Jump to content
Sign in to follow this  
ArtmakersWorlds

[Resolved] yahoo problems cant find headers

Recommended Posts

I have been using spamcop for quite some time now. This has been happening more and more often.

I copy my spam with full header. I know to make sure there is space between the header and body.

And yet I keep getting back "cant find full header" or something similar.

It's there. Seems like it's ALL there. One spam in particular I have reported many times is a newsletter from alibaba out of china I never asked to be on

and all of a sudden that won't go through.

Has something changed?

Also note; I am NOT using the "new improved" yahoo. It was like pulling teeth with them but I'm on "classic."

ALways worked before.

Edited to add, I just tried the forwarding spam method.

Same result.

copy;

This header is incomplete. Please supply the full headers of the spam you're trying to report.
No source IP address found, cannot proceed.
Edited by ArtmakersWorlds

Share this post


Link to post
Share on other sites

I do not use Yahoo so am no expert. But I seem to remember an earlier thread reporting this problem. The bottom line seemed to be that not all Yahoo servers were updated to the same software version so that depending which server you are connected to when you log-on to Yahoo, you will get different results when reporting to SpamCop.

Don't remember a solution to the problem. Maybe you could do a search for the older threads, Dec or Jan at the oldest.

Share this post


Link to post
Share on other sites

I have three yahoo accounts and suddenly, without warning at all, one of them just got some kind of "upgrade." My other two are unchanged and I am getting this message with all three now.

I can't report anything.

Share this post


Link to post
Share on other sites

Yahoo made some changes quite a while back, and if I recall correctly, several users of the Spamcop reporting service (including myself) were affected in a similar fashion. My recollection of the explanation and "solution" is a bit hazy.

Share this post


Link to post
Share on other sites

It's every single spam message now. I was hoping someone from spamcop would answer this. Guess not.

Looks like my days of using this might be over.

Share this post


Link to post
Share on other sites

&nbsp &nbsp&nbsp&nbsp&nbsp In my experience, pretty much the only way to report spam to my Yahoo address is directly to Yahoo itself by clicking the "spam" button. By now, it catches pretty much all spam to my Yahoo!Mail address, directing it instead to my "spam" box, from which I just delete it after identifying any of the rare false positives.

Share this post


Link to post
Share on other sites

Yes I know. It does a pretty good job of filtering it. BUT... spamcop actually sends reports to the ISPs. Yahoo does not.

I have found after using spamcop it really does put a stop to at least some of it. When I'm away for weeks at a time and can't report, my spam seems to increase.

Especially on one of my three accounts I use specifically where I know it may be picked up. Boy does it collect the junk. I wish just one of the lotteries I've won were real. lol.

Again, I keep hoping for an admin. Something, somewhere has changed. Nothing is going through anymore. Not just the occasional odd piece.

Nothing.

Share this post


Link to post
Share on other sites

Something, somewhere has changed. Nothing is going through anymore. Not just the occasional odd piece.

Nothing.

ArtmakersWorlds, that would be the case of Yahoo has managed to create an application that does not retain an email's header format when forwarding email. From Yahoo's view point, I'm guessing, the content of the body is all that 'most' people are interested in passing to others. "We" that report spam to SpamCop or other maintainers of BL are not 'most' people. So who created the problem? Yahoo who does not retain the email format or SpamCop who does not adapt their software to be able to parse the corrupted format?

If I were SpamCop, which I am not, I would say 'damn, to bad' when it becomes obvious that yet another email application corrupts email standard format. A poor analogy would be a spell checker or translator. Both try to take a source that may or may not be standard and guess what was meant. We all laugh at their failures. To retain their credibility, SpamCop can not 'guess' and risk send incorrect reports, close enough doesn't cut it.

Don't want to be an apologizer for SpamCop, but maintaining a parser that quickly and correctly handle all the variants of standard email formats, when spammers are trying to obscure their identity, is one task. Adding to that all the errors in format created by Yahoo, IE, OutLook or who ever, is yet another.

Excuse me while I step down off my soapbox. </rant>

Share this post


Link to post
Share on other sites

Probably not helpful but my Yahoo webmail account cornered me into "upgrading" to Yahoo7 and now badgers me - 'You're seeing Basic Mail because you're using an unsupported Internet browser.' (IE8).

