ChuckGary61 Posted May 30, 2018 Share Posted May 30, 2018 I just copy/paste the ipv6 into a whois, then copy/paste the resulting ipv4, replacing the ipv6 in the headers - yes it's munging, but it works and like RobieBue says, it amounts to ripping the "ipv6 disguise" off, so in my view, a legit munging. Curiously Hotmail doesn't have this problem, since it puts the ipv6 into a parenthesis that somehow, the spamcop parser ignores, and thus parses correctly. Again, Spamcop should provide a workaround, like they did for "eudora users" - why not one for "gmail users", Spamcop? Link to comment Share on other sites More sharing options...
SpamStoolie Posted May 30, 2018 Share Posted May 30, 2018 1 hour ago, ChuckGary61 said: it puts the ipv6 into a parenthesis that somehow, the spamcop parser ignores https://www.rfc-editor.org/rfc/rfc822.txt 3.4.3. COMMENTS A comment is a set of ASCII characters, which is enclosed in matching parentheses and which is not within a quoted-string The comment construct permits message originators to add text which will be useful for human readers, but which will be ignored by the formal semantics. Comments should be retained while the message is subject to interpretation according to this standard. However, comments must NOT be included in other cases, such as during protocol exchanges with mail servers. I currently modify the Gmail Received: header like so, commenting the 6to4 address with parentheses and inserting the IPv4 equivalent : Received: by 10.2.33.9 (2002:a02:2109:0:0:0:0:0) with SMTP id e9-v6csp39361jaa; Thu, 24 May 2018 20:09:34 -0700 (PDT) Link to comment Share on other sites More sharing options...
SpamStoolie Posted May 30, 2018 Share Posted May 30, 2018 7 hours ago, klappa said: It's very irritating reporting Spamcop using gmail nowadays. This wasn't the case until half a year ago. I think this graph is quite telling: https://www.spamcop.net/spamgraph.shtml?spamyear Link to comment Share on other sites More sharing options...
SpamStoolie Posted May 30, 2018 Share Posted May 30, 2018 4 hours ago, SpamStoolie said: I think this graph is quite telling: https://www.spamcop.net/spamgraph.shtml?spamyear In mid-March, the ratio of spam reports to spam submissions dropped to about 1 to 1. In late march, the number of submissions was briefly higher than the number of reports. Now, the ratio of reports to submissions is increasing, but both are lower than before. I wonder if anyone who matters is watching the numbers… Link to comment Share on other sites More sharing options...
cwg Posted May 30, 2018 Share Posted May 30, 2018 Something weird is going on with the parser right now involving gmail spam, even if I use the outlook/eudora workaround form spamcop is NOT finding links. Link to comment Share on other sites More sharing options...
petzl Posted May 31, 2018 Share Posted May 31, 2018 On 4/26/2018 at 7:34 AM, SpamStoolie said: The 2nd header seems to be the only troublemaker. If this header is removed, the message parses properly. That was only working off and on previously, Google seem to be "um and arring" now with googles/gmail update cannot even read spam in spam folder. Link to comment Share on other sites More sharing options...
BoZz Posted May 31, 2018 Share Posted May 31, 2018 7 hours ago, cwg said: Something weird is going on with the parser right now involving gmail spam, even if I use the outlook/eudora workaround form spamcop is NOT finding links. To get around this you can do this, Use the two part submission form, in Gmail open full headers, copy headers omitting the first two lines, I think copy starting from the date line and ending with omitting the last line, paste that in, then copy body loosing the first syntax and paste that in, now if you submit Sapmcop will parse all including links.. Link to comment Share on other sites More sharing options...
cwg Posted May 31, 2018 Share Posted May 31, 2018 9 hours ago, BoZz said: To get around this you can do this, Use the two part submission form, in Gmail open full headers, copy headers omitting the first two lines, I think copy starting from the date line and ending with omitting the last line, paste that in, then copy body loosing the first syntax and paste that in, now if you submit Sapmcop will parse all including links.. Works about well as a watergun in a firefight. https://www.spamcop.net/sc?id=z6467209537z5ce16d11466090755a84c95202c4d422z Link to comment Share on other sites More sharing options...
