Lking

Forum Admin
  • Content count

    1,587
  • Joined

  • Last visited

Everything posted by Lking

  1. It has been so long I don't remember what your question was. In the end a report would have been sent to a known source of spam, so to save bandwidth the report was devnulled.
  2. If you follow the link in your post you will see that IP 209.17.115.111 is no longer listed. However, you should know that the IP was listed because someone there has send enough to people or spam traps to get the IP listed on the block list. People receiving email from the given IP have reported the email to SpamCop. When enough reports or spam trap hits are received, the IP will be listed. Although you may want to receive email from this IP, others do not.
  3. ** The following was originally posted by new member "benno" copied here to make the question more accessible. ** Dear Sirs, Our customer send email to my colleague was reported as spam and got bounce back message as below: The original message was received at Mon, 13 Mar 2017 16:11:10 -0400 from atl4obmail01pod1.mgt.hosting.qts.netsol.com [10.30.71.113] *** ATTENTION *** This email is being returned to you because the remote server would not or could not accept the message. The registeredsite servers are just reporting to you what happened and are not the source of the problem. The address which was undeliverable is in the section labeled: "----- The following addresses had permanent fatal errors -----". The reason your mail is being returned to you is in the section labeled: "----- Transcript of Session Follows -----". This section describes the specific reason your e-mail could not be delivered. Please direct further questions regarding this message to your e-mail administrator. --Registeredsite Postmaster ----- The following addresses had permanent fatal errors ----- <timbird@forsan.com.hk> (reason: 550-"JunkMail rejected - atl4mhob18.myregisteredsite.com [209.17.115.111]:58304) ----- Transcript of session follows ----- ... while talking to forsan.com.hk.: >>> DATA <<< 550-"JunkMail rejected - atl4mhob18.myregisteredsite.com [209.17.115.111]:58304 <<< 550 is in an RBL, see Blocked - see http://www.spamcop.net/bl.shtml?209.17.115.111" 550 5.1.1 <timbird@forsan.com.hk>... User unknown 451 4.4.1 reply: read error from forsan.com.hk. --Unquote-- Can you please help to remove timbird@forsan.com.hk from your block list?? Thank you. Benno Mou
  4. I moved your post Statistic to the Lounge.  I think that would be a better place for your discussion.  "Reporting Help" should be reserved for problems with reporting spam.

    Hope this does not cause you any trouble.

  5. Not to banal or obvious, but have you done a search in the forum or read the help on the spamcop.net site to learn that the SC block list blocks IP addresses not domains and is dynamic so that blocking of a given IP address may come and go depending the number and grouping of reports/hits on traps. Perhaps a review of Spammer Rules would explain your conversation with "Andrew" quadranet and lighten the mood of this thread before it goes in the ditch. Reading this forum and comparing the decorum with some other discussion groups may reveal a positive difference.
  6. Yep I agree. another godaddy domain.

