Sign in to follow this  
Followers 0
Unclenick

Wrong target for Reports

10 posts in this topic

I've gotten several of these in the last month. Two at a hotmail account, and two at my Wowway ISP account, including one today. Mine have included U.K. Yahoo contact e-mail addresses, so I have been forwarding copies to Yahoo abuse advising they close the recipient e-mail accounts. I understand the U.K. has been promoted to the #1 419 scam source. Nigeria has surrendured the throne, it seems.

FYI, today's: http://www.spamcop.net/sc?id=z1280318581z8...eb8f5ce413713bz

Moderator Edit: Extracted from http://forum.spamcop.net/forums/index.php?showtopic=8036 and made into it's own Topic .... has nothing to do with GMail .... does appear to be a "MailHost Configuration of your Reporting Account" issue .. so moved into that Forum Section ... PM sent to advise of all this activity ...

Share this post


Link to post
Share on other sites
I've gotten several of these in the last month. . .

FYI, today's: http://www.spamcop.net/sc?id=z1280318581z8...eb8f5ce413713bz

OK. Here's where I need help to understand this. Look at that last report I posted in the quote of my own post, above. You will see that the spam is recieved at spamcop (the spammer is actually spamming my Spamcop address) and forwarded to my ISP account at wowway.com. The Spamcop report comes up interpretting the forwarding account Received lines as a forged source. I don't understand the e-mail parsing well enough to see why that is happening? As an experiment (I did not break the rules by sending this report), today, I truncated the forwarding Received lines down to the first Spamcop received line information and put that in the reporting form to see if Spamcop could parse it and return a trace result? Sure-enough, it appears to have tracked to the source with no problem. That is here:

http://www.spamcop.net/sc?id=z1281223425z0...d4c038e9e8f555z

So, is the spammer doing something that somehow shows up in the received lines and fools spamcop? Or is Spamcop just not handling the spam headers properly?

Share this post


Link to post
Share on other sites

Have you configured postini and your email server in the mailhost configuration?

Received: from psmtp.com by smtp-3.wideopenwest.com

Supposed receiving system not associated with any of your mailhosts

In this case smtp-3.wideopenwest.com is the receiving system. Your mailhost configuration likely does not include those 2 entries, so you are not configured to report any spam that gets by spamcop.

Share this post


Link to post
Share on other sites
Have you configured postini and your email server in the mailhost configuration?. . .

I've run into an issue whenever I've tried to configure before. Can't recall what it was, since it's been awhile? Everything seemed to be working without that, so I blew it off when it didn't go smoothly. I'll try again. That wouldn't account for the untraceables I get at Hotmail, though, since they don't forward through Spamcop. Next time I get one, I'll revisit the truncation approach.

Thanks.

Share this post


Link to post
Share on other sites
Have you configured postini and your email server in the mailhost configuration? . . .

Can't get it done. I am using Eudora. There is a broken link in the special Eudora instructions to a third party patch for forwarding e-mail as an attachment, so I can't use that method. Using the two-pane entry form, the response I get is that smtp-5[at]widopenwest.com has no IP address, and is discarded as fake. A subsequent message says my e-mail addy appears to traverse more than one domain, and I have to configure them all individually and in order (which is what I thought I was trying to do).

That's where I stalled out before. I have gone ahead and requested a waiver this time. I hate to have to stop and do that for all the confuring, one at a time, which is why I aborted the process before. I'll follow it through this time and see what happens?

Share this post


Link to post
Share on other sites

That wouldn't account for the untraceables I get at Hotmail, though, since they don't forward through Spamcop.

ANY account that touches a spam you wish to report needs to have a mailhost configured, whether or not it "forwards through spamcop". If you receive spam at hotmail and you want to report that spam using your mailhost configured reporting account, hotmail needs a mailhost configured.

I hate to have to stop and do that for all the confuring, one at a time, which is why I aborted the process before. I'll follow it through this time and see what happens?

