Jump to content

gw1500se

Members
  • Content Count

    16
  • Joined

  • Last visited

Posts posted by gw1500se


  1. I am trying to automate reporting spam by redirecting it. Since redirection keeps the headers in tact, I thought spamcop could handle it. However, the spam is being returned with an error. I know that the sender (wtriker.ffe[at]gmail.com) is not the same as the recipient (i_was_yah00ed[at]yahoo.com) of the original spam. Is that the cause of the error (I need to figure out why that is happening anyway) or is there an inherent problem doing this with a redirect? TIA.

    SpamCop encountered errors while saving spam for processing:

    SpamCop could not find your spam message in this email:

    Return-Path: <wtriker.ffe[at]gmail.com>

    Received: from vmx.spamcop.net (prod-sc-smtp13.sv4.ironport.com [10.8.129.223])

    by prod-sc-app5.sv4.ironport.com (Postfix) with ESMTP id B9BF21EE912

    for <submit.xxxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=[at]gmail.com

    X-IronPort-AV: E=McAfee;i="5600,1067,7567"; a="334702800"

    X-IronPort-AV: E=Sophos;i="5.04,562,1406617200";

    d="scan'208,217";a="334702800"

    Received: from mail-yh0-f50.google.com ([209.85.213.50])

    by vmx.spamcop.net with ESMTP; 20 Sep 2014 16:07:20 -0700

    Received: by mail-yh0-f50.google.com with SMTP id f10so1319318yha.9

    for <submit.xxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

    d=gmail.com; s=20120113;

    h=message-id:from:resent-from:to:date:reply-to

    :content-transfer-encoding:content-type:mime-version:subject;

    bh=iRGRcj6CKDW+jxQ0gnist3sD+dnb/iuMklN7843M3f8=;

    b=ycLEmjRj5CyV8sW9EAex0cJrXiWAORUKvj6JCoT7/UFHoXKK2rpMrxjYtelEal7aSR

    AqrOztlJze0p3jstyIMf7ZlqQ4BD1M5bYvwcA78i7euCzLt3PxN3da9uwYzTr7yva+j1

    gaaoBxEM9PJX4vlEmlLN9XhtsvyEfcNd+zFP8/1cKT9aY/4tbtuQc70/fw7LRQPVLiX/

    ljbK8bQjcDUdyipYMMzfJ2K3OVJaIcwqQuiDDKpGlwnKu9vKioX0S7tITIzStmtDnAYl

    RTt/2iuAYu8QMAz+W+C+C4DPvhPONZex50CaHmhxujHayKZFqKx+coSQUN+TfJjYIqIs

    gyXw==

    X-Received: by 10.236.75.99 with SMTP id y63mr27437yhd.105.1411254439101;

    Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    Received: from [192.168.0.102] (162-230-29-95.lightspeed.tukrga.sbcglobal.net. [162.230.29.95])

    by mx.google.com with ESMTPSA id t35sm2506485yho.56.2014.09.20.16.07.18

    for <submit.xxxxxxxxxxxx[at]spam.spamcop.net>

    (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);

    Sat, 20 Sep 2014 16:07:18 -0700 (PDT)

    Message-ID: <541e08a6.2fd2ec0a.3acd.ffff92db[at]mx.google.com>

    From: Student Loan Specialist <wtriker.ffe[at]gmail.com>

    X-Google-Original-From: Student Loan Specialist <sloan_yRZIO[at]email-delivery-1.com>

    Resent-from: i_was_yah00ed[at]yahoo.com

    To: submit.xxxxxxxxxxxx[at]spam.spamcop.net

    Date: Sat, 20 Sep 2014 19:07:00 -0400 (Eastern Standard Time)

    Reply-To: Student Loan Specialist <sloan_mAZVi[at]email-delivery-1.com>

    Content-Transfer-Encoding: 8bit

    Content-Type: multipart/mixed;

    boundary="----=sloan1"

    Mime-Version: 1.0

    Subject: Legally ELIMINATE your student loans.