  7. That of course is your choice. However making you unique reporting email public, may compromise the integrity all the spam submitted using this reporting address.
  8. I would suggest that you contact SC and have them assign a new unique email address for your submit account. You have exposed your current one twice now and this forum is scanned/scrapped to pickup that type of information. The examples you provided are not the same. Your in your OP the email from SC is dated "Date: Sun, 5 Mar 2017 09:37:06 +0000 (GMT) " The attached spam which has no body (AND CAUSES THE ERROR) is dated " Date: Sun, 5 Mar 2017 09:37:06 +0000 (GMT) " Your second example, the SC email to you is dated " Date: Sun, 5 Mar 2017 14:04:34 +0000 (GMT) " At the bottom following Again the header of your spam submission this time dated " Date: Sun, 5 Mar 2017 14:04:34 +0000 (GMT) " which does not appear to have a proper body. So you have provided two examples that appear to me to have the same problem no properly formatted attachments. I would look at the procedure/applications you use to submit spam and evaluate what has chanced to cause these errors. Looking at your second post, is an example of why we prefer that people do NOT post copies of spam in this forum. throughout your post are links to "infomarketingemail" and other spammer web pages and graphics all of with may be harmful to anyone who clicks on them. In lieu of editing your post to break each link I am going to delete a large chunk to prevent SEO scanners from finding the links to spammer websites and prevent the unwise from following the links.
  9. I agree with Gnarlymarley and mungged your 16 unque address (XxXxX..). If you posted the entire message it would appear that the spam submitted to SC did not have a body. The last line you quoted "x-rpcampaign:..." should be followed by a blank line and then the body of the email. This could be due to the original email being incorrectly formatted and not having a body or the email application you are using did not properly attach the email you were submitting. I would guess the first, assuming you have been using the same process to submit spam for sometime.
  10. Yes there seems to have been a hiccup in the database. Seems to be working OK now. Who knows. I would just clear everything and if you still have spam from today submit them again.
  11. Reports are bounced They have requested SC not send reports, for whatever reason There is evidence that the reports are passed on to the spammer
  12. Login to your reporting account and go to <preferences> <Reporting preferences> and scroll down to "spam Munging" There are three options. https://www.spamcop.net/mcgi?action=showadvanced JMHO but I am not sure what difference it makes. I have chosen to "Leave the spam copies intact" My reasoning is that the spammer already has my email address. The only thing they learn is ~ I reported their email to me as spam. If they wash my email from their list, this is good. If they choose to flood me with spam they will reveal which IP and domains they have at their disposal. That too is good. I also believe Spammer Rule #3 is true: "Spammers are stupid" See. Either action is more effort than any spammer will bother to do. So with SpamCop removing your full email, with only Morg2 which domain do they send the email to? gmail? aol? msn? Its like knowing only someone's first name and trying to find them in the NYC phonebook. If you use the web page to submit spam you could edit the Subject line after pasting the email into the block.
  13. To be clear, the bounce email sent to you is spam sent to you. Although the email included in the bounce email is spam it is not your spam, and should not be reported by you (except as part of the bounce email). If the original spam were to be separately sent to SpamCop by you, your mailhost settings would cause the submission to be rejected. Unfortunately, that does not do what you intend. The SpamCop blocklist is a dynamic list of offending IP addresses that reflects resent/continuing spam from those IPs. Historical, older evidence, is not used. For example spam more than two days old is rejected by the parser. See my earlier post in this thread.
  14. The only advantage I can see is that it slows down probes of a login system. In addition to just the time to process two vs one screen, it would not be hard to slow roll repeated password tries for a given username. You wouldn't want to look up username and slow roll sending the password screen for bad usernames. That would reveal when they got the first part correct.
  15. Sorry to hear you are getting spammed. We all have been on a prolific spammer's emailing list at one time or another. I hate to say that has guaranteed that you will get even more spam from this source. By responding, you let the spammer know that your email address is valid AND someone reads the email to fine the "Unsubscribe" link. Unfortunately an unscrupulous spammer or ISP will ignore the spam reports sent for you by SpamCop and there is nothing anyone can do about that. However, by continuing to report a given spammer, even when they cycle through several IP addresses, their IP address will be added to the SpamCop Block List, used by many ISPs to filter their clients incoming email. If your email ISP does not use the SCBL that is not much help for you I am afraid. You do collect the good karma for your efforts. If you would provide an example Tracking URL it would help others here to give you more guidance.
  16. As you can tell from this year long thread, some spammers don't change. Reporting all spam from ocn.ad.jp and their clients that use IP addresses controlled by them, will help keep their IPs on the SpamCop block list. Yes, many ISP's use rather dumb filters, based on domain names - not IP addresses, to filter incoming email. Why someone would think a spammer would include the word 'spam' in their domain name and use that to filter email, I do not know. I believe you should be able to add SpamCop.net to your white list to over-ride the basic filtering.
  17. Currently I'm not having the problem but as you can see from this thread I have had problems. Guess it is your turn in the barrel (a good place for C2H5OH, yes?)
  18. Doing a search on "Outlook" I see problems going back to 2004. With OL messing with the header before you can get/forward it there is no fix farther down stream (towards SC). A quick look at the history leads me to believe that what OL does with the header has changed over time, so a "fix" would also have to be dynamic. That is not a workable situation. Which is to bad for your reporting. Have you looked at the possibility of using something like Thunderbird for you email? I have used it 'for ever' without problem. There also is an addon to help with reporting (to SpamCop and others).
  19. Of course no one else can process your spam and get anything but an error message. For example, if I submitted your spam none of the header would match my mailhost settings so the parser would just throw the example out. Don't know why SC dropped the link in the text except part of clearing your email witch would have been sent as a parameter in the link. But you are correct winnermistak.xyz surly is not a drop box link. When the parser goes down the sequence of Received: header entries, two internal IP are found first (172.16.0.0/12) followed by a break in the chain, so nothing usable. The link in the body would have been a low level priority even if it had not been lost. Notice I broke that link in your last post. I wouldn't want an unknown link laying around for someone to click on in ignorance.
  20. Don't know my use of HORDE seems to be working OK. Lucky I guess.
  21. Edited the OP in this thread to remove references to bmorris{AT} addresses as "our drinking friend" suggested. You forgot to do this as you did last time. This is a prime example for why a Tracking URL is the way to reference an example of spam. That would also let the rest of us see what the SpamCop parser did with the example. has no meaning not seeing the results of the processing.
  22. Goto <Browse> -> <Staff> Try Richard W,
  23. You did not say who's spam trap you hit, one of SpamCop's or someone else's. How do you know you hit a "spam trap" or was your (your shared) IP just reported? As Derek said, spam trap addresses are hidden, kept secret. To keep the address hidden, reports of a hit are not provided. Of course in the case of unsolicited email, using the un-subscribe, only confirms that someone reads email sent to this address (and more spam will be read).
  24. The problem with "just forwarding" spam is that none of the needed header routing information is included. Without that information SpamCop can not identify the correct source of the spam. There is no point in continuing to using a <Forward> button. This approach will never work. When reading How do I submit spam via email? you will see the word forward, as in " Forward as an attachment " does in fact mean to cut & past the whole offending email as in some email applications, for example Thunderbird <ctrl><U>, <crtl><A>, <ctrl><C> to display-all, select-all, copy-all and of course <crtl><R>