RobiBue
-
Posts
453 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by RobiBue
-
-
On 7/2/2023 at 3:26 PM, Tondelayo2023 said:
I have been getting full headers and reporting to Spamcop emails for several years. Now, the spammer is sending emails to my Spamcop address and it is being forwarded, as I requested, to my home email address.
When I try to report it, I get the "internal ip" error message.
I replied to test messages to reset my Spamcop mail host and they say, "Success," but when I go to my mailhosts page, only the pre-existing single Spamcop mail host is shown and I cannot delete it ("Already deleted?"] to add the 3 new ones in the Success emails.
Is there a delay in updating mailhosts? Do I simply have to wait to try to report spams until the system somehow accepts the new mailhosts?
Old and Confused,
Ian
Hi Ian,
I don't use mailhosts, but since this thread popped up again, I decided to look a bit (again) into the "internal IP" error and found this thread (or rather sub-thread since the possible solution might start with this comment, or maybe two comments prior...) :
hope it helps.
-
I am using Mozilla Firefox, and haven't encountered the captcha problem.
here's what my "contact a spamcop representative" page looks like:
captcha works for me, and clicking on the reload arrows (
) for new captchas works as well and is pretty fast loading them.
-
Good morning, bonne journée,
about 20 years ago, communications with development would have worked here, but since, much has changed.
SC was sold to cisco/IronPort and has only been adapted to IPv6 lately.
When Julian initially developed SC, changes were constantly happening and communication was at its peak.SC has, since cisco's takeover, been only been modified minimally and I do not expect much to happen.
Dialogue with ISPs is going to become harder and harder, not because of SC but because of the way they, the ISPs, do business. With the implementation of AIs this dialogue will become even more one-sided and the lack of good IT personnel won't help the situation. For a while, IT departments have been shipped to India, just like call centers. I'm not saying everybody has done this, but the trend points in that direction. (at least that's the way it appears to me).We are just mere users with some experience trying to help anyone with questions or give some advice... We have no access to the system, but I am almost for sure that there are members from the old and new dev team that read the forums occasionally. 👋 hi devs...
-
20 hours ago, Gingko said:
In none of these cases, any IP address or domain name belonging to me was quoted in the Spamcop's reports subjects. This implies that OVH has not taken any account of the information given by Spamcop, and that they analysed themselves the spam headers following their own understandings.
And actually my server's IP was not visible in any of these spams either.
There was only my server's domain name (kim8.reeves.fr), always in position “Received by”, that they must submit to a DNS server in order to get the IP.
To me, this implies a huge lack of intellectual faculties.I do absolutely agree with the last statement, albeit I'd point in the direction of OVH who according to the first statement apparently have either an incompetent abuse team, or none at all... any competent IT person would be able to see where the spam came from, and who the recipient thereof is, and furthermore, if a spammer receives spam from himself, he definitely wouldn't report himself.... I know, Russell's Corollary of Rule #3
-
18 hours ago, Gingko said:
Of course, but :
- My mailhosts was correctly recognised as I can read “kim0.reeves.fr received mail from sending system 51.195.100.62” - kim0.reeves.fr was the name given to this mailhost, this is the name of my first generation server given maybe 10 years ago, Spamcop couldn't know it if the mailhost was not identified.
-
136.169.211.136 is not associated with any of my mailhosts, this is normal as 136.169.211.136 is the spammer, it doesn't have to be associated with any of my mailhosts.
It doesn't look like a forgery either, if I type dig -x 136.169.211.136 in a Linux command line, I truly get 136.169.211.136.dynamic.ufanet.ru as the reverse DNS of that IP.
51.195.100.62 (reverse DNS mail.key-consulting.tech), just seems to be an intermediary relay (also hosted by OVH) not belonging to me.
I suppose that this relay is either open, either related to the spammer in some manner.If I open mail.key-consulting.tech in a browser, I get a “Web Server's Default Page” suggesting a new hosting account never configured to do anything.
And if you “do not use mailhosts setup”, what do you do instead ?
I completely get the part of the mail servers and which is which, and we, as "humans" and with some idea on how email distribution works behind the scenes, can tell where it came from (usually) and which intermediate servers it went through.