Well, as mentioned elsewhere, using the "Full Headers" option on that "Basic Mail" rendition of the opened message then copying and pasting that into an editor as plain text, breaking out the header lines in the undifferentiated mess that results (by inserting a CR-LF at the beginning of each subsequent header line) I end up with parsable result to paste into the webform submission box. Not that I actually recommend such a rigmarole, but to continue ...

Also, as mentioned elsewhere, the body can be recovered from the "View Source" display (a right-click option), being a small part in HTML rendition of the full page but it is not the same as message format and although the parser doesn't totally choke on it, there is no way it is going to find links without "re-engineering" the body, (but it may insert warning messages - after it has successfully parsed the headers, 'Finding links in message body' ... 'Parsing text part' ... 'error: couldn't parse head' ... 'Message body parser requires full, accurate copy of message' - that can all be ignored if exactly as shown).

Some message body is required, if the message body is "multipart/alternative" you can't just substitute a note. Here's a cancelled (non-spam) message which shows the way to truncate those body types - simply open a boundary as defined by the boundary declaration in the headers then immediately close it (by repeating it with the addition two dashes at the end). That avoids those warnings and gives reassurance you haven't maybe butchered the headers somewhere in the copy-paste-breakout-copy process.

https://www.spamcop.net/sc?id=z6061510521z5b500437ce335de0e14f1f087d2503b2z

If things have changed for you so that you are only able to replicate the above process then you can still report (on message sources at least). But that would be getting a bit insane IMO - simply not worth the effort, as noted Yahoo have their own spam control you should feed instead. Which is another reason for them to be so bloody difficult (inventing their own non-compliant messaging standards on the fly) I suppose.

JMO - Steve

Share this post


Link to post
Share on other sites

I'm going to take a chance here in hopes some of you more geeky people can figure out what's going on.

Only pasting in the header (we all know what nigerian scams look like so I'll replace all that nonsense with the word body.)

And I'm removing my email address, replacing with Xs. The rest is as it would be pasted into spamcop. Which has always worked.

So.... hope this does not violate any forum rules. Again just want to see if any of you know what got ruined here as to why spamcop can't figure it out anymore.

copy;

