Jump to content

Jeff G.

Membersph
  • Posts

    3,727
  • Joined

  • Last visited

Everything posted by Jeff G.

  1. snaller, I just used the Parser to parse just that URL twice. The first time, it couldn't resolve the IP Address, and the second time, it could resolve it and offered shengjun.zheng<at>fibrlink.net and wei.deng<at>fibrlink.com as reporting email addresses for IP Address 210.72.224.49. In my experience troubleshooting this particular issue, parsing just the URL independently until the Parser resolves the IP Address helps to increase the likelihood that parsing a spam that includes the URL will include resolution of the IP Address. Perhaps this is because parsing of individual URLs uses a longer timeout or a different algorithm or source for dns resolution, and parsing of spams relies in part on the cached results of the parsing of individual emails, and it may also depend on which servers in the farm you hit.
  2. I added " (if those addresses are for role accounts)".
  3. Please note that I will be re-evaluating the harshness of my original Post that started this Topic.
  4. Link analysis is performed by the SpamCop Parser, part of the SpamCop Parsing and Reporting Service. Finding links in message body is the first step of the process. The Parser steps through the body (if any) and each attachment that could contain a link (if any). It skips attachments that contain images and will reduce redundant links as necessary. It doesn't actually display the links it found in this step. It sometimes fails to find links that are really there - refreshing usually helps. Resolving link obfuscation is the middle step of the process. The Parser displays each link it found, followed by any deobfuscation that is necessary, followed by the IP Address of the link's host (a lookup of the A DNS Record), followed by the canonical name of that IP Address (a lookup of the PTR DNS Record). It frequently fails to start looking up the IP Address - refreshing usually helps. It also sometimes fails to resolve the IP Address, especially with the domains of spammers who are playing fast and loose with the Domain Name System, producing "ip not found" and "discarded as fake." messages - refreshing usually helps, and parsing the URL only in a separate browser window usually helps in stubborn cases when refreshing hasn't been helping. Tracking link is the final step of the process. The Parser again displays each link it found and was able to resolve (deobfuscated if necessary), again followed by the IP Address, and then the email addresses in the whois lookups of that IP Address from cache or (if the cached entry is stale or nonexistent) from ARIN and other appropriate Registries (there is currently a known issue with lookups of contacts at APNIC), followed by the abuse.net lookups of those email addresses (if those addresses are for role accounts), and finally a list of best contacts. It sometimes fails to start this step - refreshing usually helps. If it fails to resolve the IP Address, it displays a "Cannot resolve" message. Please make sure this email IS spam: indicates the end of the link analysis process. If you get tired of refreshing, please send a Manual Report for the URL(s). I believe all the failures described above are known issues, I just wanted to document them in one Topic. See also: SpamCop reporting of spamvertized URLs and a contribution from Don in that Topic. Edit: 2005/07/01 23:13 EDT -0400 Jeff G. added messages and Manual Report. Also added APNIC, toned down the rhetoric, and added " (if those addresses are for role accounts)". Edit: 2005/10/29 18:44 EDT -0400 Jeff G. added references to SpamCop reporting of spamvertized URLs and a contribution from Don in that Topic.
