RobiBue

@ArtmakersWorlds I brought Petzl's images into the thread, hopefully you can see them to follow the instructions. (just as a side note, I do not use any mailhosts at all. never had a problem unless SC or Google created it ) @petzl wrote: Here it is by pictures there are 3 mail hosts for Yahoo email Check ALL 3 of them '(default has only one checked?), click proceed Your email account will then give 3 links click 1 at a time mine was very quick Your email will get 3 separate messages Open 1 at a time then at top of email next to spam click the 3 dots ... and select Raw message Then paste full body and headers into top/first box then repeat for each email That's it all done

⬆️ (mailhosts tab on https://www.spamcop.net ) Now, it that doesn't solve the problem, only then, in this page, right here, scroll to the top and move your mouse over the Browse "tab" as shown in the image below then click on Staff and send a message to Richard W asking him for support with mailhosts on your account. You can ask him to check this thread, but I suspect he'll know what it's about and he might help you resolve the issue from his end.

My apologies. SC stands for SpamCop and HTH stands for Hope This Helps (or Hope That Helps) If you look closely though, you will see both of the acronyms lightly underlined, and if you move the mouse over it the expanded word will pop up Also, I'm glad you found the tracking URL (Universal Resource Locator colloquially known as Internet Shortcut) With regard to (WRT) the mailhosts, I'm glad petzl explained it, since I don't use mailhosts at all and wouldn't even know where to start except for that they either need to be disabled in some instances or reset if the email provider changed their settings.

this last one, when I ran it through without mailhosts, came from a google system. Unfortunately google doesn't like to work with SC and the reports get sent to a "garbage bin" but still count as spam towards the IP address and it gets listed in the Block List... I'm posting the example here because it's too old to submit SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6776170797z8dd80ccdfa3288da9b205c61cab5b9bcz Tracking message source: 209.85.217.52: Routing details for 209.85.217.52 [refresh/show] Cached whois for 209.85.217.52 : network-abuse@google.com abuse@google.com redirects to google-abuse-bounces-reports@devnull.spamcop.net Using best contacts google-abuse-bounces-reports@devnull.spamcop.net <--- that's the "garbage bin" (in UNIX circles known as /dev/nul aka nul device ) Sorry, this email is too old to file a spam report. You must report spam within 2 days of receipt. This mail was received on Mon, 29 Aug 2022 12:22:46 +0000 Message is 19.5 days old 209.85.217.52 not listed in cbl.abuseat.org 209.85.217.52 listed in dnsbl.sorbs.net ( 1 ) <--- listed! 209.85.217.52 not listed in accredit.habeas.com 209.85.217.52 not listed in plus.bondedsender.org 209.85.217.52 not listed in iadb.isipp.com SORBS (spam and Open Relay Blocking System) has the IP address listed and Spamcop has 209.85.0.0/16 listed with 47072 spam reports! and that's why I believe that google bounces spam reports....

It doesn't have to do with Yahoo!'s mailhost config. Your SpamCop account has mailhosts set up, and by removing them it should work as intended. In other words, edit your mailhost configuration (petzl's link doesn't work btw... ) under the tab [Mailhosts] (as shown below) you can edit, remove, or disable? the mailhosts. HTH

Without the TRACKING URL (like I am posting below) nobody here will be able to help you since there are so many different reasons for the "nothing to do" message and only through the parsing messages we can see what the reason is. if you are worried that anybody could find out your email address or name or any personal information, SC munges the to: <email@examlpe.com> address replacing it with to: <x> and replaces some characters in the Message-ID: with underscores ____ Here's mine I just submitted: SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6776145388z6080b6709295cf287a14b891e44aee45z if you follow the link in the report you'll be able to see that the headers have been munged by SC at 4 different places... HTH

Although it would help if you, instead of posting a screenshot, would just post the link SC returns (like petzl mentioned) at the top of your report, I did notice that the error message in your screen shot mentions a Mailhost configuration problem I suggest to disable or remove the mailhosts you set up since that seems to be the culprit of your problem. HTH

@DaveO8888, have you tried turning off your mailhosts like Gnarlymarley suggests? it seems that therein lies your problem. Worth a try...

I do get them occasionally. I never click on links in messages I don't know and trust the sender of, since they could be links to a virus, and oftentimes I confirm with my trusted sender the reason for sending me the link, that it was intentional and if I really need to open it. Just trying to keep my system secure on my side. Since I use gmail as my primary email, I report those messages as spam in google itself (without even opening the message) and then, once marked as spam and in the spam folder, I report them additionally as phishing messages.

