Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
  • Yahoo

Profile Information

  • Gender
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

3,250 profile views
  1. gnarlymarley

    No data / Too much data

    Does this post help? http://forum.spamcop.net/topic/9324-unable-to-process-message-hearders-in-reporting-tab/?do=findComment&comment=63654 If I click "Process spam" without having the textbox above filled out, I get a similar message. Try going to https://www.spamcop.net/, without the sc at the end of the URL.
  2. Petzl, your link required authentication. Did you mean https://www.spamcop.net/fom-serve/cache/401.html?
  3. Hmmm, I noticed your second line does not properly match the first one. Specifically the "by" section does not match a mailchannels line of "inbound-egress-6.mailchannels.net". Something is strange where the headers do not see to match up. If nothing was lost, then this would be from an internal mailchannels user. 1: Received: from TrololoVPN ([UNAVAILABLE]. []) by (trex/5.18.10); Thu, 12 Nov 2020 21:07:09 +0000 No unique hostname found for source: Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line.
  4. You can try adding the same email address to your mailhosts again and then go back to the previous tracking URL to see if it picks it up. I don't think the mailhosts updates itself automatically.
  5. gnarlymarley

    MTA version parsed as IP address

    I wonder if it is considered an "internal IP". It is interesting that it picks up the IP from what appears to be a software version number. Server 64bit Probably a regex border issue seeing the period as an end of sentence?
  6. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    I believe this is what the forum subsection for reporting address issues is for. http://forum.spamcop.net/forum/39-routing-report-address-issues/
  7. gnarlymarley

    Unblock my IP?

    The RBL from your message seems to be for rbl.websitewelcome.com, but yet they tried to give you a link to spamcop.net. I don't like it when people give the wrong rejection message for their RBLs.
  8. gnarlymarley

    To Bounce or Not to Bounce?

    After reading https: //docs.cpanel.net/knowledge-base/email/how-to-configure-email-filters/, it appears that Global Email Filters uses spamassassin. Spamassassin usually scans the email after it has be received, but before it was accepted. This means a bounce should not originate from your server. I think a question here is whether cPanel's Global Email Filter's "Fail with Message" does it before or after it is accepted. A message can be sent along with the rejection to the sending server at the time of rejection. It maybe good ask the cPanel folks if your question does not get a reply.
  9. gnarlymarley

    Cannot find ip range in whois output

    Or in perl speak: $whoisoutput =~ s/inetnum/inet6num/ if $whoisoutput =~ m/inetnum:.*?::/; The if is so IPv4 is ignored. Would be better to have full IPv6 address detection in place of the "::".
  10. gnarlymarley

    "Hotmail" spam reporting stopped?

    If I am reading this correctly, it would appear that something has gone weird with the IP addresses on received lines 1 and 2. The server names do not match, nor do the IPs match. Either hotmail is not reporting all the received lines to you or else, this is a hotmail internal email.
  11. gnarlymarley

    Detect/block spamvertisement images

    There was a tool I knew about years ago called dansguardian, but I am not sure if it is still a viable tool. I understand it could scan images.
  12. gnarlymarley

    MTA version parsed as IP address

    Doesn't appear to be fixed. I see line #7 has the problem still 7: Received: from process_milters-daemon.rn-mailsvcp-relay-lapp04.rno.apple.com by rn-mailsvcp-relay-lapp04.rno.apple.com (Oracle Communications Messaging Server 64bit (built Jul 29 2020)) id <0QF100500ALEFW00@rn-mailsvcp-relay-lapp04.rno.apple.com> for x (ORCPT x); Thu, 13 Aug 2020 20:24:51 -0700 (PDT) No unique hostname found for source: mac.com received mail from sending system
  13. As much as I agree with this, I remember a company called "America OnLine" (AOL) who has sent out floppies and later CDs in the 1990s. You could use their free month, but they required a valid credit card. I didn't feel like giving it to them, so I never used the free month. My guess is that maybe why they didn't get the customer base they desired. I do not have a good replacement scheme for your suggestion and it appears it would stop the spammers.
  14. gnarlymarley

    To Bounce or Not to Bounce?

    It is correct that your IP will be showing since you started the test email. Your IP will not be showing when someone else starts the email as it will be their IP. These suggests to send bounces to a local address and look at them: https://www.spamcop.net/fom-serve/cache/380.html This suggests to check the device if it is the source of the spam: https://www.spamcop.net/fom-serve/cache/405.html
  15. That is a good question. I would almost expect abuse@microsoft.com to be on the list as well in addition to the administrator's abuse address. I think this might be microsoft's cloud and it is going to the server admin, which may or may not be the spammer.