Dear Beneficary
Monday, March 2, 2015 12:16 AM
Mark as Unread
X-Apparently-To: xxxxxxx[at]yahoo.com; Tue, 03 Mar 2015 18:22:33 +0000 Return-Path: <test[at]enertronix.com.cn> X-YahooFilteredBulk: 202.133.228.140 Received-SPF: none (domain of enertronix.com.cn does not designate permitted sender hosts) X-YMailISG: YnmO.34WLDtw9wFZc2z8gemJvT6JO9JZ9LH2XAt1aUn5OUzi enzjKoMPEkCVrV2JlbItckBBmEKw0o9jkJJhx8gGJ7Yk1zp15K22WEFenjKx m.dK5AXGgwoLFsjLLtYAOVsBHCzpxiLmOELTGzBPD6kFIkj5gIMLVW0IT9VX EAcaK2MlaJHfMjOwQ1eZYc8F3WfXiobIielh60b1O6GPxkQkeDEaW64PEAnx ySiJ2FiQvSttVyux6t6sLm4nW53OgXI93lZNglrxVh3ZSNpSJWLGQ3xc1QA7 Xc2V8n9CVOrC4GCrrAuBWdg7XQlzuTFTDwYjBxB7t0Oq5yZ6nzcFEABGoLpN mzlc0QLhMVLVbSe0PoUNInnbnlXv3agwS_R2TEXW.ypq7IrMfLq_MlzLBnBk poDLz6ji3qx4jEbvmREm5ld5wXKUHKtb0eiGqFKhSedSa4FEwMC7IhBeydnn 0L9M4AC4l2Xe_EbLxvQbE5m9YtwCztqYQbG3P0hmoDLg66wtnnCoGGK9kcAk tJo5DMlSagU8fCkwweDkuNhFsq3bdCH5yIdbST3WUQClXArg1CRrp2oVHeck 9_mm8am0UqLYMYA1Y3N_WW8DUG4Jg6anbbQNxdbk7JRR0qjAUAFajyOjy47U W9h75Ze7FdhgPVdl9NZnjeQDaMxb9tcEBjPeMR8duHkSV1iEEO81F.wPR2qS wH2iZFi5fJfwiKZ9wOI3nsPfC3fkGI7YNXkztH0f1NqzRNi_Blqh3Yc3C9Oa gkdaCkO8a4FdOrzinaAJHllfCgdmk1sl9NUwKnEhSeaP22.GJQ1nKVOjHWjQ 8B8vo3bwB1Ns4AXjZVuxLS_aeODSORphiGH661UlbHl_FhuTpOqEFech8Mc1 q6bxuHGiUEPMWAElDm.eJ.82zvY7shyTLn2ilKfFhvcs2Ze.xBESmsrF2G1t 7GWOOvb_33tjHBT0cDzCg4AotzuSVqvCqzCv6WdBCaQ_xlPRXpI948LcgFPx IZvbDQf4YOrEd28pje6A219g4W_nSSERGBWlC_EGAvXSNr1EYWHBWH2zYAIH gmxz.EVvmQxiUpaLarMER4yWuRfIUMEqDouGguB2ZI_R00mtLAAtc4mZs7fM i8J5ZCS0hjF9Bpd4PYA8KaLaCTSXjv8h5L5k9nCfqsCyZRCpHLGo5Lqli3sL QCl7QxeEd6r80l2jhcA9NZIl3l8c.8OmncXTsFab.5_J8sU27wLlXSt69eqw OGhLtUTvEODWPpYzXAbM575lSRsR29g5OMs5pF65FYC9C3sq1UQM9YnsA4LE cGjq67yRUavgsgRuzm4ENY3WgOCV0iBF1BOnbbUH.agZkHLUJLle70aSCDtj utJQ4zgArlKgNcnziy5OG.69TDdeXnP7OZMRAIqgoUKnKO5XTKmvHqEP19HS B4AUJ8G61blwCnePyH6woZ.zT_QArxP9iKT0kTad0pX3uQSsKPexZ7utetZ5 J9nWr.CSRbdEWZiBBHg.4.S_p9stnpEevtDeueVYXuAHo2Oq15x5RClJ56T4 IosBc2F1YldY0Xc41oqVZjRxvAWrnhA9o2KqgZ.MqcpVaeBTiDBBWaEoVC7X jPYv_JeW9AGQhd16jzKUO3r0mH164jwJmA97jeFQycld.j09LQ5vktfZp0vh XdVqMtm1SXFjcqVaC7MdhR.SMMzobYqwQjcdDg5XniOJZw9a6NO6NomGzRx. eSrdLox7jY4tqWiYVwUHheCNo3KGjS39gYPM04ZU4rd6kkJzzDn_k8NxZ77x a6Mp2QOPAHWf1vmxXDZxP0_v6TMBh5cVzOrHFDWrvRJW4EIN3G3y9a865hbi LSVVvtOxZyucJxsmqE8YYTeFpUu0GfGecd.jLQW2Tx5g3ks4RYYZ_XT0deoH ab3OCGnS_XTKzioa7bCEasmHO367mTrSBcPZMforEyrTgifWAwDDFGwS_4Hk KniBt63.Rbm43vAbJdcVx.leJwRiqcMxZjRLkpmhQjjVDtdIvvKpWHrUWQuq 06tcFcU1QLlY2yAh5QTc_2nipWJ.K0R9swc4ex3sOqZqgTtdn4FxZuPTApAK KJQQ.eWpRweO17SWaAfRzSIBhZbKBVTHMJIW1cyBygsgAChEacaZ8.w5vuOJ mOlw4dNBrIVwpzdZzBNSy_TiB7c- X-Originating-IP: [202.133.228.140] Authentication-Results: mta1303.mail.bf1.yahoo.com from=enertronix.com.tw; domainkeys=neutral (no sig); from=enertronix.com.tw; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO mg.enertronix.com.tw) (202.133.228.140) by mta1303.mail.bf1.yahoo.com with SMTP; Tue, 03 Mar 2015 18:22:32 +0000 Received: from localhost (localhost [127.0.0.1]) by mg.enertronix.com.tw (Postfix) with ESMTP id 34D1E337C5; Mon, 2 Mar 2015 23:03:58 +0800 (CST) X-spam-Flag: NO X-spam-Score: 4.524 X-spam-Level: **** X-spam-Status: No, score=4.524 tagged_above=2 required=6.2 tests=[ADVANCE_FEE_2=1.234, ALL_TRUSTED=-1.8, BAYES_00=-2.599, FORGED_MUA_OUTLOOK=3.116, FORGED_OUTLOOK_HTML=0.001, FORGED_OUTLOOK_TAGS=0.001, HTML_MESSAGE=0.001, MILLION_USD=1.528, MIME_HTML_ONLY=1.457, URG_BIZ=1.585] autolearn=unavailable Received: from mg.enertronix.com.tw ([127.0.0.1]) by localhost (mg.enertronix.com.tw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxgqKaIYrMZa; Mon, 2 Mar 2015 23:03:57 +0800 (CST) Received: from TWDSMS01.enertronix.com.tw (twdsms01.enertronix.com.tw [172.16.1.2]) by mg.enertronix.com.tw (Postfix) with ESMTP id D5D3417560E; Mon, 2 Mar 2015 13:56:33 +0800 (CST) Received: from cnhzms01.enertronix.com.tw ([172.17.1.2]) by TWDSMS01.enertronix.com.tw over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Mon, 2 Mar 2015 13:18:43 +0800 Received: from User ([172.16.1.254]) by cnhzms01.enertronix.com.tw with Microsoft SMTPSVC(6.0.3790.4675); Mon, 2 Mar 2015 13:20:41 +0800 Reply-To: <fedex_mrcharliebill[at]hotmail.co.uk> From: "MR. EVANS JAMES SMITH."<test[at]enertronix.com.tw> Subject: Dear Beneficary Date: Mon, 2 Mar 2015 15:16:09 +1000 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Antivirus: avast! (VPS 150301-1, 03/02/2015), Outbound message X-Antivirus-Status: Clean Message-ID: <CNHZMS01E4cjcZ4l6nv00011401[at]cnhzms01.enertronix.com.tw> X-OriginalArrivalTime: 02 Mar 2015 05:20:42.0438 (UTC) FILETIME=[A0E58660:01D054A8] To: undisclosed-recipients:; Content-Length: 5235
To protect your privacy, Yahoo Mail has blocked remote images in this message. Show Images
body....