  5. Via email: Submitting spam for reporting via email is covered in general at SpamCop.net - SpamCop FAQ: How do I submit spam via email? If you forward the spam to SpamCop (using your submit email address to SpamCop), make sure you forward it as an attachment. Forwarding inline will strip out all the headers from the original spam and make your report worthless. Configure your email client to forward as attachment. That way, the attached file will be the original message with the headers included. Typical problems with submitting via email are covered by E-Mail spam submittals blocked by your ISP? and Emailed spam Submissions Disappearing? No Confirmation e-mails?. If you forward the spam as an attachment, you have to wait for SpamCop to send back a submission reply email which provides a link for you to click on to get to the parser and submit page. If you have spam filtering enabled in your Hotmail or other account, you might have to whitelist emails coming from SpamCop. If you submit via email and you don't want to wait for the submission reply email to show up in your email account, you can click on "Report Now" above the web form. If you click both "Report Now" and the Tracking URL in the submission reply email for the same submission, you will get "Would send" and "If reported today, reports would be sent to:" messages. Via the web form: The web form is typically located at http://www.spamcop.net/, http://members.spamcop.net/, or http://mailsc.spamcop.net/ after you login, depending on the type of account you have. If you use the web form to copy/paste in the spam message, you need to see ALL of the headers. SpamCop.net - SpamCop FAQ: How do I get my email program to reveal the full, unmodified email? covers how to do that. In addition to that FAQ entry's subsection SpamCop.net - SpamCop FAQ: Hotmail, please note that MSN Hotmail doesn't have a toggle option to let you switch between a normal view and a view showing all the headers. You'll need to go into to your global options to configure your Hotmail account to show ALL headers. However, whether spam or not, you'll then see all the headers for every e-mail that you view. Yahoo! has a per-message toggle that lets you switch between normal and all-header view but Hotmail does not (except as a global option). If you use the web form, the parsing is immediate and you get the parse page with the option to send your report (which gets sent from an email address composed of the Report ID Number and hostname on the SpamCop.net domain, not from your email address). That eliminates the delay in waiting to get the submission response email from SpamCop (which gets lower priority and may take several minutes to arrive). However, the trade-off is the nuisance of having to copy the headers, paste them, and then copy the body and paste that (and you should be copying the HTML code for an HTML-formatted message, not the rendered version of the spam). Acknowledgement: The vast majority of the preceding was written by Vanguard in Re: How do I submit my spam to spamcop?.
  6. The following is from the Blacklists / Blacklist Filters page, in its secure and insecure forms, modified in form for posting here: Select the DNS Zone blacklists you want to use. DNS blacklists are used by SpamCop to identify possible spamming IP addresses or misconfigured mail relays. Only the SpamCop blacklist is run by SpamCop. All others are run by independent third parties with no connection to SpamCop and have their own criteria for who to list. The default selection is to query only the SpamCop list. To potentially stop even more spam, try one or more of the other lists. The more lists you use, the higher the potential that legitimate email will be blocked. [B]DNS Blacklist DNS Zone Website[/B] ------------- -------- ------- SpamCop Blacklist bl.spamcop.net www.spamcop.net/bl.shtml SPEWS level 1 l1.spews.dnsbl.sorbs.net www.spews.org DSBL open relays list.dsbl.org dsbl.org Spamhaus Blacklist sbl.spamhaus.org www.spamhaus.org/sbl/ South Korea (the country) korea.services.net korea.services.net China (the country) cn.rbl.cluecentral.net www.cluecentral.net/rbl/ Nigeria nigeria.blackholes.us www.blackholes.us Argentina argentina.blackholes.us www.blackholes.us Brazil brazil.blackholes.us www.blackholes.us Composite Blocking List cbl.abuseat.org cbl.abuseat.org Spamhaus XBL xbl.spamhaus.org www.spamhaus.org/xbl/ SORBS DNSbl dnsbl.sorbs.net www.dnsbl.sorbs.net I am using all the blacklists except South Korea (korea.services.net, only because I can't whitelist bigfoot.com's mailservers in that country).
  7. Sorry, there is no such link for users strictly following those directions. Sorry, the process is no longer "already done" as described in the quote above.
