[When did Microsoft become a spam haven?]

I believe the reason why Spamcop doesn't report the whole chain is it could cause a connection to the spammers server and let the spammer know you got the email. There are so many URL shorteners that keep popping up, I would imagine that SpamCop would have a hard time keeping up with them too. But then one would need to trust the admin of the URL shortening service in order to look up the next chain.

[New domains regularly used, host of site not found]

When you see the "IP not found" and "discarded as fake", but it shows up with a nslookup or a dig then you can just refresh the page before you report it and most of the time SpamCop will see the IP address.

I will try an quick explanation. It is suggested for a group to setup multiple DNS servers, especially to get around outages. DNS can have a few responses, such as good domain (you get the internet address), timeout (no reply in allotted time), or bad domain (NXDOMAIN). Each DNS lookup is expected to rotate between servers.

The timeout for one server can cause an attempt to look up the domain on an alternate server.

The NXDOMAIN will cause the lookup to immediately to stop and not try other servers. This is when SpamCop reports the "IP not found". If the spammers know the IP address where the SpamCop lookup attempt is coming from, then they can turn off the responses to cause SpamCop to think it is a bad address.

[spam from Microsoft]

Be nice if we could get the big companies to realize who is fighting spam. Back when gmail did invites, I was the fifth invite away from Eric Schmidt. So, if we tell our friends about SpamCop (and they tell their friends), maybe we could get google to know about SpamCop.

[Issue adding multiple Mailhosts]

I have not seen this myself. When I added my final address where I would check the emails and then added others that would forward to it later, I show multiple in my list. Are you forwarding from one of the addresses to another?

[New domains regularly used, host of site not found]

The trick that some of the spammers use is to have a invalid DNS server in their list. Then the results are intermittently returned. I have found that I could just reload the tracking URL and it would usually pick up the address.

C:>dig snpb.xuoatkaa.com

; <<>> DiG 9.7.3 <<>> snpb.xuoatkaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9848
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;snpb.xuoatkaa.com. IN A

;; Query time: 128 msec
;; SERVER: 179.60.149.119#53(179.60.149.119)
;; WHEN: Mon Nov 07 11:28:35 2022
;; MSG SIZE rcvd: 35


C:>

[Cannot register host due to not receiving incoming email.]

The helo received by my server seems to show up as vmx2.spamcop.net, vmx1.spamcop.net, or vmx.spamcop.net. Last time I saw something from prod-sc-www2.spamcop.net, was around 2009. From what I can see in the DNS, it looks like it might have an IP.

;; ANSWER SECTION:
prod-sc-www2.spamcop.net. 300 IN MX 10 adminmx.spamcop.net.
prod-sc-www2.spamcop.net. 300 IN A 204.15.81.110

[Cannot Register Original Email]

For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire.

[TinyURL.com -- can spamcop send reports to abuse@tinyurl.com (rather than abuse@cloudflare.com)?]

I think redirecting to the correct abuse address would require to know the whole IP subnet. Though if SC was able to add an exception look up table for Microsoft, then they should be able to add a look up table for trusts URLs that would save CPU for known URLs.

[No reporting address found for 137.255.9.1]

Looks like the issue might be the "-B", as per the refresh page.

https://forum.spamcop.net/topic/38075-ripe-whois-b/


% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to 'VA16-AFRINIC'


[Cannot Register Original Email]

Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again.

[When did Microsoft become a spam haven?]

There is a part of this with the free trials. I think there is also part of this that might be when Microsoft added IPv6, but mailhosts only appears to accept the last 20 IPs. There are more than that on their internal relay server space.

[problem reporting spam]

I will list my understanding and a quick explanation of mailhosts to hopefully clarify some items.

SpamCop appears to track the servers listed in the Received lines. By doing this, I believe it attempts to discover the border inbound email server and report the IP that the server got the email from. Mailhosts appears to have been created in response to spammers trying to spoof extra received lines, so that SpamCop reports the email with the wrong IP to the wrong system administrator.

