Jump to content
Art101

Ongoing Mail-host problems with Gmail

Recommended Posts

Sorry for the long post; I'm trying to be crystal clear. I sent this to the "service[at]admin.spamcop.net" address on June 5, 2018 but never heard back from anyone. If this is covered elsewhere, please point me to an appropriate thread. I've searched the forums and can't find a clear answer.

Quick backstory: I've been using SpamCop since the early days. In fact, I swapped email and design ideas for the SpamCop logo with founder Julian Haight around 1998. The logo I designed and donated is still in use by SpamCop.

  spamcop-logo.png.e3b0abd5e4efe47607d58d05c76be7e9.png

I'm running the latest versions of MacOS (10.13.4) and Apple Mail. In addition to one "real" email address for my design studio's domain, I have one Gmail address. The Gmail account is set up to forward incoming mail to my Mac (with IMAP)... which means Gmail also forwards spam sent to the Gmail account. Grrrr.

It used to be simple to report that spam... I revealed the raw source (full headers and body), copied, and pasted into the SpamCop reporting form. Worked like a charm for years until the new Mail-host system went in to effect.

When attempting to report spam from my Gmail account the system now says:

Quote

Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed. Nothing to do.

I've tried unsuccessfully to correct this. I even deleted the old Gmail host configuration and followed the instructions to make a new one. I received 5 test messages from the SpamCop bot and successfully submitted them via the online form at https://www.spamcop.net/mcgi?action=mhreturn

A new Gmail host was created in the Mailhosts section of my SpamCop account. But it doesn't work. I'm getting the same "nothing to do" result when attempting to report spam.

Can someone walk me through this? Please be kind: I'm not a programmer—just a designer. It's probably something simple, but the instructions are not clear to me.

BTW, spam that slips through Mail filters to my "real" address inbox is easy to report and works fine on the SpamCop report page. I haven't tried forwarding spam directly to SpamCop in years. That never worked (it bounces). Sigh.

Thanks in advance for any tips and help. I love reporting spam via SpamCop. Even if it's only symbolic and doesn't truly help stop the onslaught, it makes me feel a bit better. 

Share this post


Link to post
Share on other sites

Without a example of the spam from/going through gmail it is difficult to provide definitive guidance. A Tracking URL would be the best way to provide an example and how the SpamCop parser processed your submission.  While waiting for a Tracking URL, have you read other current threads, under <Reporting Help> concerning issues caused by gmail handling of spam? (a simple search for gmail using the search engine located in the top right of each screen.)

Share this post


Link to post
Share on other sites

Thanks Lking. I truly appreciate your reply. I'm on a killer deadline at Art101 and will get back to you ASAP with a related Tracking URL. Meanwhile, I'll search the Reporting Help/Gmail info you provided when I come up for air. Thanks again. Talk with you more/better soon. 

Share this post


Link to post
Share on other sites

I have exactly the same problem as Art101. I use a MacBook Pro, with the latest OS and use Apple Mail. One of my seldom used mail accounts is with Gmail. It is not auto forwarded, but accessed directly via Apple Mail. Every Gmail spam I report (via pasting raw text into the SpamCop site) results just as mentioned above. I deleted the mailhost record and reprocessed the new sample emails from Spamcop. Same results. Here is a tracking URL: https://www.spamcop.net/sc?id=z6470279948zca815870453010d3fb71188df9523981z

I note that I specified "Gmail" as the mailhost name, but it shows in my mailhost list as "SpamCop", not "Gmail".

Bill Halberstadt

Share this post


Link to post
Share on other sites

Thanks much, Mr. Halberstadt. Your tracking URL will (hopefully) help get things rolling while I search for one that might be useful. I'm still in crazy deadline mode, but will try to get back to this issue over the weekend. Weekend? What's that? I vaguely remember the concept. Cheers. [insert wink emoticon here]

Share this post


Link to post
Share on other sites
2 hours ago, Art101 said:

Thanks much, Mr. Halberstadt. Your tracking URL will (hopefully) help get things rolling while I search for one that might be useful. I'm still in crazy deadline mode, but will try to get back to this issue over the weekend. Weekend? What's that? I vaguely remember the concept. Cheers. [insert wink emoticon here]

presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments

Delivered-To: x
Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE

Share this post


Link to post
Share on other sites

Thanks, petzl.  

