MIG

Hey Lisati, Sorry I didn't acknowledge your post, didn't see it... need new eyes.. Thanks for the explanation, "keep an eye, special handling" GH can understand... Re "report now", yes I didn't clear/cancel the 2nd parse - thanks "TEAM😁!"

Thanks Petzl, Geez, GH thought SCA was Lvl3😩. Anyhoo, it just got weirder, I received an email from SFB@L3 thanking me for notifying an abuse address I didn't notify😵 I simply do not understand why SCparser doesn't know "that" abuse address, why does it have to go all the way to Lvl3? (feels like dealing with KGBMi5FBi)... Re "submitted SC report", I did, I used account that has my email address as recipient, n then, I parsed with acc that has no email address so I could post the URL here.... 'Cause, as we know, SC doesn't have the facility to keep recipient email addresses private... Maybe I didn't cancel the 2nd parse, I'll check, thanks for the heads-up! Cheers! GH

Hey Petzl, "Go to SCA", I understand, "Bitbinned, but not to SC", I don't. Why not devnull it with the regular redirect to SC? GH still confused... Cheers!

Hello All, https://www.spamcop.net/sc?id=z6545751660z5e326ea89b256a6150d73e004fb98521z Is there a logical explanation for "I know this ISP's abuse address", as opposed to the actual information ?(which I know, unsure if I need to put it here) ? confused GH

Hey Tesseract, Thank you! " common factor seems to be an invalid host name both for starting with . and for containing @ " I agree, using account with MailHosts configured - my results match yours, using an account without MailHosts, the results are: https://www.spamcop.net/sc?id=z6545556269zcc99c68f6b5503a9beee14fed8dfa944z https://www.spamcop.net/sc?id=z6545556709z3accdd54783b338901c40c748bee5947z https://www.spamcop.net/sc?id=z6545556992za7eece61ab47f04741f34bc8b0d86b17z 🤔 G🦗 H

Hey Jelmer, Welcome back, no apology necessary! MailHosts disabled: the successful parse was done with an account WITHOUT MailHosts, I'm reluctant to tamper with my SC account (with MailHosts) as they were a bugger to set up, reluctant to go thru that one again, "disabled" that's another thing all together....🤔 NW/ changes, chk MailHosts: yep! Good idea. (a) 🤔 (b) 🤔 (c) Not always, my rule of thumb: if SC parser produces wonky results, I change accounts (MailHosts/No MailHosts) & reparse, if, both accounts are unable to successfully parse I start digging and come here for support... (d) Good idea. Cheers! G🦗 H

Hey Tesseract, I reparsed, firstly I removed: From MAILER-DAEMON Fri May 10 02:41:48 2019 Return-Path: <> X-Original-To: x Delivered-To: x I also amputated the embedded http links, not necessary to get a resolved parse, just based on my understanding of information provided by knowledgeable SCF members, each time a link is parsed it's a hit for the spammer... grrrr Results: https://www.spamcop.net/sc?id=z6545327526z3c3d9b7ea27f204c8c57cac8f816abb7z Re "removed" stuff, I probably can't explain without confusing everybody, however, the previously referenced knowledgeable SCF members, I'm sure, will pitch in with sage advice... I'm curious to test again if you'd like to share the other tracking URLs please? Cheers! G🦗 H

Got it.. I've seen those, they're bigger than my lounge/office combined👀 Cheers! G🦗 H

Hey oZoneCapHill, With all Outlook/Hotmail mail, the "original"/Classic or "new", was BETA, now referred to a "production" by MS, always remove the first: Received: from xxx all the way through to +0000 In the example you've submitted it's as follows: Received: from AM5EUR02HT165.eop-EUR02.prod.protection.outlook.com (2603:10b6:a02:a8::18) by BYAPR02MB4678.namprd02.prod.outlook.com with HTTPS via BYAPR03CA0005.NAMPRD03.PROD.OUTLOOK.COM; Sun, 5 May 2019 11:38:40 +0000 The explanation provided by SpamCop Admin (as to why it's optimal to do this), was/is: "A couple of years ago Hotmail had to give up two /16 networks they were using (33,554,432 IP addresses) as they were not assigned to them. Microsoft had to quickly reconfigure their network and used IPv6 to do so. Unfortunately when doing so, they did not do it carefully and make sure they had full name resolution through out the network, where the forward and reverse dns on each server matches. This means we can't trust their headers and will often take them as the source of the spam." Using the SC URL you've submitted I removed the above "Received, etc > +0000", ran it thru SC, using a SC account with MailHosts , this is the result: https://www.spamcop.net/sc?id=z6543932098z889c38dc916f2b763336930b55cf1af9z **** To address the MailHosts issue, (imo) the fastest, most successful & least painful (for you) solution, is to contact SC admin, provide details & ask for their assistance. Many folks have either had trouble setting up the hosts & or, having modified previously setup hosts, find the mods have "buggered" up spam being parsed successfully... **** Back to the SC URL you've provided: The 2nd issue (when the SC generates a result) is "no links detected", irrespective of the fact there are indeed embedded links... There's various good commentary, across SCF, as to why the parser may not detect links & why this is less of an issue than the parser not being able to parse the spam at all. I think from memory, these posts also contain: "try x", "try y", solutions, in some of the posts. With your specific URL, I'm unsure if the reason, is a failing by SC parser, or, the actual formatting in the message body. Again, with your specific URL, the links resolve to: 111.90.150.137, AS 45839 (Shinjiru Technology Sdn Bhd), abuseATshinjiruDOTcomDOTmy Condensing all of the above: with working hosts & modifying the spam, before presenting to SC parser, it would be good to see if there's better results. Cheers! G🦗H