Share this post


Link to post
Share on other sites

&nbsp &nbsp&nbsp&nbsp&nbsp Is what is showing in your post exactly as you are pasting it into the SpamCop form? If so, the problem is that there are no line feeds to tell SpamCop where lines begin and end, so SpamCop doesn't see these as e-mail internet headers. But I suspect it's just a formatting problem due to HTML. That is one of the reasons we prefer a Tracking URL.

Share this post


Link to post
Share on other sites

ArtmakersWorlds,

What you post is the "undifferentiated mess" I mentioned in my previous post in this topic (and some extra bits which are not part of the headers). I detailed there the work necessary to break-out the headers (only) into a "parsable" submission - and the mandatory body or substitute for the actual body. That would result in (pasting the product into the SC members' webpage submission form):

https://www.spamcop.net/sc?id=z6064318009zcf76a76477789fb5d783375a67cbc9b7z

(Your results, should you have replicated the work, might have been different since the above is not mailhosted, I haven't the stamina to look into that, but it would certainly have worked for you.) The break-out process is straight-forward but I still don't think it is worth the effort.

I don't believe the copy/paste from the raw "Full Headers" view in Yahoo webmail as it is currently provided would ever have been parsable without that extra work. It is Yahoo that has changed from a compliant presentation to that we now see.

Some points:

  • I used WordPad, pasting your data in as plain text. That allows you to search for the headers by looking for the colon character - : - which follows each header declaration and allows the discovery of all the headers (the colon also occurs in date:time formats which you simply skip over).
  • WordPad plain text format means you don't have to concern yourself with indented continuation lines - lines are continuous in that format anyway.
  • The "Content-Type: text/html;" means you can simply copy or replace the body with plain text (as can be seen through the Tracking URL above) - it is not so simple with other Content-Types, as covered in my earlier post.

It seems Yahoo will stop at little/nothing to force users into the technically non-compliant "upgrade" of their mail service, we have both experienced that.

