Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Reporting problems today?

    Just a quick note that I got the following from 2600:6:340:1::41ab:a791, if it helps. Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.76a7ab41.1341613235.10034406 EDIT: It appears to be working again.
  2. gnarlymarley

    Reporting problems today?

    This is an issue. From the stats page, I noticed that is has dropped considerable. From my time on a university helpdesk, the hardest problems to diagnose were the intermittant ones. Since this works at the high usage times of the day and stops at other times, it is much more difficult to diagnose. If I knew how to help, I would start gathering information. This I know, the problem is the same between me and both IPv6 and IPv4 frontend servers. This looks like a backend server issue. I wonder if the frontend servers are trying IPv6 to the backend servers and failing?
  3. gnarlymarley

    Reporting problems today?

    It is odd that this is only certain times of the day where the issue arises. When the issue does happen, both the mail host section and the reporting section on the only place that I have been able to detect the issue.
  4. gnarlymarley

    error: Headers not found

    Well, all is working again and I am not able to duplicate it with the received lines. I noticed that gmail puts a bunch of spaces at the beginning of the RFC822 message, but the "Return mailhost configuration" screen still accepts it. The only wait I can get the error to duplicate is to start the headers with "Hello SpamCop user,". It could have been related to the partial outage. Don will find something when you forward the message to him.
  5. gnarlymarley

    error: Headers not found

    Ouch on my part, as "Show Original" was called "View Source" on the last gmail template. If I recall right, there is a body box and a header box. It sounds like you are pasting the whole thing as one message into the header section as expected. I am not able to test it as I have a permanent "Gateway Timeout". As soon as it comes back, I can try this myself.
  6. gnarlymarley

    error: Headers not found

    Ah, when you copied out the mail host email out, did you use the drop-down option on the right for "show original"? Gmail has the headers hidden there. SpamCop needs these headers to see all servers that test message goes through.
  7. gnarlymarley

    error: Headers not found

    A tracking URL could be also helpful. When I get a message like this, it could means that SpamCop could not see any headers. This could be that your spam came from and internal Gmail users.
  8. gnarlymarley

    discarded as a forgery

    Please note that once you get your mail host configuration setup, that you go back to the old tracking links and verify that they are picking up the setup properly.
  9. This is true for the immediate future, however, over time, if you keep up a regular schedule of reporting spam, the spammers will get fed up and leave your address alone. This took me about six years after signing up for SpamCop for my received spam to trickle down to one message every two days from twenty messages a day. Thanks to the SpamCop block list, my average rejection rate is 6 spam messages a day. Please take special note in what Don says about accept and bounce, which should never be deployed. The only true options are to either reject the message during the connection, or to send it to the bit bucket. Yes, once we all work together as a group, we can trim down the spam.
  10. gnarlymarley

    IPv6 Routing Support

    Good news to all the IPv6 folks out there. http://www.spamcop.net/sc?id=z5324131362z4...47234ee1c0da1fz There is some stuff still lacking like this tracking link I found couldn't find a person to report to, but that should be a minor fix. It is something about "Cannot find ip range in whois output". turetzsr, I think you have connections with Julian. Can you pass on the congratulations?
  11. gnarlymarley

    No Source IP Address

    A tracking URL would be most useful, but without it, I will try to answer the question. SpamCop tries to track mail-hops, but there exists in both IPv4 and IPv6 something called private (or internal) addressing. This is used when the message is behind a NAT (,,, FEC0::/10, or FC00::/7) and is using one of these addresses. When SpamCop encounters one of these addresses which is not globally route-able, it cannot track the source of the spammer. If SpamCop thinks the internal mail-hops is tainted, it will stop tracking all remaining mail-hops.
  12. gnarlymarley

    [Resolved] How do I change my password?

    For reporting accounts, make sure you go to http://www.spamcop.net/ and login. Click on "Preferences" and the third option down is "Change Password".
  13. gnarlymarley

    IPv6 Routing Support

    We should face the facts that IPv6 is not human, nor code friendly. IPv4 was easy to code for because it HAD three periods. IPv6 can have any number of colons, but not more than eight. Code that matches IPv6 will always be complex and never as simple as IPv4, as seen below. I suspect this is partly why SpamCop has not fully implemented it yet. m/^([0-9A-Fa-f]{1,4}:){1,7}([0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|([0-9A-Fa-f]{1,4}:){1,1}(:[0-9A-Fa-f]{1,4}){1,6}$/ These are some generic questions, but I believe they get to the root of the problem. How do you go about reporting IPv6 to the upsteam, which is to say the ISP? How do you add the IPv6 address to a block list? I believe the main reasons for the delay is that they do not need to just match IPv6, but they also need to get other underlying code updated as well. We know that they are able to find the IPv6 address now, because the page says it found IPv6 and stops. I believe that SpamCop is working on the whois, reverse DNS, blacklisting servers, and also working with the abuse.net DB to get all of it IPv6 compatible. SpamCop needs to get all of their code updated so it handles IPv6 in all of the code, not just the detector portion.
  14. gnarlymarley

    Why Trusted?

