gnarlymarley

This looks like rbl.websitewelcome.com is the block list and then send you a link to www.spamcop.net. The admin of the server receiving the email has a problem with the setup. Check with the server administrator of the receiving server to see why they setup the explanation up wrong.

Another solution could be to bundle them by hostname, since most of mine are all the same hostname and going to be sending one email for all the links....

It looks like the Chain test failed for the name between the first Received line and the second. 185.56.86.0 is not 34.28.10.218. Somewhere a header got lost or else the server has two IPs. Chain test:instance-us-central1-g787.prod.antispam.mailspamprotection.com =? delivery.antispam.mailspamprotection.com Host delivery.antispam.mailspamprotection.com (checking ip) = 185.56.86.0 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com Host instance-us-central1-g787.prod.antispam.mailspamprotection.com (checking ip) = 34.28.10.218 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com

If they are sending from your domain, you might want to look into SPF. SPF and SRS were originally designed to protect the mail from headers and stop the spoofing.

For the password change, rumor has it that Microsoft is doing oauth2 authentication for imap and pop connections. I suspect when you changed your password it may have been included in this. You might be able to setup thunderbird with oauth2 or there might be an app password that you might be able to setup.

Yahoo does not properly forward emails as attachments. You will probably need to view the "raw" or "source" output and copy that into the email along with the body. Or you can use an IMAP client to get the email as an attachment.

SpamCop doesn't block spam at your email account unless your email provider uses the blocking list at bl.spamcop.net. You should see a change in the type of spam over time as the spammers have to start changing their IP address or they will give up with sending to you.

You might be able to setup an IMAP or a POP to pull your spam from yahoo into outlook.

When forwarding a message from yahoo you need to forward as an attachment or else they do not include the full headers. This is why the suggestion to view the raw headers and copy/paste.

I think this depends if you are using the HTTP authentication or the cookie authentication. If you are using the cookie auth, then it could be your browser expiring the cookie too soon. Is it always around the same amount of time for you to be kicked out and asked for the user/pass?

I think you might have to chat with the deputies to get that option enabled. They control if you see the option because you could automate something that picks up legitimate email from friends or family that will report automatically.

Looks kind of familiar, but I don't remember where I saw one of those replies. Seems like it might be legitimate. Might be related to this old post. https://forum.spamcop.net/topic/45897-abusecloudflarecom-ignoring-spam-reports/

If it was the reporting address, then it would be a contact to the deputies. Could also be a reply to a sent report using that report ID's address. https://forum.spamcop.net/topic/9315-spam-sent-to-reports-address-report-id/

Was it a rule that sees "spam" in the hostname and blocks it? I have not see many spammers that actually use "spam" in their name.

Over 20 years ago I had a admin from a well known university that thought that spam originated from the server found http URL in the body and the admin clearly misread the SpamCop report. I argued with them for some time before I gave up. It is difficult when administrators do not read the reports properly (Even when it says in the tracking URL about the originating IP).

I think this is a check added so we don't submit legitimate emails. When you submit spam as an attachment, you should get a reply back. (That reply will have all tracking URLs in it if you put more than one attachment per email submission.) Now, I think what you might be looking for is the "quick reporting" that the deputies might need to enable on your account. I think I read where they would get you an alternate quick.xxxxxxxxx@ address (where the xxxxx will match your submit.xxxxxxx@ address).

Can you tell where the bounce is coming from? It does appear SpamCop is sending through 68.232.143.151 (A cisco IP that is filtering outbound reports) which might be filtering reports and flagging for containing spam. I think they added that server around March 27th.

