Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Please cancel the newsletter complaint.

    Alexey, I have irritated a number of spammers in over two decades, who knowing my address, place such address on any list that does not do the "double opt-in". since spammers have been using the "unsubscribe" option for many decades (as well as trying to look the CAN-spam legitimate), I will not click such a button if I did not sign up. I will also take special care to note which ones I do sign up so I never report those. I would add that hopefully those "industry specialists" do not make a mistake and type an address wrong, which means the wrong person was added.
  2. gnarlymarley

    how to report scam links

    I would caution against the default idea of reporting of links. Nearly twenty years ago, I had a website that the spammer used in their email (which was reported through spamcop) to try to get me in trouble. It nearly worked, too. If you are not careful and you irritate a spammer, they might try to use your website too.
  3. They will look in their logs to verify that the email was not changed. This will also point them to the source of the email and they will file a new spamcop report and/or else they will disable the user's account. Now you mentioned that maybe they will get tired of spamcop, and there are some that do. For those that get tired of spamcop, the rest of us just use the spamcop blacklist. Once they realize, they can no longer get their spam through, they will either have to deal with the problem or else they will not be able to send email to a small part of the internet. When they realize they cannot get their scam through, they will deal with the problem and make the spammer move on. I have noticed that spammers have been adding fake Receive lines for nearly two decades now. They have been doing that so that spamcop back then would send the report to the wrong person and get the wrong person in trouble. Spamcop then added the "mail hosts" so that it would report your border. There also have been folks, who were banned from spamcop, that were changing the headers, which I believe that is why we have it in the FAQ to not change anything but munge a little. Because anyone can change the text in the headers, the only way I can trust a report I receive is to look it up in my mail server logs to verify that everything is correct. I also have more information in my logs that does not get sent on with the email, which is why the only way, I can deal with spam that might be sent from my server is to look at the mail server logs.
  4. How this should work is once you report the spam to the administrator of the server that sent you the spam, he can verify logs and resubmit his portion of the spam, if they indeed were relaying. Since relaying is a thing of the past, they then will close any holes the spammer may have used so that it does not happen again. If there was not relaying involved, the administrator should see who authenticated and deal with that account.
  5. For one note, those headers can be spoofed. Long gone are they days of relays, so the person whose IP is showing directly in your logs is the one that needs to deal with the the login on their server. The spammers sometimes like to add headers so you think they are just a relay and to shift blame.
  6. gnarlymarley

    Email forwarding problem

    This will depend on your email system. When I use the older version of gmail, it is text only based, so all special formatting and pictures are lost when forwarding. If you use the newest version of the webmail, you will probably be able to forward your pictures. As Lking says it depends on what you are using to send the email. You probably want to look for something that says HTML based or has special formatting.
  7. gnarlymarley

    reciveing spam through a blogspot account

    What I do is to block it on my server so I no longer get it but I have my own physical server that I can do so. Otherwise all you could do is to have it marked as spam so it goes to your spam folder. My question is, why is this not reportable? Looking at https://www.spamcop.net/fom-serve/cache/125.html it says if you signed up and after you tried to unsubscribe, you can report it as spam. If you never signed up with them, then it would be spam. I take it from your statement that you probably have already read this page I listed above to find the difference between reportable and non-reportable. If this is some sort of spat between friends, then it would not be reportable using spamcop. What you can do then is to find out who to report it to and forward as an attachment (without using spamcop) to that administrator. Since the administrator could be the spammer, you should also get this "marked as spam" so it goes to your spam folder.
  8. When you see the @devnull.spamcop.net report email destinations, that means it is noting the report to send the email, but it is the person that would receive the email has recently rejected or blocked the emails from spamcop. (Or it could mean that someone at spamcop thought it to be the spammer themselves.) Why you see those is so it can be sent out and tracked as spamcop will add the IP to the blocklist. The Notes link just takes you down to the related box to type a message to specific admins.
  9. gnarlymarley

    Definition of spam

    There is a small catch on that FAQ page where emails can be personalized, but still unsolicited. I would still say that they send one to you about your domain and send one to me about my domain, it would fit the definition of opt-out and would be something that the sender is doing in bulk, just trying to use the domain to "kinda personalize" the message.
  10. gnarlymarley

    List / Delist / List / Delist

    The only way to get these listings on the spamcop black is to have actual spam reported by mutliple folks around the world. That said, there are a few things you can check to make sure the spam is not coming from those IP addresses. I believe you have already checked the logs on your mail server. Next you can check for weird activity on those servers, such as malware or viruses. After that, you can check your router and for rouge network traffic. A packet capture utility such as wireshark can be helpful to finding the problem. As for checking the router, I have had some spam come directly from the spamcop IPs before and it turned out that someone had hacked into the router. When folks are accessing the router directly, it is possible that they could spoof your IPs. Also, if these are shared IPs (DHCP) you might want to watch out for that.
  11. gnarlymarley

    Nothing but error messages!

    What do you mean by "long email contents"? I can submit emails as large as 2Mb without issues. (Of course, spamcop truncates these to 50Kb as I expect.) I usually see the following message when I forward the email, but not as an attachment. Forwarding email inline seems to lose the headers and this is why I get this reply. [SpamCop] Errors encountered Gmail has made a change on their view source page where now they have extra stuff that is not RFC compliant at the top, so copying the whole view source page is not suggested. It is best to either figure out how to forward as an attachment or else use that "copy to clipboard" button and paste it in the spamcop window.
  12. gnarlymarley

    What part header

    The issue is with this blank line here: X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack) Delivered-To: x Which the parser cannot find the from, to, and subject lines above that blank line. In all my years, I have never seen a spam with the X-SpamCop-note header in it. That blank line in the middle of the headers leads me to believe that this is a mutliple copy/paste headers, possibly from different emails.
  13. gnarlymarley

    How to automatically submit spam?

