Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by RadicalDad

  1. Sometime about a year ago, I complained on these forums that Spamcop has become all but useless when using Outlook on an Exchange server. The spam report ALWAYS comes back pointing to my own email server, even when a cursory look shows the obvious source of the spam. I've all but stopped reporting on Spamcop for this reason. Someone suggested on that ancient thread that I post a sample for folks to look at. OK, here one is. Note also that Spamcop also misses the bogus hyperlink ("Click here!"), not doing any reporting at all on the bogus web host. Are the light still on here? Message header: Received: from MBX01D-ORD1.mex09.mlsrvr.com ( by MBX01A-IAD3.mex09.mlsrvr.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27 via Mailbox Transport; Wed, 15 Feb 2017 20:56:00 -0500 Received: from MBX05C-ORD1.mex09.mlsrvr.com ( by MBX01D-ORD1.mex09.mlsrvr.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27; Wed, 15 Feb 2017 19:56:00 -0600 Received: from gate.forward.smtp.iad3a.emailsrvr.com ( by MBX05C-ORD1.mex09.mlsrvr.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27 via Frontend Transport; Wed, 15 Feb 2017 19:55:59 -0600 Return-Path: liysc25@nottingham.ac.uk X-spam-Threshold: 95 X-spam-Score: 0 X-spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-13735-c X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=QPAqfUDL c=1 sm=1 tr=0 a=wMuiOM+aJX97FqABAv1gmw==:117 a=wMuiOM+aJX97FqABAv1gmw==:17 a=n2v9WMKugxEA:10 a=KXl77lDgDEgIEtoqJYcA:9 a=jMgyydZaAAAA:8 a=TMeMXT5H6L7W2mJr2DcA:9 a=wPNLvfGTeEIA:10 a=zOPv43MEAAAA:8 a=jt-rlJBq7EhYDvrx:21 a=_W_S_7VecoQA:10 a=H_FcBddkztAA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=sRwWbsoZOIyncXQJl99K:22 a=jKBK-nmJ8lQYDYSZPBHD:22 X-Orig-To: XXX X-Originating-Ip: [] Authentication-Results: smtp27.gate.iad3a.rsapps.net; iprev=pass policy.iprev=""; spf=pass smtp.mailfrom="liysc25@nottingham.ac.uk" smtp.helo="uidappmx06.nottingham.ac.uk"; dkim=none (message not signed) header.d=none X-Classification-ID: 0fa97262-f3eb-11e6-9265-782bcb33f754-1-1 Received: from [] ([] helo=uidappmx06.nottingham.ac.uk) by smtp27.gate.iad3a.rsapps.net (envelope-from <liysc25@nottingham.ac.uk>) (ecelerity r(Core: with ESMTP id F6/CD-22337-EA605A85; Wed, 15 Feb 2017 20:55:59 -0500 Received: from uidappmx06.nottingham.ac.uk (localhost.localdomain []) by localhost (Email Security Appliance) with SMTP id 752592DF798_8A506AEB for <XXX>; Thu, 16 Feb 2017 01:55:58 +0000 (GMT) Received: from smtp4.nottingham.ac.uk (smtp4.nottingham.ac.uk []) by uidappmx06.nottingham.ac.uk (Sophos Email Appliance) with ESMTP id 603AD2D2135_8A506AEF for <XXX>; Thu, 16 Feb 2017 01:55:58 +0000 (GMT) Received: from [] (helo=DESKTOP-55DHA5K.sjsu.edu) by smtp4.nottingham.ac.uk with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from <liysc25@nottingham.ac.uk>) id 1ceBFz-0002mF-Az for XXX; Thu, 16 Feb 2017 01:53:16 +0000 Content-Type: multipart/alternative; boundary="===============1385527312==" MIME-Version: 1.0 Subject: A document folder is shared with you! To: <XXX{AT}blk-ink.com> From: " '' Dropbox Support '' " <XXX{AT}dropbox3665.com> Date: Wed, 15 Feb 2017 17:53:12 -0800 Message-ID: <E1ceBFz-0002mF-Az@smtp4.nottingham.ac.uk> Sender: <liysc25@nottingham.ac.uk> X-MS-Exchange-Organization-Network-Message-Id: d19fd38f-f441-4628-3ea4-08d4560ef49e X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXyGDz;1322100;0;This mail has been scanned by Trend Micro ScanMail for Microsoft Exchange; X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-AuthSource: MBX05C-ORD1.mex09.mlsrvr.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0240672 Message body: Hello, Someone shared a folder with you on Dropbox. Click here to view documents. Dropbox Support. Happy sharing! NB: This message is sent to XXX
  2. RadicalDad