    ------=sloan1

    Content-Type: multipart/alternative;

    boundary="----=sloan2"

    ------=sloan2

    Content-Type: text/html; charset=UTF-8;

    Content-Transfer-Encoding: quoted-printable

    <html>

    <body>

    <div align="center">

    <form name=3D"sloan_1MI" method=3D"get" action=3D" http://www.email-delivery-1.com/g8zzUTqWy....t;><input type=3D"SUBMIT" value=3D"CLICK HERE TO TAKE CARE OF YOUR STUDENT LOANS"></form><br><br>

    <IMG src="http://www.email-delivery-1.com/slo.gif" border=0 usemap="#sloan_1MI" style="display:block !important; line-height:0 !important; font-size:0 !important;" /></A><br><br><br><br>

    <map name="sloan_1MI" id="sloan_1MI">

    <area shape="default" href="http://www.email-delivery-1.com/g8zzUTqWy.d3_l.RQd8pQgn5p9y3J4dmHQjtuLLBVOI=/studentloans-link">

    </map>

    </div>

    <br><br>

    <IMG src="http://www.email-delivery-1.com/mindfulness.png" border=0 usemap="#finished_1MI" style="display:block !important; line-height:0 !important; font-size:0 !important;" /></A>

    <map name="finished_1MI" id="finished_1MI">

    <area shape="default" href="http://www.email-delivery-1.com/g8zzUTqWy.d3_l.RQd8pQgn5p9y3J4dmHQjtuLLBVOI=/finished">

    </map><br><br>

    </div>

    Trouble seeing this message? Copy & paste this into your web browser: <br> <br> http://www.email-delivery-1.com/g8zzUTqWy....udentloans-link

    </body>

    </html>

    The email which triggered this auto-response had the following headers:

    Return-Path: <wtriker.ffe[at]gmail.com>

    Received: from vmx.spamcop.net (prod-sc-smtp13.sv4.ironport.com [10.8.129.223])

    by prod-sc-app5.sv4.ironport.com (Postfix) with ESMTP id B9BF21EE912

    for <submit.xxxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=[at]gmail.com

    X-IronPort-AV: E=McAfee;i="5600,1067,7567"; a="334702800"

    X-IronPort-AV: E=Sophos;i="5.04,562,1406617200";

    d="scan'208,217";a="334702800"

    Received: from mail-yh0-f50.google.com ([209.85.213.50])

    by vmx.spamcop.net with ESMTP; 20 Sep 2014 16:07:20 -0700

    Received: by mail-yh0-f50.google.com with SMTP id f10so1319318yha.9

    for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net>; Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

    d=gmail.com; s=20120113;

    h=message-id:from:resent-from:to:date:reply-to

    :content-transfer-encoding:content-type:mime-version:subject;

    bh=iRGRcj6CKDW+jxQ0gnist3sD+dnb/iuMklN7843M3f8=;

    b=ycLEmjRj5CyV8sW9EAex0cJrXiWAORUKvj6JCoT7/UFHoXKK2rpMrxjYtelEal7aSR

    AqrOztlJze0p3jstyIMf7ZlqQ4BD1M5bYvwcA78i7euCzLt3PxN3da9uwYzTr7yva+j1

    gaaoBxEM9PJX4vlEmlLN9XhtsvyEfcNd+zFP8/1cKT9aY/4tbtuQc70/fw7LRQPVLiX/

    ljbK8bQjcDUdyipYMMzfJ2K3OVJaIcwqQuiDDKpGlwnKu9vKioX0S7tITIzStmtDnAYl

    RTt/2iuAYu8QMAz+W+C+C4DPvhPONZex50CaHmhxujHayKZFqKx+coSQUN+TfJjYIqIs

    gyXw==

    X-Received: by 10.236.75.99 with SMTP id y63mr27437yhd.105.1411254439101;

