DaveC

I am not aware of any changes in email however they mess with it on a regular basis. Personally I cant see why they cant spot an email ,that gets here through a series of smoke and mirrors, is not at the very least diverted to a spam folder - doesnt even flag as possible spam which I see on Gmail. I had read the para re introduced errors but probably like most other users would think that did not apply to me. I have asked poulter.de if they are aware that spam appears to be coming from one of their domains. Even if it is blocked the spammer will simple switch to another - I am sure they will have a list of semi unused sites with leaky security. Will report back if anything happens and if I get a spam in a format that I can add in the links and get SC to pick them up and prepare a report I will come back and show what I mean. Best wishes for the new year.

Hi - First post- This was going to be a quick question but having read a few comments thought I had better put in as much info as possible. I am getting a spam daily in this format When I submit it it just comes up with a devnull stats message Please can anyone help me decipher the header and suggest where it might have come from so I can do some DIY reporting - I have very limited knowledge Apologies if this is in the wrong part of the forum - happy for it to be moved if required. It actually rejects the item if I send using the 2 part form but does a bit better by email?? Return-Path: <> Received: from cm12gb1 (10.101.251.12) by mail.svcgb1.int.opaltelecom.net (8.6.146) id 5A3442BC0068C050 for ME***@tiscali.co.uk; Wed, 27 Dec 2017 09:16:49 +0000 Message-ID: <5A3442BC0068C050@ms13gb1.int.opaltelecom.net > (added by postmaster@mail.svcgb1.int.opaltelecom.net) Received: from 01.healtingoods.xyz ([85.93.19.55]) by mx.talktalk.net with SMTP id U7pRe5Bkfn260U7pReUxjt; Wed, 27 Dec 2017 09:16:49 +0000 X-Delivered-To: ME**@tiscali.co.uk from:=?UTF-8?B?SW5zdXJhbmNlIFF1b3Rl?= <contact@georgia.gov> subject:ME***@tiscali.co.uk =?UTF-8?B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 to:ME***@tiscali.co.uk reply-to:<reply@georgia.gov> content-type:text/html; X-Priority:1 X-CMAE-Envelope: MS4wfCzmZzns6p4GUALWbyjysr4DYzbkgQxkJ24nLEE 2mV5IdQ32AsistMbejuszTGVwUtghVQNCMbhfCBUDqd 0/pYHn5K5APIfN4rOWtRpY2JOOdry486E+ bxs1jDtYjGNl/4P3t7Ef6m8HfwY0c7XQmSo= The "Body" is just an image with links even when I send the links they are ignored at spamcop. Image is at: http://thelib.ru/go?url=0xD90CDD28/gSNnm.png http://5.189.188.248/Creatives/gSNnm.png http://5.189.188.248 is https://contabo.de/ Clickable Link is https://webmail.tiscali.co.uk/cp/ps/Mail/ExternalUR LProxy? d=tiscali.co.uk&u=ME***&url=http://thelib.ru/go::cp ::2915::cp::url::cp::61::cp::0xD90CDD28/134ii98828 4uo229qu779ic182wn50rr&urlHash=1.4490098802 000302E22 Bits I really struggle with are http://thelib.ru/go::cp::2915::cp::url::cp::61::cp::0xD9 0CDD28/134ii988284uo229qu779ic182wn50rr&url Hash=1.4490098802000302E22 what is this bit about? /go::cp::2915::cp::url::cp::61::cp::0xD90CDD28 ************************************************************* Received: from 01.healtingoods.xyz ([85.93.19.55]) 85.93.19.55 is http://www.poulter.de/ seems to be a personal domain? Is the email likely to be from there or just being bounced. If bounced and I contact them is there anything they can do to stop it or am I just wasting my time? SpamCop v 4.8.6 © 2017 Cisco Systems, Inc. Allrights reserved. Here is your TRACKING URL - it may be saved forfuture reference: https://www.spamcop.net/sc?id=z6432302980z3d6073bb26a9063ac0d9fbd4cee039f6z Skip to Reports Return-Path: <> Received: from cm12gb1 (10.101.251.12) by mail.svcgb1.int.opaltelecom.net (8.6.146) id 5A3442BC0068C050 for ME***@tiscali.co.uk; Wed, 27 Dec 2017 09:16:49+0000 Message-ID <5A34________C050@ms13gb1.int.opaltelecom.net> (added by postmaster@mail.svcgb1.int.opaltelecom.net) Received: from 01.healtingoods.xyz ([85.93.19.55]) by mx.talktalk.net with SMTP id U7pRe5Bkfn260U7pReUxjt; Wed, 27 Dec 2017 09:16:49 +0000 X-Delivered-To: x from:=?UTF-8?B? SW5zdXJhbmNlIFF1b3Rl?