[Google ignore complaints about its abused servers]

3 hours ago, efa said:

already done to abuse@google.com and network-abuse@google.com

Probably could attach a zip file to the form that contains a text file with all the links as well as the .eml mail file.

[Configuration with Multiple Paths to Final Address]

3 hours ago, lemj3 said:

Should the order begin with the longest path (Final/B/A/C) followed by D?  Or enter one level at a time (Final/D/B/A/C)?  Or something else?

Mailhosts can combine your hosts all together if you start with "Host C".  If you are going to report email send directly to "Host B", then you would want to have it in a separate mailhost entry.  You can do this by setting up "Host Final", then "Host B" and "Host D", then "Host A", and then "Host C".  You would do it in this order so SpamCop can split out email sent to "Host A" and email sent to "Host C".

Another option would be to temporarily turn off mail forwarding and sent to any order.

[spamcop account FAQ]

I have 13 email addresses that I forward to the same submit address and it works for me.

The catch is if you have mailhosts enabled,  You will need to add all four to your mailhosts.  (If you find something wrong with your mailhosts, you can save the tracking URL, go fix the problem, and come back to submit it.)

[Hivelocity spam Haven?]

14 hours ago, AlexFux said:

Hivelocity comes back each time saying their client has not been spamming and how do I know the email comes from their server. So again, I copy and paste the headers, they copy and paste the response from their client.

Most of the reports I have sent around the world are to people that are not spamming.  How you know it comes from their server, router, or IP camera is you have the IP address in the headers.  If you own your own server, you have it in your logs too.  It also could be a shared or constantly changing IP, which is why the time sent/received is important.  You really want the IP from the border server's header entry because anything before that could be made up.

I started telling people that they might want to patch their computers, routers, and IP cameras and the spam from them to me seems to have stop.

14 hours ago, AlexFux said:

 My spam traps are getting at least 4-5 emails per day, I report them to spamcop and Hivelocity, and nothing gets done, the spam continues and not even blacklisted.

Also, I had tied started to tie some of my spamtraps to my own blacklist.  When they try to send lots of those they get blocked very quickly and after a while, give up on trying to spam me.

[Google ignore complaints about its abused servers]

On 7/25/2021 at 3:29 PM, efa said:

I reported directly to abuse@google.com and network-abuse@google.com

they answered to fill the form at:

I get the feeling that google doesn't trust SpamCop.

On 7/25/2021 at 3:32 PM, efa said:

how should I report those illegal links?

I would suggest you send a message with the links.  Might also be good to include your tracking URL.  Then they should be able to see the spam as well as the links.

[Suggestion]

On 7/20/2021 at 6:51 PM, Outernaut said:

That SC introduce ways and means of using SCBLs under cPanel accounts. A tool so we can drop in SCRBL s and let cPanel compare incoming mail to SCRBLs, and delete the often very obvious spam.

Just for clarification for whomever might be doing this, are you looking to have added a how to document or to have SC add a select box directly to cPanel?

[Spamcop not x'ing my domain name]

I believe SpamCop gets the email addresses it uses to "X" out from the ones we submit to mail hosts.  It does "x" out in most of the header and the body, but as of late I noticed it does not "x" out if it was used in the from header.

[Do Talosintelligence and Spamcop sync?]

On 7/19/2021 at 6:20 AM, bjoeg said:

At some point I also checked TalosIntelligence, which to my amaze still sees the sender as a "trusted" IP, despite my reports.

At one time I suspected they would sync, but I am not sure.  While looking at the spamcop IPv4 statistics, I noticed the results are very low.  It appears either a sync issue or else only one in a hundred are being reported as spam.  Maybe people are not reporting as much spam as they should be?

185.41.28.0/24 [SB]

Total Email: 13302.00

spam: 100.00

[search-apnic-not-arin@apnic.net]

1 hour ago, Martijn Lievaart said:

I refuse to bother search-apnic-not-arin@apnic.net.