It's the "machine" which, with evolving technology and complex functionality, can have problems seeing the path.Usually it works fine, but oftentimes I have noticed, and keep repeating it, that when mailhosts are set up, the system sometimes acts up and stops somewhere in between. Probably because something changed which is out of our (our used loosely) control (like the OVH MX) and could have been changed by the provider due to new IP# allocation or other reasons. Then you have to run the mailhost setup again, but if you don't know something changed, and they won't inform you because they don't think you'd be affected, you might end up "reporting yourself" or your provider.
To avoid that scenario, I do not register the mailhosts with SC. I let the system analyze every Received: line without skipping "trusted" MXs. Thus far it has always worked, and if it stops somewhere in between with this method, then someone has their MX badly configured and needs to look into it...
This is what it looks to me:
no mailhosts, just plain report the spam
-
most probably every one of them running some M$ system....
-
1 hour ago, Gingko said:
But unfortunately, my experience is that if a bug is not fixed for 5 years, it means that nobody cares about this bug, thus it will never be fixed.
unfortunately, that is true, and if I look at my bug list with mozilla, there are bugs that have been there for more than 13 years (one I have been following that I can't fix has been there for almost 14 years - 4 months shy) and there are others which are even older with wontfix status... yeah, I know what you mean...
On the other hand, captchas are somewhat useless, as AI is strarting to abuse those "human" checks, and google abused the captchas to create their own free word reader... I can explain further if there is any interest... heck, here's a youtube link that will explain what I mean. -
5 hours ago, Gingko said:
1) The initial subject was not about mailhosts.
2) And even if the subject seems however to have indirectly raised certain problems related to mailhosts, these problems do not seem to have at any time indicated that I was the author of the spams which I reported.
3) On some occasions spam analysis showed messages like “Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line” (which I don't quite understand, since each time the mailhost, which is almost always my own mail server, was registered), but none of these analyzes produced a report indicating explicitly that the origin of the spam was me.
1) I understand that: "Reported spam identified as originated from myself by hosting provider"
2) from my understanding, it wasn't the subject but the way that spamcop parsed the spam email and the way the received headers are inserted:
QuoteReceived: from mail.key-consulting.tech (mail.key-consulting.tech [51.195.100.62]) by xxxxxxx (Postfix) with ESMTPS id 3CE881D600B5 for <x>; Wed, 7 Jun 2023 11:45:58 +0200 (CEST) Received: from 136.169.211.136.dynamic.ufanet.ru (unknown [136.169.211.136]) by mail.key-consulting.tech (Postfix) with ESMTPSA id 0591D1BBBD90; Wed, 7 Jun 2023 09:26:45 +0000 (UTC)again, the parser stopped at 51.195.100.62
Possible forgery. Supposed receiving system not associated with any of your mailhosts
which was the next received line "by mail.key-consulting.tech (Postfix)" and therein lies the problem I am trying to explain.
3) “Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line” is exactly what I'm trying to describe.
I am simply trying to help, not point fingers or accuse of anything, just point out the reason a) why the parse failed to correctly get the source, and b) why I do not use mailhosts setup.
I do understand that, and again, it seems like everybody is talking around in circles.
My point is that if mailhosts are not set up correctly (and it only requires a simple change by your provider to mess it up if it was set up right) the parser is likely to have you report yourself as spam source, which, of course, you probably are not — unless your system was compromised. -
Amazing on how the spammer rules apply...
got another spam today where the spammer is asking, in a multipart email with complete nonsense content, to verify my email...
yeah, right...I wish I still had my clue by four
Oh well, LART through SC...
P.S. For those who are unfamiliar with the term: LART is an acronym for Luser Attitude Readjustment Tool -
3 hours ago, petzl said:
Have you tried latest Microsoft Edge and got past the CAPTCHA?
QuoteAs Ginko said before :
It works only in Microsoft Edge, only if I select the Internet Explorer mode.
If you remember well about 10 or 20 years ago, Internet Explorer was very well known to have its very own conception of HTML standards.
Now Google Chrome or Mozilla Firefox do not have an Internet Explorer mode.apparently he did and it worked.
it seems that currently everybody is going around in circles...
