Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by remay

  1. I am getting sporadic spam/scam emails into my hosting company's email server that are MISSING the first 2-3 lines of the headers, which makes them unreportable to SC (or any other abuse contact). Below and attached is a recent email that is missing the first 2-3 lines of the headers. I have contacted my hosting company about this issue and they claim the emails are this way because of the way they have been sent, NOT by the way their email server is processing them. For emails that have this problem, the hosting company claims the following: Look at the two lines: Received by and Received from. First one say in the end "with smtp" and 2nd one says in the end "with http" a) "With smtp" means: mail server received the email from any "Email Client". Since smtp server received it directly from an external IP, it shows the IP address b) "With http" means: email is sent from Google's web interface. And google's smtp server received email from its local webmail server side scri_pt. So Google put an internal machine ID in place of IP (Since the IP would be local IP of google http server). Its common for Gmail and Hotmail. They don't disclose sender IP if email is sent from webmail. So you can just report that machine ID to google and their system will track and take care of spammer. I don't know if my hosting company is correct or not! I find it hard to believe that email can be delivered like this. Does anyone else experience this? If you look at the email headers, notice there is "X-SmarterMail" processing that has taken place. Could THAT processing be whacking the email headers? (missing: Return-Path: ... ) (missing: Received: from .... by emailserver3.[myserver].com with SMTP ... ) (missing: date/time stamp when email was received by emailserver3.[myserver].com) (Below is the COMPLETE email with headers, as retrieved from the email server) Received: by 2002:a19:ca4e:0:0:0:0:0 with HTTP; Tue, 12 May 2020 13:18:03 -0700 (PDT) From: chigozie gozie <cgozie7@gmail.com> To: undisclosed-recipients:; Subject: From Mrs mush and Daughter / Greetings to you & your Family, Date: Tue, 12 May 2020 13:18:03 -0700 Message-ID: <CAFWVug3jN-fUYxfwT-+Ke=eV1zPUC8YgAAaHqZrZggcK7Or=tA@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-Path: <cgozie7@gmail.com> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=ki1I49xVqumSL5IOZUVkhNZP/mbeTjCd55mRcc3rn0xzTzbw+XIMvhlHtHN31gL6Yy VpdVJDIGMQlQTGS5jyOBBdlFAbCR4TrAObZOn1IjUtDET/yXAxL0hIAtFn67BJeGpSq9 OVBn0jJAxVH3kvFIyuV2mJDCLsnwJvv6ZnwARFim8bsz/O8cJfcTpDm3k7tfnBDKg7pk PgwCg4SALREfPKlmBOAzNc0VLEdg2+Of6Bp4HVK6bwVdr6qTQNspkFWzn8AFB7GqfDfV lRwapEtzhFdnHK1OAQLAcVMUTYMdeuUXnC9YTgcE9I50A+oamPeI+Gcv8XyScvp/zT/+ wHUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=mLkvgeHYws87ffHFK/X7fYaD+xQCgH4q3QcQtDYKv1KexQDzqNrf7/2bOPZuOgrhtA 49jrJM+WSeQApLSGDMHpwljPaXUgwl3Su3NWCWVuXsYiLKNLYYoKluamC05iZ/SHRi78 mRmsebD9AQWbFCgUjyZS7RbB5Mj7RcqOTStWJxXZpeEHhvgf8X30GSalFvo7/Ynyk/Cv 9xrgmpnxLkPZKh0ImTjZ/WQUcU9j/Kdm4dKv+g084KXf24Tr4xZy2d/ksVHMY7pykhly Wx1LamwCoYA6qBZJsa2IxXboKRdpcdjzH0JH4euDTGnxL1inWdqiXj9UQnPtY/jrVXXn H+jA== X-Gm-Message-State: AOAM531WVDpQFIJu5hqAU+0FlfwuXQ3+ZeenhkmMzFoM946I7OtlqX9K shAXTq4XrMQ3fGPWomXBeEo3o4ySlcXZiYeUzr0= X-Google-Smtp-Source: ABdhPJwYz4FnLavDHVG8D6ByLaN1QzmMuItOFtalxTj5kOEDpcnKdry4u++7KRab0WJho9xhbLdrHNgMQt1YZDuK2K8= X-Received: by 2002:ac2:58d7:: with SMTP id u23mr6545768lfo.119.1589314683974; Tue, 12 May 2020 13:18:03 -0700 (PDT) X-CTCH-RefId: str=0001.0A09020D.5EBB0483.004D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-AVLevel: Unknown X-Rcpt-To: <x> X-SmarterMail-spam: SPF [Pass]: -2, Cyren [Unknown]: 0, SpamAssassin [raw:7]: 12, DK [None]: 0, DKIM [Pass]: -1 X-SmarterMail-SpamDetail: spam detection software, running on the system "spamassassin1.serverpoint.com", has X-SmarterMail-SpamDetail: identified this incoming email as possible spam. The original message X-SmarterMail-SpamDetail: has been attached to this so you can view it (if it isn't spam) or label X-SmarterMail-SpamDetail: similar future email. If you have any questions, see X-SmarterMail-SpamDetail: the administrator of that system for details. X-SmarterMail-SpamDetail: Content preview: Dearest, This mail might come to you as a surprise and the X-SmarterMail-SpamDetail: temptation to ignore it, I am Mrs Joyce mush and Daughter, from Cote D'Ivoire. X-SmarterMail-SpamDetail: I want to transfer the sum of $3,500,000 Usd in your account, you help