Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Why Trusted?

    Trusted means that someone has tested the relay site in question. The two major requirements are that it is not an open relay and that the server is not owned by a spammer. A quick forum search returned the following: http://forum.spamcop.net/forums/index.php?showtopic=1172
  2. gnarlymarley

    IPv6 Again

    The main problem as to why IPv6 is taking so long is, how can you properly check for accurate IPv6 headers? Below is a snippet of email that I get which uses IPv6 in transit. I was not immediately able to locate the RFC that is more specific than RFC 2822. RFC 2822 does not dictate the format as exact as one would like. This can make decoding the lines by scri_pt or program more difficult to decode. Received: from hub.freebsd.org (hub.freebsd.org [iPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 22EA01587C2; Mon, 26 Mar 2012 00:37:01 +0000 (UTC) Received: from hub.freebsd.org (localhost []) by hub.freebsd.org (Postfix) with ESMTP id 0C3841065675; Mon, 26 Mar 2012 00:37:01 +0000 (UTC)
  3. gnarlymarley

    IPv6 Routing Support

    You are correct there when we talk about it being harder than we thought. In IPv4 we had periods to divide the octets and colons to separate the port number. We would have been fine if they had kept the same number of colons in IPv6, but they have "allowed" IPv6 to collapse the address. This will make it near impossible to find the address, especially since some mailers put a port number in with the host address, and that means there might be an extra colon and a port number. Tack on top, the idea of the collapsing address and it could change the IP that fast.
  4. gnarlymarley

    IPv6 Routing Support

    You have some localhost IPv6 header. Here is a teredo IPv6 header that may help in the debugging process: http://www.spamcop.net/sc?id=z5267442767zf...eac94b71891f3fz BTW, what else can I do to help get IPv6 support going? It seems that SpamCop has been planning IPv6 support for over two years now.
  5. gnarlymarley

    How to tell Spamcop to ignore your spam

    Interesting. I had a message that had the IPv6 address in the first occurrence about a year ago that I posted to these forums, however, the reporting link has already expired. The issue is that some mailer programs put the port along with the IP in the headers. IPv6 uses that same colon delimiter in its address. This will make the parsing portion much harder if you have to decipher the port difference from the IP.
  6. gnarlymarley

    Blocked IP for no reason!!!!!!!!!!!

    Spamcop does not block emails. They provide a blocking list service. Individual vendors block emails. I have checked my IP & it does not appear on your blocked list???? This is a user based forum. Please provider more information that we can help you with, like the error message from the email server to which you are trying to sent a message. Sounds to me like someone misconfigured their email server.
  7. gnarlymarley

    Analyzing (SpamCop) Quick reporting data

    I believe that Fred is just looking to see when and which admin was notified. The reports, however, only show that an email was sent at what time and not whether it bounced back. If the bounce was tracked, it may have held up in court. Since the bounce is not tracked, there will be issues maintaining whether an admin actually saw the report. (This is why it will not hold up in court.)
  8. gnarlymarley

    am i reporting spam correctly

    This is normal for message that were forwarded inline to your reporting address. Since SpamCop can only trust intact and untouched messages, it will only allow messages that were forwarded as an attachment. This message will contain the headers of the email that was sent to the delivery address
  9. gnarlymarley

    Am I Spamming Someone Else?

    If you look closely, you will see that your mail is coming from You should be able to trace it back via the RIPE whois to Amsterdam. As for reporting, technically you should only report the bounce you got from Yahoo's mail servers. The actual UCE messages was sent to them, so it is their spam.
  10. gnarlymarley

    I can't seem to report half of my spam !