= <x> x =?UTF-8?B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 x reply-to:<x> content-type:text/html; X-Priority:1 X-CMAE-Envelope: MS4wfCzmZzns6p4GUALWbyjysr4DYzbkgQxkJ24nLEE 2mV5IdQ32AsistMbejuszTGVwUtghVQNCMbhfCBUDqd 0/pYHn5K5APIfN4rOWtRpY2JOOdry486E+ bxs1jDtYjGNl/4P3t7Ef6m8HfwY0c7XQmSo= Content-Type: text/plain X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack) View entire message Parsing header: This header is incomplete. Please supply the full headers of the spam you're trying to report. No source IP address found, cannot proceed. By email CLICK 'BACK' BUTTON TO RETURN TO SPAMCOP ######################################## ######################################## Return-Path: &lt;&gt; Received: from cm12gb1 (10.101.251.12) by mail.svcgb1.int.opaltelecom.net (8.6.146) id 5A3442BC0068C050 for ME***@tiscali.co.uk; Wed, 27 Dec 2017 09:16:49 +0000 Message-ID: &lt;5A3442BC0068C050@ms13gb1.int.opaltelecom.n et&gt; (added by postmaster@mail.svcgb1.int.opaltelecom.net) Received: from 01.healtingoods.xyz ([85.93.19.55]) by mx.talktalk.net with SMTP id U7pRe5Bkfn260U7pReUxjt; Wed, 27 Dec 2017 09:16:49 +0000 X-Delivered-To: ME**@tiscali.co.uk from:=?UTF-8?B?SW5zdXJhbmNlIFF1b3Rl?= &lt;contact@georgia.gov&gt; subject:ME***@tiscali.co.uk =?UTF-8?B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 to:ME***@tiscali.co.uk reply-to:&lt;reply@georgia.gov&gt; content-type:text/html; X-Priority:1 X-CMAE-Envelope: MS4wfCzmZzns6p4GUALWbyjysr4DYzbkgQxkJ24nLEE 2mV5IdQ32AsistMbejuszTGVwUtghVQNCMbhfCBUDqd 0/pYHn5K5APIfN4rOWtRpY2JOOdry486E+ bxs1jDtYjGNl/4P3t7Ef6m8HfwY0c7XQmSo= ----Original Message---- From: contact@georgia.gov Date: 27/12/2017 9:16 To: &lt;ME***@tiscali.co.uk&gt; Subj: ME***@tiscali.co.uk Are you and your family protected? Avoid NHS waiting lists - find out more http://thelib.ru/go?url=0xD90CDD28/gSNnm.png http://5.189.188.248/Creatives/gSNnm.png http://5.189.188.248 is https://contabo.de/ &quot;&gt; REPORT SpamCop v 4.8.6 © 2017 Cisco Systems, Inc. Allrights reserved. Here is your TRACKING URL - it may be saved forfuture reference: https://www.spamcop.net/sc?id=z6432306412zed1cce979ae307a328ee9f5ff2f5ecc1z Skip to Reports Return-Path: <> Received: from cm12gb1 (10.101.251.12) by mail.svcgb1.int.opaltelecom.net (8.6.146) id 5A3442BC0068C050 for x; Wed, 27 Dec 2017 09:16:49 +0000 Message-ID: <5A34________C050@ms13gb1.int.opaltelecom.net> (added by postmaster@mail.svcgb1.int.opaltelecom.net) Received: from 01.healtingoods.xyz ([85.93.19.55]) by mx.talktalk.net with SMTP id U7pRe5Bkfn260U7pReUxjt; Wed, 27 Dec 2017 09:16:49 +0000 X-Delivered-To: x from:=?UTF-8?B?SW5zdXJhbmNlIFF1b3Rl?= <contact@georgia.gov> subject:x =?UTF-8?B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 to:x x content-type:text/html; X-Priority:1 X-CMAE-Envelope: MS4wfCzmZzns6p4GUALWbyjysr4DYzbkgQxkJ24nLEE 2mV5IdQ32AsistMbejuszTGVwUtghVQNCMbhfCBUDqd 0/pYHn5K5APIfN4rOWtRpY2JOOdry486E+ bxs1jDtYjGNl/4P3t7Ef6m8HfwY0c7XQmSo= View entire message Parsing header: Received: from cm12gb1 (10.101.251.12) by mail.svcgb1.int.opaltelecom.net (8.6.146) id 5A3442BC0068C050 for x; Wed, 27 Dec 2017 09:16:49 +0000 host 10.101.251.12 (getting name) no name 10.101.251.12 discarded Received: from 01.healtingoods.xyz ([85.93.19.55]) by mx.talktalk.net with SMTP id U7pRe5Bkfn260U7pReUxjt; Wed, 27 Dec 2017 09:16:49 +0000 host 85.93.19.55 = vega.poulter.de (cached) vega.poulter.de is 85.93.19.55 Possible spammer: 85.93.19.55 Received line accepted Tracking message source: 85.93.19.55: Routing details for 85.93.19.55 support@isp4p.net bounces (34229 sent : 18323 bounces) Using support#isp4p.net@devnull.spamcop.net for statistical tracking. info@ip-interactive.de bounces (1100 sent : 640 bounces) Using info#ip-interactive.de@devnull.spamcop.net for statistical tracking. Report routing for 85.93.19.55: support#isp4p.net@devnull.spamcop.net, info#ip- interactive.de@devnull.spamcop.net Message is 12 hours old 85.93.19.55 not listed in cbl.abuseat.org 85.93.19.55 not listed in dnsbl.sorbs.net 85.93.19.55 not listed in accredit.habeas.com 85.93.19.55 not listed in plus.bondedsender.org 85.93.19.55 not listed in iadb.isipp.com Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found Please make sure this email IS spam: From: =?UTF-8?B?SW5zdXJhbmNlIFF1b3Rl?= <contact@georgia.gov> subject:x =?UTF-8?B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 to:x x content-type:text/html; X-Priority:1 (x =?UTF-8? B? QXJlIHlvdSBhbmQgeW91ciBmYW1pbHkgcHJvdGVjdGV kPyA=?= date:Wed, 27 Dec 2017 10:16:50 +0100 to:x x content-type:text/html; X-Priority:1) ----Original Message---- From: contact@georgia.gov View full message Report spam to: Re: 85.93.19.55 (Administrator of network where email originates) To: support#isp4p.net@devnull.spamcop.net (Notes) To: info#ip-interactive.de@devnull.spamcop.net (Notes)

Hi Thanks LKing for the quick informative reply. and petzl for the additional observations The 2 messages are the same message. The first Message 039f6z was submitted using the two part submission form Header then Body As there is nothing in the body that can be copied I extracted the links for the image and for the " click here" link. and put them in the body section ( I did not tinker with the header in any way.) I have always extracted the links in previous submissions over maybe 2 years and SC picked them up -reports have been sent to those links when I felt it was good to do so. Over the last 3 weeks I have done this and they are all rejected saying the header is incomplete. (I dont understand why? as I open the full header select it copy it and paste it as I have always done.) The second attempt was to send the same message to SC via my email link it does suggest this "Submitting spam via email (may work better)" as part of the incomplete header message. I have not tried this very often and may have misunderstood the instructions. When I have forwarded phishing emails to banks or building societies or amazon or BT etc I copy the header off the spam email and paste it just above the actual spam message as I have assumed that if I dont do that it will be lost to whoever I send it to and the forwarded email they receive will have very little information. In this case had I not pasted the header and the links for the body all that would have been received atSC would be ----Original Message---- From: contact@georgia.gov Date: 27/12/2017 9:16 To: &lt;ME***@tiscali.co.uk&gt; Subj: ME***@tiscali.co.uk Are you and your family protected? Avoid NHS waiting lists - find out more SC came up with poulter.de, then prepared null reports for the spread of domains, is Abuse contact for '85.93.19.0 - 85.93.19.255' is '' support@isp4p.net & info@ip-interactive.de I have looked at the site by name however and he has this page http://www.poulter.de/impressum.html with a report address of webmaster@poulter.de. This is where I propose to send a report but first I was wondering if the spam was actually coming from there or just being bounced via there. I have been reporting spam for over 10 years - it was always Russian sites with Pills - now it is anything!! anywhere!! Maybe on a pay per click crap scheme? otherwise I dont know why they do it? My latest observation is that Pinterest is littered with images of spam pages - I am not registered with them but send them lists of pages with these images on - sometimes they fix them sometimes they dont. I suppose I should register then I could report them individually but that is more time consuming. This is the sort of thing I mean https://www.pinterest.co.uk/anwarmailer/