Phormvictim

A spam seems to have gotten SpamCop stuck

24 posts in this topic

First time here so apologies for any blunders. I've worked through various FAQs and can't find any reference to this problem.

I check my mail with a product called Mailwasher (Firetrust) and that program can automatically report mail marked as spam, to my paid-for spam reporting address ****@spam.spamcop.net which I have had for some years now. (Mailwasher contacts my isp mail server, and downloads headers of my mails for checking and reporting and deleting the spamBEFORE I download them via MS Outlook pop3).

After "washing" the mail with Mailwasher, and telling it to report spam to my spamcop address, I then login to https://www.spamcop.net using my browser. Spamcop tells me I have reports to process, which I do generating the submission forms one by one, and clicking on the Send spam Reports Now button, and repeat until spamcop has worked through all the queued reported spam.

I have noticed recently that sometimes, after reporting some spam emails, clicking on the the Report Now link, produces the normal report page, but there are NO "Send spam Reports Now/Preview Reports/Cancel" buttons at the bottom of the page - and no other way out. The page is effectively a reporting dead end.

If I click the browser back button, I get the previous page where I can click on the link offering to remove all reported spam without processing. But that means that any reported spam in the queue that SpamCop hasn't parsed, is lost and doesn't get processed. I can't work out how to prevent this happening. The process is repeatable as long as that particular spam is in the Spamcop system. Spamcop seems to be stuck at that point.

This has only just started happening but it is now occurring every 2 or 3 days.
It happens whether I use Firefox or Internet Explorer.
Is there something I need to do differently?
Is it a change in how spam is configured?
Why is Spamcop "losing" the Send spam Reports Now/Preview Reports/Cancel" buttons and what action should I take please when it happens next time?
Thanks in advance for all helpful replies - if you need a screenshot or more information I will supply them.

Share this post


Link to post
Share on other sites

Welcome to the forum.  Not sure what the problem is. an example of a Tracking URL would be helpful so we could see what is going on.

Dose this happen for ALL the spam you submit? or just some?  This morning it seemed that the process was a little slow.  Are you checking before your spam is ready?  Do you see the line " Reports regarding this spam have already been sent: " Are you getting "[SpamCop] has accepted X email for processing" email from SpamCop?

Share this post


Link to post
Share on other sites

Just had another one - so here is the url. Thanks for the prompt reply.

https://www.spamcop.net/sc?id=z6325538135z3d6b2110a29defffd7464a63e4d9cb9dz

What is the correct action for me to take when I have a page like that?

To answer your questions - I don't see that phrase - if I log in too quickly then I simply don't get the "report" link at the top of the page, so I wait a minute or two, login again and the Report link appears. I generally DO go to process the spam before I get any "spamcop is ready" email. I'll leave this report to cook and not click any "remove any unreported spam" links and see what happens tomorrow morning. I think you may be right about the "too quickly" bit. This doesn't happen to all my spam - just every couple of days or so. Not predictable.

Edited by Phormvictim
forgot to answer a question

Share this post


Link to post
Share on other sites

Seems to me this might be a parser error as it stops on the double period.  Hopefully, the deputies are will be seeing this.  If not, then might be good to get Don on this at service[at]admin.spamcop.net.

Host www..w3.org (checking ip)

Share this post


Link to post
Share on other sites
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www=
..w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

I think that is from the miss formed document type tag in the html part of the email.  Of course, although the DOCTYPE does reference w3.org, every page on the web should reference it to identify which html standard is being used (also in emails).  So nothing would be gained by sending a report to w3.org..

But that may be blocking the parser.  Don has passed, but other deputies do read the forum, mostly without comment.

Share this post


Link to post
Share on other sites

OK - thanks for the helpful feedback. It is certainly blocking the parser for me - it means I am having to report spam one email at a time so that the blockage doesn't mean I have to constantly "remove all reported spam" (including the other spam reports in the queue that haven't been processed.)