    Automatic reporting is not always a good idea. Years ago, I had a forward as an attachment rule that automatically reported spam. For some reason I had a friend that got caught in that rule and it was automatically reported. Needless to say, we no longer speak. Now if you are saying that you will go through the spam yourself before being it gets "automatically reported", then that maybe a different thing. Having the ability to detect false-positives and false-negatives before reporting is the reason why we have the spamcop page with the information it has on it by the submit button, so we can double check. Maybe I should ask, what do you mean by reporting automatically?
  14. gnarlymarley

    Reported by Mistake

    The tracking link is found at the top of that page after you click on it. SpamCop v 4.8.7 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=
  15. This is why I setup This is why I setup a personal email server with fetchmail years ago because a lot of the the email providers go through these phases, without having a way to turn it off.
  16. gnarlymarley

    ipv6 still unsupported?

    Actually, I think this is an easy fix if they are still using regex like they were years ago. Adding something like a "\s" such as "/\sReceived:\s.../" would probably fix it. "/\WReceived:\s.../" would not as the \W matches the hyphen "-". Another possible fix is "/\bReceived:\s.../" as the \b should match the start. If they were using a //gsm in perl, then the fix could be "/^Received:\s...../". I suspect not as I have not see the deputies in a few years on in the forum. You can probably reach someone at their deputy address: deputies[at]spamcop.net
  17. gnarlymarley

    ipv6 still unsupported?

    So, if these are bogus headers why is spamcop even trying to use them? If I remember correctly Julian had something setup back around the turn of the century about ignoring "X-*" headers. Why are we even trying to report these headers that are added by google, that placed onto the message after it has been accepted? Technically, if spamcop continues to try to accept "X-*" headers, then we will need to just remove them from the spam before we report them as they are not added by the spammer's ISP.
  18. gnarlymarley

    ipv6 still unsupported?

    Another note is that not all gmail message have that header with an IPv6 address. Some have it with a actual IPv4 address. I wonder if they are testing or trying something. Anyhow, I do find it interesting that spamcop accepts the non-routeable IPv4 address as local in its headers, but not the non-routeable IPv6 address, which is in the same exact location in the headers. X-Received: by with SMTP id
  19. gnarlymarley

    mailchimp.com & list-manage.com

    I have seen a bunch of those, with the similar results. What I believe helped stop them was to keep marking them as spam in gmail and to keep reporting them. For some reason, I have not seen them in about two months now. I forget how long I kept reporting those until they stopped, which was probably around two years. Now if more folks would keep reporting these, they would stay on the blocklist and not be able to send any email to folks using the blocklist until they decided to clean up their act. It maybe the only way to catch their attention.
  20. gnarlymarley

    ipv6 still unsupported?

    I just realized something. It seems that the parse is taking the X-Received line and treating it as a Received line. Probably someone did a coding change and didn't have their parser start at the beginning of the line. X-Received: by 2002 0: Received: by 2002
  21. gnarlymarley

    President of Arden Yamanaka Co.

    What I did is to add my problem email addresses to my block list. Then the messages are blocked at my border server. I do not have to worry about sending bad bounce messages, because the problem email is not even accepted on my server. A kinda off topic action that I performed is that I setup SRS and SPF so that it would prevent others from misusing my domain. SRS works off the "return-path". This has stopped the "mail bouncing emails" that I used to get. A side note is that I have opened my my blacklist and current do not see any "bounces" for messages that "appeared to be sent from me". I am guessing that a combination of these two items has been the reason as to why it has stopped for me, however, you situation could be slightly different. If the sending (bouncing) server is on the spamcop blocklist, then just adding the bl.spamcop.net could stop or slow it down. With it all said, like Lking said, the real problem needs to be worked by the postmaster of the server that is "sending you the bounces". If that said individual does not respond, then the blocklisting and/or SPF is probably your next best option.
  22. gnarlymarley

    Misplaced repy-to-all

    if it was truly your submit address, then I would be worried. That is something that only you should know. Now if they replied to your <report_id>@reports.spamcop.net address, then that is different. The reason why your submit address should be kept hidden from others is that folks could abuse it and it could be turned off. If they do not know what the submit address is, you might be okay, but you might need to get a new one through Don at the deputies address. If you are copying folks on the same email as your reporting, it would probably be best if the submit address was in the BCC field.
  23. gnarlymarley

    Wrong sender evaluation

    Sounds to me like you need to setup mailhost in your spamcop configuration options. Mailhosts is mostly used where you have more than one mail server using public IPs and it is forwarding between them. With this setup, spamcop should correctly idenify the servers in the received line up to your border server and be able to correctly identify the real culprit. The neat thing about mailhosts setups is that it will fix your previous attempts of spam reports and those should display properly.
  24. gnarlymarley

    Nothing but error messages!

    IamInnocent. Yep, that is the page, but google maked a change a while ago, where using ctrl-a does not work. Instead, I used the "Copy to clipboard" button and then go to the spamcop reporting form and paste. Now for your original question, I get that message when I forward, but not as an attachment. Apparently a lot of folks prefer the "reply" style of forwarding and this style throws away the full headers. They change it so much, I am no longer sure if there is a key that you can hit when you click forward for it to send as an attachment. Your other option is to click the "Download original" and attach those files to an email, but that is probably as much work as what I do with the "Copy to clipboard" button.
  25. Looking at the spams, it would appear that the spammer is adding the X-Originating-IP header to confuse the matter. I do not see that IP listed in any Received lines. As it stands, I can trust any spam as far back as my border server. I cannot trust it past that. My border server will have the logs with the IP that for whom I need to report. They in turn can use their logs and pass it up to their suspected source.