Lking Posted May 31, 2018 Share Posted May 31, 2018 1 hour ago, cwg said: Works about well as a watergun in a firefight. Are you suggesting that google is not the correct abuse address or are you suggesting that the bounce of the spam report is the problem? If you have a better email address to submit gmail/google spam reports that would be a positive addition to the anti-spam effort. The efforts against spam and for net neutrality need to be community efforts. Link to comment Share on other sites More sharing options...
cwg Posted May 31, 2018 Share Posted May 31, 2018 No, it's not picking up the LINKS in the message. 9 minutes ago, Lking said: Are you suggesting that google is not the correct abuse address or are you suggesting that the bounce of the spam report is the problem? If you have a better email address to submit gmail/google spam reports that would be a positive addition to the anti-spam effort. The efforts against spam and for net neutrality need to be community efforts. Link to comment Share on other sites More sharing options...
Lking Posted May 31, 2018 Share Posted May 31, 2018 That is the lowest priority. Trying to stop/block the spam is the top priority. Link to comment Share on other sites More sharing options...
BoZz Posted May 31, 2018 Share Posted May 31, 2018 1 hour ago, cwg said: Works about well as a watergun in a firefight. https://www.spamcop.net/sc?id=z6467209537z5ce16d11466090755a84c95202c4d422z In this case not, you are right, but try again with other spams. I have been doing this and it picks the links as well. Link to comment Share on other sites More sharing options...
BoZz Posted May 31, 2018 Share Posted May 31, 2018 42 minutes ago, Lking said: Are you suggesting that google is not the correct abuse address or are you suggesting that the bounce of the spam report is the problem? If you have a better email address to submit gmail/google spam reports that would be a positive addition to the anti-spam effort. The efforts against spam and for net neutrality need to be community efforts. Please see this... I am pasting a spam I received and when I did what I had mentioned it picked the body as well START FROM DATE AND LEAVE LINES BEFORE THIS Thu, 31 May 2018 02:51:36 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJ3mJapj2hhOaW4VDqrDHdQQXXqzg17PcurlUNY0E6tk3tWorR56T1FYHIAqAOhCNBlBAwr X-Received: by 2002:aa7:d911:: with SMTP id a17-v6mr7206063edr.21.1527760296524; Thu, 31 May 2018 02:51:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527760296; cv=none; d=google.com; s=arc-20160816; b=WU78ZGhu29UmL+oLRRfQCok4w3Ph4k7cjEEeS8X/nSWR9AwVcs1k0z3lsKk969a7gP kMq+iqXUIuqee8NxwsnmYXLnbKVNR+xZ8h0OxFg0eJvKVbfzg52T0RgPHEd4KCpBJ2uX nsmqvqp/SlAKIPyb+kSdbcdpdlAxLVH7AmaIAqDkAKoFchkrfwqrRVYvw4RUnW7aBTJV rOdPKKAztIqQDv4foHcZoyCUhlRck+FLx87hZaNq2ha1bfBj2A4oxyXhp+ckQjjrYkT+ VmzmKyCJOzNdygOOVRemCOM0iiskpvaKYqIPtaQbwnow4PuThaFrEY1ShAvHFZAdBFRS BwbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:subject:date:message-id:to:from:reply-to :list-unsubscribe:submitter:sender:dkim-signature :domainkey-signature:dkim-signature:arc-authentication-results; bh=ZSxUwM1yBNjFwwfhtX2iQLz8/HWOU9bsVu7UgSzuTe8=; b=W0GSyZTG2DQg3HOUGcxGoUYF3zTwe8hNApEkUgokLRrT34SeLNVJt/QGrvnOOXrlKR /O6OTcWSW4w8+Bm7msi3byg3P8Hu/OO80OUyczQve2P6Ce+A/7KbFZrmgXy6uCyqREut MG9q75GthmxHcS1ESzNasqjrZxMYd0XtDZ29dLQVTxKRsfBenBsIA69ZWDCr9vn1H6Cp OqOftnZ9GsEdS31B3a1C3OnAWpSmbrvUU9YwgZJC34Dkh4bFmWQfXc3YF/MDHZKHrevn zlXEPZJ7CG8Vo/ggHJNbnQshqVAQeqGj4ICTMR/SRWxIemqDY8mYGBUcUqON0EL5QchK BXCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@activetrail.com header.s=at header.b=bpMX7AYw; dkim=pass header.i=@greencardorganization.com header.s=at header.b=iLaQ5Zkj; spf=pass (google.com: domain of reply@activetrail.com designates 91.199.29.225 as permitted sender) smtp.mailfrom=reply@activetrail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=greencardorganization.com Return-Path: <reply@activetrail.com> Received: from i2.ms225.atmailsvr.net (i2.ms225.atmailsvr.net. [91.199.29.225]) by mx.google.com with ESMTPS id y30-v6si928533edy.155.2018.05.31.02.51.36 for <xxxxxxx@gmail.