Do you still want me to email service(AT) etc. ? Does someone else read that email? I can include full source code from the latest two spam that have produced this result - they both contain the string   

www..w3.org

          The report urls are below:

https://www.spamcop.net/sc?id=z6326107697zfe9dc7b72cdc15748915994890af5b47z

and

https://www.spamcop.net/sc?id=z6326111209zaea9c51417eecc0605611d84d30a4b37z

Other spam without that string is NOT blocking the parser so as long as I report one at a time, I don't lose any spam reports. If the probelm continues I've made a Mailwasher rule to mark emails as "DONT REPORT" if they have that string in the source code - unfortunately it is also present in legitimate business emails I receive - just tested it and a legit. invoice email triggered the rule.

Edited by Phormvictim

Share this post


Link to post
Share on other sites

I forwarded a link to this thread to the deputies, just to make sure this has been seen.

Share this post


Link to post
Share on other sites
9 hours ago, Phormvictim said:

Here's another one - two dots in a different place this time - but they still made the parser fall over.


Tracking link: http://links.paymentsense.mkt5663..com/ctt?kn=6&amp;ms=NTI2MjQ5OTES1&amp;r=ODA4MjczNDkxNjIS1&amp;b=0&amp;j=MTAyNTEyMTM3MQS2&amp;mt=1&amp;rt=0

 

https://www.spamcop.net/sc?id=z6326356234z42d8d28ba29127ca7a890e5cbe2515f0z

When I took a look at the tracking link, it was showing that reports were disabled for the intended recipient. This could be part of the explanation why you're unable to report.

Share this post


Link to post
Share on other sites

lisati that is true for the last link.  However, I don't see that for the earlier Tracking URLs given. Do you see any clues there? I'm at a loss.

Share this post


Link to post
Share on other sites

Thanks for the Tracking URL.  I see a difference between this example and the others.  When you follow the link Routing details for 144.76.180.75 you see:

Quote

remarks:        *************************************************
remarks:        * For spam/abuse/security issues please contact *
remarks:        *   abuse@hetzner.de, not this address.         *
remarks:        *   The contents of your abuse email will be    *
remarks:        *   forwarded directly on to our client for     *
remarks:        *   handling.                                   *
remarks:        *************************************************

As we have pointed out before, w3.org does not need or want a report of the reference in the body of the spam.

I am still at a loss as to why the report does not end indicating that a report was sent to " If reported today, reports would be sent to: "

Share this post


Link to post
Share on other sites

Here's another one with missing buttons:

https://www.spamcop.net/sc?id=z6330847058zc8646bebdd256c387e698f54c76b46f0z

 

where the parser appears to fall over on: (more double dots)

Host ec2-54-186-190-80.us-west-2.compute.amazonaws..com (checking ip) 

Can I just clarify - is there anything I myself can do about this?

Is there anything I'm doing wrong?

Or do I just have to deal with each one as it happens, and use the browser back button and then click on the "remove all reported spam" button to break out of the loop?

Should I keep reporting these here?

Share this post


Link to post
Share on other sites

"You have 4.0M bytes available." I have to confess that this problem is enough of a nuisance to me to make me wonder what the point of renewing might be when that 4M is exhausted. If I have to keep deleting unreported spam because the parser can't deal with the reports, there doesn't seem much point.

See questions above - Is there anything I can do about this? Is there anything I am doing wrong? Should I keep reporting this issue?
Can someone advise me please, what the normal level of customer service is, when SpamCop services don't work as expected? I've been a paying customer for several years now, with no problems - now there is a problem but...

Many thanks.

Share this post


Link to post
Share on other sites

Phormvictim, Sorry for the hiatus.  "Life, that is what happens while you are making plans."

I don't have an answer.  I do not use SpamCop reporting in the same way you do so have had to run some experiments the last couple of days.  I can not duplicate your problem nor have I see links in my spam with the "double dots".

Bad memory, have you used the web form to parse one of the problem spam?  Does that result in the same results as using the submit.xxxxx{AT}SpamCop.net approach?

Lou

Share this post


Link to post
Share on other sites

Thanks for the reply. I use Firetrust's Mailwasher to do my email screening. After the screening I download it into MSOutlook 2013 via pop3. Mailwasher accesses the email first using pop3 settings, checks source code and headers, and if it marks it as spam, then it automatically sends SpamCop a report. But by the time it has sent the report to SpamCop it has also deleted the email - that's the way it is set up. I then go to SpamCop to deal with those reports. and discover that SpamCop parsing has fallen over.

