Jump to content
klappa

Spamcop cannot find source IP

Recommended Posts

Recently i've got several phishing spam e-mails where Spamcop has problem finding the source IP. It has a IPV6 address.

 
 
Parsing header:

host 2002:a17:902:968e:0:0:0:0 (getting name) no name

0: Received: by 2002:a17:902:968e:: with SMTP id n14-v6mr17341432plp.21.1519125092798; Tue, 20 Feb 2018 03:11:32 -0800 (PST)

No unique hostname found for source: 2002:a17:902:968e:0:0:0:0

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust this Received line.

Mailhost configuration problem, identified internal IP as source

Mailhost:
Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

 

 

Here's the full e-mail header.

 

Delivered-To: x
Received: by 10.140.17.166 with SMTP id 35csp5053975qgd;
        Tue, 20 Feb 2018 03:11:32 -0800 (PST)
X-Google-Smtp-Source: AH8x224K8EtTlH91SvD5EnHpHEDVS/HuvBrl3NjoqwAlh53HQcCPMB5F6HAiTiutJMNxFVkMaAD8
X-Received: by 2002:a17:902:968e:: with SMTP id n14-v6mr17341432plp.21.1519125092798;
        Tue, 20 Feb 2018 03:11:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519125092; cv=none;
        d=google.com; s=arc-20160816;
        b=zY8+LATQ6rtkMmZafX3BoHX+x9gLlAgJ0JBI60ZSnh3Wzn4DJp2zfSktOPpi65Yq7n
         SGFg6QDpIgMut9h6rR5roEu+GChwUzy1R6EC8UGQkhz4aqDUhKcMQbYyo/Pj5Ce8bJLk
         WktKF6lklIAxippTa5FhwFhQlzFGqvGpHL3lySBtiZVpv9EJ4oBxlqDz8h53bSPEDEzF
         YaRxniWGNETCO/z7524HW5ztD08HWYEczKbLSDW031FYSPZF3K8cPCvK+Ci0z4snimVi
         aRaqAUG9tNBTg1s7EoWUAEcfL1G+9hNEtT9YoZStToD6i7P59j59S5Bctbk287jiaRz+
         Crzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:subject:message-id:reply-to
         :from:date:arc-authentication-results;
        bh=XgHhSVkGXCeZrEbTJfxFlQ+NGi30OMh5lUpaPwhKx/0=;
        b=NGtXFOsFUxir8lCCaLXCY7k4Tbe6YMhbTGlU7TUD34t++VgyI/KL6Ge/+ZAd4H72yV
         HGR4TiVpn2y/lHSRtBLOeF9PbxKE+okLkDPw9Zt7l5P/40YJpHelBkgoeC+7DGDtYNCI
         UdHRUKXxk3midNHI2OZgkz18LYHJ6ZX90BMZMmfaADPfxlxULo1j/mtBzzqV6CzIuRP2
         Bd6PIbO9wWp7aCqfyyHCcAvtH13o2Wgn4DK5Znmam0zP56ft5jg+r3Lz9uR4RmdpYF5a
         I3IyIEKXlHcc32yd2yByMQ1RlWwSr4tFzTfsOJqBNC0ODM46v1lBorXHqalmPtiBWivD
         s7aA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of www.@royal.ocn.ne.jp designates 153.149.233.27 as permitted sender) smtp.mailfrom=WWW.@royal.ocn.ne.jp
Return-Path: <WWW.@royal.ocn.ne.jp>
Received: from mbkd0226.ocn.ad.jp (mbkd0226.ocn.ad.jp. [153.149.233.27])
        by mx.google.com with ESMTP id f6si7228610pgn.336.2018.02.20.03.11.15;
        Tue, 20 Feb 2018 03:11:32 -0800 (PST)
Received-SPF: pass (google.com: domain of www.@royal.ocn.ne.jp designates 153.149.233.27 as permitted sender) client-ip=153.149.233.27;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of www.@royal.ocn.ne.jp designates 153.149.233.27 as permitted sender) smtp.mailfrom=WWW.@royal.ocn.ne.jp
Received: from mf-smf-ucb027c3 (mf-smf-ucb027c3.ocn.ad.jp [153.153.66.171])
	by mbkd0226.ocn.ad.jp (Postfix) with ESMTP id 532CDD07339;
	Tue, 20 Feb 2018 20:11:15 +0900 (JST)
Received: from ntt.pod01.mv-mta-ucb022 ([153.149.142.85])
	by mf-smf-ucb027c3 with ESMTP
	id o5p9emuQ1jyDio5pKee0FW; Tue, 20 Feb 2018 20:11:15 +0900
Received: from vcwebmail.ocn.ad.jp ([153.149.227.134])
	by ntt.pod01.mv-mta-ucb022 with 
	id CzBE1x00F2ud8JZ01zBESa; Tue, 20 Feb 2018 11:11:14 +0000
Received: from mzcstore292.ocn.ad.jp (mz-fcb292p.ocn.ad.jp [180.37.202.229])
	by vcwebmail.ocn.ad.jp (Postfix) with ESMTP;
	Tue, 20 Feb 2018 20:11:14 +0900 (JST)
Date: Tue, 20 Feb 2018 20:11:14 +0900 (JST)
From: Dr James Wadas <WWW.@royal.ocn.ne.jp>
Reply-To: Dr James Wadas <janepilot3@gmail.com>
Message-ID: <384029775.6673075.1519125074670.JavaMail.root@royal.ocn.ne.jp>
Subject: REPLY TO HER QUICK
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-Originating-IP: [197.234.221.176]