me X-SmarterMail-SpamDetail: invest it in your country for my daughter future education. [...] X-SmarterMail-SpamDetail: Content analysis details: (7.3 points, 6.0 required) X-SmarterMail-SpamDetail: pts rule name description X-SmarterMail-SpamDetail: ---- ---------------------- -------------------------------------------------- X-SmarterMail-SpamDetail: 0.0 T_WHOAMI EmailFilter1 X-SmarterMail-SpamDetail: 3.0 SUBJ_YOUR_FAMILY Subject contains "Your Family" X-SmarterMail-SpamDetail: 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider X-SmarterMail-SpamDetail: (cgozie7[at]gmail.com) X-SmarterMail-SpamDetail: 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in X-SmarterMail-SpamDetail: digit (cgozie7[at]gmail.com) X-SmarterMail-SpamDetail: 0.0 LOTS_OF_MONEY Huge... sums of money X-SmarterMail-SpamDetail: 1.0 FREEMAIL_REPLY From and body contain different freemails X-SmarterMail-SpamDetail: 0.0 FILL_THIS_FORM Fill in a form with personal information X-SmarterMail-SpamDetail: 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information X-SmarterMail-SpamDetail: 1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-SmarterMail-TotalSpamWeight: 9 Dearest, This mail might come to you as a surprise and the temptation to ignore it, I am Mrs Joyce mush and Daughter, from Cote D'Ivoire. I want to transfer the sum of $3,500,000 Usd in your account, you help me invest it in your country for my daughter future education. Recently my doctor told me that my health condition is very bad due to cancer problem having known my condition i decided to contact you. Send me these informations; Full name, Address, Sex, Age, Occupation, Phone/Mobile,State of origin, Country.I am waiting for your reply so that i give you more details . Hoping to receive your response immediately, E-mail Reply To; joycemush3@gmail.com Thanks. Sincerely . From Mrs mush and Daughter. 0-2-2.txt
  2. Submitted email directly at spamcop website using the " Paste entire spam (headers, blank line, body) " method, like I do with all the other submissions I make. But this one produced: 2a00:1450:400c:c09:0:0:0:243 not listed in cbl.abuseat.org 2a00:1450:400c:c09:0:0:0:243 not listed in dnsbl.sorbs.net 2a00:1450:400c:c09:0:0:0:243 not listed in accredit.habeas.com 2a00:1450:400c:c09:0:0:0:243 not listed in plus.bondedsender.org 2a00:1450:400c:c09:0:0:0:243 not listed in iadb.isipp.com No body text provided, check format of submission. spam must have body text. When viewing the email, there is clearly a body. The email was retrieved directly from gmail's "Original message" output, and pasted into the website field, just like others that I have submitted. There is one blank line separating the headers from the body. I tried adding more, with no better result. Seems spamcop has an issue processing this email: https://www.spamcop.net/sc?id=z6322627898zb99bde9cef22f4244354756ef95903c3z
  3. When submitting the numerous African scam emails to SC, SC inconsistently detects the X-Originating-IP address that is contained in most of them. Below are some examples. I'd say that about 10% of X-Originating-IP addresses listed in emails submitted to SC are detected and reported by SC. For the rest of those IP addresses, it requires manual email submission outside of SC to the abuse contacts. Why does SC detect and report so few of the X-Originating-IP addresses? (detected X-Originating-IP )X-Originating-IP: NOT detect X-Originating-IP - NOTE that I tried removing the brackets and did a test submission, but the IP address was still not detected)X-Originating-IP: []https://www.spamcop.net/sc?id=z6406866999z99adf4922fa966b5fed68ebaf3b2fd37zX-Originating-IP: []https://www.spamcop.net/sc?id=z6406728731z23dd15f2eb5e25f40a46806c87083ddaz
  4. Well, ok... I guess. That still doesn't explain the inconsistency in SC dection. Here are more examples: (picked up originating IP but not hotmail IP addr) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03hn0242.outbound.protection.outlook.com. []) Received: from [] ( https://www.spamcop.net/sc?id=z6409167115za761b3104214b72db296057e7e7d1c25z(detected X-Originating-IP )X-Originating-IP: []https://www.spamcop.net/sc?id=z6407552726zb56b967b54eb78cfb1ad7d9571f6e59fz As far as confusing the matter, I feel the X-Originating-IP address is valid enough since they almost ALWAYS lead back to afrinic.net controlled IP addresses. SO I will CONTINUE to report them manually. I just wish SC would do it more consistently, because it DOES sometimes.