Personally I maintain that if your mailhosts are set up correctly, you shouldn't have to list them to report spam. somehow SC, in my past experience, has had problems with registered mailhosts, especially when something changed...
Without mailhost registration I rarely had problems reporting and when someone has mailhosts set up and has trouble, I run the same spam parse, but without the mailhosts, and it reports the correct sender, at least it has so far...
That is, IMNSHO, the crux of the matter. -
4 hours ago, petzl said:
If one browser has problems first thing I do is use the one provided by Microsoft, which I use'
if someone is using a unix type OS, an M$ product is the last thing they would want to use.
also, M$ is not the lead company for web applications, even though they'd like to call themselves that.I admire what Gates did in his youth, but somewhat despise what has happened wit and through that company since...
personally I try to avoid M$ products, ans as a browser I use Mozilla, also trying to avoid Google's chrome.
-
13 hours ago, Gingko said:
My sample is one out of five, and in all of these cases, spams are reported to OVH, and OVH misunderstood it as sent by myself.
For the record, here are the tracking URLs for all of them:Submitted: 07/06/2023 14:35:43 +0200:
https://www.spamcop.net/sc?id=z6849854102zed06af770ac057586f0ce80e985399edzHello Ginko,
you seem to be running into the mailhost problem.
on yours, the last received line is claimed to be a forgery (I am not quite sure why) but it's clear that it's complaining about mailhosts:
Possible forgery. Supposed receiving system not associated with any of your mailhosts
I ran an example from this first one you mentioned and this is the result:
https://www.spamcop.net/sc?id=z6852725851zc170c42b2748612531d95d02d1c43095zon mine, without mailhosts set up, it goes straight to the russian IP : whois for 136.169.211.136 : abuse (at) ufanet.ru
some people don't have mailhost problems, I never use them since I don't have my own mailhosts I run through...
-
On 6/20/2023 at 5:57 PM, rpprevost said:
Omnisend - omnichannel marketing automation platform for E-commerce. Our company allows our customers to send newsletters through the Omnisend platform to their recipients.
"marketing automation platform for E-commerce" aka another phrase for spammer friendly
especially when followed by the statement: Our company allows our customers to send newsletters through the [insert platform name] platform to their recipients (no matter if the recipient signed up or not)
On 6/20/2023 at 5:57 PM, rpprevost said:For now, we took care that you would not receive any emails from the sender in question. It may however take up to 48 hours for our system to adjust to this change. We will also address the sender correspondingly.
in short: We have unsubscribed you. We will ask the sender (them) not to add you again, but we can't promise anything. They might refresh their database and you might be listed again for their "E-commerce" mailings.
yeah... that's how I read these replies...
one reply I got some time ago (I sent it under a different anti-spam email address)
QuoteThe email you forwarded was sent to you by GetResponse S.A. on behalf of their client. GetResponse S.A. is a CSA certified sender. The eco Complaints Office handles complaints cases for the CSA.Through the complaints process, we would try and find out how your e-mail address (my-anti-spam-email-address(at)some-email-host) was collected. In order to do this, we would have to forward the email you reported including the header information to GetResponse S.A. and request specific information on the collection of your data (i.e. information on consent or a customer relationship, including location/source, date/time, IP, product purchased). If necessary, GetResponse S.A. might forward your complaint to their customer to be able to obtain this information.Afterwards, we would send you the requested data and give you an opportunity to comment.Please let us know if you would like us to proceed. The complaints process would not incur any charges for you.yeah, "we would try to find out how your e-mail address was collected. We would have to forward it to xy (who} [...] might forward your complaint to their customer to be able to obtain this information.
and that's when I have found my email address, previously naïvely given to similar outfits, to have propagated to other spammers...
nope. like W Bush said before: Fool me once, shame on, shame on you. Fool me- you can't get fooled again. -
1 hour ago, petzl said:
I'm getting old and a bit doddery, but I usually point in right direction. I hope?
