Jump to content

How to tell if spam is actually being Reported?


5280 Guy

Recommended Posts

I keep getting spam from the same companies to my GMail account.  I report them, but get them again.   When I get the "[SpamCop] has accepted 1 email for processing" screen I always get the messages below.  I am able to submit the reports, but are they being processed?  Is there a way to tell?
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Using abuse#iana.org@devnull.spamcop.net for statistical tracking.

Using last resort contacts abuse#iana.org@devnull.spamcop.net

Chain error mx.google.com not equal to last sender received line discarded
 
Finding links in message body
Parsing text part
error: couldn't parse head
Message body parser requires full, accurate copy of message
More information on this error..
Link to comment
Share on other sites

Quote

Here is your TRACKING URL - it may be saved for future reference:<br>
https://www.spamcop.net/sc?id=z6464721556xxxxxxxxxxxxxxxxxxx
Skip to Reports

Please provide the TRACKING URL for your spam so that the rest of us can see why you got the message.

Sense you are using gmail, have you looked at the three most current threads in Reporting Help? They may provide insight.

Link to comment
Share on other sites

1 hour ago, Lking said:

Thanks.  I did look at those before.  They seem to pertain to Outlook, if I'm not mistaken.

https://www.spamcop.net/sc?id=z6464746256zfdad385c9ada00c8f7b43c3d060c910bz

 

 

1 hour ago, Lking said:

 

Please provide the TRACKING URL for your spam so that the rest of us can see why you got the message.

Sense you are using gmail, have you looked at the three most current threads in Reporting Help? They may provide insight.

 

Link to comment
Share on other sites

2 hours ago, 5280 Guy said:

I am able to submit the reports, but are they being processed?  Is there a way to tell?

Looking at the Tracking URL above.  At the bottom is

Quote
Reports regarding this spam have already been sent:

Re: 2002:a9d:37c6:0:0:0:0:0 (Administrator of network where email originates)
   Reportid: 6813552678 To: abuse#iana.org@devnull.spamcop.net

If reported today, reports would be sent to:

Re: 2002:a9d:37c6:0:0:0:0:0 (Administrator of network where email originates)

abuse#iana.org@devnull.spamcop.net

Your spam was process and a spam report generated for the source (but not for links in the body).  The report was NOT sent to "Administrator of network where email originated" for some reason.  That is why the report is to devnull.spamcop.net.  Your spam is adding to the database to ad to the SpamCop Block List.

Link to comment
Share on other sites

There are several reason why the report was not sent to the ISP: 1) they have ask not to receive spam reports, 2) It has been found that the ISP forwards the reports to the spammer 3) reports sent to the identified abuse address for the ISP bounce...

SpamCop not wanting to be part of the internet clutter, sees no point sending reports to an ISP that, at best, will not accept or ignore the report not taking action.

It is always hoped that an ISP would see a stream of spam reports related to one of their clients and cut the spammer off.  However, some ISPs are more interest in making money than being a responsible member of the internet community.

Link to comment
Share on other sites

Reading between the lines,  the devnul mail box abuse#iana.org{AT}devnull.spamcop.net gives the clue you are looking for abuse#iana,org  Going back to the Tracking URL, the IP of interest is  10.157.55.198  and that can be used with a WHOIS look-up to find contact info.  

Link to comment
Share on other sites

3 hours ago, Lking said:

Reading between the lines,  the devnul mail box abuse#iana.org{AT}devnull.spamcop.net gives the clue you are looking for abuse#iana,org  Going back to the Tracking URL, the IP of interest is  10.157.55.198  and that can be used with a WHOIS look-up to find contact info.  

The first genuine line is

ARC-Authentication-Results: i=1; mx.google.com;

 

Everything above that is spoofed by Gmail authentication (spam from ham) software. I just cut then past into notes headed "cut authentication headers below" past them in notes after parse!

Link to comment
Share on other sites

Last questions.l  The tracking URL i s here:

https://www.spamcop.net/sc?id=z6464897720ze63276d79844e2792e2000caad66b711z

The spammer is houzz.com.  I see this text:

64.235.44.15 is not an MX for mail.houzz.com.
mail.houzz.com. is 64.235.44.15

I looked up that IP address and get this:

image.png.ed383cf3bb04ce7411adad49f8cf186a.png

That doesn't seem to be the company to complain to.  Is there a way to get that from the header?  I am missing something.  Thanks.

 

Link to comment
Share on other sites

57 minutes ago, 5280 Guy said:

That doesn't seem to be the company to complain to.  Is there a way to get that from the header?  I am missing something.  Thanks.

Cut the Gmail Authentication headers out  you get https://www.spamcop.net/sc?id=z6464905037z91d5435236bd5d8ec7b97204acb1945ez

Link to comment
Share on other sites

Okay - I see some very useful information (below).  But how did you get that?  I can see where you cut the GMail stuff, but what did you have to do in order to get the stuff at the bottom?  (I think that abuse@serverpoint.com is key).