    Sat, 20 Sep 2014 16:07:19 -0700 (PDT)

    Received: from [192.168.0.102] (162-230-29-95.lightspeed.tukrga.sbcglobal.net. [162.230.29.95])

    by mx.google.com with ESMTPSA id t35sm2506485yho.56.2014.09.20.16.07.18

    for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net>

    (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);

    Sat, 20 Sep 2014 16:07:18 -0700 (PDT)

    Message-ID: <541e08a6.2fd2ec0a.3acd.ffff92db[at]mx.google.com>

    From: Student Loan Specialist <wtriker.ffe[at]gmail.com>

    X-Google-Original-From: Student Loan Specialist <sloan_yRZIO[at]email-delivery-1.com>

    Resent-from: i_was_yah00ed[at]yahoo.com

    To: submit.xxxxxxxxxxxxxxx[at]spam.spamcop.net

    Date: Sat, 20 Sep 2014 19:07:00 -0400 (Eastern Standard Time)

    Reply-To: Student Loan Specialist <sloan_mAZVi[at]email-delivery-1.com>

    Content-Transfer-Encoding: 8bit

    Content-Type: multipart/mixed;

    boundary="----=sloan1"

    Mime-Version: 1.0

    Subject: Legally ELIMINATE your student loans.


  2. I keep getting spam that I cannot report because it results in the error:

    Unable to process message. IPv6 addresses are not supported.

    No source IP address found, cannot proceed.

    I may have asked this question before but I don't think I was able to produce the headers at the time so it was really never resolved. This time I have posted the full headers below. I can see the X-Originating-IP header but I don't understand why this cannot be processed. Can someone shed any light on this and suggest what I might do? TIA.

    X-Account-Key: account1

    X-Mozilla-Keys:

    X-Apparently-To: x via 98.138.213.185; Fri, 16 Dec 2011 04:55:43 -0800

    Received-SPF: none (domain of frederickcountymd.gov does not designate permitted sender hosts)

    X-YMailISG: QxBAIiYWLDsTRb0vX4H3O8YESsj39aUyP0BORMk7tItHihyn

    jZlOpcwDIV7ioPjYQZ6RcUvQufWVeqbRYXV4eDjmviAITmlKUMmHx7RhO3Fo

    Edq_Fu9NSlCKA4IAPGdegq5cLIriR8Xyw3tbTpckW5eY3R.wvShWJWpZGwHd

    asp6qLrEvwzko9FWFUsBP4Scj4JXGYMm.7eeMIZwka.n5gcrcXh47VS9x5rk

    Mpn9e81wWEEYGW5jCMLU_izzJboNQv5AipZWslqoZlufrG2PdsWzfV6h

    X-Originating-IP: [199.248.201.241]

    Authentication-Results: mta1013.sbc.mail.sp1.yahoo.com from=FrederickCountyMD.gov; domainkeys=neutral (no sig); from=FrederickCountyMD.gov; dkim=neutral (no sig)

    Received: from 204.127.217.78 (EHLO fgateway08.isp.att.net) (204.127.217.78)

    by mta1013.sbc.mail.sp1.yahoo.com with SMTP; Fri, 16 Dec 2011 04:55:43 -0800

    Received: from mailgw2.frederickcountymd.gov ([199.248.201.241])

    by isp.att.net (frfwmxc08) with ESMTP

    id <20111216125543M080041q79e>; Fri, 16 Dec 2011 12:55:43 +0000

    X-ATT-UNSOLICITED: OK

    Received: from mailgw2.frederickcountymd.gov ([199.248.201.241])

    by isp.att.net (frfwmxc08) with ESMTP

    id <20111216125543M080041q79e>; Fri, 16 Dec 2011 12:55:43 +0000

    X-Originating-IP: [199.248.201.241]