LOL! welcome to the club 👴
-
7 hours ago, ninth said:
Interesting. The address should be gov.us but .gov is correct
in the US " the world authority of the internet " (apologies to all feller Americans here) there are very few .us TLDs (Third Level Domains) at the end of a US government or commercial or even org domains. The reason is that the "assumption" that a .com, .org, .gov, .anything else is based in the US. whereas any other country would place their TLDs combined with the country code TLD.
examples:www.gob.mx (gobierno México)
gov.ch (redirects to admin.ch which is the Swiss government, CH meaning Confœderatio Helveticæ)
gov.bw (government of Botswana)
gov.au (Australia)
and so on... (although not all follow that format due to their languages as you can see in the example of the Mexican address)Here in the US, though. the .gov usually gets preceded by the state .al.gov meaning it's the Alabama State government.
.mil is the same: only US military...
as is .edu as many other countries list their universities and educational sites as .edu.(country code)I mean, I'm not saying there are no .us addresses, they are just not so common and are few.
-
Sorry petzl, the confusion stems from this post:
https://forum.spamcop.net/topic/71626-all-spam-reporting-gets-cancelled/?do=findComment&comment=186384I formatted the confusing part in ¿purple/mauve? everything green is (mostly) clear
On 5/28/2023 at 2:51 AM, petzl said:Seems you are wrong.
The IP won't take action on websites at the IP address.
Registrars are the ones to complain to the owner/operator of website IP won't
SpamCop reporting IP address's of websites is near worthless
Why I send directly from my email address sometimesYou do clarify though, that
12 hours ago, petzl said:ISP is internet "service" provider. The context of conversation show clue to most?
In this thread context it meant "IP address".
Used to use mail programs to get email to computer, they always downgraded them till they fell over.
Just use Gmail webmail now.it might have been a typo, I don't know, on the first meaning of IP. (yes, the IP address wont take action against the IP address...😁)
Again, I'm sorry if it comes over from my part as obnoxious or pushy, but I just want to make sure acronyms used are clear on the meaning, especially if they can be misinterpreted, and communication is the best way, in my opinion, to clarify things.
For a loooong time I've been using gmail, same reason due to email programs on the PC get old and unsupported. I used to have Outlook Express for the longest, some of my email providers changed names/shut down/dropped service and keeping up with all that was taking a toll on me and my time, so gmail seemed for me to be a solid winner to use and keep.
I also realized that after a few years, replacing the PC, I'd lose some emails I intended to keep, and space on the PC was (and still is) also "restricted" to the size of the Hard Disk (HDD) and failure thereof also didn't help none. -
4 hours ago, Outernaut said:
I gather you mean 'The ISP won't take action' not IP. Two different things.
You said..."send directly from my email address sometimes". Do you know where I may find the step x step to send via email (Thunderbird) client instead of reporting via site?
TIA,
~o
I personally don't use T'bird, but scanning through old forum posts, I see that you seem to have used the t'bird add-on "Just Report It"
https://forum.spamcop.net/topic/45743-extension-for-thunderbird-78-just-report-it/ort It"
it's from Feb 2021...I don't know if it's still relevant or even compatible as I didn't check the latest t'bird version...
anyway, you might also want to try the Outlook/eudora workaround by clicking on the link in the spam report page (third last line) where it splits the headers from the body ...
⬇
that again could be another way to submit, although it is a bit more work for you as you would have to copy/paste the headers into the first field, then copy/paste the body into the second field...
just a suggestion though...
btw, I'm not sure, but for some people IP means Internet Provider (omitting the Service part in between) instead of what others know as the Internet Protocol address... ¯\_(ツ)_/¯
-
On 5/26/2023 at 4:05 PM, Outernaut said:Quote
SpamCop encountered errors while saving spam for processing:
Message forwarded in html wrapper.When forwarding spam, use a MIME attachment or text-type message with
the spam enclosed. Do not send spam in HTML format. Sometimes this
error is caused by using a "resend" feature to forward spam.HTML spam should be sent in text (source code) format.
ok, this is on my part probably a stupid assumption, but it looks like you or someone else sent an email to your submit.specialaddress@spam.spamcop.net.
is it possible that when you log in to spamcop with your credentials and see if there is a Report now link and follow it, if you can cancel that report? Or what action does it currently ask you to take?
The reason I am asking this, is that you shouldn't get the aforementioned message (Message forwarded in html wrapper.) when entering it in the submit spam box on the website. that would only happen if you (or someone else) forwarded it to your personal submit dot spam special email address at spam dot spamcop dot net.