  5. re: " the header is processed and reports sent " No report was "sent" or processed. There was nothing in the report history webpage. See below. So... I doubt anyone is looking into the issue. I guess I submitted to the wrong forum... Submitted: 10/23/2016, 11:57:18 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:46:21 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:42:44 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:33:20 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:32:53 AM -0500: DEAR FRIEND, CAN I TRUST YOU? SPF: PASS with IP 2a00:1450:400c:c09:0:0:0:243... No reports filed Submitted: 10/23/2016, 11:32:19 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed Submitted: 10/23/2016, 11:26:39 AM -0500: DEAR FRIEND, CAN I TRUST YOU? No reports filed
  6. That post did not apply to my issue at all. As I indicated: "Submitted email directly at spamcop website" " There is one blank line separating the headers from the body. I tried adding more, with no better result. "
  7. Recently, when reporting spam that has a lot of 'unique' links in the spam and at the spammer's website, ALL of the links are being truncated so NONE are being reported when spamcop processes the spam at the members.spamcop.net webpage. WHY??? Before, at least spamcop displayed SOME of the links. How many links are TOO MANY??? Before it was something like 7 or so. This is making my already difficult taks of keeping up with 80+ spam messages a day even more difficult, because now I have to figure out WHICH links are not worth reporting. Now I have to break up the spam and report it twice or three times to report all the links. (example when spamcop processes an email with too many links) Finding links in message body Parsing text part Reducing redundant links for www.axs3ed.com Too many links, links ignored (here's what was being reported) From: Chapmanilzrz <Burgessfpliz[at]centurytel.net> Subject: acts quicker and lasts much longer! To: x[at]x.x Reply-to: Chapmanilzrz <Burgessfpliz[at]centurytel.net> Message-id: <HBSYFWC-0001519039642[at]somebody'll> MIME-version: 1.0 X-Mailer: hsbsm doctor X-Virus-Scanned: Symantec AntiVirus Scan Engine <html> <body> <font face="Tahoma" size="2">Dis<font style=font-size:1px>.</font>count Ph<font style=font-size:1px>.</font>armacy Onlin<font style=font-size:1px>.</font>e <ul> <li>Sa<font style=font-size:1px>.</font>ve up t<font style=font-size:1px>.</font>o %8O orde<font style=font-size:1px>.</font>ring your meds online</li> <li>No presc<font style=font-size:1px>.</font>ription required</font></li> <li>fast disc<font style=font-size:1px>.</font>reet s<font style=font-size:1px>.</font>hipping, o<font style=font-size:1px>.</font>vernight nextday air</li> <li>FDA & Do<font style=font-size:1px>.</font>ctor Ap<font style=font-size:1px>.</font>proved</li> </ul> <font face="Tahoma" size="3">Xan<font style=font-size:1px>.</font>ax - Cia<font style=font-size:1px>.</font>lis - Via<font style=font-size:1px>.</font>gra - Vali<font style=font-size:1px>.</font>um<br><br> <b><a href="http://4mhFOG5e.bookeds.com/417">Pl<font style=font-size:1px>.</font>ace Your Or<font style=font-size:1px>.</font>der Here Tod<font style=font-size:1px>.</font>ay</a></b></font> <br><br> <a href="http://bookeds.com/a.html">no moore</a></p> <font style=font-size:1px> petunia carbohydrate christmas mitral ornament alp memorable dally alexandre http://4mhFOG5e.bookeds.com/417HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Sat, 21 Feb 2004 23:25:53 GMT Connection: close Location: http://www.axs3ed.com/ua/cgi-bin/clickthru...ww.stilldcs.com Content-Length: 121 Content-Type: text/html Set-Cookie: ASPSESSIONIDCARCBCTR=GLKKFLJCPOHKEAALNJDKCGPG; path=/ Cache-control: private http://www.axs3ed.com/ua/cgi-bin/clickthru.cgi?id=pharm17 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Sat, 21 Feb 2004 07:31:08 GMT X-Powered-By: http://ASP.NET Connection: close [sat Feb 21 15:31:09 2004] D:\sites\ua\cgi-bin\clickthru.cgi: DBD::mysql::st execute failed: Can't open file: 'ua_primary_hits.MYI'. (errno: 145) at d:\sites\ua\cgi-bin\common.cgi line 42. Set-Cookie: MSsaver=pharm17; path=/; expires=Sun, 20-Feb-2005 07:31:09 GMT Date: Sat, 21 Feb 2004 07:31:09 GMT p3p: policyref="axs3ed.com/w3c/p3p.xml", CP="ALL DSP TAIa PSAa PSDa OUR IND UNI COM NAV STA OTC" Content-Type: text/html; charset=ISO-8859-1 <META HTTP-EQUIV="Refresh" CONTENT="0; URL=choose7x24.com"> http://www.stilldcs.com HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Connection: close Content-Location: http://www.stilldcs.com/default.htm Date: Sat, 21 Feb 2004 23:26:55 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Fri, 06 Feb 2004 16:24:00 GMT ETag: "01066a0cdecc31:151a" Content-Length: 26113 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><!-- InstanceBegin template="/Templates/pharm.dwt" codeOutsideHTMLIsLocked="false" --> <head> : <title>Discount Foriegn Parmacies Online - Cheapest on the net!</title>