This has been going on for some time now.  From what I gather they have to manually add the route.  This is because of how they originally coded the system years ago and they didn't expect smaller IPv4 segements to be sold off to other RIRs.

http://forum.spamcop.net/topic/22304-search-apnic-not-arin-for-452483143/

Hopefully, they get a manual entry in for you and you can revisit the tracking URL and then submit it.

[Getting ARIN to revoke those facilitating spammers?]

I know ARIN revokes based on fraud.  Say if someone lies about their contact information they can get revoked.  I think there was something about revoking due to abuse, but I am not sure how to go about it.

Also, one thing I should note is that some of these spammer facilitators have some good and honest customers that will be caught up in the mess if the whole range gets revoked.

[Getting ARIN to revoke those facilitating spammers?]

ARIN can revoke an ISP's listing, but that doesn't always stop the spammers from continuing using the IP range.  What usually stops them is their ISP sees the revokation and blocks the IP range.  It is not really much different then us using a firewall.

[Is there a SpamCop Outage]

1 hour ago, SWarner said:

Ah, OK thank you both. So it sounds like the "root issue" is actually several issues rooted at each recipient, based on their custom settings or private block lists.

I ran across a sendmail example that I had from a while ago, where they used sorbs and and then put SpamCop in the message.  However, I cannot seem to find the postfix example I had from nearly two decades ago.

FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl

documentation: https://weldon.whipple.org/sendmail/dnsbl.html#customize

1 hour ago, SWarner said:

 I will get to work reaching out to the recipients in question then.

Good luck on this.  I hope you can get they can help in the resolution.

[Is there a SpamCop Outage]

On 6/28/2021 at 12:51 PM, SWarner said:

But we are not listed:

Sad situation that we once allowed this to happen.  Email servers at one time had a separate message and blacklist configuration section.  People could and still can setup their message of choosing.  Take the following example from exim's configuration.  I can make it say anything I want, even though it has nothing to do with SpamCop.

deny   dnslists = \
         sbl.spamhaus.org,sbl-xbl.spamhaus.org=127.0.0.2 : \
         dul.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.10
       message  = \
         is in an 550 RBL: Blocked - see https://www.spamcop.net/bl.shtml?$sender_host_address

Listed on https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html

On 6/28/2021 at 4:30 PM, RobiBue said:

this is a problem with "private" blocklists e.g. rbl.websitewelcome.com

Agreed. Also can be a problem of email administrators who wrongly configure something.

[spamcop does not parse correctly when the header start with "Return-Path: <>"]

4 hours ago, raivac said:

When the header start with "Return-Path: <>", the body of the message is not analysed (not found ???).

Apparently this is due to SpamCop thinking the empty header means it was a bounce and doesn't trust anything in the body after that point.  Here is another forum post that seems to describe it.

http://forum.spamcop.net/topic/45027-linsk-are-not-parsed-when-return-path-is-empty/

[Unable to report particular spam]

1 hour ago, ronros said:

If you click on "This is an example" in my original post, it is the Tracking URL.

Yes.  I missed that last time.  The "Mailhost configuration problem" and "No source IP address found" indicate that the email does not match your mailhosts.

1 hour ago, ronros said:

Any other thoughts

My first thoughts are that this either came from a different account or else secureserver.net is removing their received lines from the email.  If this came from a different account, then you will need to go to mail hosts and click add for that email address.  If this came from a secureserver account, then the only way you can get the spammers IP is to acquire the server logs from secureserver.net.  RFC5321 explains this well in section 3.7.2, where your ISP should be adding that line so you have the IP that sent the email.

[Unable to report particular spam]

3 hours ago, ronros said:

One of the suggestions in the spamcop message was Add/edit your mailhost configuration, but I'm not really sure what to do there.

It maybe that your mailhosts has both carrierzone and outlook.com/hotmail.com.  If so, it could note the received lines as good, even when they are not.  I went in and deleted the accounts I no longer use off my mailhosts and it solved it for me.