You don't have to do the configuration UNLESS you want to report spam that has touched that account. Most people should have every email account they have registered in the mailhost configuration.

Postini does require the waiver because it is another system touching your messages in the middle.

Share this post


Link to post
Share on other sites
Using the two-pane entry form, the response I get is that smtp-5[at]widopenwest.com has no IP address, and is discarded as fake. A subsequent message says my e-mail addy appears to traverse more than one domain, and I have to configure them all individually and in order (which is what I thought I was trying to do).

Technically, it's not that there isn't an IP address .... it's actually the header data that's provided by these servers that's causing the issue, which is based on configuration settings in use ....

You didn't bother to show anything here, so I'll reach back to your Topic starting post that Tracking URL shows the header line details as;

Received: from smtp-3.wideopenwest.com (smtp-3.wideopenwest.com [10.75.2.3])

which goes back to being an internal IP address, therefore non-routable

On the other hand ....

04/17/07 19:29:59 Slow traceroute smtp-3.widopenwest.com

Trace smtp-3.widopenwest.com (72.5.175.90) ...

* * * failed

and yet, we see the same data for

04/17/07 19:29:36 Slow traceroute smtp-5.widopenwest.com

Trace smtp-5.widopenwest.com (72.5.175.90) ...

* * * failed

http://www.mxtoolbox.com/index.aspx returns; No MX records found for widopenwest.com

SMTP diagnostics for smtp-5.widopenwest.com;

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

Stranger yet .... in addition to 'hosting' several e-mail servers (?) ... there's a 'search page' available as the 'front page' on the same server (?) ....

04/17/07 19:45:05 Browsing http://72.5.175.90/

Fetching http://72.5.175.90/ ...

GET / HTTP/1.1

Host: 72.5.175.90

Connection: close

HTTP/1.1 200 OK

Connection: close

Date: Wed, 18 Apr 2007 00:51:12 GMT

Server: Microsoft-IIS/6.0

MicrosoftOfficeWebServer: 5.0_Pub

X-Powered-By: ASP.NET

I'm sure that there's no association, but .... after years of removing 'new net' crap installed by several malware/spyware things floating around the net .. the New.net name for this ISP/Host/place sure got my attention quick .....

Share this post


Link to post
Share on other sites
.... after years of removing 'new net' crap installed by several malware/spyware things floating around the net .. the New.net name for this ISP/Host/place sure got my attention quick .....

Yeah. The apparent malware tracks would kind of statle you. I get annoyed just by Zone Alarm telling me that Hotmail wants me to allow About Blank. I remember that one. Can't bring myself to do it.

Speaking of Hotmail, it is now the only account I've been unable to configure. Even Yahoo worked just fine. My Hotmail mailbox never receives any of the robot e-mails when I try to configure it. Is there something special required here?

Thanks,

Nick

Share this post


Link to post
Share on other sites
Speaking of Hotmail, it is now the only account I've been unable to configure. Even Yahoo worked just fine. My Hotmail mailbox never receives any of the robot e-mails when I try to configure it. Is there something special required here?

Easy guess .... it's probably hitting/hiding in the Bulk folder .....

Same issue as mail from this server .... folks configure their HotMail account to 'simply Delete' the stuff that makes it into the Bulk folder, then raise a fuss because they 'never receive any e-mail' from here, there, whereever ... at issue is the filtering rules used by HotMail ... I believe it stupidly triggers on the 'spam' part of SpamCop.net .... so few spammers these days still use the phrase "this is not spam ..." but .. those filters are still floating around ....

Share this post


Link to post
Share on other sites

folks configure their HotMail account to 'simply Delete' the stuff that makes it into the Bulk folder ....

Hmmm. My Yahoo has a "Bulk" folder by default, but my Hotmail account does not. I'll check the configuration and run the Mailhost attempt again. A search of all folders in Hotmail doesn't find any sign of the robot emails, thus far. I did run that.

Nick

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0