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 02:51:36 -0700 (PDT) Received-SPF: pass (google.com: domain of reply@activetrail.com designates 91.199.29.225 as permitted sender) client-ip=91.199.29.225; Authentication-Results: mx.google.com; dkim=pass header.i=@activetrail.com header.s=at header.b=bpMX7AYw; dkim=pass header.i=@greencardorganization.com header.s=at header.b=iLaQ5Zkj; spf=pass (google.com: domain of reply@activetrail.com designates 91.199.29.225 as permitted sender) smtp.mailfrom=reply@activetrail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=greencardorganization.com X-IADB-IP: 91.199.29.225 X-IADB-IP-REVERSE: 225.29.199.91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=activetrail.com; s=at; h=X-BBounce:X-IADB-URL:Sender:Submitter:X-Feedback-ID:From:To:Date:Subject:MIME-Version:Content-type:Content-Transfer-Encoding; bh=ZSxUwM1yBNjFwwfhtX2iQLz8/HWOU9bsVu7UgSzuTe8=; b=bpMX7AYweE0lacnyMs/qP9Up9J3Yojg4+C0D+YXN68nRdrjd2SjFiIuQ2iRlSg7AHoVu l/L2YrB+h31+0uY5H/p4ZTGB0brRbOU8GB19L0+akUxqksrQnCrlncCLDRkcQybSthD5+a +/dp+hK/r9oFj7ZTbcWeCRRDhj2kabK8w= DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; d=greencardorganization.com; s=at; h=x-bbounce:x-iadb-url:sender:submitter:x-feedback-id:from:to:date:subject:mime-version:content-type; b=OTdBmINYQ7j6nl0qd1JLNqXnNFL7oVnsHN6IfdB1d3PkQ+TfG6pc4mJ8AtWSDs832a1f pLQ97eejSj4T5VqZpI7zWPxhOnX9nBHX25ec03/ZVpvM1SkmxTBKQWxEdIxrvXDaPmLhcC c0N3xTIuwa0WnxmpZDgLHucNg0DqN684E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=greencardorganization.com; s=at; h=X-BBounce:X-IADB-URL:Sender:Submitter:X-Feedback-ID:From:To:Date:Subject:MIME-Version:Content-type:Content-Transfer-Encoding; bh=ZSxUwM1yBNjFwwfhtX2iQLz8/HWOU9bsVu7UgSzuTe8=; b=iLaQ5Zkj+arrZ5U4rg4ByU0KqNjgm/EaPLm5hG/7kRFS+FatXpSylZ/hxLvfx+MDNcds j4ncZ/QVCplWdWTEt0LXgsUS2qICGRlbnJr31IhhlFVmZ1vcnznq+sgciVz6QKzI1htgzi HGIRPM8zrXzMBr86/aAnkD0kqgoTMaoWI= X-BBounce: 41807088|384921|xxxxxxxx@gmail.com|68|0|129495|7 X-IADB-URL: http://www.isipp.com/iadb.php Sender: "USA.GCO" <d.smith@greencardorganization.com> Submitter: reply@activetrail.com X-Feedback-ID: 129495:129495.384921.0:G3:atgfbl From: "USA.GCO" <d.smith@greencardorganization.com> To: "xxxxxxx@gmail.com" <xxxxxxxx@gmail.com> Message-ID: <52fccccf76c742ebae306b2d740a8531@greencardorganization.com> Date: Thu, 31 May 2018 12:41:38 +0300 Subject: Important update regarding your US Green Card STOP HERE LEAVING THE LINES BELOW MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----5B573397F06844CE9E91626DCD0EE9A2" Dear Bozz,=C2=A0=20 We approved your eligibility for a U.S. Green Card a couple of weeks ago.= =20 It is our responsibility to inform you that the U.S. government has made se= veral changes to the eligibility certificates.=C2=A0=20 This means that your Green Card eligibility certificate may have been cance= led.=20 What can you do?=C2=A0=20 As part of our services, GCO automated system will perform for you an updat= ed Green Card eligibility check and will give you an immediate result at=C2= =A0 no charge!=20 Click to Start the Check: http://trailer.web-view.net/Links/0XAAADC68DC6EB0= CDFF5F75DB6ED0E543CC4AC361B98CE0C9B3CD5C5F6BAC80314A24DB94162992588242CC8BA= 0ECC4EBF22F6B942503C48A0046461CFF22C4392EA45B0491EAE6318.htm Click to Start= the Check=20 We hope that you are still eligible for a U.S. Green Card and have the appr= oval to submit your application today.=20 Best of luck,=20 Dan Smith=20 Senior Agent=20 Green Card Organization=20 Address: USA Miami Florida=20 Phone: +1888-433-0135=20 To Unsubscribe from GCO emails - Click Here: http://trailer.web-view.net/Ou= t_0XD6C23B51985777D96334B6E6F01D721FA9E73A849CF2A86BFFECCFAE89D530CC552835B= 8FF6C759D.htm=20 Link to comment Share on other sites More sharing options...