  8. [The following is quoted from Edit mailhost configuration, but you should use your own "Mailhosts" link because it is coded with your own Authorization Code.] Mailhost configuration SpamCop is undergoing has undergone a major renovation to the underlying logic which it uses to determine spam sources. Soon Eventually, all SpamCop users will be required to use this new system, completing additional setup steps. Some "unique" users may not be able to report all the spam they have in the past. Why? This is being done because of ongoing problems - spammers have finally begun doing what we have known they could do all along - create really convincing mail header forgeries. These forgeries make SpamCop think spam is being sent from innocent sites where it is actually not. Clearly, this must be stopped. Currently, only a few spam forgeries cause serious problems for SpamCop, but if this problem is not solved, it will become much worse. Even now, a few mis-identified innocent sites are a big problem. This system promises to eliminate the forgery problem forever, while also avoiding problems caused by other less-drastic attempts to mitigate the forgeries. However, it does require more involvement from SpamCop users. When? For now, this new system is optional. You may chose to use it or not. However, users are encouraged to start using it immediately. Once we have some feedback from users, and have addressed the most serious problems, it will become mandatory for all users. In the future, we may make other changes which will make reporting spam easier. For example, if we can be sure there are no errors, we may be able to dispense with additional user confirmation when spam is submitted. [Quick Reporting] How? For users with only one email address, the process is easy. Simply click the Add/Change link below and follow the instructions. For users using their SpamCop email exclusively, the process is even easier - it is already done (visiting this page has activated it!). Note that if you forward SpamCop email into or from the SpamCop system, you still have to configure the other accounts involved. For users with multiple accounts, the proceedure is slightly more difficult. For example, a user with two forwarding addresses configured to forward to one email account should first configure the main account, then configure each of the forwarding accounts: In example 1, Account C should be configured first, then B and then A. In example 2, Account C should be configured first, followed by A and B in no particular order. Accounts should be configured in reverse order of email delivery. That is, if an email is received first at address A, then that account should be the last to be configured with SpamCop. Warning: If you use this new system, you must complete the configuration process for all accounts where you receive spam. If you fail to complete the configuration for one of your legitimate mail hosts, you may cause SpamCop to attribute spam to it. Once you begin the migration process, do not report any more spam until it is complete. For now, there is an option to revert away from this new system. However, users are urged to try the new system and post problems in the forum rather than reverting. At least, do not do both - reverting your account will make it more difficult for us to diagnose problems.
  9. This Scorecard lists Service Providers that provide Authenticated SMTP Services (linked to their main website URLs), Mitigating Objective Facts (linked to the sources of those facts), and Subjective Comments. Additions and comments are welcome. SpamCop.Net ("Leave the SMTP server set up with the server your ISP provides." and "No, sorry, we don't."): Sorry, not offered. MochaMail ("New Accounts Coming Soon!"): Works well with no perceived limitations. MailAndNews.com ("At this time we are not accepting new accounts."): Reliability problems but no perceived limitations. MyRealBox ("The MyRealBox system will continue to no longer accept new accounts at this time." within "MRB News" halfway down the page): Reliability problems but no perceived limitations. DynDNS.org MailHop Outbound (Minimum $14.95 for the first year and $9.95 for additional years at 150 Relays Per Day): I haven't tried it. Yahoo! (Minimum $19.95/year for "POP Access & Forwarding"): May require POP before SMTP instead of Authenticated SMTP. Yahoo! UK & Ireland (Free via smtp.mail.yahoo.com or smtp.mail.yahoo.co.uk after signing up for "POP Access & Forwarding"): Works, but recently added a little text advertising at the end of the body. For instance: Gmail (A beta service of Google, free via smtp.gmail.com using SSL Port 465, subject to caveats and requiring an invitation): Works well so far... Revision History: v1.00 by Jeff G. - Initial Release v1.01 by Jeff G. 2004/03/08 13:24 EST - Added SpamCop and respaced v1.02 by Jeff G. 2004/03/08 16:10 EST - Added Yahoo! v1.03 by Jeff G. 2005/05/31 10:18 EDT - Added Gmail and made a minor grammar correction v1.04 by Jeff G. 2005/07/15 08:48 EDT - Updated Yahoo! UK with ads
  10. you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan Is that "different AV-System" similar to the one described edtnps84]here?
  11. you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan I'd need lots more than ten slots to make that happen, and they wouldn't cover the following: email sent directly to my spamcop.net account email sent through strict forwarders, like bigfoot, sneakemail, and spammotel email forwarded through systems that are too messed up to allow changes, like mailandnews
