gnarlymarley

Are you talking about cesmail? My reporting account does not have folders.

I added my own blocking list. My spam filter doesn't reject email from any single list. I has to be on multiple lists. (I no longer have seen false positives.) Also to note that when properly reporting, it feeds spamcop's blocking list. The list can also add to the spam score.

This is why in gmail I use the "Download Original", so I can get the image in what I report.

When I setup mine, I need to include any forwarders. I setup my mailbox first and then the forwarders. If you do not have separate email addresses and email forwarders in the chain, then you might want to contact the deputies for help on this. If so, send a email to deputies [AT]spamcop[DOT]net asking to fix.

I have been using SpamCop since the logo and background were yellow instead of blue. One thing I noticed, is there was a period of time where spammers would end up figuring out my address and do "revenge spamming" to me. One day I got about 400 and got worried I was going to hit the 500/day limit. Since I was persistent, I won out and now I only get about one spam seven spams a week.

I still have the ability to report. Last time I lost the ability to report was because google has blocked the email from spamcop. I just had to create a rule to never mark as spam and select that the issue was resolved to get my reporting back.

The problem I have with the listed email addresses is that most servers don't verify the from or the mail envelope. They only "assume" the from being used is the actual spammer. This allows some of the spammers to use "revenge" campaigns by using a non-spammer email addresses in the from. If admins have the checks in place to verify the emails are valid, they blocking based on the emails is a good thing. (This is the intent of SPF version 1.)

I suspect that newbies see spam in the domain name and have made rules to block it. (Most spammers don't like to announce themselves as spam so they can hide.)

This was/is the reason for the blocking list. When folks stopped accepting reports, they would be unable to send email. (Meaning, deal with the reported spam issues....)

You might want to suggest to your Uncle to have the SPF carefully changed from ~all to -all. I say carefully because it should stop most of the abuse but could also block any IPs that you may not have added to the record. The softfail might still allow other IPs to use the domain. The fail will put an end to them using it for any server that is checking for SPF.

I had been getting the spam increase with my reports a few years back. Then I managed to report faster and the s[cp]ammers backed off.

Looks like when I follow the links to https://www.spamcop.net/w3m?action=blcheck&ip=143.55.232.12, it says email has been sent to spam traps. Either that IP is being shared with a spammer or else your list is not double-opt-in. Double Opt-In means I would not be able to add any email address in retaliation, but that an email is sent to the address to with the link to be added. 143.55.232.12 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week

What you have received is interesting. Looks like spammers might be getting desperate.

I used to get a lot of spam and report it all. Then it appears they stopped spamming me. I think mine slowed down too when began reporting faster. If DigitalOcean is a proper organization, they will quickly implement a double-opt-in when adding addresses to their list.

I am curious how companies can really tell the difference between real users and bots. My personal facebook account was labeled as fake until I went in and verified added my phone. I know others that just left facebook when their accounts were called "fake" and have never gone back. There are some accounts that are obviously bots. There are others that steal/share abandoned accounts. I do not believe that everyone can distinguish the line between bots and us as easy as I would hope. Most bots have some sort of human control and the reporting of those can sometimes slow the bots.

I wonder who is going to spin up the next cloud to offer a try before you buy account. Most of the cloud offerings such as Azure offer free incentives to get new customers and spammers abuse that. Block the spammers and they block their advertising to get new customers.....

Sometimes I ask them for the double-opt-in proof that I had agreed to become spammed by their mailing list. Usually soon after, the legitimate ones quickly remove me from their list. Yep.

I will trust that the sonic Received: header is okay. Looking at the second header, I would be cautious at reporting this. I get my legitimate SpamCop email from 184.94.240.112 which appears to be the same as what you have in your email. If the sonic section can be trusted, I would say this is a good email. A word of caution, if you try to report something like this, before you send the reports pay attention to the address. If it says something like don[at]spamcop, sending the report could automatically have your reporting account disabled. From what I can see that you have posted, I try to login to your reporting account and see if it is waiting on anything special. You may also want to try to contact the deputies to verify exactly what this is.

Much of what I have seen of 2603:10a6::/32 seems to be an internal hotmail relay. I am not sure that SpamCop has the mailhosts properly detecting the millions of IPs they are using for mail movement.

Hmmmm.... If it had a https://www.spamcop.net/mcgi?action=mhreturn or a mhconf.xxxxxxxxxx@cmds.spamcop.net, I would say this would be a mailhosts setup email. Could this be a CES forwarding redirection request?

That extra report field is tied to the fuel in your account. Your old account will still have it until it runs out of fuel. Then the new account will have it. For me, I just use the old reporting account and add any new email addresses to mailhosts tab.

Now that is funny. They are calling the list of IP spammy ranges as trojans?

I have not used Mailwasher. My solution was to setup my own smtp server years ago to get around ISP outbound filtering of spam being sent to abuse mailboxes.

The "forwarded" spam might count under technicalities, but I think you nailed this when combined with the whois-abuse issue. Gone are they days when someone could forward ISP abuse issues back to that ISP. Europe even legislated to hide the abuse emailboxes. Email administrators are trying to stop the forwarding to abuse boxes.

Interesting how some ISPs place a higher standard on outbound email than they do on inbound email. Because my ISP used to block outbound to SpamCop, I stopped forwarding through my ISP and setup my own email server to forward for me. Since then, I have had no issues sending forwarding spam because I am now my own ISP when it comes to SpamCop. Some ISPs don't trust anyone with spam in the name, but most of the spammers don't have spam in their name.