Jump to content

Richard W

Forum Admin
  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Richard W

  • Rank

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location

Recent Profile Visitors

1,140 profile views
  1. Richard W

    error: couldn't parse head

    If you write me at deputies@ with your account address and the addresses you are trying to add, I'll see what I can do. Can't do much with Hotmail or Gmail until they get they crap together and start following standards again, but if you have other hosts I may be able to dig them up.
  2. Richard W

    PARCO Innovation compagny blacklist

    Another possibility is, I notice bouyguestelecom.com has their own issue with IP addresses being listed. It is possible they are rejecting mail because their own IP is listed, but their error message shows the connecting IP. In this case they would be rejecting most of their incoming mail and would hopefully notice quickly.
  3. I'll file a bug report on the exact matches as those should be munged. I can't say whether the address is being munged in the delivered report or not. In the ones I check in the past, they were munged. This looks to be a different situation though. The only real way of checking is to send yourself a report and see what you get. I can't really make an argument on munging the from address where it is not an exact match with the recipient address though. sameLHS [at]gmail.com is not a match with the address the spam was sent to. If its any consolation, this does look to be gamut spam, so the reports are not going back to the spammer/bot operator. But it is a door we need to get closed again. Richard
  4. Richard W

    Planned Outage - SpamCop Forum

    There will be a planned outage of the SpamCop forum on Monday April 25 from 6:00 am to 10:00 am PDT. During this time the forum hosting provider will be upgrading the software to its new version. Richard
  5. Lou is correct. When we took over the MX from CESmail in 2014 our concern was we didn't want users losing email addresses they had come to rely on, but it was not feasible to take over the actual mail service. Therefore our promise was to forward received mail to an address provided by the user. No filtering is done. The mail shouldn't be coming to you as an attachment. The mail just passes through as a .fwd rule, adding a hop to the header. There is no actual server at mvx.spamcop.net to accept the mail, store it and forward it. Richard
  6. Richard W

    All spams lately get "no links found"

    Word is the bug should be fixed. A patch was pushed out Wednesday night after a couple of days of beta testing. The issue was created when some coding was changed/removed to correct css vulnerabilities. It took a while to get a secure workaround.
  7. Richard W

    Forum Status

    I just want to follow up a little bit with what Lou had to say. As many of you have noted, it has been a rough few weeks around SpamCop. Believe me though, it's been tougher on this side of the screen than on your side. With all the security breaches and break ins and data thefts, everyone is concentrating on security. There has been huge increases in spam in recent weeks from exploits in all the major CMS software, including Joomla, WordPress and others. This means anything scripting, such as php, cgi, or whatever is suspect. Our back end teams are pouring through code looking for anything that might be suspect and making changes. Of course with all the inter-dependencies in SpamCop those changes will sometimes unexpectedly break things. That's what is behind things like the not finding links issue, html display issues, etc. It's a time consuming process but it is all being done to maintain the integrity and security of SpamCop. Fixing some of the breaks will always be prioritized along with all projects underway, so sometimes they are going to take longer than normal. They are all being tracked and will be fixed. Cisco remains committed to SpamCop and SpamCop is a very important part of their security operations. This includes SpamCop being part of the Talos group at talosintel.com, where we are part of Cisco's overall security research, response and development team. Richard
  8. As I had stated and shown, reports are going out with the addresses munged. If I suspected there was an issue I would have been the first to make the call to flip the switch on SpamCop until the problem is resolved. There is an issue with the html rendering and display on the SpamCop pages, where mark up language is being shown instead of tag characters causing the display to not show the tags properly, outgoing reports are being interpreted properly and user addresses are munged. I'm working with our development team to get this resolved. Richard
  9. I can assure you reports are going out with the addresses munged. The same bug that is causing html tags to be converted to ascii is causing addresses to be displayed when you look at the message in your browser. However the report that goes out is sent correctly: User-targeted report, see notes, if any. https://www.spamcop.net/w3m?i=z6zzz004zfdd2e5bb2b90188260669f94dbxxx [ Offending message ] Return-Path: <wegwuag[at]pizda.ninka.net> Delivered-To: <x> Received: from vmx5.spamcop.net by prod-sc-queue2.sv4.ironport.com (Dovecot) with LMTP id OomQJealClfyYgAA97r88g for <x>; Sun, 10 Apr 2016 12:14:14 -0700 Received: from pizda.ninka.net (unknown []) by vmx5.spamcop.net (Postfix) with ESMTP id 0DBBBED2FE for <x>; Sun, 10 Apr 2016 12:14:06 -0700 (PDT) Received: from axu (unknown []) by pizda.ninka.net with SMTP id mwaAOpRAeo7IlIZv.1 for <x>; Mon, 11 Apr 2016 03:14:06 +0800 Message-ID: <2016____________5127[at]pizda.ninka.net> From: =?utf-8?B?54eV5oC7?= <wegwuag[at]pizda.ninka.net> To: <x> Subject: =?utf-8?B?5pyA5paw5Ye65Y+w55qE5paw5Yqz5Yqo5ZCI5ZCM5rOV?= Date: Mon, 11 Apr 2016 03:14:00 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0E7B_011A47D6.17D6E4E0" X-mailer: Rnnxeyfsyy 3 Richard
  10. Richard W

