Jump to content


  • Posts

  • Joined

  • Last visited

Fuhrmanator's Achievements


Member (2/6)



  1. Hello, On this page: http://www.spamcop.net/fom-serve/cache/19.html There should be an entry on how to find full email headers in GMail that goes something like this: (from https://mail.google.com/support/bin/answer....amp;topic=1536) To find the headers from a message: Open the conversation. Click the down arrow next to Reply, at the top-right of the message pane. Click Show original. [edit - sorry I forgot to put Addition to http://www.spamcop.net/fom-serve/cache/19.html as the topic... unfortunately the forum software won't allow me to edit that...]
  2. Note: I'm not sure why, but when I clicked "Reply" on this forum entry, I only get quotes of the latest answers. The reply code seems to be b0rken on the forum when there are multiple levels of quotes. This is one reason I find forums less useful than a newsgroup (because the PHP code is often very buggy and full of security holes... plus I hate BBCode... but I digress...) I meant to ask, "What happens when I quick-report a misdirected bounce?" -- I assume now after having read a few more things that the originator of the misdirected bounce get's dinged as having sent a spam. I ask the question because I have received tons of misdirected bounces coming from lots of mail servers. But I have never seen a mail server that sent it to me show up on the block list - I suspect that bounces misdirected to spam-traps get treated differently than those reported by average joes? It could just be that it's relatively rare and there aren't enough dings to get the originator listed.
  3. Ok, at the risk of sounding like a master of the obvious, did you make sure the spam in question had body text? Also, how are you submitting the spam? Copying and pasting headers from Webmail programs (because they don't allow forwarding spam as attachments) is a pain. If you want an efficient way to submit large numbers of spam from Yahoo, you might find this tool useful: http://en.wikipedia.org/wiki/FreePOPs - For some reason, the web site is down right now (at least the DNS doesn't resolve in my neck of the Internet). I know you can use it for Google to download only emails in the spam folder. I have seen some references to how to download from only the Bulk folder on Yahoo, by specifying this field in the POP username: username[at]yahoo.com?folder=Bulk But I have never tried it with Yahoo...
  4. Here's what one looks like (I BCC'd myself on one recently, using the SpamCop preference to receive 'Personal copies of outgoing reports'): [ SpamCop V640 ] This message is brief for your comfort. Please use links below for details. ... (IP address) appears to be sending unsolicited bounces, please see: http://www.spamcop.net/fom-serve/cache/329.html [ Offending message ] ...
  5. Let's continue the adaptation of this content on the Wiki! Wikis do a great job of showing what has been changed by each person and we can see the motivation for the changes, revert them, discuss them, etc. It's a waste of our time to do this in a forum program, IMO. I can't easily see, for example, which parts you modified or added. Later this weekend I'll start the page on the Wiki, now that I have access (I only need to find some time). It's true that the link in the SpamCop report sent on a misdirected bounce is not clear enough (the SpamCop FAQ should be developed more for this kind of thing). Miss Betsy, are you saying there's no way to update the SpamCop FAQ from info that has been "matured" eventually on the Wiki?
  6. Hold the bus! I downloaded all of my spam, which was over 1000 messages, most of which are older than 48 hours and can't be reported anyway (which makes that move stupid)... At message number 928, I got a timeout on the POP connection. When I tried to check my email via Gmail normally, I got the following message: Prolly it's cos I downloaded so many messages... Ima wait 24 hours and see what happens. The lesson in all of this is to not download so many messages
  7. Awesome!!! This is a HUGE time saver. Thanks for posting it here! FYI, the URL that points to the Gmail plug-in is invalid on the Freepops site, and should be: http://www.freepops.org/en/viewplugin.php?plugin=gmail (the text of the URL is right, but the BBCode is not). One reason I dislike BBcode forums
  8. Hi guys, I didn't see any reference to the "unsolicited bounce" messages that SpamCop sends out (and for which I proposed a new FAQ entry in this same area). Should you include this kind of report on this page, or is this stuff migrating to the Wiki?
  9. Hi Steve - not sure what your point of posting that is. I have clarified exactly what you said in the questions ans answers that followed... or at least I thought I did...
  10. Ideally, I would have started this as a page in the Wiki, since that seems to be the most efficient way. However, it appears it has to go out in the forum first? Anyway... Question: I got an email from SpamCop saying "(IP address) appears to be sending unsolicited bounces." What is an "unsolicited bounce" or "misdirected bounce"? First, let's clear up the term "bounce". A bounce is a message, also known as a non-delivery report (NDR) or delivery status notification (DSN), which has been generated by a mail server to report on the delivery status of an email message. For example, a "bounce" could result when a user "Joan[at]from.com" attempted to email a user "Fred[at]to.com", but there is no such user "Fred" at that domain. The mail server at "to.com" generates a new message (NDR) and addresses it to "Joan[at]from.com" to let her know that her mail couldn't be delivered because there is no such user "Fred". So, the term "unsolicited bounce" or "misdirected bounce" refers to a bounce that is sent to a user who should not have received it. Using the above example, the mail server sends an email to "Joan[at]from.com" stating her message could not be delivered, whereas she never tried to send such a message in the first place. If your mailserver is sending "unsolicited bounces" it could get block-listed by SpamCop. This is because your server is technically sending bounces to users who don't deserve to get them. Question: How does an "unsolicited bounce" or "misdirected bounce" occur? The simple answer is that the "From" address (or the MAIL FROM field in SMTP) in messages your mail server can easily be forged, because of a loophole in the design of email protocols. This loophole is commonly exploited by spammers. They almost always lie about who the "sender" of a message is. Sometimes the "sender" is a random user