• Content count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. Interesting that the hostname starts with a dot in the submissions where it stops at: View entire message Parsing header:
  2. I am not sure if hiccup is the right word. Whenever I look at your tracking link, as well as a few of my own, they all show errors. It seems to be an issue that is rare, but consistent. I submitted one a few days ago and have not heard back yet. Maybe they were upgrading the system while you were trying to originally submit.
  3. You might want to edit your post to remove your special reporting email address that I am not supposed to know. as for the error, I usually get that when the email I am reporting is not an attachment when forwarding. see Of course, this could be anything from forwarding and not as an attachment to your spam filter removing the attachment.
  4. This does not have much to do with actual reporting, but probably should be answered. No DNS spoofing. This is nothing more than an ISP who has started using the private address in their routers, but forgot to block it on their borders. We have been seeing private addresses more since the IPv4 runout occurred a few years ago. Also, you forgot about line #14 which is also a private address. For me, I just usually block these private addresses on my border firewall. I am sure if you were able to dig further you would probably see that line #13, #15, #16, and #17 are also private address, but they actually blocked those. Now if you start to see the same IP repeated in multiple lines, you would probably know that they are NAT'ting their private addresses.
  5. Seems to me this might be a parser error as it stops on the double period. Hopefully, the deputies are will be seeing this. If not, then might be good to get Don on this at service[at] Host (checking ip)
  6. The reply email (with subject of something like "[SpamCop] Errors encountered") should have some headers near the bottom. Since this email was not able to submit the spam, it does not contain a tracking URL. The bottom of the email should contain the message or part of it that was attempted to be submitted. If it only has part, you can compare the " Content-Type" to see if your sent email has the same boundary tag. Usually when I had issues in the past, it was due to my mail client not aways sending it as an attachment. If you are not able to figure this out, my email from years ago, suggested to email the service address to get more information. Please check your email for an explanation or email for more information. I would not be surprised if cPanel is doing some sort of spam filtering and randomly removing attachments for you.
  7. I found this thread that talks about cPanel removing attachements after you forward. This this spot on the cPanel where you have to allow attachments to head to users. I am not sure why anyone would make attachment filter a default.
  8. I went to and got the following not listed in My guess is that someone was using to send actual spam, it got reported, and now the issue is resolved. When spammers use legitimate email services, it usually gets solved much quicker with the affending party being kicked off.
  9. All spamcop does for us users is to report spam back to the original administrator. I would tend to agree with InvisiBill. As for the issue at stake, I cannot click that "flag as inappropriate" button as the entry was not sent to me. The only person that can morally click the "flag as inappropriate" button is jazz25.
  10. I am not sure I entirely understand the question. What I see is a email that came from and the email has given authorization through a spf check. What happened is that was involved to send the email. If that IP is behind a NAT, then any number of hosts (which use that NAT) could have been used to send the email, including the NAT router itself. What we do know is that any of these devices could have been hacked or else the email was sent by a legitimate person. I am guessing that this is what you meant by possible forgery. Also, if you have any ties to, it might be in your best interest to check for hacking to prevent further usage of that IP by spammer jerks.
  11. Without the IP, there is not much we as users of the spamcop service can do. Spammers are attacking more than just port 25. I have seen spam come directly from a router, which does not have the SMTP service. It would appear that spammers are trying to hack and use anything that can get their message through.
  12. spamadvertising

    The "report" that was sent by SpamCop that contains the link (previously mentioned is other's posts) would have been sent to the data-center that has suspended your account. This means you will need to work directly with the data-center for both the update to spamcop and to get them to give you your account back.
  13. There have been a number of receiving systems in the past that have copied the blocklist error message about the block coming from spamcop. This can be confusing as one would immediately suspect spamcop when the blocklist came from something like spamhaus instead.
  14. is a microsoft website. In my humble opinion, microsoft and other hosting companies do not care about their site being used in someone else's spam. You might see other sites in there that might care more, Most of the folks that I have seen that care are the ones that control the SMTP side of spam. This is in part why I believe spamcop does the truncation of email.
  15. I used to see this error with the spamcop front end proxy servers. Last time I got this, I dropped an email to the deputies.