    Trusted means that someone has tested the relay site in question. The two major requirements are that it is not an open relay and that the server is not owned by a spammer. A quick forum search returned the following: http://forum.spamcop.net/forums/index.php?showtopic=1172
  15. gnarlymarley

    IPv6 Again

    The main problem as to why IPv6 is taking so long is, how can you properly check for accurate IPv6 headers? Below is a snippet of email that I get which uses IPv6 in transit. I was not immediately able to locate the RFC that is more specific than RFC 2822. RFC 2822 does not dictate the format as exact as one would like. This can make decoding the lines by scri_pt or program more difficult to decode. Received: from hub.freebsd.org (hub.freebsd.org [iPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 22EA01587C2; Mon, 26 Mar 2012 00:37:01 +0000 (UTC) Received: from hub.freebsd.org (localhost []) by hub.freebsd.org (Postfix) with ESMTP id 0C3841065675; Mon, 26 Mar 2012 00:37:01 +0000 (UTC)
  16. gnarlymarley

    IPv6 Routing Support

    You are correct there when we talk about it being harder than we thought. In IPv4 we had periods to divide the octets and colons to separate the port number. We would have been fine if they had kept the same number of colons in IPv6, but they have "allowed" IPv6 to collapse the address. This will make it near impossible to find the address, especially since some mailers put a port number in with the host address, and that means there might be an extra colon and a port number. Tack on top, the idea of the collapsing address and it could change the IP that fast.
  17. gnarlymarley

    IPv6 Routing Support

    You have some localhost IPv6 header. Here is a teredo IPv6 header that may help in the debugging process: http://www.spamcop.net/sc?id=z5267442767zf...eac94b71891f3fz BTW, what else can I do to help get IPv6 support going? It seems that SpamCop has been planning IPv6 support for over two years now.
  18. gnarlymarley

    How to tell Spamcop to ignore your spam

    Interesting. I had a message that had the IPv6 address in the first occurrence about a year ago that I posted to these forums, however, the reporting link has already expired. The issue is that some mailer programs put the port along with the IP in the headers. IPv6 uses that same colon delimiter in its address. This will make the parsing portion much harder if you have to decipher the port difference from the IP.
  19. gnarlymarley

    Blocked IP for no reason!!!!!!!!!!!

    Spamcop does not block emails. They provide a blocking list service. Individual vendors block emails. I have checked my IP & it does not appear on your blocked list???? This is a user based forum. Please provider more information that we can help you with, like the error message from the email server to which you are trying to sent a message. Sounds to me like someone misconfigured their email server.
  20. gnarlymarley

    Analyzing (SpamCop) Quick reporting data

    I believe that Fred is just looking to see when and which admin was notified. The reports, however, only show that an email was sent at what time and not whether it bounced back. If the bounce was tracked, it may have held up in court. Since the bounce is not tracked, there will be issues maintaining whether an admin actually saw the report. (This is why it will not hold up in court.)
  21. gnarlymarley

    am i reporting spam correctly

    This is normal for message that were forwarded inline to your reporting address. Since SpamCop can only trust intact and untouched messages, it will only allow messages that were forwarded as an attachment. This message will contain the headers of the email that was sent to the delivery address
  22. gnarlymarley

    Am I Spamming Someone Else?

    If you look closely, you will see that your mail is coming from You should be able to trace it back via the RIPE whois to Amsterdam. As for reporting, technically you should only report the bounce you got from Yahoo's mail servers. The actual UCE messages was sent to them, so it is their spam.
  23. gnarlymarley

    I can't seem to report half of my spam !

    Ancient Galaxy hotmail.com is known to present the raw messages in this kind of format with blank lines in between the each line. In order to report these message from you would need to remove the blank lines between the headers such as found in http://www.spamcop.net/fom-serve/cache/22.html.
  24. dg3274, I agree that a tracking URL would help a bunch here. Anyone can get an old tracking URL by going back to reports and looking at the history. Without a tracking URL, all I can say is that from what I know, moomurl.com points to cloudflare. At this point, we cannot verify their "proxy service", so shouldn't they be the ones to report back to the original site? Non-authoritative answer: Name: moourl.com Addresses: CloudFlare, Inc. CLOUDFLARENET (NET-199-27-128-0-1) - CloudFlare, Inc. CLOUDFLARENET (NET-173-245-48-0-1) -
  25. gnarlymarley


    I just got a spam from an external IPv6. Below is what you will see from exim. I suspect that due to IPv6 World Day, we just might starting seeing more of these. This is my second one. I did not think to report my first one that was about five months ago. FYI, tracking link below. Received: from [2a01:c0:2:dd:21e:c9ff:feff:66d] (helo=Kook.kookhost.com) by kaysville.yaritz.net with esmtp (Exim 4.66 (FreeBSD)) (envelope-from <proseguros-insure[at]msn.com>) id 1QWHSC-0005K6-CZ for me[at]yaritz.net; Mon, 13 Jun 2011 18:25:37 -0601 Unable to process header. IPv6 addresses are not supported. No source IP address found, cannot proceed. http://www.spamcop.net/sc?id=z5037524167z6...5e80fd223a6f2cz