Urgent Attention

This is my second time I am sending you this notification, simply contact jane hillary the pilot  with your contact information and your nearest airport to land, so that she can deliver the Package worth ($9.5 Million USD) as she just landed in your country now but misplaced your information, she will give you more details when you re-confirm details. Your personal code to the box is XLA21492014SD. NB indicate this code to the diplomat  jane hillary, so that she can know that you are the rightful owner of the box.

Contact her with the information listed below

Name.... jane hillary
Email....(janepilot3@gmail.com)
Phone....._(608)7138825


Reconfirm your current information as requested below

Beneficiary Name..........
Country.................
City.....................
Current address...........
Nearest airport...........
Direct phone number.......
I.d copy................

Best regard
Dr James Wadas 

 

Share this post


Link to post
Share on other sites

Not to be redundant, but could you provide the Tracking URL?

I understand you have included inline in your post, what you feel is the pertinent information.  But have you provided all the pertinent information?  We don't know for sure.

Share this post


Link to post
Share on other sites
6 hours ago, klappa said:

Recently i've got several phishing spam e-mails where Spamcop has problem finding the source IP. It has a IPV6

The spammer is putting in fake headers!
To get around this you need to look for  "ARC-Authentication" and snip above that copy from there down.
In notes add the bit you snip out track URL https://www.spamcop.net/sc?id=z6439116336z607dabe7cb156e8f3743b8d25d345f64z

X-Google-Smtp-Source: 
AH8x224uqG6EmUcfBYgUUgeXFVG8X7M7w5W/y8cGQeu6qelGfT+SEvNeSk
l7OwtDDHo5q1hWz5kT
X-Received: by 2002:a17:902:7c95:: with SMTP id y21-
v6mr18271267pll.243.1517248215276;
        Mon, 29 Jan 2018 09:50:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517248215; cv=none;
        d=google.com; s=arc-20160816;
        
b=rEEv75F5u0pdFSKOVadtEjk7uJrCHelc0PyQpdByEDyjWWjuZAdEQzdb
Zas46sOavz
         
uq51pjdot+3JquNVN0ArIXIeJJew2WImCbj67CeH8ko2enKHNcnHlQ1EJD
dViFjkCSvW
         
h3yeMgOFqQvdv+kwXc+DD2D/1dVJgtV+zRwqNxbf6l3XouOpPm9OAvSBe1
LxCIl4+801
         
RhuvHrHmUiE/o/4qBrkkG98sZu/st4ucNXuFjBeFuIGOylzcgjk54wbEUR
sV6ln/17pW
         
n98BWquLG8kkXQdrvDvlSVhJX/6J7oqN2iar7/rKIoeAnaS0jFjkkBMarB
/vhun3z0MW
         bhVg==
ARC-Message-Signature: i=1; a=rsa-sha256; 
c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-
version:subject:message-id:reply-to
         :from:date:arc-authentication-results;
        bh=+eTI5hmwWM+vKJlIEYpqSa+SlkHtoDA4l9SsJgC1tGw=;
        