  8. Tried to report (via spamcop website manual entry) an email that included a website URL in the body, but spamcop indicated: Tracking message source: Routing details for [refresh/show] Cached whois for : grzegorz.szar[at]network.net.pl Using last resort contacts grzegorz.szar[at]network.net.pl ISP has indicated spam will cease; ISP resolved this issue sometime after Sunday, May 13, 2007 7:11:33 AM -0500 That's fine, but spamcop also disabled the reporting of the actual website/domain being promoted in the email body: If reported today, reports would be sent to: Re: (Administrator of IP block - statistics only) grzegorz.szar[at]network.net.pl Re: http://kumadira.hk/?a=636-10706 (Administrator of network hosting website referenced in spam) abuse[at]prodigy.net My question is why? Why not still process the complaint against the website? I would like to request a change to spamcop so that it DOES process the website/domain even if the source of the email has been "resolved" by the ISP. Nothing was "resolved" regarding the website/domain. It still needed to be reported. Here is the tracking URL: http://www.spamcop.net/sc?id=z1300312549z6...d7ef6c6c4d832fz
  9. Looking for the best/most effective (or really ANY) way to shut down a spammer who references "traffix" in each email and originates from 66.17.241, 65.111.16 or 208.53.7 to promote offers. I have reported the spammer 1-4 times a day for the last couple of months, but the spam still continues. The spammer uses new/unused domains in almost every email. I have compiled a list below. I have also been reporting the domain that is eventually reached after going through all the re-direct URLs. I have used spamcop as well as direct email to the following addresses. Nothing has stopped the emails. Here is a recent report: spamcop.net/sc?id=z1295320116zb1dff6525d3f0761e0ba6b7ca5e1cdb3z reports have been sent to: bill[at]greenlightpromotion.com moultriecomplaints[at]gmail.com abuse[at]guilfordcommunications.com, abuse[at]cogentco.com domains used in spam emails - in chronological order from most recent at the top: left.FIRMAMENTMEDIA.COM SHELL.SUBTERFUGECONSULTANTS.COM sally.BETENOIREMEDIA.COM fortune.AUTODIDACTSOLUTIONS.COM blue.NECROSISEMEDIA.COM else.TRUMPETLIKESBUZZ.COM elkins.SHELASOLUTIONS.COM fort.TEREDINESESOLUTIONS.COM sow.SYRINXESOLUTIONS.COM fibula.HUBRISESOLUTIONS.COM COOK.COGITATIONMEDIA.COM apple.BOUNCINGCHAIRS.COM chris.OATMEALPOWERSOLUTIONS.COM cell.APTUSHOST.COM trim.tremulousegroup.com box.pugilistgroup.com lome.MABERTHOST.COM omega.FRANLOUHOST.COM torlage.RENFROEGROUP.COM eastway.BELLEFONTEGROUP.COM baseball.BASALTHOST.COM SUMMER.DANDLEMEDIA.NET SWIM.CONVIVIALSOLUTIONS.COM FLOWER.SUPERNALSOLUTIONS.COM trim.tremulousegroup.com tampa.BEEKMANHOST.COM horseshoe.ETOWAHMEDIA.COM florence.DEPRECATEGROUP.COM PLEASE.PALINDROMEHOST.COM sorrow.ATROXSOLUTIONS.COM finger.APPELLOGROUP.COM TOM.FIRSTAMELIORATE.COM wheel.AFFABLEMEDIA.COM ride.CHARYHOST.COM blue.NECROSISEMEDIA.COM better.REPLAYTHESTART.COM elkins.SHELASOLUTIONS.COM elkins.SHELASOLUTIONS.COM bylas.PINEDALESOLUTIONS.COM saratoga.SIDCOSOLUTIONS.COM werdin.PETTUSGROUP.COM ormond.VAIROMEDIA.COM emony.WILDOTMEDIA.COM emony.WILDOTMEDIA.COM saric.ZINGARAHOST.COM tampa.BEEKMANHOST.COM fort.teredinesesolutions.com lanvale.TINDELLMEDIA.COM QUILT.TORTUSOLUTIONS.COM mountain.sphenicehost.com mountain.sphenicehost.com gate.BIDDABLECONSULTANTS.COM florence.DEPRECATEGROUP.COM down.FAIRSHAKESOLUTIONS.COM chris.OATMEALPOWERSOLUTIONS.COM cell.APTUSHOST.COM cell.APTUSHOST.com bone.APPROPINQUOGROUP.com panther.saccateehost.com austin.tutelaryegroup.com bananna.comityhost.com bananna.comityhost.com strike.pugnaciousgroup.com finger.APPELLOGROUP.COM drum.rapprochementemedia.com slim.histrionicesolutions.com zeta.HAUSERSOLUTIONS.COM hawk.TENEBRIFICEHOST.COM torlage.RENFROEGROUP.COM phi.DORMANSOLUTIONS.COM wellington.CHELYANMEDIA.COM espn.ESPADRILLESOLUTIONS.COM baseball.BASALTHOST.COM macon.PILTONHOST.COM sybarite.CARTECAYMEDIA.COM taft.TRANSMUTE4.COM else.TRUMPETLIKESBUZZ.COM quay.CONDIGNGROUP.NET miser.cudgelemedia.com delta.ELMHURSTHOST.COM ROSE.ROOSEMEDIA.NET ginco.POWELTONGROUP.COM trim.tremulousegroup.com fort.teredinesesolutions.com horseshoe.ETOWAHMEDIA.COM mountain.sphenicehost.com steft.DISTRAITPRO.COM gate.BIDDABLECONSULTANTS.COM zebra.BURNINGCLIFF.COM bolo.FLUTELIKESAIR.COM chris.OATMEALPOWERSOLUTIONS.COM exhausted.APUDSOLUTIONS.COM notright.ARBUSTUMHOST.COM unhappy.ATREBATUMMEDIA.COM east.FIGUREDOUTHOPE.COM up.CRUELTOGREAT.COM toe.APPONOMEDIA.COM so.sadtruthbetoldsolutions.com theory.quondammedia.com falcon.sacristyemedia.com FOM.YOURVICISSITUDE.COM heavy.DILATORYGROUP.COM vercile.CHARESTMEDIA.COM believe.dubietymedia.com Bragi.HIGHFALUTINGROUP.COM antelope.ineffablehost.com Freyr.EQUERRYSOLUTIONS.COM des.CARILONGROUP.COM rue.ABERCOMMEDIA.COM green.MAMMONEGROUP.COM delphos.SIGMANMEDIA.COM suman.KENOVAMEDIA.COM lucid.encumbranceahost.com birth.renascentesolutions.com birth.renascentesolutions.com brim.reconditemedia.com salmon.diktatgroup.com milborne.LANGARHOST.COM sables.DALLAIREGROUP.COM agathe.CLOUTIERMEDIA.COM tapped.JOCUNDMEDIA.COM tenshaw.SLOCUMHOST.COM ARCH.ABATINGHOST.COM harlou.OLCOTTGROUP.COM NORDALE.LOUDENDALEGROUP.COM ozark.HOGSTENMEDIA.COM AFRICA.AFICIONADOMEDIA.NET
  10. remay

    Has anyone come across INTELLIWERKS

    I was wondering if you could share some thoughts on the best/most effective way to report this spammer's intwm40.com and intwmailsc.com domains to get them shut down. I have reported well over 100 of their emails via spamcop and maybe 70-80 by direct email 1-3 times daily over the last several months In addtion to jkim[at]pccwglobal.com via spamcop, emails have been sent to: abuse[at]pccwglobal.com, abuse[at]pccwbtn.net postmaster[at]pccwglobal.com, supportamerica[at]btnaccess.com I have also reported the advertiser URL(s) that are eventually re-directed to from the spammers website, with no apparent effect. Here is a recent report: spamcop.net/sc?id=z1295332933za51cd62710a839f93fc63cef2d2726c1z Moderator edit to fix quoting
  11. remay

    ...IP not found...discarded as fake.