that the spammer generates, who doesn't exist. Sometimes the "sender" is a real address, either because the randomly generated "sender" turns out to be a real address, or because the spammer has specifically used a real address as the "sender" without it being random.When a spammer addresses email to "Fred[at]to.com", as in the above example, he can also forge the sender's address to say that the mail is from "Joan[at]from.com". Sadly, "Joan[at]from.com" will receive an unsolicited bounce, unless the mail server for "to.com" is properly configured. Question: How do I prevent my mail server from sending "unsolicited bounces"? Configure your mail server to only generate bounces to local recipients. Using the above example, the mail server for "to.com" should only generate new emails to users who have sent email from addresses that are local to "to.com". Configure your mail server to reject messages at the SMTP session if they are addressed to invalid recipients. By rejecting the message at the SMTP session, any "bounces" will be sent by other mail servers involved in the transfer (ideally a server local to the sender, if indeed the sender is not a spammer). Sadly, it is not always possible to configure all mail programs to behave in these ways. But even AOL changed their mail server's behavior back in the days when this problem first began, because of how many people were getting "misdirected bounces". For more info on how to configure your mail server to not generate misdirected bounces, see the SpamCop FAQ entry at http://spamcop.net/fom-serve/cache/329.html#bounces Question: Why has this loophole (of being able to forge "From" addresses) not been fixed yet! The short answer is that the protocols used on the Internet to send email have to be agreed upon by all parties involved. Lots of solutions have been proposed. But so far, nobody has been able to propose a technical solution that is acceptable to everyone. First of all, the impact of such a change would be huge, because of the huge numbers of mail servers and the different software used to support those servers. In some ways, it would be almost like getting the entire world to convert their electric current to some new voltage. To understand why the loophole exists, it's useful to know that when the Internet protocol used for email transfer was designed, nobody anticipated that the users involved would misuse the system (how many times have we heard this before!). This is because they were mostly scientists and government contractors. Now, everybody in the world is using this protocol, and the spammers have taken advantage of the design flaw. The lawmakers have attemtped a legal solution, called the CANSPAM Act http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm, which bans falsifying header information in an email. Given that spam has increased in volume since this act went into legislation, you can see how ineffective this legislation is. Other solutions have been proposed and which are being used to help authenticate the identity of email senders, but they are only small steps with respect to solving the big problem of forged headers. A good explanation in technical terms the weakness of the protocol can be found at http://www.ironport.com/pdf/ironport_toc_bounce_report.pdf
  11. Please add videotron.ca to the list of ISPs that nuke outgoing, spam-related emails (they insist they don't do this, but I've tried forwarding spams to my other private addresses to no avail). Their brain-dead tech support droid stated that unless I can give them an NDR, they can't help me with the emails that don't get delivered. The left hand doesn't know what the right hand is doing.
  12. Thanks for your reply. Before I posted, I re-ran the mailhosts setup (add new hosts). Amnesix is a mail server of the University of Quebec, our school's ISP. The Mailhosts system doesn't propose it as a host when I do a sending. I still think that the message "no unique hostname" is wrong for the message 3, and should not be ignored as possibly part of the problem. Is there a way to force mailhosts to include amesix?
  13. Actually, I think I found the (or perhaps A) problem. I think it may be a bug in Mailhosts caused by a badly configured DNS. Look at the line 1 in the SC report cited above: ----------- 1: Received: From CREME.ad.etsmtl.ca ([]) by ns2.etsmtl.ca (WebShield SMTP v4.5 MR1a); id 109781108399; Thu, 14 Oct 2004 23:31:23 -0400 Hostname verified: grenat.etsmtl.ca ETS received mail from ETS ( ) ----------- Something strange: CREME.ad.etsmtl.ca resolves to and thus is not the same as grenat.etsmtl.ca ( Furthermore, grenat.etsmtl.ca does not have an AAAA record (which I think may be what's causing the problem in the first place, since it exists in IP4 but not in IP6). Grenat.etsmtl.ca resolves to (A record) but doesn't resolve in IP6 (AAAA record). So, if SC does reverse DNS on A and AAAA records, then perhaps that's part of the problem. If it is, it would seem that SpamCop's error message is delayed. Many things seem screwy on my schools config, so perhaps it could be a combination.
  14. Hi there, My school and its ISP have had some wonderful past experiences with configuring the DNS servers such that it causes problems that are tough to debug. Right now, when I try to report a spam, SC says that one of the servers can't be trusted, because it doesn't have a unique host name (I suppose that either means it doesn't do reverse DNS properly). Here's the line from the detailed SC report at http://www.spamcop.net/sc?id=z682460723z81...bd83041296564dz ---------- 3: Received: From Amnesix.uqss.uquebec.ca ([]) by ns1.etsmtl.ca (WebShield SMTP v4.5 MR1a); id 1097811082122; Thu, 14 Oct 2004 23:31:22 -0400 No unique hostname found for source: ETS received mail from sending system ---------- I used an on-line web tool to reverse DNS and it yields the following: ---------- Reverse Lookup Results Host Type Value PTR Amnesix.uqss.uquebec.ca 51.77.192.in-addr.arpa NS clouso.risq.qc.ca 51.77.192.in-addr.arpa NS Amnesix.uqss.uquebec.ca 51.77.192.in-addr.arpa NS Asterix.uqss.uquebec.ca clouso.risq.qc.ca A ---------- The PTR line appears to match what's in the SMTP header -- not sure if that means the reverse DNS is good. But perhaps SC's lookup was different (or worse, the reverse DNS is giving intermittently different results from different places -- this was the kind of problem we were having last year). Can anyone help me understand where the problem is? In the mean time, I've stopped reporting spam, since it wants to point to my school's ISP as the source (which I highly doubt). Thanks!
  • Create New...