b=hOw+HMMu1x1S7eUFnQM79pTuWFRcJBn4lEk/FyRJpWis8wxd8RSwrd1q
qwME2N+mob
         
Hi35I+9CK7jjE3se5bTIjjgs/phnbdSv/5sIymQuFxTOLWPwNK2WR2luHK
c0Rf2PpqT3
         
BepCqTZ7svwzP1ft10n4kUJxpwJDe3ZHRZ/9GsJZfibirT/TT9O+3yEdwn
3+8ZHmWwsp
         
EmhUGPM4kjpNy37Whc8gs+Lzlkgxqs+FfEAe+vBXLCOE5vj50tkwys2YYc
3dnFsluIGy
         
TT25JEqtd1iaFeQcYHuvN2AJkwOQfwgFeXg1hkdPTtRLAzDSElyMbEYK+B
1yCmQ7bLXy
         pyYA==

 

Share this post


Link to post
Share on other sites
On 2018-02-20 at 5:15 PM, Lking said:

Not to be redundant, but could you provide the Tracking URL?

I understand you have included inline in your post, what you feel is the pertinent information.  But have you provided all the pertinent information?  We don't know for sure.

How do i provide the tracking URL? Spamcop won't even process the spam since it can't find the source IP.

Quote

host 2002:a17:902:6b8a:0:0:0:0 (getting name) no name

0: Received: by 2002:a17:902:6b8a:: with SMTP id p10-v6mr18425780plk.432.1519838357678; Wed, 28 Feb 2018 09:19:17 -0800 (PST)

No unique hostname found for source: 2002:a17:902:6b8a:0:0:0:0

 

Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

 

Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam

 

No source IP address found, cannot proceed.
Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like

 

Nothing to do.

 

On 2018-02-20 at 8:06 PM, petzl said:

The spammer is putting in fake headers!
To get around this you need to look for  "ARC-Authentication" and snip above that copy from there down.
In notes add the bit you snip out track URL https://www.spamcop.net/sc?id=z6439116336z607dabe7cb156e8f3743b8d25d345f64z


X-Google-Smtp-Source: 
AH8x224uqG6EmUcfBYgUUgeXFVG8X7M7w5W/y8cGQeu6qelGfT+SEvNeSk
l7OwtDDHo5q1hWz5kT
X-Received: by 2002:a17:902:7c95:: with SMTP id y21-
v6mr18271267pll.243.1517248215276;
        Mon, 29 Jan 2018 09:50:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517248215; cv=none;
        d=google.com; s=arc-20160816;
        
b=rEEv75F5u0pdFSKOVadtEjk7uJrCHelc0PyQpdByEDyjWWjuZAdEQzdb
Zas46sOavz
         
uq51pjdot+3JquNVN0ArIXIeJJew2WImCbj67CeH8ko2enKHNcnHlQ1EJD
dViFjkCSvW
         
h3yeMgOFqQvdv+kwXc+DD2D/1dVJgtV+zRwqNxbf6l3XouOpPm9OAvSBe1
LxCIl4+801
         
RhuvHrHmUiE/o/4qBrkkG98sZu/st4ucNXuFjBeFuIGOylzcgjk54wbEUR
sV6ln/17pW
         
n98BWquLG8kkXQdrvDvlSVhJX/6J7oqN2iar7/rKIoeAnaS0jFjkkBMarB
/vhun3z0MW
         bhVg==
ARC-Message-Signature: i=1; a=rsa-sha256; 
c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-
version:subject:message-id:reply-to
         :from:date:arc-authentication-results;
        bh=+eTI5hmwWM+vKJlIEYpqSa+SlkHtoDA4l9SsJgC1tGw=;
        