If someone else submitted the email to that address, then the account is compromised and you might want to reach out to Richard W (to be found here https://forum.spamcop.net/staff/) and see if he can generate you a new address. maybe reset the account as something is fishy...That's my suggestion if anything else fails.
~~~~ RobiBue
-
and I just reported spam, one through copy&paste, the other through e-mail submission. both work correctly.
-
3 hours ago, petzl said:
Headers with blank spam body and the word truncated s lines under headers
just a small clarification:
if an email has only headers and no body, SpamCop will complain and not parse the email. if there is no body, add a blank line after the headers and a text like petzl says "tuncated [x] lines" or "email body truncated" or something else so that the parser can analyze the headers correctly. -
2 hours ago, Nada Ameen said:
How can I stop it ?!
If it's any way you can help me to whitelist it please do itwell, when I checked it was not listed, but apparently the IP address you give seems to send spam...
there is no whitelisting for IPs that send spam. plain and simple. -
Nada, from the "urgency" of your messages it seems to me that you're being blocked by someone to send them an email.
you gave an IP address and using SpamCop (SC) itself, the IP address is not listed in several blocklists (BL) that SC uses (or adds to.)
https://www.spamcop.net/sc?track=149.72.126.143
this link returns the following:
Statistics: 149.72.126.143 not listed in bl.spamcop.net 149.72.126.143 not listed in cbl.abuseat.org 149.72.126.143 not listed in dnsbl.sorbs.net
using the Talos system I look up the same address and find the following:
https://talosintelligence.com/reputation_center/lookup?search=149.72.126.143
and scrolling down a bit:
Block Lists bl.spamcop.net: Not Listed cbl.abuseat.org: Not Listed pbl.spamhaus.org: Not Listed sbl.spamhaus.org: Not Listed Talos Security Intelligence Block List Added to the Block List: No
so far, the IP address you are asking to be removed/whitelisted doesn't seem to be included in any BL used here.
I do have a bit of advice though:
you are using an IP address from sendgrid. This provider has been spammer friendly in the past (there are discussions in the SC forums up to 2021) and it is possible that the recipient's provider or the recipient him-/herself has set up their own BL blocking every sendgrid IP address range. it is not SC nor Cisco/Talos at this time.You might want to send your contact a message through a different avenue (different IP than sendgrid) and tell them to whitelist that IP since they are using their own BL.
Let me point you to a different thread (you then might want to scroll up to see the originating message) but it explains why you might think that spamcop is blocking you:I hope you get your issue resolved.
-
8 hours ago, Lking said:
There is a break or a day off. Yesterday ended with a 14hr period with out spam. This morning had only a handful, mostly one/two per account. There were 3(?) bots but they posted less than 10 each.
Noticed that too...
I think it was 2 that I reported before I had to go to my "dayjob" 😁 one of them, I believe, was just registering but I had to head out...
didn't see any airline junk this morning ✈️Happy Mothers Day weekend everybody!
-
6 hours ago, ninth said:
when the B2R2C reaches the magic number of reports
Interesting term I haven't heard before. Had to look it up: "Business to Robot to Consumer" (B2R2C)
Thanks for this new term... and thank you Society for creating this marketing niche where ads pop up everywhere and it's getting worse and worse (sorry, I veered off as this is now generalistic and not only related to this forum anymore)
if it were real B2R2C then the marketing operation should, instead of flooding consumers, first see if advertising on a specific platform is ok. Most will probably say no. others might say for a fee 💰 you can use this ad subforum... the users who want to see ads can subscribe to it, others will not be affected... or at least shouldn't
heck, somehow the site does need some cashflow and if ads can pay for some of it, why not, but ethically....
) for new captchas works as well and is pretty fast loading them.
No reporting addresses for 115.71.14.193?
in Routing / Report Address Issues
Posted
Frustration is completely understandable!
from the whois records:
the mentioned IP address has nothing to do with Wikipedia. It's the senders' address who is in dispute here, and the reporting abuse email address which, just because it has nic embedded in its name is flagged (my presumption) as do not bother.