Jump to content


Forum Admin
  • Content Count

  • Joined

  • Last visited

Posts posted by Lking

  1. That is much better

    If reported today, reports would be sent to:

    Re: 2a00:1450:4864:20:0:0:0:346 (Administrator of network where email originates)


    At the bottom of the report is the bad news. "Report would be sent to network-abuse{AT}google{DOT}com"  If you do a local search (tool top right of each screen) you will find several related post about google frustration. If memory serves there are also several suggestions for additional actions you could take, with variable results.

  2. @denbyhank you for trying to provide a  Tracking URL.  The Report id can only be seen by you.  The Tracking URL can be found either in the at the top of the reporting page or in the email notification received from SC if you submitted the spam as an attachment. an example would look like


    SpamCop v 5.2.0 © 2020 Cisco Systems, Inc. All rights reserved.
    Here is your TRACKING URL - it may be saved for future reference:


  3. @mgolden  as you may have noticed, spammers do visit this forum. It can be assumed they scrap email addresses they find. I tried to remove your wife's email from your post.

    You did provide the tracking URL, thank you, so there was no point to including the header of the spam (which exposed your wife's email) in your post


    There does seem to be some network issues right now. I also just got a 500 error.  Try later to update your mailhost..

  4. As others suggested, a Tracking URL would be more helpful.  In addition to the offending email others can see what the parser did.

    When others follow the Tracking URL SC redacts the email removing you email so you don't have to.

    By not including the raw email in the forum, its content is not crawled by bots and indexed giving visibility to the spammer.

  5. 9 hours ago, Outernaut said:

    When you Gurus use acronyms, PLEASE, at least ONCE, use the full the expression.

    We have tried. In most browsers you will see that SCBL is underlined. if you slowly mouse over SCBL a small window will appear. HTH


  6. 2 hours ago, Art101 said:

    Why does Google allow a rogue domain like ovh.net rape millions of people on the www with nonstop spam? I'm just curious. Perhaps someone on this forum can enlighten me.

    $$$$ The US Congress is asking the same question. The answer is "Their business model." The real question is how to control the problem in a open society.

  7. Did you read https://www.spamcop.net/fom-serve/cache/14.html? Scroll down to Messages which may be reported:

    I understand your frustration. Every once in a while one of my domains cycle through the spammer's list of forged "FROM:" or "REPLY:"  Although the admin of the domain receiving the original spam must not have a clue about the difference between FROM: and the IP address of the real source, reporting their invalid bounce messages my get their attention.  If you are nice you could include a note in the spam Report explaining the difference.

  8. 12 minutes ago, rdorsch said:

    Many thanks for your reply, I opened a new feature request as you suggested. For completeness I include here the tracking URLs:

    Submitted: 14.5.2020, 17:40:25 +0200: 
    7058512602 ( http://www.bokomoko.de/ ) To: abuse@netcup.de
    7058512598 ( ) To: complain@rootlayer.net

    "What we have here is a failure to communicate"

    An example of a tracking URL is https://www.spamcop.net/sc?id=z6634628358z460dafae0c54205ace1fe027dc2ff311z

    This can be found near the top of the screen after you submit the spam. If you submit by email the tracing URL is the link sent to you to review and complete/submit your spam.

    In my example above you will see the tracking URL on the third line.  IF we had access to the tracking URL someone could cut and past the body of the spam into google translate and see why your domain is in the body.

  9. On 5/23/2020 at 2:49 AM, rdorsch said:

    Since the domain which is referenced in the spam email and my mail domain are the same,

    If I understand the issue correctly without a Tracking URL another thing to consider is, if your email and domain are on the same host and IP. As you know spamcop looks at IPs not domain names directly.  Having your domain listed in a spam is odd.  spam I have received, even those requesting to buy one of my domains, don't include the domain in the body.

    In any case your point is well taken. If the domain in the body of the spam is the same as a domain in your mailhost configuration, the solution should be relative straight forward.

    I would suggest a post in New Feature Request with a Tracking URL as an example to illustrate your request/suggestion.

  10. On 5/19/2020 at 12:05 PM, Spamnophobic said:

    OK I know we have been here before, but could somebody examine my tracking url:


    with the double header I think things have gotten confused. @gnarlymarley without knowing @Spamnophobic 's 16 digit code "they" could not have sent to the reporting address.

    UNLESS they replied to a spam report with the following sequence:

    • @Spamnophobic a spam (email #1) and reported it to spamcop (email #2)
    • spamcop sent a spam report to the the source (email #3)
    • the spammer/his ISP... received email #3 and auto responded (?) with email #4 sent to a coded address at spamcop
    • spamcop received email #4 send to a coded mail box associated with the spam report (email #3) and forwarded the email to @Spamnophobic
    • @Spamnophobic received email #4 which has the spamcop connection hidden and thinking it is spam @Spamnophobic reports email #4
    • The reporting of email #4 generates the tracking URL above.

    It has been a really long time sense I have received a reply to an spam report. Looking at the full email in the tracking URL there are spamcop.net ironpost references in both headers (at the top and bottom of the email)

    to paraphrase Cicero, Mark Twain, Blaise Pascal  'If I had more time this would have been shorter.'


  11. Of course the spammer has no control over thr date entered by your ISP or other servers in the chain after their ISP.

    A spammer can of course forge the "Date:" header entry visible to all, and if they control their ISP they could control the date in the first "Received:" line in the header visible using the source with a ctrl-U

    The SpamCop parser used the dates contained in the "Received:" header lines, checking for logical sequence and age.  If a date is questionable, I have see 'possible forgery'

    Which dates are you looking at?  An example of the header, using a Tracking URL would be helpful.

  12. Reading other threads in this forum, SpamCop email System & Accounts should be informative.

    For example: SpamCop Email Service Changes

    When SpamCop and the SCBL was sold to CISCO inc this forum and the email system were retained as a legacy. with advice to all email account holders to find other email servers.

    After a coupe of years the system was reduced to "forwarding only." no SpamCop filtering.

    As I remember, a couple of years ago forwarding was also discontinued, though the email domain remained.  Perhaps someone who has retained a SpamCop email address could add to the current status.

    As noted in the link above, SpamCop Email System & Accounts have gently been going away sense August 2014.

  13. Quote

    Reports disabled for abuse@getresponse.net

    Using abuse#getresponse.net@devnull.spamcop.net for statistical tracking.

    Getresponse is an online marketing company. The number of reports compared to the total number of email send must be low.

    I do not know, but I am guessing that getresponse has ask SpamCop not to send spam reports and that is why sending reports is disabled.

    That does not keep SpamCop from collecting reports about the IP and adding their IP to the blocklist IF the number of reports or email received by a spam trap is high enough.