Possible forgery.

[Gbcue]

I'm getting legitimate spam with forged headers. I have configured my mailhosts right with "Account C" (primary) first and then a secondary one which forwards to Account C second.

I'm getting "Possible forgery. Supposed receiving system not associated with any of your mailhosts" with most of my spam, which means there's a parsing error?

Any help?

Thanks!

[StevenUnderwood]

That message is more of a warning to look closely at the results. Most of my spam have that as well, it is not a problem, unless it is pointing at your ISP. Nomally, all reports will be directed to the IP your ISP received the message from unless it is trusted to correctly insert the IP it received (like Yahoo) the message from.

If this did not answer your questions, please post a sample or a tracking URL of a report going to the wrong abuse desk.

[Gbcue]

http://www.spamcop.net/sc?id=z515136792z95...fadf9d6c4feae8z

That tracking URL is one of the email address that I forward. It forwards from there to SBC.

http://www.spamcop.net/sc?id=z515137408z4c...64f50e465b122bz

The above is of just my primary account.

[StevenUnderwood]

For the first link:

Received: from [28.201.69.96] by cpe-68-118-226-43.ma.charter.com with ESMTP id 39EA57CC829; Wed, 09 Jun 2004 17:07:29 +0200

Is cpe-68-118-226-43.ma.charter.com one of your hosts (it looks to be a DHCP served charter address). If not, it was probably the origin of the message and the above received line is a forgery.

For the second link:

Received: from 200-153-194-17.dsl.telesp.net.br (200-153-194-17.dsl.telesp.net.br [200.153.194.17]) by ylpvm19.prodigy.net (8.12.10 mpsfix/8.12.10) with SMTP id i599830b004690; Wed, 9 Jun 2004 05:12:24 -0400

Same question about 200-153-194-17.dsl.telesp.net.br (a DHCP served telesp address)

In both cases, spamcop is sending the report to the ISP that delivered the message to your account, which is correct.