Also, a tracking URL makes it easier to read.

[Mailhost problems after employer moved to outlook.office365.com]

On 5/22/2021 at 8:22 AM, lartingyou said:

How does (should) SpamCop know that the emails are now on Office365?

From what I understand SpamCop mailhosts only finds out about changes in mailhosts by someone resumitting a mailhosts test.  I think you should be able just resubmit when you need to add a new internal server.

On 5/22/2021 at 8:12 PM, petzl said:

If you delete your old email host address, then go to "add new host" follow directs SpamCop will send a email to that address.

Probably best to delete in this case because my mailhosts appear to be linked to others and it would be good to have a new fresh section for Office365, but you said you had tried that.  Maybe deleting and giving it a new name?

[Windows Mail in Win 10]

15 hours ago, WindsorFox said:

As per some instructions I found on the web, I saved the email as a file and attached it and sent to SpamCop. I still got "SpamCop encountered errors." Any ideas on how to remedy this or do I need to just download Thunderbird or similar?

I believe "SpamCop encountered errors" indicates a problem parsing the attachment.  Are you attaching more then one email attachment as SpamCop can accept more than one?  Might need to make sure your attachment does not have any blank lines above the headers.  Some mail programs change the line endings so you get extra blank line or no blank lines in the source.  Also will need to check that the first blank line is between the headers and the body.

[Eonix.net helping spammers?]

On 5/17/2021 at 11:18 AM, davem said:

I'd love it if someone could show me a spamassassin rule that would block this Eonix traffic.

I don't see Eonix traffic for some reason, so I am not able to test this and it will probably need some modification.  But something like this spamassassin rule, which was built using the above criteria, should work for you.

header RULENAME1  X-spam-Relays-Untrusted =~ /^[^\]+ ip=50\.[23]\./i
header RULENAME2  Received =~ /BestWebHosting\.com/i
header RULENAME3  From =~ /BestWebHosting\.com/i
meta RULENAME  RULENAME1 || RULENAME2 || RULENAME3
score  RULENAME  1.5

 

[Mail forwarding broken?]

20 hours ago, g051051 said:

no one has gone back to clean up the old pages (yet).

That will probably take a while as there are a lot of pages out there.  I think some of the volunteers use to fix the pages before they died.

[How does Google keep allowing aronu01mbaonu@gmail.com to scam people?]

11 minutes ago, LaserMoon said:

It's still sending scam emails now, and the originating server is actually Google.

I get emails from a different google accounts.  They change to a new address after about thirty report.

[Mail forwarding broken?]

On 5/14/2021 at 5:33 AM, g051051 said:

but both webmail.spamcop.net and mail.spamcop.net fail to resolved with A or CNAME records.

Looks like both domains are gone as I get a nxdomain response to the look ups.

http://forum.spamcop.net/topic/9519-sendmail-woes/?tab=comments#comment-154703

This may be why:

http://forum.spamcop.net/topic/14277-cesmail-system-changes/

[Mail forwarding broken?]

I don't use the CES email forwarding either.

8 hours ago, petzl said:

Otherwise you will need to contact support deputy[AT] or is it Deputies?

I use deputies[at]admin[dot]spamcop[dot]net to get a deputy.

[SPAMCOP BREACH? Attn: Admin]

6 hours ago, Sven Golly said:

Microsoft Edge notified me on login to my Spamcop account that my Spamcop account and password had been exposed in a trove and recommended changing passwords (which I did).

I don't seem to be affected on my email address that I used to sign up for SpamCop.  I also do not use edge.

[New storm?]

I have seen this lately when the spammer is using the same provider as one of my mailhosts.  I just go and delete the related mailhost, submit and then I can put it back on.  Annoying when the spammers start sending me spam from the providers I use .

Mailhost configuration problem, identified internal IP as source