Jump to content

SpamCop cannot parse header


choicefresh

Recommended Posts

I got a 419 email and sent it to SpamCop, and it has correct headers, but SpamCop will not parse it.

http://www.spamcop.net/sc?id=z1251250418zb...53f35e60a20556z

1. None of the included addresses are outside of your private network space.

2. None of your headers indicate where they got the message from.

Have you ever successfully parsed a message? Do ANY of the headers look lke this message? It is possible your internal network had a virus and is sending you the spam that way.

Link to comment
Share on other sites

I did not realize this was Google the first time through.

To put Wazoo's reference in statements, a Google member has spammed you and because of the way Google handles their headers, they are not reportable through spamcop. You will need to complain about this spam directly to Google.

Link to comment
Share on other sites

I did not realize this was Google the first time through.

Believe me, I had my suspicions when I first pulled up the Tracking URL .... headers looked like the last dozen or so new e-mails in one GMail account .. all 10.x.x.x numbers throughout.

Link to comment
Share on other sites

  • 1 month later...

I've been seeing several of these recently, they are all from my Gmail account. I've copied and pasted in the entire plaintext of the email just as it was displayed to me, but SpamCop reports that

No source IP address found, cannot proceed.

Here is the URL of the report:

http://www.spamcop.net/sc?id=z1278998035z2...2a5484721f46aez

These come directly into my Gmail inbox with no errors of any sort and are fully readable. Any ideas?

Link to comment
Share on other sites

These come directly into my Gmail inbox with no errors of any sort and are fully readable. Any ideas?

They also come directly FROM Gmail users, so never leaves their internal network and contain no IP addresses to report. You should report these directly to GMail.

There has been several messages withn the last 2 months on this problem. This thread will be moved into one of those when I locate it.

OK, This thread in Lounge (???) http://forum.spamcop.net/forums/index.php?showtopic=8066

Link to comment
Share on other sites

There has been several messages withn the last 2 months on this problem. This thread will be moved into one of those when I locate it.

OK, This thread in Lounge (???) http://forum.spamcop.net/forums/index.php?showtopic=8066

Hmmm .. battling Mderators again, it appears ....

I chose this one, and clicked on GO ... it ended up here ... PM already sent to advise of this Move/merge ...????

Link to comment
Share on other sites

Hmmm .. battling Mderators again, it appears ....

You are not kidding, while finding that one, saw the link to this topic, by that time you had already moved it. Took me a while to find it again (as I had closed all the other ones when the merge to this topic failed the first time).

Link to comment
Share on other sites

Hi jongrose, good to hear from you again! IIUC you just use your "report spam" button from your gamail account page - some previous discussion at http://forum.spamcop.net/forums/index.php?showtopic=8066 (with links to other/s).

I was under the impression that the 'Report spam' button in Gmail was simply used as Bayesian filters for your own personal email account.

Link to comment
Share on other sites

Thanks, worth knowing. The abuse address for gmail - http://www.abuse.net/lookup.phtml?domain=gmail.com gives

gmail-abuse[at]google.com

and googlemail.com has the same abuse address.

Yeah, I actually forwarded them one of the 10.x.x.x emails I got. Here is the message I sent:

Hello,

I would like to make you aware of this UCE spam message that has been

delivered to my inbox. I have been getting many of these type of

emails recently. As you can tell from the source of the email

headers, they are coming from your internal network as the IP address

starts with the private IP range starting with 10.x.x.x.

This has been discussed at length on the SpamCop message board, which

you can view here:

http://forum.spamcop.net/forums/index.php?showtopic=8036

http://forum.spamcop.net/forums/index.php?showtopic=8066

Please look into this issue as it appears that you have a local error

on your servers. If you need anymore information relevant to these

emails, I will be glad to forward them to you as I receive them.

Then below that I included a copy of one of those emails. Here is the automated reply I received:

The Google Team <mail-support[at]google.com>

Hello,

Thank you for your report. Your email has been provided to the Gmail Abuse

team.

To help us process your request as quickly as possible, we recommend

filling out the form specific to your situation by visiting the Gmail

Security Center at

http://mail.google.com/support/bin/request...mp;ctx=security

WHAT HAPPENS WHEN YOU REPORT ABUSE?

Your email has been provided to the Gmail Abuse team. Any additional

information that you provide through the forms in the Gmail Security

Center will be added to your original message, and will help us to more

efficiently process your request.

Google takes abuse situations very seriously -- your claim will be given

the highest priority. When submitting a claim through our Security Center,

please include as much information as possible, so that the Gmail Abuse

team can investigate thoroughly and work quickly to resolve your claim. As

appropriate, we may warn users or discontinue Gmail service for the

account(s) in question. For privacy and security reasons, we may not

reveal the final outcome of an abuse case to the person who reported it.

To read the Gmail Terms of Use, please visit

http://mail.google.com/gmail/help/terms_of_use.html.

If your issue is not related to abuse, you may want to visit our Help

Center at http://mail.google.com/support/, or by clicking 'Help' at the

top of any Gmail page within your account.

We appreciate the urgent nature of your message, and thank you for your

cooperation.

Sincerely,

The Google Team

Link to comment
Share on other sites

Here is the automated reply I received:
Thanks jongrose, I believe this will be useful to other members. Many will have had unfortunate experiences with "other" admins/abuse handlers which seem to use web-based report forms as a way to discourage reporters and deny responsibility but I must say the GMail Help Center to which the complainant is pointed doesn't give that impression, if one can judge by the process (navigation, data requested and guidance built in).