b=hOw+HMMu1x1S7eUFnQM79pTuWFRcJBn4lEk/FyRJpWis8wxd8RSwrd1q
qwME2N+mob
         
Hi35I+9CK7jjE3se5bTIjjgs/phnbdSv/5sIymQuFxTOLWPwNK2WR2luHK
c0Rf2PpqT3
         
BepCqTZ7svwzP1ft10n4kUJxpwJDe3ZHRZ/9GsJZfibirT/TT9O+3yEdwn
3+8ZHmWwsp
         
EmhUGPM4kjpNy37Whc8gs+Lzlkgxqs+FfEAe+vBXLCOE5vj50tkwys2YYc
3dnFsluIGy
         
TT25JEqtd1iaFeQcYHuvN2AJkwOQfwgFeXg1hkdPTtRLAzDSElyMbEYK+B
1yCmQ7bLXy
         pyYA==

Thanks! But since Spamcop won't process the spam, (it won't recognize the Source IP it won't process the spam). I don't know what to do. The spammer have used this IP dozens of times by now.

 

Edited by klappa

Share this post


Link to post
Share on other sites
3 hours ago, klappa said:

How do i provide the tracking URL? Spamcop won't even process the spam since it can't find the source IP

BEFORE you submit a tracking url is provided at top of page

This ARC "stamp" is marking a "X-Received" line just remove/cut that line and SpamCop will parse fine . Put/past that line in notes
X-Received: by 2002:a17:902:7c95:: with SMTP id y21- v6mr18271267pll.243.1517248215276;

Share this post


Link to post
Share on other sites
16 minutes ago, petzl said:

BEFORE you submit a tracking url is provided at top of page

This ARC "stamp" is marking a "X-Received" line just remove/cut that line and SpamCop will parse fine . Put/past that line in notes
X-Received: by 2002:a17:902:7c95:: with SMTP id y21- v6mr18271267pll.243.1517248215276;

Thank you!

Share this post


Link to post
Share on other sites

Yea! Still continuing getting this spam with the fake ipv6 address. Now they even faked it in the Received line. 

Should i snippet out that too and type it in the comment section?

 

Share this post


Link to post
Share on other sites
2 hours ago, klappa said:

Yea! Still continuing getting this spam with the fake ipv6 address. Now they even faked it in the Received line. 

Should i snippet out that too and type it in the comment section?

Seem a number of variants copy from including this line down

ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of www.@vanilla.ocn.ne.jp designates 153.149.236.39 as permitted sender) 

Then copy and paste the above bit in notes' After SpamCop has parsed it.

Edited by petzl

Share this post


Link to post
Share on other sites

I am in the habit of forwarding my spam as attachments to SpamCop. As a result, this workaround does not work for me.

It used to be that I was receiving a few messages which would not process, then more, now, it seems almost all of them.

I hope that the SpamCop header parser will be fixed to deal with this.

Share this post


Link to post
Share on other sites
7 hours ago, tblake@binghamton.edu said:

I am in the habit of forwarding my spam as attachments to SpamCop. As a result, this workaround does not work for me.

It used to be that I was receiving a few messages which would not process, then more, now, it seems almost all of them.

I hope that the SpamCop header parser will be fixed to deal with this.

Send a tracking URL, seemed to of been fixed. The main problem I believe was Gmail setting headers wrong?

Share this post


Link to post
Share on other sites

Afraid the headers are junk (to me) but will work if junk removed,  track https://www.spamcop.net/sc?id=z6460699162zdabd939844b7514b24bbbd6395adb11az

seems to be Indian spammer using twitter as a relay Claims to be a "unsubsribe" Indian site "They" have your email address anyhow your choice to try it?

http://night-mare.org/unsub/?a1b2c3d4e5/682534/0/12859#55711

 

Or try forwarding spam to "me[at]rescam.org" .Rescam only works for/with a scammers REAL email addresses. If it bounces rescam stops sending. Rescam will only reply to emails that respond. They do use artificial intelligent BOT for replies If your submission is accepted they/it will give you a reply with links to nonsensical conversation. bit like the BOT Lenny for nuisance call