    re: Basically, spamcop is not a browser and not willing to wait an enternity (in network time) for it to resolve. Is there a way to REQUEST a longer timeout or some user-selectable parameter we can adjust for cases like this? I have gotten over 30 spam emails in two days promoting a site that is very much alive and functional, but spamcop fails to record it: Host kikaq.hk (checking ip) IP not found ; kikaq.hk discarded as fake. Host kikaq.hk (checking ip) IP not found ; kikaq.hk discarded as fake. : : Tracking link: http://kikaq.hk/ No recent reports, no history available Cannot resolve http://kikaq.hk/ What is the suggestion for reporting ALIVE domains/websites that spamcop does not handle?
  12. remay

    Slow Web Interface Processing

    I manually enter spam emails at the spamcop.net/sc website using the text box labeled: "Paste entire spam (headers, blank line, body) - or - single address (one line only):". I always have the "Show technical details" box checked. It is taking a long time to process the email (after clicking the "Process spam" button), and then if it does it successfully, it may take a long time again, when clicking the "Send spam Report(s) Now" button. Sometimes the response is completely acceptable (a few to 10 or 15 sec). If the server is slow, I am likely to an error such as: "Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.58ed23f.1166... " "An error occurred while processing your request. Reference #97.636b9d40.11665 ....." "got sigalarm, taking too long to process, aborted. Perhaps you can wait a few minutes and reload?" After these messages, there is usually the "Unreported spam Saved: Report Now" and "Remove all unreported spam" links. I have been removing all, before manually entering the next email. Hopefully, someone is trying to address these issues? [Moderator edit: originally posted as a separate article, merged here; user remay notified by PM with cc to SpamCop Forum Moderators and Admin]
  13. remay

    Spamcop is BACK !!!!

    I can't agree totally that spamcop website reporting "back". I have seen SEVERAL occurences today of messages similar to the following after clicking on "Send spam Report(s) Now" to send the reports: An error occurred while processing your request. Reference #97.636b9d40.11665 ..... I have to "refresh" the browser, then I get the confirmation page that indicates the reports were sent.
  14. remay

    Slow Web Interface Processing

    Still getting the following after submitting the report via website ... "got sigalarm, taking too long to process, aborted. Perhaps you can wait a few minutes and reload?" Since the list of abuse email addresses was shown, did the emails to them get sent, or do I need to actually re-do the report? I am seeing this set of errors more often than not, and at times that I would not expect to be peak times, but maybe these days, there ARE no peak times?
  15. That did the trick. Now I feel bad that all the spam reports got sent to the hosting company, but... they never informed me of the change. Thanks for the help!
  16. I receive my email via a forwarding service from a hosting company's POP3 servers to my personal email account with an ISP. I have been noticing that a specific IP address is what gets reported by spamcop instead of the apparent IP address of the source of the spam. It seems that spamcop should be reported the IP address that is listed in bold below rather than the one in red. Is this an issue with the way spamcop handles email forwards into a user's real email account, or is spamcop doing things correctly? http://www.spamcop.net/sc?id=z894394520z83...deac823e1717e7z Received: from server17.wowrack.com (HELO server17) ([]) by hrndva-mx-02.mgw.rr.com with ESMTP; Fri, 10 Mar 2006 10:33:52 -0500 Received: from tctvnet08223.ccnw.ne.jp [] by server17 (SMTPD32-8.15) id AC61A2900AE; Fri, 10 Mar 2006 07:33:53 -0800 http://www.spamcop.net/sc?id=z894395240zf8...2aff441a88afc7z Received: from server17.wowrack.com (HELO server17) ([]) by orngca-mx-11.mgw.rr.com with ESMTP; Fri, 10 Mar 2006 04:36:12 -0500 Received: from 5FEA8450 [] by server17 (SMTPD32-8.15) id A88B130D0154; Fri, 10 Mar 2006 01:36:11 -0800
  17. What do I do when I go to members.spampcop.net to report spam without modifications, and I get the "Too many links, links ignored" message??? I have been told I CANNOT modify the contents of the spam, so ... what AM I supposed to do? Let the spammer off the hook? Is this the way spammers are going to be able to "protect" themselves from having their scam domains reported (by spamcop)? Why can't spamcop all more links? Here is the spam email body(with NO mods!)... <html> <body bgColor="#E8E8E8" leftMargin="0" rightMargin="0"> <div align="center"> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">rudderperitecticlizzienowisepersimmonservomechanismconnielobularrodgersstupefactionhuffmanmelanomaprobity<br></font> <a href="http://daimler.chagrin.vialine.biz/buy/yardstick/?despite"><font face="Arial Black" size="7" color="#FF8000"><u><strong>VIALINE</strong></u></font></a> <br> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">circumstanceadeninebridgetgodwitcarnivalpenanceadjoinforgotalohagreenbelt<br></font> <a href="http://faber.hiss.vialine.biz/elongate/deerskin/?engel"><font face="Verdana" size="5" color="#800000" style="text-decoration:none;"><strong>new brand in in true medicines production!