If responding yes to Does the Message-ID from the headers read [at]mail.gmail.com? the fill-in form is accessed at GMailBETA ...report a Gmail user. Of course one could complain about having to split the spam up into three different, mandatory, slices but maybe they have a very large spam base and at least they don't demand the interpretation of the date & time of sending, conversion to UTC and suchlike which is the dead giveaway of an evasive complaint system.

Note that SC munges the message ID so (I think) you wouldn't be wanting to rely on a cancelled SC report for your source of paste-in data to this form. It seems to me GMail will be wanting the full message ID within the data pasted to the form. Just a thought.

Link to comment
Share on other sites

When i report spam that has been sent to my gmail address from another gmail account, spamcop says

Parsing header:

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

there certainly are IP addresses:

Received: by 10.70.115.5 with SMTP id n5cs236559wxc;

Tue, 24 Apr 2007 15:03:46 -0700 (PDT)

Received: by 10.82.184.2 with SMTP id h2mr11599723buf.1177452224989;

Tue, 24 Apr 2007 15:03:44 -0700 (PDT)

Received: by 10.82.99.16 with HTTP; Tue, 24 Apr 2007 15:03:44 -0700 (PDT)

i can understand that this message is not standard format, but is there a way to report such spam?

I used an outlook plugin to report this spam, so the header should be exactly the way it was received.

Link to comment
Share on other sites

is there some way spamcop could parse these gmail-to-gmail messages speratly and report them to google using google's website?

it does not seem like it would be a very big adition to the parser.

although i am a newbie in the forum, i am not a newbie programmer.

Link to comment
Share on other sites

is there some way spamcop could parse these gmail-to-gmail messages speratly and report them to google using google's website?

it does not seem like it would be a very big adition to the parser.

although i am a newbie in the forum, i am not a newbie programmer.

10.x.x.x addresses are not public addresses and are only known to Google where it came from. You will need to report these directly to google.

Link to comment
Share on other sites

is there some way spamcop could parse these gmail-to-gmail messages speratly and report them to google using google's website?
Just copy the headers, body and "address sent to" into the GMail site form, as discussed earlier in this same topic. Read the final post by jongrose. Or even my reply to that (sigh).
Link to comment
Share on other sites

I have just been sending plaintext emails to gmail-abuse[at]google.com w/ the following message:

Hello,

I would like to make you aware of this UCE spam message that has been

delivered to my inbox. I have been getting many of these type of

emails recently. This is the second [change this to suite your specifics] email I am forwarding to you

regarding this issue. As you can tell from the source in the email

headers, they are coming from your internal network as the IP address

starts with the private IP range of 10.x.x.x. IP addresses starting

with 10 are reserved for local private networks, as specified in RFC

1918: http://tools.ietf.org/html/rfc1918

This is not an isolated incident and has been discussed at length by

other users using the Gmail service who have been receiving similar

types of spam. You can view these discussions on the SpamCop message

board, at these URLs:

http://forum.spamcop.net/forums/index.php?showtopic=8036

http://forum.spamcop.net/forums/index.php?showtopic=8066

Please look into this issue as it appears that you have a local error

on your servers. I will continue to forward these emails to your

abuse department as I get them.

Thanks,

xxxx

After that, just copy and paste the entire text of the email (headers & body) and send it off.

Just as a follow up, I haven't gotten anymore of these since I sent my 2nd email to their abuse dept. about the problem, so I don't know if they have fixed it or not.

Link to comment
Share on other sites

  • 3 weeks later...
10.x.x.x addresses are not public addresses and are only known to Google where it came from. You will need to report these directly to google.

what i mean to say is, google uses a form where you enter your data. the same way that you can type the data and hit submit on google's form, a scri_pt could send that data to the form processor automatically. it seems like it would be a very simple addition to the spamcop parser to submit the data to google automatically if it can not find an IP address and the message ID is [at]mail.google.com or [at]mail.gmail.com

Link to comment
Share on other sites

what i mean to say is, google uses a form where you enter your data. the same way that you can type the data and hit submit on google's form, a scri_pt could send that data to the form processor automatically. it seems like it would be a very simple addition to the spamcop parser to submit the data to google automatically if it can not find an IP address and the message ID is [at]mail.google.com or [at]mail.gmail.com

Probably true, but the 10 dot IP addresses from Google is presumably a temporary issue that will be fixed by their admins in the near future, so the idea of adding another feature to SC's parser is unnecessary.

However, if these emails continue to be an ongoing issue for months and months I would probably agree with that. But, as I stated previously, I have not seen any of these emails since reported the last two I got. Not saying it's still going on, but it seems like it's either slowed down or might have even been fixed already.

Link to comment
Share on other sites

what i mean to say is, google uses a form where you enter your data. the same way that you can type the data and hit submit on google's form, a scri_pt could send that data to the form processor automatically. it seems like it would be a very simple addition to the spamcop parser to submit the data to google automatically if it can not find an IP address and the message ID is [at]mail.google.com or [at]mail.gmail.com

Stolen from the 'net' ;

Non-Routable IP Addresses - IP addresses are either "routable" or "non-routable". Routable addresses can be used to route on the Internet and Non-Routable addresses cannot be used to route on the Internet. Non-routable IP addresses are usually used behind firewalls. There are only 3 valid non-routable ranges:

10.x.x.x

192.168.x.x

172.16.x.x

IP of 1 - 254 with 255 being broadcast.

The point being that 10.x.x.x addresses are used all over the place ... for example, most of the large cable/DSL ISPs .....

Then add in that the From: address is so trivially and often forged .....

Sure, it'd be amazingly simple to add in some code ... however, noting that it would probably end up with wrong results time after time ....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...