As I understand, we should edit the raw "headers plus text" before submitting, to delete its second line (similar to above example). I don't understand, however, "...ISP's need FULL headers as evidence so past deleted line in comments".

Bill Halberstadt

Share this post


Link to post
Share on other sites

I'll bet "past" was meant to be "paste". If so, was "comments" meant to be the "additional notes" box? And, if so, do we just need to paste in that one line?

Bill Halberstadt

Share this post


Link to post
Share on other sites
40 minutes ago, halberstadt said:

Thanks, petzl.  

As I understand, we should edit the raw "headers plus text" before submitting, to delete its second line (similar to above example). I don't understand, however, "...ISP's need FULL headers as evidence so past deleted line in comments".

Bill Halberstadt

yeah, that's right, they need the full headers, but the problem is within SpamCop, where the parsing of said Received: line causes havoc within the next (previous actually) Received: lines.

The 2002:a02:b4d7:0:0:0:0:0 address is called a 6to4 address, but according to RFC-3056, section#2:

[A] subscriber site has at least one valid, globally
unique 32-bit IPv4 address, referred to in this document as V4ADDR.
This address MUST be duly allocated to the site by an address
registry (possibly via a service provider) and it MUST NOT be a
private address [RFC 1918].

and Google is inserting their private addresses into the IPv6 6to4 address. That would in fact be a violation of the aforementioned RFC-3056 as :a02:b4d7: translates to 10.2.180.215 which is definitely a private address according to RFC-1918, section#3.

In theory, they should (if they want to use private IPv6 addresses) use, according to RFC-4193, section#3, addresses in the fc00::/7 or fd00::/8 address ranges. Unfortunately SpamCop has the same problem with the fd00:/8 addresses and does not identify those addresses as local private addresses like the 10/8, 172/12, and 192.168/16 address ranges.

I have written a crude program that replaces the 6to4 addresses with the actual IPv4 counterpart and places the original IPv6 address in parentheses. The program works for me, but I have not tested it with a larger group of gmail users, and am reluctant to do so, as munging headers is mostly a "no-no" and could cause SpamCop to disable user accounts, although this type of munging is necessary for SpamCop to correctly identify the actual spammer (or the proxy they are using).

Until SpamCop gets an update to correctly identify those IPv6 addresses as local/private addresses, the aforementioned removal or change of the address is necessary to get SpamCop to work correctly with gmail accounts.

To add some workarounds:

  • remove the topmost Received: line with the address beginning with 2002:a
  • or change the address beginning with 2002:a to its IPv4 address using http://www.potaroo.net/cgi-bin/ipv6addr
  • or replace the address beginning with 2002:a with mx.google.com

I have seen these three options in action before, and they work.

HTH

 

Share this post


Link to post
Share on other sites

Hi all. Thanks for your replies. I'm sad to say that they don't really help. I'm still sad and confused today. Frankly, I'm just about ready to bail on the whole SpamCop thing after a decade of love. It shouldn't be this difficult, especially if SpamCop wants to reach the billions of people who are sick to death of the assault and want to help stop it with a simple, bulletproof interface. Sigh.

OK, no more venting. Sorry. Please forgive me.

I'm attaching three files:

1: A screen shot of the parsing info from the latest spam I tried to report (which arrived on my Mac via my Gmail account).

2: A screen shot from my current SpamCop mail host configuration.

3. A text file containing the full headers and body text I was trying to report. Please note: I understand that I may open myself up to a hacker's dream here, but I don't care anymore. I just want it to stop. I used to love the internet. It's the most important advance in human communication since the invention of the printing press a few hundred years ago. It's been highjacked by nasty, evil, money-grubbing jerks.

OK. I'm done for the day. Thanks again for any help and tips.

01-parsing-header.png

 

latest spamcop madness.txt

Share this post


Link to post
Share on other sites

Sorry for your frustration.

It is a lovely day here in Colorado, the sky is blue, local (down-wind) fires are out, yet I too am frustrated. Perhaps my frustration is because I have been reading this forum daily for way to long and see the same questions and responses again and again and again.  Yet others get frustrated when given suggestions are not followed and things do not change. For example

1. Early in this thread, a Tracking URL was requested,  This would allow others with similar issues experience to double check that their situation and possible solutions are applicable.  This would also avoide the need to cut/past sections of the parsers output  or the spam its self into the thread. 

2.  I have empathy for member Petzl who has repeatedly provide the guidance/instructions for modifying the header of spam passing through gmail. 