Does any of this make sense to you?

Share this post


Link to post
Share on other sites

Well I don't know. It pasted in here as a single line jumbled mess but doesn't in spamcop. Again, it's worked fine this way for a very long time. Years.

Is there a way in this forum to attach a screen shot? I could show you how it looks in spamcops field. Just as it does in yahoo.

I could pop it on my own website as an image file if that helps. Just past the link.

I wish I knew what changed. I can't very well contact yahoo and let them know if I don't know.

Share this post


Link to post
Share on other sites

HEY! I found a work around. NO clue WHY this works, but I just sent my load of spam in.

IN yahoo, next to the full header thing, is "printable view." Which opens it up in a new page and automatically shows me my printer preview which I have to cancel.

But.... HA. Copy the text off that page, paste it into spamcop, add a few spaces between header and body, and viola. Goes through like it use to.

Extra steps but not that bad. I don't get so much spam that I can't take the time.

Now I still wish I knew what yahoo did to mess things up. But at least I found a way to still send in reports to the right place.

Share this post


Link to post
Share on other sites

Great news ArtmakersWorlds, thanks for passing it on!

Will mark this as resolved. But, it won't work for everyone (well, it doesn't work for me, neither pasting in a copy of the "Full Header" view, nor pasting a copy of the "Printable View"). I guess it depends on the version of Yahoo mail and the browser. I get the "undifferentiated mess" for "Full Header" (as discussed) and only the abreviated headers and no proper message body in the "Printable View".

You can illustrate the data (text pasted in) by posting a Tracking URL from the top of the parser page when you make a submission - or retrieve it from your "Past Reports" (not the report ID, need to open the report, go to the "Parse" view and copy the link from the top of the page. We don't do external images here - refer to the "Help" file, bottom of any Forum page.

You must be using the current version of Yahoo mail and a "supported browser"? PC/Laptop or mobile device? Anyway, if you're up-to-date, sounds like a potent argument for those of us hanging on to legacy versions to "go with the flow". Certainly no fun trying to report with whatever they've done to the elder version(s)/"unsupported browser".

Share this post


Link to post
Share on other sites

Some day I'll have to look up what "parsing" actually means. I have no clue what you mean by "top of the parser page."

I can post what techno stuff I have. Might help some.

Mac, using safari version 6.0.5

Yahoo I do NOT have their latest greatest mess. Every now and then I accidently click the "switch to newest yahoo" link. Then have to hunt and fish for how to get basic back. Their new version blows beans.

Also yahoo does not put a space between header and body. I've known that for some time. Gotta find the point where the two should be separated. Stick a few spaces in there or you get a message "no body included." Or no header, I forgot now. Just stick in the spaces.

Share this post


Link to post
Share on other sites

Thanks - the key to success must be in the "compliant browser" then. I can confirm IE8 is NOT compliant. Perhaps subtle differences between PC and Mac text processing helps as well, unknown.

The parser is shown in action in that Tacking URL I provided - https://www.spamcop.net/sc?id=z6064318009zcf76a76477789fb5d783375a67cbc9b7z

You will see something similar every time you make a spam submission except there is a bit at the bottom where you can optionally add comments to the reports, optionally review the reports and (necessarily) either send the reports or cancel. After you have sent or cancelled reports they are stored for 90 days under your "Past Reports" tab on the member reporting page. You can access them from there through the listed ID numbers which gives you the (hopefully) anonymized spam with a link to the parse. When you pull up the parse from the link, you see something like the presentation above, with your Tracking URL (link) highlighted near the top.

Let's know if you have any trouble unravelling any of that and we will help you sort it out - it is often useful, especially if you have "Show technical details" checked (on the reporting page) and especially if you want to safely discuss reporting problems and solutions/explanations referencing the specific spam.

Share this post


Link to post
Share on other sites

Some day I'll have to look up what "parsing" actually means. I have no clue what you mean by "top of the parser page."

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp Parsing is the act of the SC parser (the program that analyzes spam headers and content) to analyze the spam headers. The parser page is the page returned to you when you click the "Process spam" button on the form where you paste in the spam headers and body content.

&nbsp &nbsp&nbsp&nbsp&nbsp SC Glossary entries added:

Edited by turetzsr
Added links to SC Glossary

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×