I'm seeing fewer of these SpamCop failures than a couple of weeks ago - but I suppose that depends on what waves of spam I'm receiving.

I know how to report mail manually using the manual form - but by the time I have discovered that SpamCop has fallen over, I no longer have access to the full text/headers of original email as Mailwasher has reported it then deleted it. It does keep a partial copy in its own recycle bin but it is rarely complete due to space considerations so I assume wouldn't be much use for diagnostic purposes. The SpamCop reporting is a feature built into the Mailwasher interface - it sends reports to my spamcop reporting email address (I've munged the account detail).

submit.****************@spam.spamcop.net

I'll do an experiment for a while by taking a copy of the full email source code and headers, before letting mailwasher report the spam. Then if the parser does fall over I can try again manually using the reporting form and see if it still falls over. Depending on the results of that experiment, what would you want me to do after that - post the full headers and text here (after munging my own details)? Happy to try that.

As for the "double dots" issue - I've set up a Mailwasher filter to catch those in any incoming emails- and while rare, that filter does fire every now and again - sometimes with spam, sometimes with legit mail. Every time I find the double dots, then I can predict that the parser will fall over when the report goes through and that the last thing it does will be -  (checking IP)

Incidentally  the forum generated notification for the reply above, let me to a "sorry we could not find that!" when I clicked on it inside Mailwasher - here's what I clicked on.

http://forum.spamcop.net/topic/16918-send-spam-reports-now-button-missing/?do=findComment&amp;comment=96032

 

Share this post


Link to post
Share on other sites

I'm not aware of any problems created by Mailwasher.  There are several (many) users here that use Mailwasher without reporting issues after getting it setup.  On the other hand, based on responses no one else seems to be having issues with "double dots" in spam.

Just to be clear are you having parser issues with spam OTHER THAN ones with the double-dots?

If you run an experiment, what would be most helpful would be the Tracking URL. That way we can see the munged spam and the results of the parser.

Share this post


Link to post
Share on other sites

As an addendum, I'm not using Mailwasher or any other mail integration program/service - my example was simply forwarded "as attachment" from Thunderbird.

Share this post


Link to post
Share on other sites

have you seen the HabuL extension for Thunderbird?  That's what I use.  Doesn't address the "double-dot" issue but makes all the others easier (JMHO)

Share this post


Link to post
Share on other sites
Tracking link: http://ec2-52-211-110-167.eu-west-1..compute.amazonaws.com/Ops.aspx?name=mk&amp;email=x
No recent reports, no history available
Host ec2-52-211-110-167.eu-west-1..compute.amazonaws.com (checking ip) 

Here's the bottom couple of lines from my latest choked parser incident (reported by Mailwasher) - and the tracking url at the top of the page was

https://www.spamcop.net/sc?id=z6336840602z1714d6b4f0171725fda81c608f6d4901z

Again- the bottom line does seem to have those .. two dots in it again just before the (checking ip) statement

I've checked the source code of the email in Mailwasher recycle bin - I can't find the string with the double dot in it (although I may not have the entire email in Recycle bin). And that email didn't trigger my double dot mailwasher detection filter. But there was still a double dot in the SpamCop parsing. The nearest I could get was this string

<a style=3D"color:#fff;t=
ext-decoration:none;" href=3D"http://ec2-52-211-110-167.eu-west-1=
..compute.amazonaws.com/Ops.aspx?name=3Dmk&email=3D

I'm reporting here every time I get this issue now - and SO FAR they've all had the double dot in that final line. I don't know if that is the problem - but it is common to all MY SpamCop failure issues.

Many thanks.

Edited by Phormvictim

Share this post


Link to post
Share on other sites

Here's another one - not happening quite so often now.. but

https://www.spamcop.net/sc?id=z6345417403za46913bca980b7af49bc66a8b83b5c5bz

Spamcop fell over at one of the bit.ly links - double dot again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now