    Received: from mailgw2.frederickcountymd.gov (localhost.localdomain [127.0.0.1])

    by mailgw2.frederickcountymd.gov (8.13.8/8.13.8) with SMTP id pBGCtglv003558

    for <x>; Fri, 16 Dec 2011 07:55:42 -0500

    Received: from NT1S21.nt1.local ([10.12.20.123] helo=NT1S21.nt1.local) with

    IPv4:25 by mailgw2.frederickcountymd.gov; 16 Dec 2011 07:55:42 -0500

    Received: from nt1s21.nt1.local ([::1]) by NT1S21.nt1.local ([::1]) with mapi;

    Fri, 16 Dec 2011 07:55:42 -0500

    From: "Coleman, Sherman" <SColeman[at]FrederickCountyMD.gov>

    To: "x" <x>

    Date: Fri, 16 Dec 2011 07:55:41 -0500

    Subject: Fw:

    Thread-Index: Acy750wZMu3TXA60RKyg4fRMjhDnwAACrfzm

    Message-ID: <D828__________________________________0D98[at]NT1S21.nt1.local>

    Accept-Language: en-US

    Content-Language: en-US

    X-MS-Has-Attach:

    X-MS-TNEF-Correlator:

    acceptlanguage: en-US

    x-tm-as-product-ver: SMEX-10.2.0.1135-6.800.1017-18586.004

    x-tm-as-result: No--46.194300-0.000000-31

    x-tm-as-user-approved-sender: Yes

    x-tm-as-user-blocked-sender: No

    Content-Type: multipart/alternative;

    boundary="_000_D828BBBC7AA3CF49B52C756F07A2A3EF0CFBF80D98NT1S21nt1loca_"

    MIME-Version: 1.0

    X-Assp-Version: 1.8.1.7(1.0.06 on mailgw2.frederickcountymd.gov

    X-Assp-Passing: acceptAllMail

    X-Assp-ID: mailgw2.frederickcountymd.gov 13240-50489

    X-Assp-Intended-For: x

    X-Assp-Envelope-From: scoleman[at]frederickcountymd.gov


  3. >- Supposed receiving system not associated with any of your mailhosts

    That's the critical part of the error statement.

    It looks like you have registered your email providers with our Mailhosts system, but forgot to include Google.

    - Don D'Minion - SpamCop Admin -

    - service[at]admin.spamcop.net -

    .

    I don't have all my Google email accounts registered but the one that got this spam is registered. I'll try doing all of them and see what happens. Thanks.


  4. I've been getting a lot of spam that I am unable to report. Here is one such spam

    From - Tue Oct 04 04:00:35 2011
    X-Account-Key: account5
    X-UIDL: GmailId132cc0100dd1723e
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:																				 
    Delivered-To: x
    Received: by 10.142.225.6 with SMTP id x6cs49188wfg;
    		Mon, 3 Oct 2011 15:56:50 -0700 (PDT)
    Received: by 10.68.19.225 with SMTP id i1mr4689257pbe.63.1317682610332;
    		Mon, 03 Oct 2011 15:56:50 -0700 (PDT)
    Return-Path: &lt;bounce[at]filefactory.com&gt;
    Received: from us-mgr.filefactory.com (mail.filefactory.com. [98.143.146.34])
    		by mx.google.com with ESMTPS id n8si16503373pbg.272.2011.10.03.15.56.50
    		(version=TLSv1/SSLv3 cipher=OTHER);
    		Mon, 03 Oct 2011 15:56:50 -0700 (PDT)
    Received-SPF: pass (google.com: domain of bounce[at]filefactory.com designates 98.143.146.34 as permitted sender) client-ip=98.143.146.34;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce[at]filefactory.com designates 98.143.146.34 as permitted sender) smtp.mail=bounce[at]filefactory.com
    Received: from us-mgr.filefactory.com (localhost.localdomain [127.0.0.1])
    	by us-mgr.filefactory.com (8.13.8/8.13.8) with ESMTP id p93MunDv030379
    	for &lt;x&gt;; Mon, 3 Oct 2011 15:56:49 -0700
    Authentication-Results: us-mgr.filefactory.com; dkim=none (no signature)
    	header.i=unknown; x-dkim-adsp=fail
    Received: (from root[at]localhost)
    	by us-mgr.filefactory.com (8.13.8/8.13.8/Submit) id p93MunAB030378;
    	Mon, 3 Oct 2011 15:56:49 -0700
    To: x
    Subject: No credit card? Now you can buy FileFactory Premium with your mobile
    Message-ID: &lt;559d________________________5543[at]marketing.doubleclickindustries.com&gt;
    Date: Sun, 18 Sep 2011 19:22:57 -0700
    From: "FileFactory.com" &lt;information[at]filefactory.com&gt;
    Reply-To: information[at]filefactory.com
    MIME-Version: 1.0
    X-Mailer-LID: 9,5,2,4,12,3
    List-Unsubscribe: &lt;http://marketing.doubleclickindustries.com/emailmarketer/unsubscribe.php?M=3157590&amp;C=666fc134de2f52617456e903ea38a104&amp;L=5&amp;N=132&gt;
    X-Mailer-RecptId: 3157590
    X-Mailer-SID: 132
    X-Mailer-Sent-By: 1
    Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_3bf0803a5e1fdf6525f41b43769e5fd7"
    Content-Transfer-Encoding: 8bit
    