petzl Posted May 31, 2018 Share Posted May 31, 2018 34 minutes ago, BoZz said: Please see this... I am pasting a spam I received and when I did what I had mentioned it picked the body as well Learn to past the track which is provided at top of page before you submit. Not considered legal when one alters headers, you are best to submit from your Gmail account to real abuse address, include full body and text I also download them and attach "original.txt" to submission. Link to comment Share on other sites More sharing options...
Keats Posted May 31, 2018 Share Posted May 31, 2018 Incredibly frustrating that you not only have to cut lines of text to make the parser work, but that it's different lines of text depending on what service the e-mail was received at. The whole "For Gmail - hop up and down on your left leg while patting your head with your right hand and rubbing your tummy with your left hand in a counter-clockwise direction"; for Hotmail - hop up and down on your right leg while patting your head with your left hand and rubbing your tummy with your right hand in a clockwise direction" thing is just unworkable for me. As a result of getting constant spam in my Hotmail account over the last three months, I'm shutting it down - during the "30 day cooling of period", I'm having mail redirected from it to my Gmail account. But, the redirected spam e-mails I get there are now basically unreportable. No matter which line of text I cut as per the instructions in this thread, I either get Microsoft or Google as the source, not the actual source. That's of no use at all. The whole attraction of SpamCop for me was that it was a simple matter of cutting-and-pasting the headers. Now it's devolved into a sort of guessing game - "Cut this line, and see what happens!". Link to comment Share on other sites More sharing options...
petzl Posted June 1, 2018 Share Posted June 1, 2018 yep IPv6 along with ARC has made email rubbish with zero affect on spam, but means one will now have to face getting new email "addies" on a regular basis. Turn IPv6 off on your computer it is no more than spyware. Link to comment Share on other sites More sharing options...
RJVB Posted June 8, 2018 Share Posted June 8, 2018 On 5/31/2018 at 8:27 PM, Lking said: That is the lowest priority. Trying to stop/block the spam is the top priority. Well, it shouldn't be. That's like plugging holes in the ceiling instead of getting the upstairs neighbour to repair the leak in his plumbing. As long as there are things to spamvertise the spam will keep coming. 99.9% of the spam that makes it into my inbox is not of the kind that spamvertises sites on hijacked home computers but of the kind sent by otherwise legit companies who don't have any number of free servers for hosting their site at their disposal and who consider that it's OK to spam anyone of whom they have an address on file. Sadly Spamcop have become more and more lenient with the spam ISPs those companies use, refusing to send reports to what seems a growing minority (and the others including Amazon apparently couldn't care less anyway). And that too many links exploit makes it way too easy to prevent getting reports about links in your spam: just repeat your links a few times (5x seems to be enough already) and you can sleep easy. Link to comment Share on other sites More sharing options...