3.  I understand everyone is unique and as such everyone's problem is also unique.  BUT the search engine located in the upper right of each screen does work and point to several current threads relating to gmail.

I will now get off of my soapbox.  Art101 I do hope you do not take this tirade personally.  Your thread/post just happened to be the one that tipped the balance today.

 

The problem you are having is NOT related to your mailhost configuration.  I have deleted the mailhost screen you included because it revealed you email address.

Without the full information provided by a Tracking URL I am not sure, but I believe if you follow the advice Petzl provided above, and delete the 0: Received line the example would process correctly.

(Opinions expressed in this post are those of the poster and not of any other person nor organization large or small.)

Share this post


Link to post
Share on other sites

Art101, I have successfully used the suggested workaround to fix my problem, which appears to be the same as yours. When I receive Gmail spam, I use command-option-U to produce the raw text with full headers. I then use command-A to select all, and command-C to copy. Then to the SpamCop reporting page, where I use command-V to paste it all in. Then, I scroll to the top of the pasted text, highlight the second line (in your example above it is "0: Received: by 2002:a4f:4442:0:0:0:0 with SMTP id r63-v6csp4447532iva;") and Command-X to copy and delete it. Then, I use command-V to paste that removed line in the "Additional Notes" box. When I then summit, it processes fine and produces reports to what appear to be the correct contacts. 

I hope that will also work for you. It is definitely a hack, but I'm counting on SpamCop to change their processing eventually, so all this won't be necessary.

Bill Halberstadt

Share this post


Link to post
Share on other sites

Thanks Bill (and all). Sorry for the reply delay. I'm still in overload mode on a major project. 

Here's the good news. Your workaround worked perfectly. Yay! Today is a good day in the fight against spam.

In the SpamCop reporting page, I pasted the full message (with all headers) from a recent Gmail message forwarded to my Mac via Apple Mail, then copied/deleted the 2nd line and pasted that line into the Comments field at the bottom of the report form. The spam was reported successfully. Possible related link: https://www.spamcop.net/mcgi?action=gettrack&reportid=6826058267

Let's hope SpamCop will render your (brilliant) hack unnecessary very soon. If SpamCop's interface is seamless and easy to use, more people will use it. And pay for the service, too.

OK... back to work I go. Thanks again. Cheers. 

Edited by Art101

Share this post


Link to post
Share on other sites

So glad it worked for you. I am quick to disclaim the procedure as "my hack". It is really a rewording of prior suggestions in this (and at least one other) thread in SpamCop forums. I just avoided all technical details and concentrated on specific simple steps.

Bill

Share this post


Link to post
Share on other sites

PS: Just for fun. Here's an ancient QuickTime archive file from 2003 at Art101.com. Low-res, bad quality, but it might help everyone understand why I still go bonkers over every chunk of spam that hijacks my inbox. Blessings to everyone who fights the good fight to help stop spam.

http://www.art101.com/video/news10_web.mov

Your pal,
Andy 

Share this post


Link to post
Share on other sites
25 minutes ago, halberstadt said:

So glad it worked for you. I am quick to disclaim the procedure as "my hack". It is really a rewording of prior suggestions in this (and at least one other) thread in SpamCop forums. I just avoided all technical details and concentrated on specific simple steps.

Bill

Thanks again, Bill. I get it... you focussed on exactly what I needed to know, how to do it, and it works for now. All the best to you and yours. 

Share this post


Link to post
Share on other sites

Thanks NoSpamMe. Good to know it's working for you. I continue to hope that the SC team will find a solution that's as easy and seamless as the normal reporting process. Meanwhile, I'll continue using this Gmail workaround. It's time-consuming and pesky, but seems to work. Thanks for fighting the good fight to help stop spam.  

Share this post


Link to post
Share on other sites

So, now that Spamcop is aware of the issue parsing Gmail headers that includes 6to4 local addresses, is it planned to fix the parser anytime soon?

Also this forum is crying for some love with SSL certificates

Share this post


Link to post
Share on other sites
11 hours ago, leagris said:

So, now that Spamcop is aware of the issue parsing Gmail headers that includes 6to4 local addresses, is it planned to fix the parser anytime soon?

Also this forum is crying for some love with SSL certificates

I suppose SpamCop easily could but they don't? Gmail though shouldn't be saying email received from their network.

Just mark/report any and all spam phishing which will make it pointless for spam to be sent there. I still report after marking it phishing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×