    View entire message
    Parsing header:
    0: Received: from us-mgr.filefactory.com (mail.filefactory.com. [98.143.146.34]) by mx.google.com with ESMTPS id n8si16503373pbg.272.2011.10.03.15.56.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 03 Oct 2011 15:56:50 -0700 (PDT)
    Hostname verified: mail.filefactory.com
    Possible forgery. Supposed receiving system not associated with any of your mailhosts
    Will not trust anything beyond this header
    

    Am I doing something wrong (these are the raw headers provided to spam cop) or are spammers figuring out ways to prevent reporting? What can I do about this type of spam? TIA.


  5. The login email address (username) is set in stone. It can't be changed.

    Just think of it as a complicated username from now on.

    You can change the address SpamCop uses to contact you to any address you want.

    Please don't burden our system by creating a new account just so you can use a a new email address to log in with.

    Thanks!

    - Don D'Minion - SpamCop Admin -

    - service[at]admin.spamcop.net -

    .

    Understood. I did change the email address a long time ago. I was hoping to change the log in name as it is an unpleasant reminder but I won't create a new user. Thanks.


  6. Thanks but no that is not the situation. This is really not a big deal but something I was hoping to change. When I bring up the log in page for reporting (www.spamcop.net), the log in information in the upper right fields are what I am referencing. The first field is what I wanted to change. Currently it requires a defunct email address used when I first registered.


  7. When I created my spamcop account I used what is now a defunct email address. I'm a little confused by my account name and the email address for logging on. I can't use the account name to log in but I don't want to keep using the defunct email address. How do I change the login name without creating a new account? TIA.


  8. Thanks for the replies. I'll look into the Mozilla issue but I now think it is, to some extent, an ISP (AT&T) issue. I am now getting spam that does not have an origination record. It seems to me that kind of mail should be rejected by the ISP. Am I correct and should I complain to my ISP about filtering that?


  9. I have encounter something new that I don't know how to handle. I am using Thunderbird and when I find spam I use the "View -> Message source" option to copy the raw source and paste it into spamcop. However, lately I have been getting occasional spam whose raw source opens to a blank page. This may be a Thunderbird issue but even the headers look wrong as there are no originating source records and very few others except from, to, subject, date and message-ID. Should this have even been delivered? Perhaps there is something my ISP is relaying that it shouldn't? What have these spammers discovered? TIA.


  10. Perhaps I am missing something but I occasionally get spam that I am unable to report because it is "too old." However, it is obvious (to me anyway) that the times are somehow forged. Is this a newly discovered way for preventing spam from being reported? What do I do in a case like that?

×