Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender

Recent Profile Visitors

1,438 profile views
  1. jimmywalter, See post from MIG above.
  2. gnarlymarley

    No reporting -> Less spam

    They do that by mapping some sort of combination of the from, links in the body, special keywords in the subject, and who they sent the message to. I think the from of the report is the report id, so each report should be different. How I think they track it is they see which spam gets reported and then assume only people who those were sent to is reporting it. When I saw the "to" I noticed they kept changing it until they could narrow it down. Now I think they do this in BCC mode. Yeah, that would be really annoying. Or when the mailing list stops sending you emails in 2003, you stay subscribed, and they start sending again in 2018..... How I know the legitimate email blocking is happening is two points. i have my own email server that sends me nightly report. When it sent out two reports (after a few years of sending them), I noticed I didn't get them at my gmail account and research on that MTA said gmail thought it was spam. The other point is when I would forward spamcop emails, the reply was rejected on three separate occasions. I had to login to my spamcop account and click the "problem fixed" button.
  3. I am unable to tell if jimmywalter is using office365 webmail or if using outlook.live.com. I call it hotmail, but in outlook.live.com over by the sign out button is three dots that once clicked will have a "source message" link that has the full source. In offfice 365 web outlook, there is only an options and properties tab that gives the headers. The outlook application gives the same. So if jimmywalter is using office365 webapp, there is no forward as attachment and no message source. If jimmywalter is using outlook.live.com, there is no forward but is a message source that can allow the full headers and body to be copied/pasted into the spamcop webform.
  4. gnarlymarley

    No reporting -> Less spam

    For me, my spam is up and down. I noticed that gmail is lately blocking a lot of the spam. It is also rejecting some of my legitimate email as if it were spam too. I dislike it went folks sign up on a mailing list and then mark it as spam instead of unsubcribing because I am fighting the gmail spam police who tend to block that instead of just putting it in my spam folder.
  5. gnarlymarley

    Report Ends With "Parsing Header:"

    A tracking URL would be helpful. Last time I got this, it turned out to be a dot in a domainname that was not supposed to be there. Parsing your output mentally, I suspect it is the dot starting above. Mine was a double dot that the spammers put in to prevent parsing. If you remove the dot at the beginning of that hostname, does it parse?
  6. MIG, For the outlook office365 webapp, you are absolutely correct. The hotmail version of the web app will let me view the source. What sucks about the webapp, is that I can only get it to show me the headers. Apparently what Jimmywalter might need to do (and what I have been doing for a while) is access it over imap using both fetchmail and thunderbird.
  7. I used to want to have a higher reporting preference for the links in the body, until the spammer one day about two decades ago used an website from my company in one of their spams. The spam came from a prominent university and the administrator mistook the link for the source of the spam. This nearly got me fired for being the recipient of the spam during the argument that ensued. Since then, I don't care as much about the links in the body and I know those can be spoofed (as well as the Received lines in the header), but the IP that my mail server records as the source is the only one I know that I can trust as being accurate.
  8. MIG, To answer your question jimmywalter will not be able to post a tracking URL because I believe the error of "SpamCop could not find your spam message in this email" is in the response email that would normally contain the tracking URL. When the forwarded message is not an attachment, instead of a tracking URL, SpamCop provides this error. jimmywalter, this might useful to know. I use the Outlook application to create a new message and drag in the email to the forwarded message when I want to "forward as an attachment". Doing a google search yields results such as save the email as a eml file and then attach that to a new message, so I am not sure it is possible with the web application. There might be some key sequence such as something like ctrl+shif+F that might do a forward as an attachment that I am not aware of.
  9. gnarlymarley

    Spamcop not finding link in encoded message

    MisterBill, I think I found the issue. I took your spam and submitted it with one header change https://www.spamcop.net/sc?id=z6533324339z74dcc1bd7d7a1f5d7cd9d6b0c6410d96z I changed: Content-Type: multipart/alternative; boundary="B_ALT_" to this: Content-Type: text/plain; charset="windows-1252" From what I know of the message format, the boundary is missing from the message body as defined by the Content-Type. The type multipart/alternative means that there should be part of the body as text and part as html. Rather than change the Content-Type like I did. Maybe you could figure out how to find both types of the body so that you can properly report the full body.
  10. gnarlymarley

    Why not use abuse-mailbox listed in whois info

    I don't see the abuse-mailbox in the SpamCop cached whois, but I do see it in the APNIC whois. My guess would be this is part of why it does not use it.
  11. Outlook by defaut does not support forwarding as an attachment. The "forward" button is misleading. What I do to forward as an attachment is to create a new email that will be sent to spamcop, then drag the message I want to attach to the body of my new email.
  12. SC just looks at link provided the link in this case is a redirect link with a abuse address that bounces. Try to be better than SpamCop is you have the time In the case of porn spammers send to the CERT of that country as well. To answer this question about link redirection, around two decades ago SC was programmed to never follow links due to the thought that spammers were tracking which links were clicked. By clicking the link, the spammer will have the IP of your computer along with the the knowledge that the link worked, so they can send more spam. This is why SpamCop would originally just grab the hostname/IP from the link without following it.
  13. gnarlymarley

    Spamcop not finding link in encoded message

    MisterBill, I can see Base64 decoding works, but I also noticed that when there are no links, i see the following output. I am thinking this might be in part the cause why it is it is not finding the links is that maybe something in the headers tells it not to check. The following from: https://www.spamcop.net/sc?id=z6518576003zacb0684ecc1a3a9c08ea7d4865cd6840z
  14. I just checked both yours and mine and they come back. I am not sure how long it takes for the cached whois to expire. Seeing the owner, I am not surprised about the /dev/null. [refresh cache] $ whois NET-3-128-0-0-1@whois.arin.net [whois.arin.net] . . . . NetRange: - CIDR: NetName: AT-88-Z . . . . OrgAbuseEmail: abuse@amazonaws.com [refresh cache] $ whois [whois.ripe.net] . . . . inetnum: - netname: PL-INTER-SAT-20141203 country: PL org: ORG-PTAO1-RIPE admin-c: JO3356-RIPE . . . . abuse-mailbox: jacek@inter-sat.pl
  15. Yeah, I am not sure if there is someone that has the ability to fix these cache entries. It is a tragedy now that we are here, but at the same time it is at least populating the blacklist. Display data: "whois" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois" (Getting contact from whois.ripe.net) whois.ripe.net (nothing found) [whois.ripe.net] %ERROR:201: access denied for