Edited by petzl

Share this post


Link to post
Share on other sites
On 4/21/2018 at 12:19 PM, SpamStoolie said:

It used to be that I was receiving a few messages which would not process, then more, now, it seems almost all of them

Check your sent mail there is was a problem with Gmail

https://news.google.com/news/story/dU3PtG5ZecqtanM2Dctcba56KqrVM?ned=us&hl=en&gl=US

Share this post


Link to post
Share on other sites

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6460902591ze58866bb7d3b017ceab1bc1dc060e36az

Mailhost configuration problem, identified internal IP as source

Mailhost:
Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like

Nothing to do.

Share this post


Link to post
Share on other sites
11 hours ago, SpamStoolie said:

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6460902591ze58866bb7d3b017ceab1bc1dc060e36az

Check your sent mail there is was a problem with Gmail

https://news.google.com/news/story/dU3PtG5ZecqtanM2Dctcba56KqrVM?ned=us&hl=en&gl=US

Share this post


Link to post
Share on other sites

Have you looked at your Mailhost lately?  Looks like your ISP may have changed configuration so that the IP 2002:a19:2203:0:0:0:0:0 is now in your received path.

Login to spamcop.net and click on the <mailhost> tab

Share this post


Link to post
Share on other sites
7 hours ago, Lking said:

Have you looked at your Mailhost lately?  Looks like your ISP may have changed configuration so that the IP 2002:a19:2203:0:0:0:0:0 is now in your received path.

Login to spamcop.net and click on the <mailhost> tab

The headers are faked by spammer Gmail has a problem, the top fake headers need removing 

Delivered-To: x
Received: by 2002:a19:2203:0:0:0:0:0 with SMTP id i3-v6csp3807840lfi;
        Mon, 23 Apr 2018 05:42:52 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZouH9uRREqqQY6Qz0qd656nSgVYRkNeZiYTX86AabWnCx2ioL9i5Pdbw/FTvtjnCec0Ah6G
X-Received: by 10.55.65.21 with SMTP id o21mr21204190qka.98.1524487372373;
        Mon, 23 Apr 2018 05:42:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524487372; cv=none;
        d=google.com; s=arc-20160816;
        b=XvpHCp72Wirsv7guEqaJFpG5lGBXH0XQHx5t2Gb3Ajd9DpIFsuknOCSM2Ab2IntAXQ
         /qTmP76uAW0RvIBrR8ozGB4RvW5uNm4yKxl1DP8EF6jV+hrquvOb3QlbgXxM/78n6VN2
         VgCvX+xQoajpB0yVLs7Vpw2WKvUmj31XUgb6Kv3ekRi482Uf74Worx0ayFVOCbH0C741
         fvjaK3qt3qgC3rXA9MKqKxp4vThGXdpZ3KpenR5dh4IDWEttOmEGk5/BfYjkL2AsLJcI
         /Ab/FozgoKH62Vv8cETDvccVGuppvmus5jdPOY+sk65+CeKC3EPlj/jYQoSeJZNtWTwH
         QXyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:mime-version:subject:message-id:to:reply-to:from
         :date:dkim-signature:dkim-signature:arc-authentication-results;
        bh=3XGAO9t72kzYXZEHdxQCEi3LjBUqtSuDzaeNBgzlYXQ=;
        b=BHg7hIDgobGQ5CqYn9J7c3cd7jlENG6GrHfGZTcNxdZfO5d1iAc63GAQJTQzTUVTsU
         I/dnjBg3DjaZjKdSEhYSmehaQlBt/xaNZ/SjsP0tBTgpcPFlCC4l4tuB8L+JLB6ucOQT
         2OSHWAWe3UmzZ3lGCUT/Q1+EEF9p17GunwrtNh041niEvnkzGODBE5bE/gSBGmB002Dh
         UeaVaK9x3LwcVSy8hzWlN4hsmPj+quFINVnjzIdXpHSg8I0ZcOyYKI3Lhil4ZtZpbOcg
         NzYn6QsmAe7Q8NtneNOPkX+2DlOe4PuYv+Lcz32n1RSWw+4h1fICiWUE+Q7edR0OHuJZ
         c8KQ==

once done it parses OK. the fake headers need to be put in "notes" if reported the spam stops was happening to me also send to gmail abuse

https://www.spamcop.net/sc?id=z6461173975zb86c716f56397882d476e60f06009a9dz

 