</strong></font></a> <br> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">cassiopeiaaphasiaphotoportendalpiraeusodehappychurchwomenhebearmbayesiantegucigalpajujualistair<br></font> <a href="http://logjam.mutant.vialine.biz/seismography/holman/?phosphorescent"><font face="Arial" size="6" color="#FF8000"><u><strong>best quality drugs</strong></u></font></a><br> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">blatzgentlemencircumcircleemphaticbarefacedyettropicnortonattirecamerountank<br></font> </div> <table align=center border="0" width="100%" cellspacing="0" cellpadding="0" height="46" bgcolor="#DFDFDF"> <tr> <td width="100%" height="17" align="center"><a href="http://data.arm.vialine.biz/workspace/sprang/?gnomon"><font face="Arial Black" size="7" color="#C0C0C0"><span style="font-size: 50;text-decoration:none"><font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">5</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">k</font>A<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">M</font>S<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">M</font>Y<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">T</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">Q</font>T<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">l</font>O<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">j</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">K</font>B<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">W</font>U<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">R</font>Y<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">7</font>!<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">7</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">h</font>C<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">E</font>L<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">V</font>I<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">y</font>C<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">M</font>K<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">a</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">u</font>H<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">3</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">f</font>R<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">Q</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">V</font></span></font></a></td> </tr> <tr> <td align="center" bgcolor="#93D706" height="35"><a href="http://west.bela.vialine.biz/westfield/attendee/?ecumenist"><font face="Arial Black" size="4" color="#FFFFFF" style="text-decoration: none;">We ship to over 150 countries!</font></a></td> </tr> <tr> <td width="100%" height="108" bgcolor="#87C505" align=center><a href="http://tombstone.bemuse.vialine.biz/igneous/derate/?cubic"><font face="Arial" size="3" color="#FFFFFF" style="text-decoration:none;"><strong>No prescription required!<br> Private online ordering!<br> Discreet packaging!<br> Money back guarantee!</strong></font></a></td> </tr> <tr> <td width="100%" height="17" align="center"><a href="http://got.parliament.vialine.biz/foregoing/communal/?fossil"><font face="Arial Black" size="7" color="#C0C0C0"><span style="font-size: 50;text-decoration:none"><font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">T</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">u</font>A<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">u</font>S<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">O</font>Y<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">f</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">E</font>T<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">i</font>O<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">a</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">S</font>B<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">V</font>U<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">5</font>Y<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">m</font>!<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">B</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">b</font>C<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">Y</font>L<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">y</font>I<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">W</font>C<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">g</font>K<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">U</font> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">W</font>H<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">N</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">C</font>R<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">U</font>E<font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">2</font></span></font></a></td> </tr> </table> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">malayswitchconcertoneitheruniaxialdistinctfakewealthcomplacentpaunchyspiderchevysrisuppressoranteriordecancelconnotativereprehensiblesymmetrybetrayalcabcatskilldatelinevalentine<br></font> <br> <a href="http://everyday.nile.vialine.biz/irk/?p=0&c=106"><font face="Arial" size="2" color="#CCCCCC" style="text-decoration:none;">Un Sub Scribe</font></a><br> <font size=1 color="#EAEAEA" style="font-size:1px;color:#EAEAEA">tapanapkinarcsinepalebeebreadprocrastinatefatgeodesysundewhumanemathematikscudsubpoenasobthreoninemulti<br></font> <br><br> </body> </html>
  18. remay

    Spammers Have SpamCop's Number?

