jrr7

Spamcop says "No date" -- why?

2 posts in this topic

I'm trying to report a "work at home" spam (probably money mule recruiting). Spamcop refuses to report it saying there's no date. Actually there is a Date: header, but with a date in the future. My guess is that's confusing spamcop.

If I look at the unsubmitted report, it doesn't show that message any more.

Why is Spamcop trusting the easily forgeable Date: header? The only definitive time is in the last trusted Received; header

Here's the headers:

Quote

Delivered-To: xxx
Received: by 10.157.6.105 with SMTP id 96csp1236652otn;
        Thu, 23 Mar 2017 23:31:53 -0700 (PDT)
X-Received: by 10.200.52.65 with SMTP id v1mr6839450qtb.166.1490337113378;
        Thu, 23 Mar 2017 23:31:53 -0700 (PDT)
Return-Path: <wsvz657ttt@sneakemail.com>
Received: from sneak2.sneakemail.com (sneak2.sneakemail.com. [64.46.156.55])
        by mx.google.com with ESMTP id 6si1010792qke.169.2017.03.23.23.31.53
        for <jonathanrynd@gmail.com>;
        Thu, 23 Mar 2017 23:31:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of wsvz657ttt@sneakemail.com designates 64.46.156.55 as permitted sender) client-ip=64.46.156.55;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of wsvz657ttt@sneakemail.com designates 64.46.156.55 as permitted sender) smtp.mailfrom=wsvz657ttt@sneakemail.com
Received: from 38.102.228.51 by sneak2.sneakemail.com with SMTP; 24 Mar 2017 06:36:50 -0000
Received: by LITEMAIL51.bigfoot.com (LiteMail v3.03(LITEMAIL51)) with SMTP id 1703232330_LITEMAIL51_7016201_1521331;	Thu, 23 Mar 2017 23:31:50 -0700
Received: from [14.187.182.54]:16931 [ident-empty]	by litemail22.bigfoot.net with TPROXY id 1490337048.8956	abuse-to abuse@bigfoot.com
From: "o.kunkel-at-vallotech.ch |bigfoot jrr7/send to gmail|" <wsvz657ttt@sneakemail.com>
To: xxx
Date: 24 Mar 2017 19:13:59 +0600
MIME-Version: 1.0
Subject: 5490
Message-ID: <58D52137.1928.989BE7@o.kunkel.vallotech.ch>
Priority: normal
X-Mailer: Pegasus Mail for Windows (4.52)
Content-Type: multipart/alternative; boundary="Alt-Boundary-96327.0718144"
Content-Transfer-Encoding: 
X-Sneakemail-Label: bigfoot jrr7
X-Sneakemail-Address: gfcpuhg02@sneakemail.com
X-Sneakemail-Tag: send to gmail
X-Sneakemail-From: <o.kunkel@vallotech.ch>
X-Sneakemail-Is-Sneakemail: yes
X-Sneakemail-Folder-Path: /Desktop

 

Share this post


Link to post
Share on other sites

Of course a Tracking URL would have been nice, so everyone could see what the parser did.

Also that would have avoided revealing your email address(es) in the TO:  and Delivered-To: lines. (your welcome).

The parser is not interested in the Date: line in the header, which can easily forged by the spammer.  If you look at the first Received: lines (just above the From: line) you will see it does not have a date.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now