146.34 as permitted sender) client-ip=98.143.146.34; Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce[at]filefactory.com designates 98.143.146.34 as permitted sender) smtp.mail=bounce[at]filefactory.com Received: from us-mgr.filefactory.com (localhost.localdomain [127.0.0.1]) by us-mgr.filefactory.com (8.13.8/8.13.8) with ESMTP id p93MunDv030379 for &lt;x&gt;; Mon, 3 Oct 2011 15:56:49 -0700 Authentication-Results: us-mgr.filefactory.com; dkim=none (no signature) header.i=unknown; x-dkim-adsp=fail Received: (from root[at]localhost) by us-mgr.filefactory.com (8.13.8/8.13.8/Submit) id p93MunAB030378; Mon, 3 Oct 2011 15:56:49 -0700 To: x Subject: No credit card? Now you can buy FileFactory Premium with your mobile Message-ID: &lt;559d________________________5543[at]marketing.doubleclickindustries.com&gt; Date: Sun, 18 Sep 2011 19:22:57 -0700 From: "FileFactory.com" &lt;information[at]filefactory.com&gt; Reply-To: information[at]filefactory.com MIME-Version: 1.0 X-Mailer-LID: 9,5,2,4,12,3 List-Unsubscribe: &lt;http://marketing.doubleclickindustries.com/emailmarketer/unsubscribe.php?M=3157590&amp;C=666fc134de2f52617456e903ea38a104&amp;L=5&amp;N=132&gt; X-Mailer-RecptId: 3157590 X-Mailer-SID: 132 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_3bf0803a5e1fdf6525f41b43769e5fd7" Content-Transfer-Encoding: 8bit View entire message Parsing header: 0: Received: from us-mgr.filefactory.com (mail.filefactory.com. [98.143.146.34]) by mx.google.com with ESMTPS id n8si16503373pbg.272.2011.10.03.15.56.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 03 Oct 2011 15:56:50 -0700 (PDT) Hostname verified: mail.filefactory.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Am I doing something wrong (these are the raw headers provided to spam cop) or are spammers figuring out ways to prevent reporting? What can I do about this type of spam? TIA.
  6. gw1500se

    [Resolved] Login Credentials Question

    Understood. I did change the email address a long time ago. I was hoping to change the log in name as it is an unpleasant reminder but I won't create a new user. Thanks.
  7. gw1500se

    [Resolved] Login Credentials Question

    Thanks but no that is not the situation. This is really not a big deal but something I was hoping to change. When I bring up the log in page for reporting (www.spamcop.net), the log in information in the upper right fields are what I am referencing. The first field is what I wanted to change. Currently it requires a defunct email address used when I first registered.
  8. gw1500se

    [Resolved] Login Credentials Question

    Thanks. Sorry for posting in the wrong forum.
  9. gw1500se

    [Resolved] Login Credentials Question

    Thanks for the reply. I am referring to reporting log in. When I go to the preferences tab the name and address are correct but neither is what I have to use to log in. My forum log in is fine.
  10. When I created my spamcop account I used what is now a defunct email address. I'm a little confused by my account name and the email address for logging on. I can't use the account name to log in but I don't want to keep using the defunct email address. How do I change the login name without creating a new account? TIA.
  11. gw1500se

    Obtaining Raw Source

    Thanks for the replies. I'll look into the Mozilla issue but I now think it is, to some extent, an ISP (AT&T) issue. I am now getting spam that does not have an origination record. It seems to me that kind of mail should be rejected by the ISP. Am I correct and should I complain to my ISP about filtering that?
  12. gw1500se

    Obtaining Raw Source

    I have encounter something new that I don't know how to handle. I am using Thunderbird and when I find spam I use the "View -> Message source" option to copy the raw source and paste it into spamcop. However, lately I have been getting occasional spam whose raw source opens to a blank page. This may be a Thunderbird issue but even the headers look wrong as there are no originating source records and very few others except from, to, subject, date and message-ID. Should this have even been delivered? Perhaps there is something my ISP is relaying that it shouldn't? What have these spammers discovered? TIA.
  13. gw1500se

    Forging Time Stamps?

    Thanks. I will do that the next time it happens.
×