Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by MIG

  1. Greetings all👋!  I hope everyone's well and you've all been behaving!?

    Would anyone care to cast their 👀s over this bit of scum pleeze?

    Issue is, apparently "no links found", 'cept, I can find 8 - 4 are enclosed in brackets (), not sure about them, 4 are standard, from my objs, they're the ones that've confuzzed moi,  why didn't SC "detect"?

    Yes Master, I know urls are secondary to source, but, but, but.....


    VT tells me urls resolve to = netops@singlehop.com, source = = singlehop.net

    Anyone care to share their wisdom please?

    I remain, a grateful G🦗H🙏



  2. On 7/20/2019 at 6:57 AM, HeatherReid43 said:

    Hey  @HeatherReid43

    When I parse I get the same as you ( I think)

    https://www.spamcop.net/sc?id=z6560834333zcdffbb65e17c13c1feb6ff3d7dd203c9z  , but no

    Opera Snapshot_2019-07-23_013604_www.spamcop.net.jpg

    Tad confused by: [Reports regarding this spam, have already been sent]?

    On a lighter note, $2,500,000.00 USD, on an ATM card no less!

    2,5mil, that'd keep the family fed for a week or two😉. And Mrs.Murakami Yukie has covered 1/2 the 🌐, working so hard getting the 🤑 to you, sigh, why are we so unappreciative?



  3. 19 hours ago, RobiBue said:

    not in Товарищ владимир и собрат дональд



    получить тебя за стеной, за ГУЛАГ, стат!

    В шоке!

    G🦗H is 🙏🏼🙏🏻 🙏🏾 🙏🏿 🙏🏽 🙏🏼 🙏🏿4 a mass intervention. 

  4. 46 minutes ago, RobiBue said:

    well, internet privacy vs internet privacy.

    NordVPN 🤐🙄☹️

    G🦗H read "internet privacy vs internet piracy"🙃


  5. 1 hour ago, nickjonson said:

    I see one problem is that when fighting spam users with an IP address, we might get rid of the real users without the stupid bot.

    What should I do?

    Hey Nickjonson,

    Could you provide some more specific, detailed information so we can answer address the questions please? 

    Re: "we might get rid of the real users", (imo) there's always a "risk" however, it's not common... Have you had this happen, can you clarify please? 

    Do you have any Spamcop tracking urls please?

    spamcop turl.jpg

    Please let us know?




  6. 5 hours ago, Jelmer Jellema said:

    I'm afraid I am not looking into that. I just thought I fixed our "parse and report spam" scri_pt to check for the .issue before sending it to spamcop.

    What we do now:

    • Any received spam (either by us or by trusted clients who can report it to us) is send to spamcop and our "leerspam" parser (learn spam)
    • Spamcop is then handled through the web interface for checking and reporting
    • The leerspam parser will check the attachments and feed them to sa-learn

    What I want to change (when I have time)

    • Any received spam is send to a new "report spam" parser, as an attachment
    • The "report spam" parser will check the attachments and feed them to sa-learn
    • It will also check the attachments, when needed fix the .issue, and send them to spamcop

    The essential part of this essay being when I have time, as always.

    Regards, Jelmer

    Hello Jelmer,

    Yep, noted the emphasis on "when I have time"🙂. The "essay" is a good read, even tho I'm disappointed it will be good to know if the solution works, let us know, when you have time😉



  7. 10 hours ago, Tesseract said:

    I don't think there's really anything more to learn from them at this point, as it's the same behaviour documented earlier in the thread with the same type of invalid hostname in the messages.

    Hello Tesseract,


    (G🦗did have the same thought), however, it's always fun to have new toys to play with even if they're the same toys!

    Parsing the 1st spam/tracking URL, without hostshttps://www.spamcop.net/sc?id=z6558422807zd2525b6f74678b5e8a4df150cb699739z

    Parsing the 1st spam/tracking URL, without hosts: https://www.spamcop.net/sc?id=z6558423020z31cbae589deaec37fb6972c626c7c239z

    • May I ask, have you contacted SCA, Richard? Some folks are reporting SCA are fixing, account HOST configuration issue, on a case by case basis. 

    Please let us know?



  8. 2 hours ago, lisati said:

    I wouldn't worry about it too much, there are situations where unwanted email arriving from some sources need some special handling. If I recall correctly, I started noticing this behaviour a few years back, not long after Yahoo made some changes that tripped up the Spamcop parser.

    Thank you Lisati, 

    I did wonder about posting, but, thought I seek opinion/s from others with more knowledge  & that's exactly what's happend🤩

    Appreciate your input!



  9. On 6/25/2019 at 11:05 PM, Jelmer Jellema said:

    That would be nice!!

    As I told before, we also send the mails to our own parser, which hands them over to sa-learn. I am looking into a small addon for this scri_pt, which would send the mail to spamcop as well, after checking for and fixing any .domain issues... I'm a bit busy, but will try to do this soon. It can't be more than a few (extra) lines of code. Because of the fact that this parser scri_pt was first built somewhere around 2007, It will be in Perl though. Still going strong 🙂

    G🦗loves perl(s).

    Does that mean it will be able to be incorporated into SC Parser Jelmer?





  10. Hello Gabrielt,

    I'll side-step all of LKing_Master's considered advice & just share a couple of things.

    1. I took your original: 

    https://www.spamcop.net/sc?id=z6557766050z3c1f36e50c5140df21e4fdbf0d568a5cz - Wednesday at 10:33 PM

    • parsed it thru a SC account without any MAILHOSTS configured, result:


    2. Mailhost configuration problem, identified internal IP as source. No source IP address found, cannot proceed. Nothing to do >> The errors in your parsed spam:

    Hank, one of our friends, had this very issue: 



    We all took to it with our usual zeal, however, in the end, Hank contacted Richard, SC Admin, result:

    SOLVED by Spamcop staff. Problem found and fixed.
    Here is the explanation:
    a.local-delivery was in the mailhosts, but b.local-delivery wasn't. At one time that would have been ignored as a local hop, but some of the coding for IPv6 screwed things up so even versions numbers of some things look like IP addresses.