Just did a quick google lookup on salesforce and exacttarget. Surprising information what salesforce has done in the last decade and a half! surprise: Salesforce bought exacttarget in 2013 for $2.5 billion and having it renamed to Salesforce Marketing Cloud. in other words, whatever you send to exacttarget and "many other bought companies" by salesforce should go to salesforce. I do have the feeling that salesforce is getting away as "innocent" because everybody thinks that the companies they bought during these last 15 or so years are independent, alas they are owned and operated by salesforce!

the way you explain it, it seems that salesforce doesn't understand spam at all if they think that unsubscribing the recipient from the mailing list would stop any spam... 🤦‍♂️

I have a spam history dating back to mid-early 2018, although I've been reporting spam much longer than that (if memory serves well, since early 2000 -- I think I registered with SC in or around 2004 and in the SC forum around 2018) I used to not get reports sent to myself as I didn't deem it necessary. I've had several times in the past where I received ~100 spam a day and reported them all (with a scri_pt to make it easy on myself) and usually it didn't take long for that spam slew to stop. Currently my weekly spam is around 6 spam received/reported in 4 different days. Last month ( 30 days ) I had 26 spam messages, that makes it under 1 spam/day and I'm happy with that... WRT "spammers are smart", there are Rules of spam where Russell's corollary says Never underestimate the stupidity of spammers. yes, they are persistent and annoying, and still they get arrested and face time in prison/jail. I keep reporting, doing my part Robi

I'm not sure if that would be a problem for me, since I have multiple email addresses and depending on the reason for sending an email, I send it with a different "account" but always through the same email service. I'm not sure if my email provider uses SPF (I was at the beach not too long ago and was reading SPF as Sun Protection Factor at first glance 🤣) but I'm able to send as different accounts on the same platform "spoofing the addresses"

several years, unfortunately not, as spam reports get to be removed after a certain amount of time... how long, I'm not sure.... https://www.spamcop.net/mcgi?action=showhistory&slice=&val=0&offset=0&query_type=4 this link is the report history of the last 3 months (90 days). I send myself a report which I keep for posterity I have the spam message with that, but SC has already removed the spam report from the beginning of this year: this screenshot is the report link result from a spam message I reported on Jan 4th this year... my private spam history goes back to 2018 but even that one I tend to weed out after a while since, in my experience, spam site owners tend to drop/change their URLs after some time... HTH

yeah, I believe google has (takes) a different approach to spam and scams... that's the reason they don't take SC reports, at least to my presumption.

I look at those email addresses and find they are @gmail.com and @yahoo.com First, how were those email addresses "collected"? did whoever listed them make a list of the "from:" headers in the spams? if so, then, just to make this clear, it is unreliable, as I can send emails with a "from:" showing any email address I want to send it as. I have sent emails listing the from as the recipient I intended to reach. it was as a joke to show someone that they could receive emails sent from themselves without having sent the email themselves. Second, "help us by immediately blacklisting all ... domains" ... sure, blacklist yahoo and gmail... like that would ever happen... I use gmail and yahoo both, and am pretty confident that those domains will not be blacklisted... I submit gmail spam to spamcop through my gmail address and don't get blacklisted

In my experience, SC works. There are of course some exploits s[cp]ammers do although it always depends on the hosting company if those exploits get shut down or if they prefer the dirty money flowing in... .

The people who run your ISP must have lost their thinking cap or misplaced it somewhere... Oddly enough, and sadly enough, they are right about "spam created and sent from your computer": someone created the spam you received, and you sent it from your computer as an attachment to spamcop. The sad part is, that their neurons are misfiring and not relaying the correct messages between the frontal, parietal, and temporal lobes while completely keeping the hippocampus and prefrontal cortex out of the loop. In other words: Reasoning, comprehension, and understanding are not being used, which in the end leaves them with no context to effectively make the right decisions...

I believe what Petzl sees is only available if you have a "paid" account, meaning that you added fuel to your account...

uhm... OP did... just check what you quoted... albeit according to DKIM and ARC, the message has been modified and I wouldn't trust most of the received lines...

This is Gold! Thanks! 🤣

some ISPs (like Cox in your case) use spam filters to prevent spam to leave their "ISP domain" and cause them to get blocked. Reporting spam by sending spam message content causes the spam flag to be raised, unfortunately, even though it is a legit way to report abuse. A workaround to that issue is to use the financial institution's internal messaging system (if you're their customer) through their website. If you're not their customer and just want to be proactive, then unfortunately, unless they do have a way to communicate to them via their website, it won't work. For situations like those, you can create a gmail account and send them those reports that way. I have a gmail account and receive those gmail spams as well... I report them both directly to google and via SC which on one hand gets /dev/nulled and on the other hand is like shooting my own foot since I'm on gmail too