The network seems operated by criminal  black-hat scumbags!

https://www.spamcop.net/w3m?action=checkblock&ip=199.15.213.67

 

Other hosts in this "neighborhood" with spam reports

199.15.212.72 199.15.212.75 199.15.212.136 199.15.212.201 199.15.213.50 199.15.213.51 199.15.213.52 199.15.213.54 199.15.213.55 199.15.213.64 199.15.213.65199.15.213.69 199.15.213.90 199.15.213.92 199.15.213.112 199.15.213.118 199.15.213.121 199.15.213.125 199.15.213.132 199.15.213.139 199.15.213.140 199.15.213.175199.15.213.183 199.15.214.3 199.15.214.37 199.15.214.42 199.15.214.45 199.15.214.46 199.15.214.47 199.15.214.48 199.15.214.49

Edited by petzl

Share this post


Link to post
Share on other sites

While these problems may be related, I have been seeing this behavior for a while, and the spam does not show up as being from me.

I don't see how a spammer could insert fake header lines at the top of a mail message. This appears to be a SpamCop parsing problem, caused by a change in how Gmail is handling mail.

I have tried another message, trimming the top two header lines off, as you have done, and SpamCop parses it correctly. (Thank you.)

However, as an experiment, I tried feeding the unadulterated headers to Google's tool: https://toolbox.googleapps.com/apps/messageheader/

(It did not choke.)

Edited by SpamStoolie
adding emphasis

Share this post


Link to post
Share on other sites
1 hour ago, SpamStoolie said:

I don't see how a spammer could insert fake header lines at the top of a mail message.

Thanks for link (but is rubbish 2002:a19:2203:0:0:0:0:0 is not a routable address)  but I were getting these forged headers for a while only by reporting them and to Google abuse did they stop.
To insert forged headers you simply rename (My Computer) your computer to 

ARC-Seal: i=1; a=rsa-sha256; t=1524487372; cv=none;
        d=google.com; s=arc-20160816;
        b=XvpHCp72Wirsv7guEqaJFpG5lGBXH0XQHx5t2Gb3Ajd9DpIFsuknOCSM2Ab2IntAXQ
         /qTmP76uAW0RvIBrR8ozGB4RvW5uNm4yKxl1DP8EF6jV+hrquvOb3QlbgXxM/78n6VN2
         VgCvX+xQoajpB0yVLs7Vpw2WKvUmj31XUgb6Kv3ekRi482Uf74Worx0ayFVOCbH0C741
         fvjaK3qt3qgC3rXA9MKqKxp4vThGXdpZ3KpenR5dh4IDWEttOmEGk5/BfYjkL2AsLJcI
         /Ab/FozgoKH62Vv8cETDvccVGuppvmus5jdPOY+sk65+CeKC3EPlj/jYQoSeJZNtWTwH
         QXyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:mime-version:subject:message-id:to:reply-to:from
         :date:dkim-signature:dkim-signature:arc-authentication-results;
        bh=3XGAO9t72kzYXZEHdxQCEi3LjBUqtSuDzaeNBgzlYXQ=;
        b=BHg7hIDgobGQ5CqYn9J7c3cd7jlENG6GrHfGZTcNxdZfO5d1iAc63GAQJTQzTUVTsU
         I/dnjBg3DjaZjKdSEhYSmehaQlBt/xaNZ/SjsP0tBTgpcPFlCC4l4tuB8L+JLB6ucOQT
         2OSHWAWe3UmzZ3lGCUT/Q1+EEF9p17GunwrtNh041niEvnkzGODBE5bE/gSBGmB002Dh
         UeaVaK9x3LwcVSy8hzWlN4hsmPj+quFINVnjzIdXpHSg8I0ZcOyYKI3Lhil4ZtZpbOcg
         NzYn6QsmAe7Q8NtneNOPkX+2DlOe4PuYv+Lcz32n1RSWw+4h1fICiWUE+Q7edR0OHuJZ
         c8KQ==

something like that?