Don't you have a 📺 Petzl? ***Exactly!*** Mark Twain was a very smart man, 'cept, in "our" case, any change means more of the same😩

Surprisingly (to me anyway) I do know the answer, 15 years in Oct. And, on the graves of all my treasured ones, I've never, never, had 1 spam in my Yahoo acc, Hotmail on the other hand, until I found SpamCop, I believed my details had to be on some out-of-control-crap-web-rotation... CieLeVie. Avagoodwe Petzl. Election soon, gird your loins! G🦗 H

😕7 years ago? Not disputing the reference or the rationale Petzl , just curious...🤔 Cheers G🦗 H

10-4 Petzel, ?, are you "saying" the 3 urls in this topic are from spam the source of which is yahoo? Curious... Cheers! G🦗 H

Hey Petzl & Lisati, Yahoo acc 15 years, it's been good for us, never had one spam, not before the "Oath" change & not since, seamless🤫, have to shush that comment, don't wanna jinx them & start getting a flood. 74.6.130.122 - HOSTNAME: sonic316-12dotconsmrdotmaildotbf2dotyahoodotcom DOMAIN: yahoo.com Organization: Yahoo! AS 26101 (Yahoo!) NETWORK OWNER(ISP): Oath Holdings Reading the reference article "Oath was renamed Verizon Media 08/01/2019" Looks like their changes have been many & not complete, no surprise, that's "business" in a "Global" world. Cheers! G🦗 H

MTA, not sure if it's "commonly" used, it is used by SCF members.... Meaning? No idea. Thanks!

It's "later", so another observation for you salfordian, the "topic heading" I referred to was YOUR "topic heading..." Based on this topic & your previous, you have "tude", that & paranoia are treatable conditions, seek help.

Excellent story Master, 'cept for the deader bug 😭.

I know Petzl, & few SC others, you salfordian, on the other hand, have a bit of a "questionable" rep, shall we say. Looking at previous posts is an absolute baseline for ANY person with ANY technical exposure/nouse. What are you afraid of? If you'd pull your head out of wherever it is you'd see Petzl didn't ask ?s to your so called "general observation question". If you're going to name call at least target the offender. You're a tad defensive salfordian, one wonders why? Well actually I would, but, I can't be bothered. Later!!

Super!!! Good digging Bolandross⭐Thanks for posting back, much appreciated. Your information will help others as well as you & me! Happy, happy, joy, joy! Cheers, G🦗H Master, Forum Admins, 🦗 doing cartwheels & high 5 emojis required please?

Hey @bolandross Is this what you see? If yes, have you filled in your email address in: https://www.spamcop.net/mcgi?action=showadvanced [PREFERENCES][Personal copies of outgoing reports] ? If you've not done so, please enter your email address, select [SAVE], log out, log back in, parse a spam, see if the info you need is available? If it is, please let us know & if no, please let us know & please include the Spamcop Tracking URL? Thanks! CheersG🦗H!

FITYMI = 😂, n, G🦗H's always diverge, try hopping everywhere, you'll find out.. I'm happy to get back OT, got a few spare TURLs so I can test, n answers to my ?s pleeeze Master?

Might be I'm a deluded G🦗H but, I'm of the belief Master, you rarely spend any time in a state of confusion, not becoming for a Master, 'n, last time I read "The Road to becoming (a) Master", worth reading, recommend to all; the 1st chapter was how not to be confused, 'n the 2nd chapter was, if you fail chapter 1, how to convince everyone you passed... 🙇 G🦗H 🙇 - does anyone/everyone know when the male bowing emoji is selected, it transforms into a female bowing emoji 🤔? That's a whole new discussion. Bye!

Hey Master & all who are on this one: 1. If I'm logged out, doesn't that take away the "ownership" element? Anyone like to pitch me a couple of TURLs so I can test further pleeeze...? & [View entire message] Logged in: https://www.spamcop.net/sc?id=z6537922468z2b2e813402d293f1e52e3f50e513a151z entire msg visible https://www.spamcop.net/sc?id=z6537922468z2b2e813402d293f1e52e3f50e513a151z;action=display Logged out: https://www.spamcop.net/sc?id=z6537922468z2b2e813402d293f1e52e3f50e513a151z entire msg visible https://www.spamcop.net/sc?id=z6537922468z2b2e813402d293f1e52e3f50e513a151z;action=display 2. No is not an answer, well not for a G🦗H, anyways, if 'full email" & "entire message" aren't the same, what's the difference pleeze? Always learning G🦗H🙃

Huh, cogitating, It's early, G🦗H yet to have a coffee.... Logged in OR out, doesn't "View entire message" achieve the same result? Are 'full email" & "entire message" two different things? 🦗Confused....

Hey RobbieBue, Thank you! 1. That's what I thought Klappa meant, I wanted to clarify so I could add the info, specific to his query, rather than go down a deep dark rabid hole. It's great you answered (both). It combines the two issues clearly. Given some SC doco is outdated, the more often SC idiosyncrasies are clarified (in the forum), the more people git helped😄 Cheers! 🙏🦗