As previously mentioned about the relays and the hand offs from server to server, the breadcrumb trail is used to track a message. Spammers know about this and have tried to inject their spam into someone else's server and add fake breadcrumb trails to trick the SpamCop parser. SpamCop's response was to add mailhosts. The issue can be that the breadcrumb trailchanges over time as e-mail businesses implement new servers and decommission older "border servers". Since those changing IPs and server names might not match what mailhosts has recorded, the parser will reject those reports. I don't get issues very often, but when I did in the past I would just have the email resent to me to add it to the parser without deleting and it would update my entries. Once I had updated my mailhosts, I could go back to the previous report and it would send.

[multiple httpd basic authentication requests on submission]

Is the basic authentication realm is different for you? I see they were changing servers recently. They may have the "realm" setup different for the new servers.

https://forum.spamcop.net/announcement/50-system-outages-tuesday-october-18-2022/

[Incorrect abuse contact for IP address 93.95.8.245]

Interesting that the abuse address was manually entered around 2010. The whois appears to be updated as of 2020 to abuse@sysgroup.com. If you don't hear anything, you can try email the deputies[at]admin.spamcop.net.

[Trouble figuring out why ths email won't parse links with specific subject]

What an interesting bug. You can try email the deputies[at]admin.spamcop.net to help with bug resolution: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/

[Abuse contact for 43.228.126.0/24]

Hopefully a deputy sees this and fixes the manual route. There is a forum topics on this going back a while. If you don't hear anything, it maybe good to send an email to the deputies.

per the following, email deputies[at]admin.spamcop.net: https://forum.spamcop.net/topic/7765-resolved%C2%A0how-longs-the-delay-in-being-removed-from-the-bl/

[Abuse contacts for 117.50.0.0/19]

Per, https://www.spamcop.net/sc?action=showroute;ip=117.50.185.130, it appears that someone intentionally added anti-spam[at]chinatelecom.cn in August. Looks like it is a wider range than the manual route tied to pas[at]cnnic.cn.

[Gmail spam from Russia?]

I also don't click the links. Ever since a spammer tried to get revenge and had a server of mine in the message body, I tend to ignore the links in the body and try to concentrate mainly on getting the smtp source reporting.

[getting /Mailhost configuration problem, identified internal IP as source/]

When I get mailhosts problems like this, I just go to the mailhosts tab and add a new host. That usually fixes it for me. Though I have deleted and added the hosts again as well.

[Help! Why can't SpamCop find the offending ISPs and blacklist them!]

Looks like 10.253.234.152 might not be part of your mailhosts. When I see something like this, I can turn off mailhosts and then submit it (which it usually will submit) and go back and turn mailhosts back on.

[Spamcop reporting email rejected]

I have never seen SpamCop mail servers reject email, but I have seen gmail, hotmail, and yahoo all reject email being forwarded to SpamCop's servers. The bounce should have something in it that will tell you what server rejected it. If it was SpamCop's servers, then I would suggest you contact the deputies.

[I could really use a spam folder.]

Are you talking about cesmail? My reporting account does not have folders.

[More and more DEVNULL reports]

On 8/18/2022 at 9:49 AM, groupboard said:

My spam filter does actually check salesforce emails against SORBS spam.

I added my own blocking list.  My spam filter doesn't reject email from any single list.  I has to be on multiple lists.  (I no longer have seen false positives.)

13 hours ago, petzl said:

Unless you effectively report these you will get more and more until you fall over.

Also to note that when properly reporting, it feeds spamcop's blocking list.  The list can also add to the spam score.

[No body text provided, check format of submission. spam must have body text.]

On 8/18/2022 at 2:36 PM, Sven Golly said:

emails incoming with just an image embedded and no text.

This is why in gmail I use the "Download Original", so I can get the image in what I report.

[Mailhost configuration error: traversing more than one domain.]

On 7/20/2022 at 3:23 AM, Fred.Zwarts said:

My mail system is located within our university and, like many other universities, we use the virus and spam filter of Surfnet.

When I setup mine, I need to include any forwarders.  I setup my mailbox first and then the forwarders.  If you do not have separate email addresses and email forwarders in the chain, then you might want to contact the deputies for help on this.  If so, send a email to deputies [AT]spamcop[DOT]net asking to fix.