Edited by petzl

Share this post


Link to post
Share on other sites

I am having a similar problem but with my gmail account which incidentally was working fine for several years and now all of a sudden reports as OP. Here are the headers, will appreciate assistance to sort this out. Thank you

 

Delivered-To: XX@gmail.com
Received: by 2002:a02:2e2f:0:0:0:0:0 with SMTP id i47-v6csp84720jaa;
        Tue, 24 Apr 2018 16:45:48 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpitjdypWKbv5qiyeBLlfA6pSCiphuJ43r+gpOMo3FD+9950DsCApz4tnf43t5L6H3e2zmM
X-Received: by 2002:ac8:2f3b:: with SMTP id j56-v6mr871886qta.224.1524613548510;
        Tue, 24 Apr 2018 16:45:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524613548; cv=none;
        d=google.com; s=arc-20160816;
        b=WwUUrDt2+12FgTV2wFxSiO7vpR/7Jkt2F/w1JKm6v5FyEeHNoJpQEPxPvYdHnnTFaA
         jI9fQKWm7/55KFOm3+6SXcDI9Bh8Kb5wdp2faij6bnsERa+CtUPBKfXO0KrFKk7AFthz
         /9tNRX96KP2EIYeuxfR0m0Px7fDrDDWqCzg0I4lbvpvsLG7g3QjFUd2z29N9+tua2N4y
         2iD7pW0MlOIGOjLK40+p/gN5U3Az44XPaWLnlJPWuL9WgCnoYysIvq8Vssy++4+iyF+2
         JA4Pfmyx6f3r4xlH9XZK6q7sUBfyUHI4KXg3LBFCkG7dLei8rFdBwKP9DvbBaLHl8xz+
         hRyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:date:to:reply-to:from:subject:dkim-signature
         :arc-authentication-results;
        bh=ZjUjCEsWH2aVC2CGWbHn+L+NhQvwmRNQ8aSeGQSqCYw=;
        b=ahC8mpr/isXkOo/LMEThmAi8JUivnDOe2tOg9FLv5n+Myd1outW2fIpJvGz6EriVYr
         jdnrEHy1QANczVXlR2hDxwz9tJHTPaJQjBDmmETBoV90q+ja9vQ5XJyl5S1GhhfB9UpH
         ZFCDVO5YozzpOfAJ/rEYir96Y4cZF7yfTPlAwtrbBM+TghFHOX7sBlZYxO/rG8AXNT/A
         wmLc0rNhocjTsbe5LtA7RHQkO6R69m0X+B8DrA/EYqcIv4x0VR1n4T+Km+e8g9K6NKh6
         a7zYsWZcqcqg2z/yGUHJeTk16jldRwae/7Fuk6GDbFFBqVOgDB7f/azkqlJ34rEHMApF
         GsWA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=wlibc3GP;
       spf=pass (google.com: domain of bounces+7434010-9aaf-XX=gmail.com@sendgrid.net designates 167.89.106.6 as permitted sender) smtp.mailfrom=bounces+7434010-9aaf-XX=gmail.com@sendgrid.net
Return-Path: <bounces+7434010-9aaf-XX=gmail.com@sendgrid.net>
Received: from o2.0qt.s2shared.sendgrid.net (o2.0qt.s2shared.sendgrid.net. [167.89.106.6])
        by mx.google.com with ESMTPS id q13-v6si1098455qtf.88.2018.04.24.16.45.47
        for <XX@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 24 Apr 2018 16:45:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+7434010-9aaf-XX=gmail.com@sendgrid.net designates 167.89.106.6 as permitted sender) client-ip=167.89.106.6;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sendgrid.net header.s=smtpapi header.b=wlibc3GP;