    If you haven't done this & think it's possible solution please let us know if you get a happy result?

    Thanks & cheers!


  11. 8 hours ago, klappa said:

    1. So we never have to delete the first receive header ever again? 2. The problem is that if we don't the spam will always be passed to abuse at microsoft dot com. 3. Do you think they manually pass through to the right ISP or host owner? 4. I can't believe that, it would require to much work on their part.

    1. Until MS fix the "hundred thousand servers,  the fix is measured 
    in years, not weeks or months", 
    we (spamfighters) must continue to manually remove the 1st receive header. 
    2. Correct.
    3. No, I don't they (MS) manually pass to the right ISP/Host owner, in fact, in my experience, MS simply engage in  "hot potato-mind-numbing" converstions with statements like "not our responsibility"🤬 
    This is completely contrary to Richards statement "All is not lost though, as Hotmail's parsing engines when they receive the report does pass through the report to the right party.  It also helps Hotmail block new spam from that source".
    I've never experienced this result from MS, not saying Richard is wrong, simply saying, my experience with MS, on this specific subject, has never resulted in MS being proactive with the actions Richard describes.
    4. Agreed, however, MS don't have a good track record when it comes to "fixing" their products.


  12. 7 hours ago, Spamnophobic said:

    Bitbucket all this technically deficient (:-) spam.

    Hey Spamnophobic, 

    If after SCA fix, the issue remains unsolved, within the bounds of what's tolerable, please keep posting failed parses? 

    There is a reason/s and a solution/s, it's just (collectively) we haven't cracked it, even more more frustratingly, when we think we have, someone comes back with a "fix not working" post.... 



  13. 7 hours ago, Spamnophobic said:

    Standing by to clear this submission in the next 5 minutes now ...

    Hello Spamnophobic, 

    G🦗H was 😴, fortunately, the data was still there, again I copied the raw data, made no changes, parsed with the account with NO MAILHOSTS, result:


    Re:  "DDS may well have introduced new hosts", is it possible to contact DDS, ask them to provide you with a current list of MAILHOSTS? 

    If, after comparing to the hosts you've confirgured, there's no discrepancy, it might be worth asking SC Admin, to assist?(recently, one of our friends here, Hank, had a problem that was only able to be solved by SCA).

    Please keep us in the loop, we're interested.





  14. 1 hour ago, Spamnophobic said:

    parse goes no  further than "Parsing header:".  No "Report spam" or other button is shown.



    Anyone have an idea?

    Hello Spamnophobic.

    (copied the data you presented) parsed using an account with NO MAILHOSTS configured: Using: Google Chrome, Version 75.0.3770.100



    Does the SC account used have MAILHOSTS configured?

    Please let us know?

    Thanks & cheers!


  15. 22 hours ago, Jelmer Jellema said:

    (1) the best message would be "error parsing for mailhosts, continuing with mailhosts disabled"

    (2)I think "manually remove the dot" is no solution.

    (3) Am I the only one to suspect the .issue is created by spammers to make it impossible for SC to parse the spam?

    (1) Agreed, some of SCParsers "informatiion/feedback" is very obtuse, incorrect and a few other things. Not sure there's a priority on tweaking SC feedback, sadly, despite our pleadings.

    (2) Agreed Jelmer, and even tho it's presumptive of me, I think the majority of folks here, who've encountered the . "out damm dot!", also agree with you. 

    (3) No, I'm pretty sure I've seen similar commentary from other folks - never fear Jelmer, you're never alone!



  16. 21 hours ago, hank said:

    1. Just got another of those "mailhost" error messages;

    2. I sent it to Spamcop Richard figuring that's the best way to resolve them.
    3. I do wish he'd tell us how to fix them, since others have gotten them too in the past.

    4. But maybe by now it's just me.

    Hello Hank,

    1. What was the error message exactly? Was it "Mailhost configuration problem, identified internal IP as source"?

    Um & didn't Richard say " the problem/solution "a.local-delivery was in the mailhosts, but b.local-delivery wasn't" & didn't Richard fix that? Like, that can't be "broke" again, surely?

    Or is it this solution "Added those in.  I really don't like what I'm seeing from Apple with their network setup", which none of us have a clue exactly what that means? 

    2. Yeah, (I figure you're correct), n, I think, if there's some secret solution,  we send everything to Richard. 

    3. Totally agree!

    4. Absolutely disagree - it's not just you/only you!

    Do you have the tracking URL please? 

    G🦗 🙏


  17. 19 hours ago, showker said:

    About a week ago I started getting zero spam from my Spamcop account.

    This is the first time since 1997 that I have NO spam in the spam folder for over a week.  --- not even Chinese spam, which has come every single day for twenty years.  How can this be?


    Aren't we funny creatures? When this happened to me Showker, I immediately thought there MUST be something wrong with my email account, Master set me straight pretty quickly in that regard, then I got pissed off I wasn't getting my daily "kill spammers" fix, however, when the spam started gain, as it invaribly does, I got cranky 'bout that 'cause, I hate spammers....

    (i) can't make up my mind if I like getting spam or not. I do know (for me) the ONLY thing (over 20+- yrs) that reduced my spam to 1 a week > month > 0, was, is SC☺️

    No happy medium.

    One thing, this won't answer your question Showker, but, in case you haven't, and if you're interested, it's worth checking the "breach status" of your email address - https://monitor.firefox.com/scan