Lking

Forum Admin
  • Content count

    1,622
  • Joined

  • Last visited

Everything posted by Lking

  1. That email from the SMTP source of spam is nicer, more civil, then some I have received. It does sound like a "not my job" response figuring you will never bother contact dediserve.com and come back to support{AT}... I would just move on. No real information here.
  2. Looks like your Google SMTP is keying on the word "spam" and blindly blocking your submission. Following "Learn More" --> Other Errors --> What you can do --> Report the problem. We will give them points for trying to keep their SMTP from becoming a source of spam, however, dumb their efforts are. They obviously need your help.
  3. Yes, that approach has been recommended several places for reporting spam when using web based email. Often recommended is the combo of Thunderbird and HabuL as an addon.
  4. Keep in mind the distinction between building the SCBL and sending courtesy spam reports to ISPs.
  5. Yes it does seem to terminate oddly, not sending a report or tabulating the spam from 141.105.120.94. There does seem to be several situation where the body of spam cause the parser tool to choke. In the past when this has happened I have truncated the body of the spam, adding the note "Body truncated" before submitting In cases like this, for info only I forward the spam to abuse{AT}Fedex{DOT}com
  6. Of course a tracking URL would have been nice. However, based on the information provided, if SC/the parser were to remove your report from your queue, you would not have an opportunity to review what the parser found. Just delete it and move on.
  7. I would suggest cutting and pasting just the header followed by a blank line and "body deleted"
  8. As one user/reporter to another, back to the reference on how the SCBL works If spam from these IPs were all received today odds are none of these IP would be listed on the BL. If you are the only source reporting these IPs, one report will not get the IP listed (one exception). On the other hand have you looked at https://www.spamcop.net/w3m?action=map ? the block 104.237.241.0/24 has a poor reputation and 15 and 115 are currently listed. You can look up the others. That is the way the system is designed. Otherwise, all of say Verizon would be blocked for 12hrs if one spammer got through on one of Verizon's IPs.
  9. What is the SpamCop Blocking List (SCBL)? scroll down to " How the SCBL Works" and "SCBL Rules" they may answer your question. Also note that SC list IP addresses not blocks of addresses. The result is that if your received spam is spread over several IPs within a block the individual IPs may not be listed, although the block is as guilty as sin. Does your ISP use the SCBL to filter your incoming email? If not then SC related entries will not show-up in you mail.log. Also note that SC suggest that email identified as coming from IP addresses listed in their block list should not be blocked, but directed to a spam folder for review (thus avoiding loss of email due to false positives).
  10. As Derek T said, without an IP address it is not possible for anyone here to provide any additionally information or advice. Did your system return to you a link to SpamCop? What information was provided when you followed the link?
  11. The add-on HabuL for Thunderbird does what you suggest. Of course you need to POP or IMAP your email from gmail into Thunderbird and then report from there.
  12. To engage a spammer in a dialog you will need to reveal an email address. I would suggest creating a throwaway address and then cut and past the spammers email into your reply so they can figure out which spam report you are talking about.
  13. From what you provided it would appear that eM is not including the header. This is a common issue. The writers of some applications don't understand why users would want to forward the unseen header.
  14. Was hopping that someone familiar with eM would reply What is common in these cases is that the application does not correctly forward the email, usually making modifications to the header of the attached spam. In your case can you open your email, reporting the spam, and look at the underlying code, by using <ctrl> U. Following you email you should see something link --------------BF2F1D11D46DFBAA8098C0EA Content-Type: message/rfc822; name="Attached Message" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Attached Message" X-Account-Key: account5 Followed by the attached email (X-Account-Key: is the first line of the attached) The blank line is important.
  15. Have you tried deputies{AT}admin{DOT}spamcop{DOT}net This is a peer to peer forum and with out any information about the underlying problem not much anyone here can do help
  16. I failed to describe the process correctly. Quick reporting goes through the same parser a any other spam submitted either by forwarding with a submit or using the webpage. However, with quick reporting the body is not evaluated for spamvertised links. a. There is the option " Quick Data Reports " that does offer a related option, and a veiled clue to the "quick" reporting option.
  17. Have you read about "quick reporting"? Although a search for quick reporting is hard to read and miss leading If you send your spam to "quick.spamcode@spam.spamcop.net" instead of submit.spamcode@..." you will not have to approve each one. There are pros and cons to this approach. You do not have to approve each spam submitted. This is 'quicker' BUT also there is this risk that reports will be sent incorrectly. Only the sender identified in the header will be notified. NO processing/reporting will be done for any links in the body of the spam. ANY mistake you make attaching an email to forward to SpamCop will be reported as spam without a opportunity to correct the error. Also look at your Report handling options to see options there.
  18. When you login to report a spam, there is a line " Forward your spam to: ..." followed by an email address submit.xxxxxx[at]spam.spamcop.net (the xxxx is 16 'random' char) You can send an email, using that unique address, attach several (many) emails. You will then receive emails with links to review the results and send the reports.
  19. You have been at this long enough, I assume you understand but just to be sure, the fact that a spam report goes to devnull does not mean that your report does not affect the block list. If you know who to send the report to, you could add them to the list. The double-optin/unsubscribe requirement for "good practice" does have a good side and a bad side. On the good side, a legitimate person does not get their email added to a legitimate email list. On the bad side, a bot/anyone can try to add a person's email address to a list and uninformed real people can click on bogus unsubscribe link. Both resulting in internet clutter. Bulletin boards/newsletters/forums I manage (not this one) receive 7-12 bounces a day from confirmation emails "I" sent to bogus mailboxes. Who knows how many emails were sent to legitimate email addresses that are considered spam by the recipient. On the up-side I do not send a newsletter to anyone that has not double-optin. Without an example of what you are receiving I don't know which type of emails you are getting. Are you getting several emails from different people trying to get on or off a bogus mailing list? These people are being victimized too.
  20. There does seem to be an ongoing difference between the obligations domain name registrars have to ICANN (and the rest of the www) and how those obligations are executed/enforced. For more on this see KnujOn
  21. It would be helpful if you could provide a Tracking URL for examples of spam you are referencing. Take a look at to see an example of what a Tracking URL (third line, long blue link) can be found. You should Cut&past the Tracking URL into you post so that everyone can see the original spam, what the parser did, and thus better understand you question.
  22. 1. the link you provided is not accessible to anyone except you. 2. The Tracking URL in my post, copied from your original post, gives everyone access to the munged spam, and the information the parser provided.
  23. https://www.spamcop.net/sc?id=z6365955700z76292dfde07e1d1d20f190a3456f09f4z The Tracking URI from above so others can see what the parser did, and why report was sent to hotmail. This post does not provide a suggested correction to the abuse@ address for this IP so moved up a level
  24. I thank the difference between CAN ARIN revoke, SHOULD they, and WILL they revoke needs to be considered at length. If you realize success it will be a first.
  25. If you do a search for "Munging" using the search tool in the upper right corner of this screen, you will get 16 pages of threads on this subject. Many agree with your concerns, others do not. It is only anecdotal, but in the last ~25 yr (god I'm getting old) I have seen no evidence that reporting "Leave spam copies intact" has had an impact on my level of spam. That said it would be hard to tell. I have turned off all spam filtering by my ISP and on my PC so I can report everyone sending me spam. In that environment, in the beginning I got 1-2 replies a year from spammers. They responded to SC and SC forwarded to me, clamming total innocence of course (see Sharp's Corollary to Rule #1). I can remember one case where a legitimate community email list was sabotaged with my email plus others.That communications I responded too. have you looked at/adjusted you reporting preferences to meet your concerns?