       spf=pass (google.com: domain of bounces+7434010-9aaf-XX=gmail.com@sendgrid.net designates 167.89.106.6 as permitted sender) smtp.mailfrom=bounces+7434010-9aaf-XX=gmail.com@sendgrid.net
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.net; h=subject:from:reply-to:to:content-type:x-feedback-id; s=smtpapi; bh=uEUq311FzzjnZ6umg9gpfpfu2Dg=; b=wlibc3GPHVgxZiXFHSuOhxfXNV4P3 muuySr0ZIh87TfI54XjKgIqAf0rduuOtFvbl6wnJfnmXKFZmISK3TiNws1f8APJO nLn58+HTko5VTyAKX7qex6PLexZceOjTluxOUg3RZtXMXVoD1cTCxMYy8Xs3hKCR GOoaP3YZpfha5U=
Received: by filter0022p3iad2.sendgrid.net with SMTP id filter0022p3iad2-9528-5ADFC1AA-32
        2018-04-24 23:45:46.429937895 +0000 UTC
Received: from mailhost.cmla.ens-cachan.fr (31.219.forpsi.net [195.181.219.31]) by ismtpd0001p1lon1.sendgrid.net (SG) with ESMTP id YXxiAkBsTaSGMNy1Kg3aCg for <XX@gmail.com>; Tue, 24 Apr 2018 23:45:46.039 +0000 (UTC)
Received: from localhost (127.0.0.1) by inboxpab.com id 5QXRLSF9F64H for <XX@gmail.com>; Wed, 25 Apr 2018 01:45:51 +0200 (envelope-from <return@inboxpab.com>)
Subject: Try CBD Gummies for Free!
From: "**Healthy Life**" <infos@inboxpab.com>
Reply-to: <reply@inboxpab.com>
To: XX@gmail.com
Date: Tue, 24 Apr 2018 23:45:46 +0000 (UTC)
Content-Type: multipart/alternative; boundary="NlnX4eFXH9gn=_?:"
Content-Length: 47775
Message-ID: <YXxiAkBsTaSGMNy1Kg3aCg@ismtpd0001p1lon1.sendgrid.net>
X-CSA-Complaints: whitelist-complaints@eco.de
X-SG-EID: FkxlJR0jYlFrHqvpkIuV3qGpCcN7fYyncIUnqwLukYDG3vQMn/tb2QZRk0VJxezfM2e7LfeRPI3oWo nTHWtq82S3cmoSoo0nnwYiAzjql37ZOzYjJf5jJ8M03ajnxyPrlD4nli/Mg3I5bTbExrJwRJW5vAg0 FpWjVkk3Q+ZSNn387mlJ0/ElhbBjMISnXoCAxJbi0V4RbkjzOheGlRLjtkzxTXrXgc669ztwU2fLQ6 4=
X-Feedback-ID: 7434010:8TzWmuLmZR299Hk0OOgPhhVySMtjCGZhA1j7Jtlx/3Y=:8TzWmuLmZR299Hk0OOgPhhVySMtjCGZhA1j7Jtlx/3Y=:SG

--NlnX4eFXH9gn=_?:
Content-Type: text/plain; charset="utf-8"
content-transfer-encoding: quoted-printable

Share this post


Link to post
Share on other sites
9 hours ago, BoZz said:

I am having a similar problem but with my gmail account which incidentally was working fine for several years and now all of a sudden reports as OP. Here are the headers, will appreciate assistance to sort this out. Thank you

These are genuine Gmail headers  https://www.spamcop.net/sc?id=z6461350211z4ef67168cec9b57a466a6e5a240b31c7z 

when fake headers are removed from your submission it parses OK  https://www.spamcop.net/sc?id=z6461352945z1f2e49dc74fc18cb14dba3aa314795ddz  

Share this post


Link to post
Share on other sites

The 2nd header seems to be the only troublemaker.

10 hours ago, BoZz said:

Received: by 2002:a02:2e2f:0:0:0:0:0 with SMTP id i47-v6csp84720jaa; Tue, 24 Apr 2018 16:45:48 -0700 (PDT)

If this header is removed, the message parses properly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×