I agree with you there wholeheartedly! Oftentimes, though these spammers only need to move their website to a different provider and send out a new slew of spam. They know that both, links and mailhosts are short lived and take that into consideration. A year or two ago (maybe 3) I witnessed a case where the Coca־Cola® company had moved an IP block to a different country region and left it sitting there, unused. Some spammer punk managed to get hold of that address block and was using it to send spam and host his junk... SpamCop couldn't report it because the address space was, if I'm not mistaken, in limbo, meaning, not fixed for use... and out of IANA's hands... ARIN had flagged them for APNIC to manage, but APNIC somehow had them, as I mentioned, in limbo, unused and unaddressed. When I contacted them, they said they don't own them and when I contacted ARIN, they pointed me to Coca־Cola®, who said they didn't own that block... meanwhile the spammer was a happy "camper" living in a limbo place, nobody could touch him... Anyway, after months of receiving and reporting to /dev/nul, I eventually got lucky with an IT guy from Coca־Cola®, and he managed to kick that freeloader out of their IP address range. If I'm not mistaken he had a pretty rough time to address all the blacklistings and clean up the mess that was left behind. I can't find it right now, but I still have that thank-you email saved somewhere... But as I mentioned, when it comes to situations like these where SC /dev/nulls the reports, it's up to whoever is reporting it to decide to dig in further and get the attention of the IP address range owner. There used to be, and probably still are, spammers who buy or rent whole IP ranges and then sublet them to themselves. Being the "upstream" owner, they receive the complaints and know who is reporting them. That is one downside of personally reporting spam... I know that in my lifetime of reporting spam, my email address ended up in a slew of spammer lists (black books perhaps)... I can live with that

I have to point out something that has not been addressed in this thread but has been one of spamcop's main rules: spamcop's main concern is to stop spam flowing into people's inboxes. This means trying to disable the spammer's mail hosts through reports. Secondarily spamcop tries to disrupt links in the spam bodies, but that is a two-faced sword since links can be real spammer's addresses, redirect links which get eventually to the real spammer's address, and innocent bystanders because spammers just don't care the 3. point is one of the reasons spamcop doesn't go too deep into following those links if there are too many or if they fail. spamcop does try to address them, but there are threads where it is clear that spammer links are of lesser concern. if these links fail, it is up to the person reporting the spam to decide how to address the links and perhaps report them manually.

@efa, I understand that SC places an underline between "scri" and "pt". sorry, I took that into consideration but wasn't thinking about when I posted the results that SC would change it again... I didn't have the underline when I tested it... Also, you are correct as the link in a regular browser (not wget) resolves to the captcha. that is, though, I tried one (again changing the encoding after "/exec?"), though tried it in a sandbox, meaning that any viruses or malware wouldn't load, and ended up with a and trying the same with wget, I get website is gone for good. $ wget --spider https://scri_pt.google.com/macros/s/AKfycbzxra5XDuH851z_-0ptwyahTi8dXFAt1TiJm2Dr1aabG8wB6QaU70axslNkwpmVwcrCtQ/exec?bnVueWFAYnVzaW5lLnNz Spider mode enabled. Check if remote file exists. --2022-01-21 18:59:20-- https://scri_pt.google.com/macros/s/AKfycbzxra5XDuH851z_-0ptwyahTi8dXFAt1TiJm2Dr1aabG8wB6QaU70axslNkwpmVwcrCtQ/exec?bnVueWFAYnVzaW5lLnNz Resolving scri_pt.google.com (scri_pt.google.com)... 64.233.185.113, 64.233.185.138, 64.233.185.100, ... Connecting to scri_pt.google.com (scri_pt.google.com)|64.233.185.113|:443... connected. HTTP request sent, awaiting response... 403 Forbidden Remote file does not exist -- broken link!!! again, used "scri_pt" without the underscore (I know, SC puts the underscore back in) the regular browser goes to $ wget --spider https://lirkv.bar/?bnVueWFAYnVzaW5lLnNzJnM9am1sX0RhdGluZ18xMzA3MjAyMV9zY3JpcHRnb29nbGU= Spider mode enabled. Check if remote file exists. --2022-01-21 19:16:58-- https://lirkv.bar/?bnVueWFAYnVzaW5lLnNzJnM9am1sX0RhdGluZ18xMzA3MjAyMV9zY3JpcHRnb29nbGU= Resolving lirkv.bar (lirkv.bar)... failed: Name or service not known. wget: unable to resolve host address ‘lirkv.bar’ after clicking on the captcha, that is the link that gets redirected to, and it seems it's gone for good... somehow action is being taken... If it's due to your reports, then you're doing a great job! edit: and yes, the google redirects will remain. It is a nuisance, unfortunately, and it would really be nice and professional from google if they could clean up their act.