    Spamcop no longer works with Outlook/Exchange

    As the OP on this thread, which is now over two years old, I'm underwhelmed by the responses. To be clear, I'm appreciative of everyone who has responded, and respectful of the time and intellect expended by those who tried to find a way to make the parser work. However, at the end of the day, it is the Spamcop devs who need to fix this problem, and if they even exist anymore, they are nowhere to be found. They certainly aren't active on this forum. Indeed, it seems the lights were long ago turned off over there. As for the advice to try removing the first Received line, that didn't work. I tried that, and also removing the first 2 Received lines, then the first 3 Received lines, and finally all lines which referenced my email host in any way. That last trick worked, with the parser properly recognizing that Sparkpost was the source of the email. But then Spamcop decided amazonaws was the correct reporting address and all reports for amazonaws are devnulled. Here is a link for anyone who wants to look. https://www.spamcop.net/sc?id=z6549409030zca1b5ca2a3591ef1dad9030579e84550z By the time I find and delete all the references to my mail host's server farm, especially when Spamcop incorrectly redirects the spam report and then devnulls it, I'm better off just complaining directly. Spamcop has become useless. No doubt Julian Haight is crying in his beer.
  3. RadicalDad

    Spamcop no longer works with Outlook/Exchange

    What I am noticing is that Spamcop doesn't work at all for me anymore. Wondering if all my headers have a break in the chain now so that nothing will ever be usable for Spamcop again. I currently use Outlook 2016 with an Exchange 2016 host. Have others reported this as a problem? I use the "Outlook/Eudora" work-around submission form (well, it used to be called that) via web browser (in answer to the question by C2H5OH). Appreciate you breaking the spammy link. Good idea. As above, the Spamcop parser doesn't seem to catch any of those for me now. Is there any way to fix this? spam filtering by my mail host is very good these days, so I only submit stuff to Spamcop that is extra slimy and got through my filter, in hopes it makes it to the Spamcop RBL and will be blocked for others. If that isn't the way things work, then there probably isn't a reason for me to keep using Spamcop at all.
  4. RadicalDad

