Jump to content

efa

Membera
  • Content Count

    165
  • Joined

  • Last visited

Community Reputation

0 Neutral

About efa

  • Rank
    Advanced Member
  1. in that case the parsing was correct, so apparently happen only sometimes
  2. DKIM signature is about a standard feature these days, is parsing engine still developed?
  3. the headers pasted in the form from the original email had the tabs: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viverelavela.com; s=turbo-smtp; x=1544178043; h=DomainKey-Signature: Received:Received:MIME-Version:From:Reply-To:To:Subject: Content-Type:Content-Transfer-Encoding:Date:Message-ID; bh=K3Oe1 kiUPrPyJIlOVf2MjQxxIABLTrz3/oGMMhm7Dfc=; b=Penr5h12pXZlZ4bS0rJDX OrHXneQnHej1GkJqeKVhBj3r8AbVL0mxtVpv6fOwwbwToAGLhYacs+g6HvgMYjRc uGom/zmkT7tSNevd591f5D5PVeq5Lfbvh8Qv0DDrf+xfYrEIu+P+o1rEcm/DXDBT RQYbAiMvI/1SuVBiadzNpcDomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=turbo-smtp; d=viverelavela.com; h=Received:Received:X-TurboSMTP-Tracking:Return-Path:MIME-Version:From:Reply-To:To:Subject:Content-Type:Content-Transfer-Encoding:X-Mailer:Date:Message-ID:X-Antivirus:X-Antivirus-Status; b=KifANc9UKLW0O/8DvzmNyDM6DvkeULFid29JFOKgYTy8t2lqlXj1GEYT+aHas/ cxKYfLb5ivaT79daL/G1xNF0R4mAqd6rbvjGBovTGNBgQ/K5J376fWADQTGIn+nO 5dfgqbTLvT4WnvVnyVCXSKiqaO+0RPkMbacIUq2gfkyRE=; but the headers shown by Spamcop after the parse became changed to: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viverelavela.com; s=turbo-smtp; x=1544178043; h=DomainKey-Signature: Received:Received:MIME-Version:From:Reply-To:To:Subject: Content-Type:Content-Transfer-Encoding:Date:Message-ID; bh=K3Oe1 kiUPrPyJIlOVf2MjQxxIABLTrz3/oGMMhm7Dfc=; b=Penr5h12pXZlZ4bS0rJDX OrHXneQnHej1GkJqeKVhBj3r8AbVL0mxtVpv6fOwwbwToAGLhYacs+g6HvgMYjRc uGom/zmkT7tSNevd591f5D5PVeq5Lfbvh8Qv0DDrf+xfYrEIu+P+o1rEcm/DXDBT RQYbAiMvI/1SuVBiadzNpcDomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=turbo-smtp; d=viverelavela.com; h=Received:Received:X-TurboSMTP-Tracking:Return-Path:MIME-Version:From:Reply-To:To:Subject:Content-Type:Content-Transfer-Encoding:X-Mailer:Date:Message-ID:X-Antivirus:X-Antivirus-Status; b=KifANc9UKLW0O/8DvzmNyDM6DvkeULFid29JFOKgYTy8t2lqlXj1GEYT+aHas/ cxKYfLb5ivaT79daL/G1xNF0R4mAqd6rbvjGBovTGNBgQ/K5J376fWADQTGIn+nO 5dfgqbTLvT4WnvVnyVCXSKiqaO+0RPkMbacIUq2gfkyRE=;
  4. yes, the parser confuse the DKIM signature as a header line like: Content-Type:Content-Transfer-Encoding so the parsing of the body fail. If you remove the DKIM signature in the header, the parse of the body end correctly. This is probably a spammer technique to curcunvent Spamcop as I'm receiving many spam where body links are skipped like this one. Spamcop please update the header parsing engine to support DKIM signature.
  5. hi, seems that the parsing engine fail with "DKIM-Signature", as it identify the included "Content-Type" as a stand alone header line, and so show "no links found" see: https://www.spamcop.net/sc?id=z6503794799z62a7c6dcdb6ad9bf5c789fc564f35cb9z Maybe spammer are adding fake DKIM-Signature to avoid Spamcop reporting of them links, Spamcop should skip this header line
  6. efa

    source IP is wrong

    we have an alias hosted on Aruba servers that is <direttivo pvi.it> this alias redirect to some real emails, one of them is: <attilio.bongiovanni gmail.com> from where the headers come from. So spam come from an unknown IP, goes to <direttivo pvi.it> hosted on Aruba servers, them redirected to the google account. The question is: what is the real source IP of the spam?
  7. efa

    source IP is wrong

    I'm quite sure that 62.149.158.115/Aruba is not the mail source IP, as Aruba is the host of destination mail with @pvi.it domain
  8. hi, I received this scam/fraud spam: https://www.spamcop.net/sc?id=z6489923983z26622d4c582ecd9c34c736063540b444z seems the parse header engine identified the source IP as: IPv6: 2002:aed:24f5:0:0:0:0:0 that is a 6to4 range and embed the IPv4: 10.237.36.245 that is a private LAN address, so cannot be the source IP. What is the real source IP, and his responsible admin?
  9. I wrote to GoDaddy registrar asking to be removed from them customer mail list. Apart they require a complicated method for spam complaint with a form https://supportcenter.godaddy.com/AbuseReport and a CAPTCHA that often refuse valid reply, I got a month of peace without them junk, then the story restarted. Mailchimp is part of the junk business and GoDaddy has to gain from the situation, so they are responsible accomplices. As Knujon showed ICANN is responsible too.
  10. efa

    KnujOn shutting down

    what they have not written clearly is the reason why they close. The service worked well, and those responsible change over time, so it would be necessary to keep the bad guys list up-to-date
  11. efa

    KnujOn

    on the home page is reported the service will shut down on 2018/05/22 http://www.knujon.com/index.html already now all mail will bounce
  12. My email is not @gmail.com If reports are sent to <abuse#mailchimp.com@devnull.spamcop.net> instead of <abuse@mailchimp.com>, the mail source provider will go anyway to the blocklists?
  13. hi, I got 99% of the spams from mailchimp servers and spamvertizing their subdomain list-manage. Obviously I never subscribed to their lists, and un-subscription does not work. Also they profiled me, as they send spam with arguments similar to my interest, also not always they had success on this (for example the following one is a scam mail). Spamcop reporting seems avoid to complaint for this spammer: https://www.spamcop.net/sc?id=z6440369112z1b083bdc097336327bb6e3d628e50a11z it say send to <abuse-spamcop@akamai.com>, but real report say: To: abuse-spamcop@akamai.com (refuses to accept this type of report) To: abuse-spamcop#akamai.com@devnull.spamcop.net Any suggestion?
  14. I pasted all the Received lines, as always, like in Spamcop reporting form. Wrote to deputies, thanks for contact
  15. I'm sure I pasted the mail with headers. Can I post the mail complete with headers in this forum (or as tracking URL), or must remain reserved?
×