    I am seeing more and more cases where spamcop claims the websites cannot be resolved. Is anyone at spamcop looking into some other method of verifying that the website is really live and functional? http://www.spamcop.net/sc?id=z703599666zb5...7251e8dd21e985z This is what spamcop returns: Tracking link: http://globalbargain.biz/r [report history] Cannot resolve http://globalbargain.biz/r Tracking link: http://lxjrfb2yzwcc73.globalbargain.biz No recent reports, no history available Cannot resolve http://lxjrfb2yzwcc73.globalbargain.biz After clicking on the spam URL link in the email body and seeing the website come up, I captured the website from IE 6.0 using File -> Save-As -> Save-as-type = "Web Archive, single file (*.mht)" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.globalbargain.biz/ X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!-- Access Denied! Source file is not available. --><HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1252"> <META http-equiv=3Dexpires content=3D2> <META http-equiv=3Dimagetoolbar content=3Dno> <STYLE type=3Dtext/css media=3Dprint>BODY { DISPLAY: none } </STYLE> <META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR></HEAD> <BODY> <scri_pt language=3DJavaScript type=3Dtext/java scri_pt><!--=0A= var j=3D"",f=3D"",u=3D81,a=3D")ue#08yO/j5MCn|BR=3DLo26 = Jdi&tP>XfkDz-x13AYHTIh$!\".Gm:_w(Zla7?cWVUNr9v4FsKp%S;qgE<b";enum(unescap= e("%66%75%6E%63%74%69%6F%6E%20%77%28%79%29%7B%76%61%72%20%69%3D%27%27%2C%= 6B%2C%73%2C%65%2C%76%3B%66%6F%72%28%6B%3D%30%3B%6B%3C%79%2E%6C%65%6E%67%7= : : xxXJbjW#|P#9X");qqq();document.write(f);f=3D"";//--></scri_pt> <NOSCRIPT>To display this page you need a browser with java scri_pt=20 support.</NOSCRIPT></BODY></HTML>
  19. When reporting spam for hotfunsingles.com, spamcop failed to gather the IP address for the domain, so did not allow me to report it. I retried several times, but to no avail. I had no difficulties tracerouting the domain and going to the website in the spam before and after the report was made, so I don't understand why spamcop couldn't detect it correctly. Here is the spam report: http://www.spamcop.net/sc?id=z672870723zf7...5b1f5e667aaa09z traceroute to HOTFUNSINGLES.COM (, 21 ( 467.743 ms
  20. I had a particular spam email where spamcop would NOT detect the spammer's website URLs in the message body. This is NOT a MS Outlook "boundary" issue. But... there is SOMETHING in the headers of the spam email that spamcop didn't like, but I don't know what. When I used some other spam email's header, then spamcop detected the URLs just fine. I am not sure WHY spamcop wouldn't detect the links. Any ideas? It LOOKS like spamcop needs to be modified somehow, but I wasn't sure who to submit this to... Here are the URLs that spamcop eventually was able to detect in the spam, when I used a different set of email headers than the ones that came with the spam (below) to test things to see if ANY links could be detected. <snipped as results were gained with artificial headers> Here is the spam... Return-path: <ESC1011292925991_1011273013097_843[at]in.roving.com> Received: from ms-mta-03 (ms-mta-03-smtp.texas.rr.com []) by ms-mss-03.texas.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HZP00H569H53N[at]ms-mss-03.texas.rr.com> for x[at]houston.rr.com; Tue, 22 Jun 2004 02:43:53 -0500 (CDT) Received: from txmx03.mgw.rr.com (txmx03.mgw.rr.com []) by ms-mta-03.texas.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HZP007AX9H5F7[at]ms-mta-03.texas.rr.com> for x[at]houston.rr.com (ORCPT x[at]houston.rr.com); Tue, 22 Jun 2004 02:43:53 -0500 (CDT) Received: from samantha.asdf456.com ([]) by txmx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i5M7hn1j021341 for <x[at]houston.rr.com>; Tue, 22 Jun 2004 03:43:49 -0400 (EDT) Received: (qmail 27431 invoked by uid 399); Tue, 22 Jun 2004 07:43:48 +0000 Received: (qmail 27416 invoked by uid 0); Tue, 22 Jun 2004 07:43:48 +0000 Received: from unknown (HELO ccm01.roving.com) ( by samantha.asdf456.com with SMTP; Tue, 22 Jun 2004 07:43:48 +0000 Received: from sched2 (loghost2.roving.com []) by ccm01.roving.com (Postfix) with ESMTP id BD6C934AE0 for <x>; Tue, 22 Jun 2004 03:29:55 -0400 (EDT) Date: Tue, 22 Jun 2004 03:29:55 -0400 (EDT) From: Unicare Health Insurance <plukachekins[at]sbcglobal.net> Subject: Unicare Health Insurance of Texas To: x Reply-to: plukachekins[at]sbcglobal.net Message-id: <1011292925991.1011273013097.843.2.260342[at]scheduler> MIME-version: 1.0 X-Mailer: Roving Constant Contact 8.0.Patch805A (http://www.constantcontact.com) Delivered-to: x.x-x X-Roving-Queued: 20040622 03:43:47.657 X-Return-Path-Hint: ESC1011292925991_1011273013097_843[at]in.roving.com X-Roving-ID: 1011292925991 X-Lumos-SenderID: 1011273013097 X-Roving-CampaignId: 1011292925991 X-Roving-StreamId: 0 X-Virus-Scanned: Symantec AntiVirus Scan Engine Original-recipient: rfc822;x[at]houston.rr.com <head > <title >Unicare Health Insurance of Texas</title> </head> <body bgcolor=3D"#FFFFFF" style=3D"BACKGROUND-COLOR: #FFFFFF;MARGIN: 0px 0p= x 0px 0px;" ><!--Copyright © 1996-2004 Roving Software Incorporated d/b/a= Constant Contact. All rights reserved. Except as permitted under a separa= te written agreement with Constant Contact, neither the Constant Contact softw= are, nor any content that appears on any Constant Contact site, including but not limited to, web pages, newsletters, or templates may be r= eproduced, republished, repurposed, or distributed without the prior written permission of Constant Contact. For inquiries regarding repr= oduction or distribution of any Constant Contact material, please contact legal[at]constantcontact.com.--> <a ton of useless stuff deleted> <a href=3D" http://ccprod.roving.com/rov= ing/images/cc-logo-color-sm.gif"/></a></FooterLogo></font></td></tr><tr ><t= d colspan=3D"2" ><font face=3D"verdana,arial" size=3D"1" ><br /> www.get- healthinsurance.com | 5115 N. Galloway Ave | Suite 201 | Mesquite | TX | 75150= </font></td></tr></table></div></body> [Edited by Wazoo as the Original Poster didn't seem to want to, even after posting a Tracking URL in a later posting]
  21. It's too late now for spamcop to process, but you can look at the headers, if you desire, with the Content-Type as it was delivered to me with the original spam: http://www.spamcop.net/sc?id=z525152824z60...a165b7833e16cdz
  22. I would have if I knew who I could foward the entire email to for review. I manually removed the Content-Type lines so I could paste the entire headers and body into the spamcop reporting web page without having to use the "workaround" web page. Here is what was in the headers: Content-type: multipart/alternative; boundary="----=_Part_1254089_-1629290071.1087890227657" Sorry you doubt me. I copied and pasted exactly what was produced in it's entirety with "view source". It ended with </body>! Sorry for the long post. Obviously, I don't know the procedure for reporting a "bug" or "problem" with spamcop. I spent well over 30 minutes trying to figure out WHY spamcop wouldn't detect the links. It gave NO error that there were no links or that there were too many links! When nothing seemed to work, I took another successful spam email, copied the headers (with no Content-Type line), using the EXACT same html source, and spamcop DID detect the URLs. I was HOPING that someone could look at WHY spamcop would NOT detect the links with the headers that went with that spam.