I had this happen twice and both times the message passed through 68.232.143.151 from vmx.spamcop.net. One was a reply from the sent report and the other was a reply from a submission. Looking at the headers, it appears that 68.232.143.151 is adding the "[SUSPECTED spam]" to the subject line. Now 68.232.143.151 has nothing to do with my email provider and does appear to be on rotation for outbound spamcop email being handed off from vmx.spamcop.net. It is a Cisco IP and I suspect that they might be filtering some outbound SpamCop communication through their IronPort scanner device. Received: from esa2.spamcop.iphmx.com ([68.232.143.151]) by xxxx.xxxxxx.net with esmtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1q1XFZ-0008DD-QW for xxx@xxxxxx.net; Tue, 23 May 2023 13:00:53 -0600 Subject: [SUSPECTED spam] [SpamCop] has accepted 1 email for processing X-IronPort-Anti-spam-Filtered: true X-IronPort-AV: E=McAfee;i="6600,9927,10719"; a="1353018" X-IronPort-AV: E=Sophos;i="6.00,187,1681200000"; d="scan'208";a="1353018" Received: from vmx.spamcop.net ([184.94.240.100]) by esa2.spamcop.iphmx.com with ESMTP; 23 May 2023 11:00:18 -0800 DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns; h=IronPort-SDR:X-Corpus-CASE-Score:Received:From:To: Subject:Date:Message-ID:Content-type:In-Reply-To: References; b=dhBx0X/AzFN6FCrNTBEjQh/deUwupv6xL4TT0N6XmYenoRgvxZQPYHjL RsbcYBPankAJEY16KErrhF8FRe4sppUP1i+B5vGnXlbSkGwyovvslLBdI kesba/iz2nw9FOE; IronPort-SDR: P/bxa4gtAG0V7ydKjrPBeh6A5x58CgwWO7dxx0NExjWGsAFIVAa6EYpnHauLige9TMGYQJp2x8 yPT3gweZ1b2qrxopuNRHfAi1g3Pg50pnYvGf3BopV06WMo5N8t+6pjdXpSH3+7TYfbaIqOVfQn sgsGRsXFxwtF8TarKFc0ilQG2GN38FRXh5PxcBt2ILsytIp3trn3zgCeP5/Tb8pJQH82DKy1+L 00gtJ06lnrZ/I8oDvAX26qyST0N5SFBh0NKDTYzeJyZYw5IlOm03ZhPVDjSJ8DPCkpKJVle5xC h/o= X-Corpus-CASE-Score: 0 Received: from prod-sc-app008.sv4.ironport.com (HELO prod-sc-app008.spamcop.net) ([10.8.141.28]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 23 May 2023 12:00:18 -0700 Received: from esa2.spamcop.iphmx.com (esa2.spamcop.iphmx.com. [68.232.143.151]) by mx.google.com with ESMTP id o2-20020a056402038200b0050bd38fcecbsi3104565edv.0.2023.05.10.13.32.59 for ; Wed, 10 May 2023 13:33:00 -0700 (PDT) IronPort-HdrOrdr: A9a23:CQ2/RK1c4fKqGjk3wau7VwqjBEAkLtp133Aq2lEZdPU0SK2lfq GV7Y4mPHDP+VIssR0b6La90aS7KhPhHP1OkPIs1NWZLWzbUQKTRekOg/qAsl/d8m/Fh5JgPM FbAtFD4bbLfD9HZKjBkXGFOudl6t+d6byzwc339VsodwttcK0I1W1E432gYzBLbTgDP4MwEL Cb/459qyOkaTA2Y97TPBU4dtmGncTCkJjheFo8CwM68w7LtDu06dfBfCSl4g== X-Talos-CUID: 9a23:TzXDXWvb3c+PqjpAPyEPrfr56IsrKH7z3nn6EXW4NmpFTr2nTgeA/J5rxp8= X-Talos-MUID: 9a23:4ZFVNguhHDB/JbWh7M2nngBaFPg4wbySNGNQzbUpofmcCSJAEmLI X-IronPort-Anti-spam-Filtered: true Subject: [SUSPECTED spam] [SpamCop (http://mailta.munged) id:munged]hello, gnarlymarley X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="1069518" X-IronPort-AV: E=Sophos;i="5.99,265,1677571200"; d="scan'208,217";a="1069518" Received: from vmx.spamcop.net ([184.94.240.100]) by esa2.spamcop.iphmx.com with ESMTP; 10 May 2023 12:32:56 -0800 IronPort-SDR: Op0qdFbw3qTpzxwzbRYNUslrk/E9HN6qhsfwGOkLfy+KFgW9SAHwsNrTxm5dACzuHB/ydxhX4/ R5aGKLxl7KqFudzghBdoDZ92/cGn1Z5S2e492rA4fu7VZj2gnBY58AczOEGgE3cX0vFPPpkPq8 R10tePPqz2B5mgWQZauTkGQrk6OXarHljROKRnuMHCLSz29LvYUwfyLsoJnpCVjc8zyYXHQAFH kGtfpcGjZaEmslj+uEnUVT/lAFN12oz3PyPTkp7EM5IFhBLxoR/UMfzojiHXlSYWqu2t1TfNWf hzo= X-Corpus-CASE-Score: 0 Received: from prod-sc-app006.sv4.ironport.com (HELO prod-sc-app006.spamcop.net) ([10.8.141.26]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 10 May 2023 13:32:56 -0700 X-SpamCop-Reply-Ids: 7259510028 X-Spamcop-Return-Path: <abuse+munged@exxxxxxxx.com> Received: from vmx.spamcop.net (prod-sc-smtp12.sv4.ironport.com [10.8.129.222]) by prod-sc-app006.sv4.ironport.com (Postfix) with ESMTP id 4CB07F70F9 for <munged@reports.spamcop.net>; Wed, 10 May 2023 13:30:26 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=none (message not signed) header.i=none IronPort-SDR: LV95eyfrbKKjM6NYLpFr8GfvvFeukZ5l7kwCMf/rRiIGA4v6N4cFJYYVrAH30Sq3qX1qKMhAyD sTSUvIyZk8lrPLnkxWS+EYn6CMWf0VoyUFlSe7TTyGYYpchBs+wLJ8HOxrua0INCwbsye/tGM5 2T/LA/weCilraQAx1uLMp+1+Wh9HGmI8NDhGa7HMvezfpRrB84sxknzu4J3rdM6d4SXj0GzIA3 11ANBctLcOhkxDcYMn+YkBChda+nx/Az3ThRxPeS9Olu1USLNkE38BadRb0NEs2kVzHuKr0Xqu UOI= Received: from smtp.egihosting.com ([72.13.81.20]) by vmx.spamcop.net with ESMTP; 10 May 2023 13:30:26 -0700

Most of my mailhost errors have been a new server that SpamCop has yet to learn. For those I usually try to resubmit my same email address and have it pick up the new host.

Looks like it is working for me now.

I get the same 500 error and "directive" error.

I believe you only need one process email for each email address and that mailhosts should be able to detect them all. One thing I have noticed is if someone else has done their email from the same provider, the name on my mailhosts could be what they put in instead of being what I put in.

Speaking of reporting forum spam would be nice if we could have something like SpamCop, but for the forum.

Still appearing when I don't login.

Not sure if the munging is why google doesn't like the reports, but you could copy the tracking URL and email that using the mentioned abuse form. Might also be able to send an email directly to their abuse email too.