mailguy99 0 Posted February 7, 2012 This email came through to one of our helpdesk accounts: Received: from newabe.citeglobe.com ([209.44.124.120]) by mail.xxx.au with MailMarshal (v6,5,4,7535) id <B4f2f385e0000>; Mon, 06 Feb 2012 13:18:06 +1100 Date: Sun, 5 Feb 2012 20:53:49 +0000 (UTC) From: Cerys Macdonald via LinkedIn <member[at]linkedin.com> Reply-To: Cerys Macdonald <billroberts[at]newmail.spamcop.net> To: helpdeskxxx.au <helpdeskxxx[at]xxx.au> Message-ID: <1392939564.36279827.1588003540399.JavaMail.app[at]ela9-bed53.prod> Subject: Cerys Macdonald sent you a message via LinkedIn MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Our helpdesk software generated a "Thanks for your enquiry" message back to billroberts[at]newmail.spamcop.net and we appear on SCBL and can't send mail to key clients. ??! The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net? - mailguy99 Share this post Link to post Share on other sites
turetzsr 0 Posted February 7, 2012 <snip> The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net? ...One that either wants you to get on blacklists or wants you to think SpamCop is spamming or both. ...Now that you understand the issue of auto-responders, you have turned yours off, right? ...It is unlikely that this one auto-response alone will have caused you to be listed unless billroberts[at]newmail.spamcop.net is a spam trap. If you wish to see the details, go to SpamCop FAQ (links near top of every SpamCop Forum page) entry labeled "What is on the list?" for an explanation -- scan down to the sections labeled "How the SCBL Works" and "SCBL Rules." Share this post Link to post Share on other sites
SpamCopAdmin 0 Posted February 7, 2012 209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Share this post Link to post Share on other sites
mailguy99 0 Posted February 8, 2012 209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap. - mailguy99 Share this post Link to post Share on other sites
petzl 0 Posted February 8, 2012 Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap. - mailguy99 The IP seemed to be sending a lot of "spam" possibly vacation notices (I only see subject lines)? This to real peoples email accounts. Spamtraps alone will not get you listed, they have to be backed up by real reports. Also the abuse reports to that IP are disabled "abuse (#) netelligent.ca"? Pay to ask for it to be re-enabled maybe. The spam is still coming from real people today but may be late submissions (just two so far) Share this post Link to post Share on other sites
SpamCopAdmin 0 Posted February 8, 2012 >- why the reply-to address on the spam they were sending led to a spamcop spamtrap. What makes you think the address is a trap address? It doesn't look like one to me. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Share this post Link to post Share on other sites