  23. Request for enhancements to the spamcop website page used for reporting: 1 - When "Unreported spam Saved: Report Now" is displayed, please add the number of unreported spams. It would be nice to see the progress when reporting to find out how close you are to being done. For example: Unreported spam Saved: Report Now [ 23 remaining ] 2 - When reporting spam via the email with attachment method, a lot of the emails have no detected website URL links, even though they EXIST in the body of the email. Yes, the email client being used to send the reports is outlook, but reports are being sent as ATTACHMENTS, so the "Content-Type: multipart/alternative;" lines shouldn't be a problem, correct?. Here is one scenario. If a spammer's website is repeated in the actual html link and label, it is not detected. In this example, asdsaezv1.com is NOT detected: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Message</TITLE> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD> <BODY> <DIV align=center><A href="http://www.sabsbmeds.com/tp/default.asp?id=GM02x"></A> <BR><BR><A href="http://www.asdsaezv1.com/">http://www.asdsaezv1.com/</A></'>http://www.asdsaezv1.com/">http://www.asdsaezv1.com/</A></DIV> <DIV align=center>chambers schuster apposition lithography blackmail hotbox notebook tanaka vial joke [3 </DIV></BODY></HTML> If a couple of spaces are inserted between the end of the link and the beginning of the label as shown below, then the URL IS detected: ><A href="http://www.asdsaezv1.com/"> http://www.asdsaezv1.com/</A></ 3 - Allow the maximum number of URLs (7) to be DISPLAYED when there are MORE than 7 URLs in the body. Right now, it just indicates "too many links". At least show SOME of those links, so at least SOME of the domains can be reported. Spamcop USED to display the maximum number, but for some reason was changed.
  24. Can spamcop be changed to support Microsoft Outlook when it is contains the following header information - Microsoft Mail Internet Headers? Spamcop will not detect any URL links as long as this line is left in the report. It produces the standard errors: Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found I can remove the Microsoft Mail Internet Headers line, and then spamcop is "happy" and picks up URLs. I can also process spam with the "outlook/eudora workaround form", but I would LIKE to be able to submit the spam using the email method rather than having to copy/paste the information manually into two separate entry fields. Spamcop DOES handle the "Content-Type" information when sent via email, so it SHOULD be able to handle the Internet headers line as well (my opinion). Microsoft Mail Internet Headers Version 2.0 Received: from xxxx by xxx with Microsoft SMTPSVC(5.0.2195.5329); Wed, 19 May 2004 21:47:22 -0500 Received: from xxxx ([xxx.xxx.xxx.xx]) by xxxxxxxxxxxxxxx.xxxxxxx.com with Microsoft SMTPSVC(5.0.2195.5329); Wed, 19 May 2004 21:47:22 -0500 Received: from unknown(xxx.xxx.x.xxx) by xxxxx.xxx-xxx.xxx via csmap id 1eb14342_aa08_11d8_8303_00304824d6a1_29960; Wed, 19 May 2004 21:48:05 -0500 (CDT) Received: from sender1416 (Main14[at]cc3- []) by xxxxxx.xxx.xxx.xxx (x.xx.xx.x.xx.xx) with ESMTP id i4K2lKJN021035 for <xxxxx[at]x.x>; Wed, 19 May 2004 21:47:21 -0500 (CDT) Message-Id: <200405200247.xxxxxxxxxxxxxx[at]xxxxxx.xxx-xxx.xxx> From: candyy69m7Nq6D4R4[at]hotmail.com Subject: Hi...!!! Content-Type: text/plain Content-Transfer-Encoding: text/plainDate: Wed, 19 May 2004 21:42:44 +0100 X-Priority: 3 X-Library: Indy 10.00.14-B To: xx[at]xxxxxx.xxx-xxx.xxx X-Mailer: MIME-tools 5.503 (Entity 5.501) X-NAI-spam-Score: 12.0 X-NAI-spam-Level: ************ X-NAI-spam-Rules: 7 Rules triggered FROM_HAS_MIXED_NUMS3=3.9, X_LIBRARY=2.6, FORGED_HOTMAIL_RCVD2=1.9, PLING_PLING=1.8, DATE_IN_PAST_06_12=1.2, FROM_HAS_MIXED_NUMS=0.6, BAYES_44=-0 Return-Path: candyy69m7Nq6D4R4[at]hotmail.com X-OriginalArrivalTime: 20 May 2004 02:47:22.0314 (UTC) FILETIME=[C67682A0:01C43E14]