    Ancient Galaxy hotmail.com is known to present the raw messages in this kind of format with blank lines in between the each line. In order to report these message from you would need to remove the blank lines between the headers such as found in http://www.spamcop.net/fom-serve/cache/22.html.
  11. dg3274, I agree that a tracking URL would help a bunch here. Anyone can get an old tracking URL by going back to reports and looking at the history. Without a tracking URL, all I can say is that from what I know, moomurl.com points to cloudflare. At this point, we cannot verify their "proxy service", so shouldn't they be the ones to report back to the original site? Non-authoritative answer: Name: moourl.com Addresses: CloudFlare, Inc. CLOUDFLARENET (NET-199-27-128-0-1) - CloudFlare, Inc. CLOUDFLARENET (NET-173-245-48-0-1) -
  12. gnarlymarley


    I just got a spam from an external IPv6. Below is what you will see from exim. I suspect that due to IPv6 World Day, we just might starting seeing more of these. This is my second one. I did not think to report my first one that was about five months ago. FYI, tracking link below. Received: from [2a01:c0:2:dd:21e:c9ff:feff:66d] (helo=Kook.kookhost.com) by kaysville.yaritz.net with esmtp (Exim 4.66 (FreeBSD)) (envelope-from <proseguros-insure[at]msn.com>) id 1QWHSC-0005K6-CZ for me[at]yaritz.net; Mon, 13 Jun 2011 18:25:37 -0601 Unable to process header. IPv6 addresses are not supported. No source IP address found, cannot proceed. http://www.spamcop.net/sc?id=z5037524167z6...5e80fd223a6f2cz
  13. gnarlymarley

    Forged Mail from UPS and FedEx

    What are you tracking URLs?I got one of these too and the parser is working for me.
  14. Thank you for the explanation as I was not able to find anything through google.
  15. Second reason for wasted post is that the -B is not an option for use with whois with linux, freebsd, or solaris. There is no explanation on what the -B option is. What is Snowbat talking about?
  16. gnarlymarley

    Apple Mail Problems

    I didn't immediately see anything wrong, but I know imap and pop can keep message in your folder after you have moved them. I would suggest expunging the folder before doing this. I like the other suggestion to use one that requires you to select the messages manually as it goes not require you to "expunge" a folder.
  17. gnarlymarley

    Growing spam

    keep in mind that filters work as well as they are configured. You might catch some valid email if your filter is not configured properly.
  18. gnarlymarley

    Spamcop not reporting emails in the body

    This being said, I have seen email addresses of both mine and friends in spam I receive. When spamcop was just a reporting site, I used to report these. Good email started to be forged in spam message and I finally gave up. For spamcop to parse and report email addresses in the body, it would need to know what is legitimate and what is a spammer's address. I do not think spamcop is big enough to maintain this kind of database.
  19. Now, why would you want to report a crime (spam) without the proof (spam email). As a system administrator, I like to see true proofs of the actual crime. This means I see the header that my email server tacked on in your report. I will pull up the logs and verify the actual spam came from my server. If it is not valid, you are waisting your time.
  20. gnarlymarley

    spamcop not reporting links for inertia.pl

    The main issue with reporting a link with no IP is that the whois address for the domain usually reports back to the spammer. How would we know that http://{junkhere}.w.interia.pl/ or the dns registry of {junkhere}.w.interia.pl, does not point back to the spammer? We don't. Thus said, we do not want to notify the spammer that his email is actually getting out. This means we either get the IP lookup portion working, or we ignore the link and do not report.
  21. gnarlymarley

    spamcop not reporting links for inertia.pl

    Now, I have noticed that about 30 minutes to 40 minutes after the hour, the reporting information will show up without a refresh for me. Not sure about the original submitter, but I suspect you are correct about the rate limiting.
  22. gnarlymarley

    spamcop not reporting links for inertia.pl

    Now the weird thing, is putting the link into the reporting form, pulls up the information. It just does not show on the page with the spam. http://www.spamcop.net/sc?track=http%3A%2F...c.eu.interia.pl
  23. gnarlymarley

    spamcop not reporting links for inertia.pl

    geocities.com has the same problem as in this page, http://www.spamcop.net/sc?id=z2772635443zb...854c6c5c3650bez. Last night, the pages started showing that reporting information for those pages. I submit this is either an extreme load on the dns servers causing the lack of reporting information or the code is not up to sync on all spamcop servers.