    Spamcop no longer works with Outlook/Exchange

    Thanks everyone. I was thinking someone would put the headers and body through the parser themselves. That is also why I left my original email address intact - thought the parser might need it. (I also thought about munging the address, but that address has been harvested many times by spammers, so I wasn't too worried. Still, removal by Lking is appreciated.) Here is the parser tracking URL: https://www.spamcop.net/sc?id=z6357239923z2f559431f437c6b4b950f1c320499087z The "click here" hyperlink is not retained by Spamcop when using the "view entire message" link from the parser. Failing to process these hyperlinks is a problem in addition to Spamcop always pointing at my mail host as the culprit. The "click here" URL is http;⁄⁄winnermistak,xyz⁄ppdpureoffice99888/index.php?userid=xxx@xxx.com (email address munged). Provided here for reference. I don't suggest anyone click on this.
  5. SpamCop has not been my primary spam defense in years, though I still think it is helpful for items that get through my first line of defense. As such I no longer use it often. However, lately it doesn't seem to work at all anymore. I currently use Outlook 2016 with an hosted Exchange email account from Rackspace. I use the "Outlook work-around" submission form, as I have for years. Over the last few months, every email I submit comes back with a chain error and then lists my email server as the source of the spam. This happens despite the fact that a manual inspection of the headers seems to easily locate the source of the spam. What's up? How would I get the good folks at SpamCop to look at this problem and fix it? I have included a sample header below that SpamCop failed to identify correctly. (I've munged my own email address.) Received: from MBX01D-ORD1.mex09.mlsrvr.com ( by MBX01A-IAD3.mex09.mlsrvr.com ( with Microsoft SMTP Server (TLS) id 15.1.466.34 via Mailbox Transport; Thu, 11 Aug 2016 09:23:31 -0400 Received: from MBX08D-ORD1.mex09.mlsrvr.com ( by MBX01D-ORD1.mex09.mlsrvr.com ( with Microsoft SMTP Server (TLS) id 15.1.466.34; Thu, 11 Aug 2016 08:23:30 -0500 Received: from gate.forward.smtp.dfw1a.emailsrvr.com ( by MBX08D-ORD1.mex09.mlsrvr.com ( with Microsoft SMTP Server (TLS) id 15.1.466.34 via Frontend Transport; Thu, 11 Aug 2016 08:23:30 -0500 Return-Path: Margaret.airbnb@web.de X-spam-Threshold: 95 X-spam-Score: 0 X-spam-Flag: NO X-Virus-Scanned: OK Authentication-Results: smtp23.gate.dfw1a.rsapps.net x-tls.subject="/C=DE/O=1&1 Internet AG/ST=Rhineland-Palatinate/L=Montabaur/emailAddress=server-certs@1und1.de/CN=mout.kundenserver.de"; auth=pass (cipher=DHE-RSA-AES256-GCM-SHA384) X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-9938-c X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=f/oKP66M c=1 sm=1 tr=0 a=J9iW0BsQKmAMyByeQJRqVw==:117 a=dPpJLUqbF35K/rvetBMnag==:17 a=kj9zAlcOel0A:10 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=ZZnuYtJkoWoA:10 a=7z1cN_iqozsA:10 a=8UQbOP9E4OwA:10 a=8UxHENTbAAAA:8 a=iULj8VCxAAAA:8 a=t-IPkPogAAAA:8 a=vkfOdcL3zsWbAprsECEA:9 a=OTMKNByFX4mrIdDY:21 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=DFKM4597GOBYINfd19fC:22 a=lhJ1iG1LLmzY52WcPWSZ:22 a=TwOW_m0CY6OjrxjWeTv9:22 X-Orig-To: xxx@xxx.com X-Originating-Ip: [] Authentication-Results: smtp23.gate.dfw1a.rsapps.net; iprev=pass policy.iprev=""; spf=pass smtp.mailfrom="Margaret.airbnb@web.de" smtp.helo="mout.kundenserver.de"; dkim=none (message not signed) header.d=none; dmarc=pass (p=nil; dis=none) header.from=web.de Received: from [] ([] helo=mout.kundenserver.de) by smtp23.gate.dfw1a.rsapps.net (envelope-from <Margaret.airbnb@web.de>) (ecelerity r(Core: with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384 subject="/C=DE/O=1&1 Internet AG/ST=Rhineland-Palatinate/L=Montabaur/emailAddress=server-certs@1und1.de/CN=mout.kundenserver.de") id 55/A8-04197-15C7CA75; Thu, 11 Aug 2016 09:23:29 -0400 Received: from icpu1654.kundenserver.de (infong691.kundenserver.de []) by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis) id 0MSCaM-1besQH3bWk-00TA7N; Thu, 11 Aug 2016 15:23:27 +0200 Received: from (IP may be forged by CGI scri_pt) by icpu1654.kundenserver.de with HTTP id 00pceB-1aswho3PUh-00pgMa; Thu, 11 Aug 2016 15:23:27 +0200 X-Sender-Info: <631182478@icpu1654.kundenserver.de> Precedence: bulk Date: Thu, 11 Aug 2016 15:23:27 +0200 To: <xxx@xxx.com> From: =?UTF-8?Q?Airbnb?= <Margaret.airbnb@web.de> Subject: =?UTF-8?Q?Margaret_shared_a_message_with_you?= Message-ID: <480e3179694b5bb31c7c4c22f6ba3202@huchtemeier64.de> X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii" X-Provags-ID: V02:K0:Ma/Ac8g3zv5SBujKvpScUL0GbMSmOlSViwx1LnGyibR zFrM/AceXlYYjtyCLelvcqWlmAwffOR8OW7/sYEC62AJSLn8zg KHb99SIvFrvxY4bjuMvT5QsudUSd5g3YRo/FnGj58OXQ1c2K4A 3p0v+LOBtVDlAENQluNT8bAMttLHYDmlDG84ie2BmstRBCLBl0 9IfdMfJQg4oWCuq7OU1IBuLL0EChD0E2bPfjD5dxiX7iDI0rmk nU5bo9Yo+ii5rnPtTII1PugbuMgj+IMyDWts91CVRckv+G2EnD Ii6HQ5K7MhRrrRvqp535tHmLw1VmHJD219jSIfYeZwDmFH0W89 edKOOr++w067/DPqujTfq7AmwP7Hm09pC2bDIkq7Ts5/oBOUGK IXv7Xc7d55hmBbyQO/6K9FZlrt79wQ5/Xbm9FmHnT1woHf9UqE FSRYk X-UI-Out-Filterresults: notjunk:1;V01:K0:rFyF6mr3dnE=:y6bUMGMOgMGjuwX6cdNFLa fCxP3brxIg4GU0U+nDy+EAkHJgNQZZ8Q54aYkk38apNfpi/Q8Uxs5PfM/R1ZOZ4PQYYhvjTEt +RW0mn2W2EgEv93lm+SrCkGYE/fpqU2LONqUguQIL92P9xUq5YWddDvpqtHfd+Zh3NSYqYT7O UD/0Kx3cAzQ+fMvyRYSdneW16RlMOV+KgL6y3y9NpguJuEQ6q/Ccyg26qTl8f/G6ZTpiRj3rW RH0wVRWXlRYTyXplX76BStuy8KBgxk+R9IFlAjcAzba2yriUhzh+9z9oJ4= X-MS-Exchange-Organization-Network-Message-Id: c8a1db1a-3714-4790-37a3-08d3c1eaafe5 X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXw]nP;1270700;0;This mail has been scanned by Trend Micro ScanMail for Microsoft Exchange; X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-AuthSource: MBX08D-ORD1.mex09.mlsrvr.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.1034958