    Important SpamCop Announcement

    Announcement It is with extreme sadness that we announce the passing of long time SpamCop Deputy Don Bennett (aka Don D'minion). Don was the first deputy hired by SpamCop in about 2001 and has been busy in the fight against spam since then. Although Don may have been hard-nosed, he also had the thick skin needed in this job. Underneath, he held a true desire to just make sure things are done right. He was a colleague and a friend, who truly will be missed. Anyone that has been making contact through the service[at] alias can continue to do so as I'll be looking after that mailbox for the time being. If you've been using one of his personal aliases to contact SpamCop, please change to service[at] or deputies[at]. Thank you and may God bless Don and his soul. Richard
  11. Richard W

    SpamCop not signing in (paid service)

    Please be patient with us on this one. We have 24 shiny new servers coming online that are running a new version of SpamCop (v4.8.3.028) on CentOS versus FreeBSD and SpamCop v4.8.2.018. Obviously we're working through some bugs so you're seeing us switching back and forth between the servers. Hopefully everything will be worked out and we'll be on the new servers full time by mid-week. Richard
  12. Richard W

    wrongly parsed header?

    It's been a long time since I've hand parsed it took me a bit to get on top of this :-) The parsing engine does act differently for users that have mailhost records in their account versus those that don't (you don't). It does rely a little more on chain verification, time stamp matches, things like that when there is no mailhost record. Note in the parsing there is a couple of statements: mail.gavle.to and h-214-100.a322.corp.bahnhof.se have close IP addresses - chain verified Possible relay: Received line accepted After that the received lines fail the chain test, so it falls back and takes the most recent accepted line, which is the handoff from, which does look like the correct target to me. I looked at a bit of your report history to see how your network handles mail. Some other samples from this same source convinces me the right source was selected. If you had mailhosts in your account the parsing would probably have stopped at, but here it went one step further. Certainly not a wrong choice. Richard
  13. Richard W

    SC Contacts

    Both remain valid. Don was having some mail issues, which have been resolved. R
  14. Richard W

    Important SpamCop Announcement

    Important Announcement: The SpamCop Reporting Service is saddened by the news that Corporate Email Services (CESmail) will cease operations on September 30, 2014. As the exclusive provider of email service under the spamcop.net name, we have had a long standing business relationship with CESmail, which enhanced the service we have provided since 1998. SpamCop has worked with CESmail to ensure an orderly shutdown. To minimize impact to SpamCop users, CESmail has provided instructions to their customers to change their account options and provide a forwarding address prior to 5:00 pm EDT September 30, 2014. At that time SpamCop will take over the mail forwarding and CESmail will permanently close their operations. On the transition day, we will do our best to ensure the service migration to be seamless, however please be informed that temporary service disruption may happen. SpamCop will provide this mail forwarding service with no additional or future charge to our users. Our commitment is to provide the forwarding service through 2015 and review the ongoing need for this service annually each fall. Should you wish to discontinue this forwarding or change the address mail is being forwarded to, you will find a new tab on the SpamCop.net Reporting Service page when logged in allowing you to do this. It is important CESmail customers follow the instructions provided to set up forwarding. There will be no rescuing email accounts, files or folders once we take over the forwarding service. Those who have subscribed to the CESmail provided mail service have enjoyed enhanced access to the SpamCop reporting service, including all features of a premium SpamCop reporting account. This includes the ability to have standing addresses receive copies of SpamCop reports, the option to add addresses to receive copies of SpamCop reports, the option to appeal issues to SpamCop staff from directly within the reporting structure, and of course no nag screens when reporting spam. Anyone who has a CESmail account at the time of shutdown on September 30 will continue to enjoy the premium access to the SpamCop reporting service indefinitely without additional or future charge. SpamCop is also pleased to announce that while the user support forums have been hosted by CESmail, we will continue to keep the forums operational as the primary source for user support. Peer to peer support has been an important part of keeping SpamCop as a free service. To accommodate the changeover of the SpamCop Forums to our servers there will be a short outage of the forums on Thursday, October 2 between 9:00 a.m. and 11:00 a.m. PDT. There has been speculation that the end of the SpamCop mail service is a sign of Cisco not supporting SpamCop. Nothing could be further from the truth as Cisco remains completely supportive of SpamCop and further commits to upcoming and ongoing enhancements to the SpamCop reporting service. Again, we must reiterate the importance that you follow the instructions you have received from CESmail to set your mail forwarding options prior to the changeover in service at 5:00 p.m. EDT this Tuesday, September 30, 2014. Richard