  12. JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks!
  13. Julian's explanation at http://forum.spamcop.net/forums/index.php?...st=0entry1904 was as follows:
  14. Webmail: Login to Webmail at https://webmail.spamcop.net or http://webmail.spamcop.net In the top bar, all the way to the right, use the pull-down selector to select "INBOX". Click the "Open Folder" Link. Note that file attachments are limited to approximately 2Meg from this view, both up and down-loading. Forwarding: Login to Webmail at https://webmail.spamcop.net or http://webmail.spamcop.net Click the "Options" Link. Under "Mail Management", click the "SpamCop Tools" Link. Click on the "Select your email forwarding, change your password or mail reports." Link. In the second section, "Forwarding Address", enter the address you wish to forward to. There is no "keep a copy" functionality. PLEASE DO NOT FORWARD TO YOUR SPAMCOP.NET ACCOUNT! Click the "Submit" Button. POPping using the POP3 Protocol via Standard Port 110 or via SSL Port 995: POP3 Server: pop.spamcop.net Username or Account name: Your full SpamCop Userid (including [at]spamcop.net, [at]cesmail.net, or [at]cqmail.net) Password: Your SpamCop Password IMAPping using the IMAP4 Protocol via Standard Port 143 or via SSL Port 993: IMAP Server: imap.spamcop.net Username or Account name: Your full SpamCop Userid (including [at]spamcop.net, [at]cesmail.net, or [at]cqmail.net) Password: Your SpamCop Password OE Sent Items path: sent-mail OE Drafts path: Drafts Edit: 2005/05/11 01:23 EDT by Jeff G. - corrected nonexistent hostname webmails.spamcop.net and added SSL Ports.
  15. According to http://forum.spamcop.net/forums/index.php?showtopic=107 , "sending as the original was what worked" for reporting spam using "Open WebMail".
  16. Jeff G.'s Guide to SpamCop Quick Reporting Requirements: 1. A functional SpamCop Mail account (assumed to be LOGON[at]spamcop.net - substitute with LOGON[at]cesmail.net if appropriate) 2. A PC or emulator running Microsoft Windows with a working mouse 3. An installed copy of Microsoft Outlook (configured for IMAP, not Microsoft Exchange) or Outlook Express (hereinafter "OE"), containing an email which is spam that you wish to report 4. Internet access Steps: 1. Print out these instructions so that you can refer to them while your PC is otherwise occupied. 2. Configure OE to use your SpamCop account via IMAP, connecting to IMAP Server imap.spamcop.net using your SpamCop LOGON[at]spamcop.net and PASSWORD. See "Jeff G.'s Guide to accessing SpamCop email using OE and IMAP" at http://forum.spamcop.net/forums/index.php?showtopic=87 for more info on this. 3. Make sure that you use a View Layout that shows your Folder List and your emails. 4. Make sure that you can see your "Held Mail" Folder in your Folder List. You may have to hit the "+" next to "Inbox" in order to see it. 5. Find an email which is spam, has not been reported yet, and is no more than three days old. If you can't see your "Held Mail" Folder in your Folder List any more, use the scrollbar on your Folder List to view your "Held Mail" Folder in your Folder List, but DO NOT CLICK ON YOUR "Held Mail" FOLDER because then you will not be able to see your email which is spam. 6. Position your mouse pointer over that email (anywhere on that line should do). (Optional: use Shift+Click and/or Ctrl+Click to select more than one spam.) 7. Hold down your left mouse button over that email (or one of multiple emails). 8. Move your mouse pointer to your "Held Mail" Folder. Your "Held Mail" Folder should be highlighted and your mouse pointer should have changed from a "DO NOT ENTER" symbol to a normal mouse cursor symbol with a little gray-bordered box below it and to its right. This action is called "dragging". 9. Let go of your left mouse button. This action is called "dropping". The mail should now move to your "Held Mail" Folder. (Optional substitute for Steps 7-9: Right-Click on the email(s), select "Move to Folder...", select your "Held Mail" Folder, and click "OK".) 10a. If you are using Webmail, open your "Held Mail" Folder. It should show the spam you dropped in step 9 above. You may need to "Refresh" in order to see the spam you dropped. 10b. If you are using a web browser to access your Very Easy Reporting (VER) screen (also known as the "report held spam" screen or the "Held Mail Log" screen, which is no longer being developed) via <http://LOGON%40spamcop.net:PASSWORD[at]mailsc.spamcop.net/reportheld?action= heldlog> (or clicking on "Held Mail" at the top of almost any screen at http://mailsc.spamcop.net), that screen should show the spam you dropped in step 9 above. You may need to "Refresh" in order to see the spam you dropped. 