RobiBue Posted June 8, 2018 Share Posted June 8, 2018 4 hours ago, RJVB said: Well, it shouldn't be. That's like plugging holes in the ceiling instead of getting the upstairs neighbour to repair the leak in his plumbing. As long as there are things to spamvertise the spam will keep coming. I understand the frustration, and I do have the same point of view, although I do admit that the reason of the lowest priority is that many spammers use legit links that will clog abuse mailboxes from these legit ISPs. as an example (although I haven't had one recently) spammers have added "terms of conduct" and similar links from 3rd party ISPs which SC will use to send reports to them. Also, random images found on the internet either akamaized or from other providers have been used as links before (although these IIRC have been since disabled by SC) Link to comment Share on other sites More sharing options...
Lking Posted June 8, 2018 Share Posted June 8, 2018 It is a matter of a difference in philosophy. SpamCop's objective is to keep spam out of inboxes, directly by building a Block List to be used to filter incoming email (top priority). As a second priority SpamCop tries to send host, not the spammer, a spam Report so that a responsible ISP can take appropriate action with the source of spam. As a third priority, the spamvertised links in the body of spam are evaluated. KnujOn, recently folded, took another approach - they followed the money. Their thinking was that if the profit stream is choked off the spam will stop. KnujOn tried working with ICANN, Internet Corporation for Assigned Names and Numbers, to get registrars to follow established rules controlling spammer's domains, the spamverised domains and WHOIS information. Link to comment Share on other sites More sharing options...
BoZz Posted June 8, 2018 Share Posted June 8, 2018 7 hours ago, RobiBue said: I understand the frustration, and I do have the same point of view, although I do admit that the reason of the lowest priority is that many spammers use legit links that will clog abuse mailboxes from these legit ISPs. as an example (although I haven't had one recently) spammers have added "terms of conduct" and similar links from 3rd party ISPs which SC will use to send reports to them. Also, random images found on the internet either akamaized or from other providers have been used as links before (although these IIRC have been since disabled by SC) This is where intelligence should step up, where we should, at least I do, remove tick marks for the legit infringed sites before sending the complaints. Link to comment Share on other sites More sharing options...
petzl Posted June 8, 2018 Share Posted June 8, 2018 52 minutes ago, BoZz said: This is where intelligence should step up, where we should, at least I do, remove tick marks for the legit infringed sites before sending the complaints. It's the IP email source that may get blocked not the site. SpamCop does not block sites. Link to comment Share on other sites More sharing options...
RJVB Posted June 10, 2018 Share Posted June 10, 2018 Re-read my comment about plugging holes in your ceiling or instead plugging the hole in the plumbing somewhere above your ceiling. Or ponder the Dutch proverb "mopping with the tap open". And BoZz, ++. I also untick inappropriate boxes (unless they'\re going to a SC-internal NULL address). And I have a series of optional boxes to tick or untick for recipients I configured in my preferences that correspond to the sh*t I'm currently getting. But I'm getting very close to the point where I figure out how again one sends spams to SpamCop's auto-reporting address, given the increasingly apparent futility of wasting my time doing manual reports. The spammers have won anyway. Link to comment Share on other sites More sharing options...
nullDozzer Posted June 16, 2018 Share Posted June 16, 2018 So spamcop doesn't work with with emails recieved in gmail and they're not planning to fix it at all? Link to comment Share on other sites More sharing options...
petzl Posted June 17, 2018 Share Posted June 17, 2018 8 hours ago, nullDozzer said: So spamcop doesn't work with with emails recieved in gmail and they're not planning to fix it at all? They might? Don't look good for CisCo they may just drop SpamCop? Link to comment Share on other sites More sharing options...
SpamStoolie Posted June 21, 2018 Share Posted June 21, 2018 On 5/26/2018 at 10:31 PM, SpamStoolie said: It appears to work. I may rewrite it to be cross-platform. OK, at long last, I took some time to write a version in PHP. It works for me. Maybe it will work for you. SpamCopKludge.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.