Should I just strip out the Gmail headers when submitting the initiial report via e-mail to Spamcop?

abuse@serverpoint.com
noc#premianet.com@devnull.spamcop.net
abuse#aplushosting.com@devnull.spamcop.net
abuse#premianet.com@devnull.spamcop.net
support@premianet.com

Link to comment
Share on other sites

8 hours ago, 5280 Guy said:

Should I just strip out the Gmail headers when submitting the initiial report via e-mail to Spamcop?

Yes but re-past them in comments  

Link to comment
Share on other sites

Sorry. I'm really dumb with this.  I took the earlier suggestion to use the headers without the GMail stuff - from  "ARC - Authentication-results:"  down.  I then saw the results below - very encouraging.

When submitted it before (the old way) using the full headers, the only address for reporting was abuse#iana.org@devnull.spamcop.net.

Now, when I did it copying and pasting from "ARC - Authentication-results:"  down.," I received what seem to be the same results that you did.  I also pasted the headers into comments before I submitted the report, but as the below addresses were already there in the response from Spamcop I don't think it will make any difference.

It seems this is working.

 

image.thumb.png.a2f81ff5bda0e8441f1971c0432dfb69.png

 

 

 

Link to comment
Share on other sites

6 hours ago, 5280 Guy said:

It seems this is working.

The idea is to try and get better than the Bot SpamCop who can be stupid. Get a Whois program to get real address's,  Bottom of page download link

http://www.nirsoft.net/utils/ipnetinfo.html

often SpamCop gets them wrong, but just reporting get the spam source blocked. Gmail are getting to smart for their own good. if somethings "free" you are the product!

Link to comment
Share on other sites

  • 3 weeks later...

Not sure what you mean about 3 reports.  This happens whenever I submit the spam report.

I'm about to give up,  This is incredibly frustrating and confusing.  I copy and paste the headers from this line down:

ARC-Authentication-Results: i=1; mx.google.com;

If I copy too much of the headers I get an error.  If I copy the code for the graphics that follow (not needed, of course), it fails.

If I don't copy enough of the headers, I get a different message.

Now I get this one that just says "Notes."  I get the feeling those are for statistical purpposed only, and nothing gets done with those.

 

 

 

 

 

Link to comment
Share on other sites

When you see the @devnull.spamcop.net report email destinations, that means it is noting the report to send the email, but it is the person that would receive the email has recently rejected or blocked the emails from spamcop.  (Or it could mean that someone at spamcop thought it to be the spammer themselves.)  Why you see those is so it can be sent out and tracked as spamcop will add the IP to the blocklist.  The Notes link just takes you down to the related box to type a message to specific admins.

Link to comment
Share on other sites

19 hours ago, 5280 Guy said:

ARC-Authentication-Results: i=1; mx.google.com;

Learn to send the tracking URL which is at top of page before you send submission.
Gmail has changed their headers format which SpamCop cannot parse unless the 2nd line is removed.

Cut this line out and Gmail parsing works fine.
Received: by 2002:a9f:3d14:0:0:0:0:0 with SMTP id l20-v6csp3921756uai;

https://www.spamcop.net/sc?id=z6466997545zbf99b5f46d259fd01fbd6b2d8ebab0b9z

Link to comment
Share on other sites

21 hours ago, petzl said:

Learn to send the tracking URL which is at top of page before you send submission.
Gmail has changed their headers format which SpamCop cannot parse unless the 2nd line is removed.

Cut this line out and Gmail parsing works fine.
Received: by 2002:a9f:3d14:0:0:0:0:0 with SMTP id l20-v6csp3921756uai;

https://www.spamcop.net/sc?id=z6466997545zbf99b5f46d259fd01fbd6b2d8ebab0b9z

Wow, is this confusing.

Tracking URL: https://www.spamcop.net/sc?id=z6467963190zd4c0483ee609e1ae7c510a8714a4de06z

I copy the headers and e-mail them to Spamcop.  I wonder if I would be better off just pasting them into the window on Spamcop's website.

Anyway, In your example I clicked on the URL and didn't find the line you pasted to cut out. Would it be this, on the fourth line?

X-Received: by 2002:a0c:d06b:: with SMTP id d40-v6mr17389404qvh.213.1527620730884;

So, to properly submit spam,  I should delete the line mentioned before sending the headers to Spamcop. 

(I had been only sending headers from "ARC-Authentication-Results: i=1; mx.google.com;" down).

Where do I include the tracking URL?  It appears in the report to be sent.

Finally, there is confusion here about what constitutes a submission.  Is that sending the initial headers to Spamcop, or sending the spam report after I receive the e-mail from Spamcop?

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...