11a. If you are using Webmail, check the boxes for all the spam in your "Held Mail" Folder. If it is all spam, you can use the checkbox in the top left corner of the matrix (under "Delete") or use its shortcut Alt+K to check all. Please note that this Select All Keyboard Shortcut was only changed to Alt+K in the "Held Mail" mailbox/Folder - it is still Alt+N in all other mailboxes/Folders. 11b. If you are using the VER screen, select the appropriate Action from the drop-down listbox "-- Select Action --". In this particular case, the Action should include either "report" or "Queue for reporting". 12a. If you are using Webmail, click the "Report as spam" link or use its shortcut Alt+E. 12b. If you are using the VER screen, check the boxes for the emails to which you wish to apply that Action. If it is all spam, click "Check All". 13. If you are using the VER screen, click the "Release / Delete selected messages" button to apply that Action. 14. Wait for the results on the next screen - if you get a timeout error, go "Back" in your web browser, "Refresh", and make sure your Action was applied. If it was not applied, go back to Step 11 above and try again. 15. Use the "Purge" capability of OE to clean up your non-SpamCop mailbox (if necessary and appropriate). 16. Review the following recommendation by Miss Betsy: Revision History: v1.02 by Jeff G., 2004/01/17 20:17 EST v1.03 by Jeff G., 2004/01/19 02:24 EST shortened Guide names v1.04 by Jeff G., 2004/01/21 12:00 EST adjusted for VER's impending doom v1.05 by Jeff G., 2004/01/29 01:30 EST adjusted for web posting v1.06 by Jeff G., 2004/02/04 00:40 EST adjusted for doom removal v1.07 by Jeff G., 2004/02/25 14:19 EST Select All Keyboard Shortcut was changed from Alt+N to Alt+K. v1.08 by Jeff G., 2004/02/27 16:41 EST Added Miss Betsy's recommendation. v1.09 by Jeff G., 2005/05/13 09:28 EDT Expanded Select All Keyboard Shortcut Explanation and moved this Revision History to the end.
  17. This forum is for discussion of pretty much anything that doesn't quite fit the other specific Help Forum categories, to include rants and raves!
  18. I don't think you'll find that Yahoo requires payment... I know they require payment for pop3 access, but I've opted not to pay, and spamcop is able to fetch my mail with no cost (just send a test message, which arrived with no problems). Malcolm I'm sorry, I was mistaken. Thanks for checking. I will correct the post.
  19. This is a Forum to help users with the SpamCop Reporting System. Questions about SpamCop Email should be directed to that forum (via this link which opens a new window), not this Forum. If your mail is being blocked, please read the the pinned item Why Am I Blocked? FAQ, before posting anything. You will also need to provide the complete text of the error or bounce message, including the IP Address of the system being blocked, if you still feel the need to post your query. For questions concerning your submissions of spam to SpamCop, please provide a Tracking URL which is found at the top of the parsing page. Those lines in the parser output read as: spam Header Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z641303267z04...fef3b3d92488bfz Skip to Reports Copy the URL. If you have a question about whether or not to send a report, please cancel the report before posting in the forum.
  20. Proprietary ISPs MSN Hotmail, MSN, AOL, and Yahoo! are supported via a special gateway called PopGate. Please use the following configuration on the POP Configuration page at https://webmail.spamcop.net/horde/imp/spamcop/popconfig.php or http://webmail.spamcop.net/horde/imp/spamcop/popconfig.php for each of them: POP Server: popgate.cesmail.net Username: Email Address at that ISP (including [at]hotmail.com, [at]msn.com, [at]aol.com, or [at]yahoo.com) Password: Password for that Email Address Please note that AOL Users incur minutes for the privilege of checking mail in this way. If you are not on an unlimited plan, beware! Please also note that Yahoo! normally requires payment for the privilege of checking mail via POP, but this method is free.
  21. This forum is for discussing setting up a new SpamCop Email account. Here, you can find specific information on setting up an email account for various ISP's and email programs.
×
×
  • Create New...