Jump to content
billcole

Can't have an account with a reportable spam source? (e.g. GMail)

Recommended Posts

I recently configured the Mailhost settings on my SpamCop account for a GMail account, and today tried to report a spam sent to another entirely unrelated account from a spammer using GMail. SpamCop attributed this spam to an internal RFC1918 address in use inside GMail, and so did not report the message. 

This could make sense IF I was forwarding a GMail account to another address, but I'm not. 

Is there some trick that I'm missing to make it possible both to report mail TO a GMail account and mail FROM GMail to other accounts? 

Share this post


Link to post
Share on other sites
15 minutes ago, billcole said:

today tried to report a spam sent to another entirely unrelated account

The problem is that the Mailhost for your reporting account is intended to identify the known valid path email (and spam) takes for your submitted emails.  Email sent to an "entirely unrelated account" looks to the parser like email not sent to you, based on the Mailhost data.

You got a confusing error message because you configured the Mailhost data with a gmail account AND the spammer also used a gmail account.

It is possible to configure your reporting Mailhost for several entirely unrelated receiving accounts.  For example my mailhost is configured so I can report spam sent to 4 different domains.  You can do this by clocking on "Add New Host" under the Mailhost tab.

Share this post


Link to post
Share on other sites
4 minutes ago, Lking said:

It is possible to configure your reporting Mailhost for several entirely unrelated receiving accounts.  For example my mailhost is configured so I can report spam sent to 4 different domains.  You can do this by clocking on "Add New Host" under the Mailhost tab.

That's what I did to *CREATE*  the problem. I *FIXED* it by whacking the Mailhost config for GMail. Now I can't report mail hitting my GMail account, but that's less important than being able to report GMail-originated spam in a way Google seems to not entirely ignore.  

The "entirely unrelated account" has its own pre-existing Mailhost config. 

Share this post


Link to post
Share on other sites

With Gmail, SpamCop has been having problems lately, because their mail system adds their internal IP addresses for their mail hosts as so called "6to4" addresses in IPv6 form, and that breaks SpamCop.

SpamCop has no wish to check if the IPv6 address would be a private address (10/8) and handle it as a private address.

Google is misusing the 6to4 format not conforming to RFC 3056 section 2 and reporting their private mail host as IPv6 in the 6to4 format.

Google needs to fix that, but regardless, SpamCop needs to be able to cope with it and sadly it doesn't.

If the topmost Received: header starts with 2002:axx:xxxx:0:0:0:0:0:0 then manually parenthesize that address and place mx.google.com in front:

Received: by mx.google.com (2002:axx:xxxx:0:0:0:0:0:0) ............

and it should work...

that is, if that is your problem, but without the TRACKING URL it's hard to diagnose the problem ...

Share this post


Link to post
Share on other sites

Ok, that's not it, but then again, it is... apparently Google's internal mailing is creating havoc.

As you can see, the bottom-most (aka first) Received: header is

Received: by 2002:a17:90a:3aac:0:0:0:0 with HTTP; Thu, 2 Aug 2018 07:36:54
 -0700 (PDT)

There is no from in the received line. The by is one of those private networks from IPv4 in 6to4 format, which SpamCop correctly identifies as 10.23.9.10 but, as I mentioned earlier, since it's a 6to4 address, it can't cope.

and no, you won't be able to send a report for this one via SpamCop. This one needs "manual" intervention... https://www.google.com/contact/

Sorry.

 

Share this post


Link to post
Share on other sites

Yeah, I had pretty much reached the same conclusion.

Which is more generally described as: 

     If you have 2 accounts, Me@Provider1 and Myself@Provider2, 
     both with SpamCop Mailhosts configured on the same reporting account, 
     then SpamCop won't target Provider2 with reports when Spammer@Provider2 spams Me@Provider1. 

Even more generally:

     It is harmful to add a Mailhost config for a retail mailbox provider 
     to a SpamCop reporting account which has any other Mailhost config.

 

Share this post


Link to post
Share on other sites
7 hours ago, billcole said:

Yeah, I had pretty much reached the same conclusion.

Which is more generally described as: 


     If you have 2 accounts, Me@Provider1 and Myself@Provider2, 
     both with SpamCop Mailhosts configured on the same reporting account, 
     then SpamCop won't target Provider2 with reports when Spammer@Provider2 spams Me@Provider1. 

Even more generally:


     It is harmful to add a Mailhost config for a retail mailbox provider 
     to a SpamCop reporting account which has any other Mailhost config.

 

With Gmail just report spam as phishing then delete! Gmail seem confident this will kill spam?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×