  16. I believe weduskabe is just a repeat person that keeps signing up for a new account. I am sure they are signed up with a different account that is being used to check when the emails come out and/or stop. These hits, seem to hit hard and then stop after a while, almost like throw away accounts. What gets me is I wonder if the moderators have thought about a reporting system and a IP blocklist. I mean other than the "report to moderator" at the bottom of each post. Probably do something like make their whole IP range report to a moderator when mulitple of us "mark" the entry as spam. Of course, one issue with that is they would try to hack our systems in order to get our IP range blocked too.
  17. Assuming that is a forwarder as it is part of your mailhosts, both and 2a01:111:f400:7c09:0:0:0:183 belong to hotmail/ (aka microsoft). So it would appear that the proper source is reporting correctly.
  18. You can also get this from the confirmation email once you register. Forward your spam to: submit.XXXXxxXXXXXxxx[at] Add this to your address-book. You may forward spam to this addresses from any account. At least this is what i saw from many many years ago, but I believe they still have the opt-in email. Are you looking to fully automate, or just the submission? At one time I had automated it, and found that the automation caught a false positive. Anyway, I suggest to avoid full automation, but automation to the submit address is good, so you can check the submissions are okay.
  19. Looks like you may have notified the necessary folks. If you feel gutsy, you may want to start blocking based on IP, envelope from, or email content from. With the blocking, maybe the sender will start to complain. The hardest part about blocking, is the chance you have a blocking legitimate folks, but sometimes a little bit of blocking is worth it. I would agree with Lking. Once you have reported it, there is not much you can do to get them to stop. My thoughts are if you own your own email server, you can put in a block. Otherwise, if not, you just have to deal with the stuff until they decide to take action on their side. Maybe you can convince your ISP to put in a blocklist if they own the email server.
  20. From what i have seen, most Spammers/hackers try to login with http proxy, ssh or telnet. Once in with console access to the router, they can then initiate a port connection to someone else's smtp server. On my home web server, I have seen unsuccessful attempts at them trying to use http as a proxy for smtp. The Spammer does not care how, they just want to use your IP to make a SMTP connection to send spam. I am not familiar with the Open Router types specifically, but I have seen attempts for apache/squid connecting to send spam. The major issue with most routers, is that tracking of the "proxy" connections is very hard to track.
  21. I believe this may be the same as
  22. appears to still be happening, and if I have it correctly, this is the same issue as
  23. Has anyone else noticed that SpamCop hit one of the whois rate limits?; $ whois[at] [] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See %ERROR:201: access denied for % % Sorry, access from your host has been permanently % denied because of a repeated excessive querying. % For more information, see % % This query was served by the RIPE Database Query Service version 1.79.2 (DB-1) I realize there is nothing we can do but to wait. I did find it interesting that if you are a proxy, they give you much more request per 24 hour period.
  24. My original though to this post was that you hit the daily limit of 500, however, shows the limit as 3000. I believe you may need to follow the same instructions and work with Don at that service address to get your account reinstated. I typically report spam from hotmail, yahoo,, gmail, and other accounts using one account. However, you should have separate accounts if you have other humans sending to that spamcop[at] address. Chances are legitimate email was "accidentally" reported using your account and this is what caused your issue. It is also possible that a spammer is just trying to fight back and believe that their "drug" or "buy my stuff" email is legitimate. Don can explain the what, why, and how you can correct the situation. Chance are, you can get your reporting account back.
  25. Let me get this straight, are you meaning you want SpamCop to login to your firewall and update its rules for you? SpamCop works where it can. SpamCop does exactly the same as what you can to Personally, I am not giving my firewall login to any third party to update the rules for me. I work that on my own. What you can do, if you are not your own email administrator is to petition that email administrator to think about using some sort of block list. The SpamCop block list ( is perfect for what you need. Also see for more information. SpamCop has been around since at least 1997 and will be around for many more years. SpamCop provides an excellent service of what it can to us users. This service is helpful as it munges your email address in messages that could be sent to the spammers. That usually makes it harder for the spammers to find out who you are and to put them on the block list. It they do not cease sending spam, they will stay on the block list longer. Of course, there are abuse factors build in, that cannot allow us to abuse the black list. There is usually enough spam that comes from them to keep them listed on the black list. If you can use that, you will see your spam amount drop quite a bit. I am guessing that you replied to the spammer and tried to tell them "stop sending". What the spammer actually hears when you do that is "please send more spam and here is my email address that you can use to send it to".