gnarlymarley
Memberp-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Everything posted by gnarlymarley
-
Another solution could be to bundle them by hostname, since most of mine are all the same hostname and going to be sending one email for all the links....
-
Mailhost suddenly being treated as a spammer
gnarlymarley replied to prosmart's topic in SpamCop Reporting Help
It looks like the Chain test failed for the name between the first Received line and the second. 185.56.86.0 is not 34.28.10.218. Somewhere a header got lost or else the server has two IPs. Chain test:instance-us-central1-g787.prod.antispam.mailspamprotection.com =? delivery.antispam.mailspamprotection.com Host delivery.antispam.mailspamprotection.com (checking ip) = 185.56.86.0 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com Host instance-us-central1-g787.prod.antispam.mailspamprotection.com (checking ip) = 34.28.10.218 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com -
If they are sending from your domain, you might want to look into SPF. SPF and SRS were originally designed to protect the mail from headers and stop the spoofing.
-
For the password change, rumor has it that Microsoft is doing oauth2 authentication for imap and pop connections. I suspect when you changed your password it may have been included in this. You might be able to setup thunderbird with oauth2 or there might be an app password that you might be able to setup.
-
Cannot Add Yahoo Account
gnarlymarley replied to Lawrence F's topic in Mailhost Configuration of your Reporting Account
Yahoo does not properly forward emails as attachments. You will probably need to view the "raw" or "source" output and copy that into the email along with the body. Or you can use an IMAP client to get the email as an attachment. -
What happens after I have reported spam by email
gnarlymarley replied to Oakley's topic in SpamCop Reporting
SpamCop doesn't block spam at your email account unless your email provider uses the blocking list at bl.spamcop.net. You should see a change in the type of spam over time as the spammers have to start changing their IP address or they will give up with sending to you. -
When forwarding a message from yahoo you need to forward as an attachment or else they do not include the full headers. This is why the suggestion to view the raw headers and copy/paste.
-
I think this depends if you are using the HTTP authentication or the cookie authentication. If you are using the cookie auth, then it could be your browser expiring the cookie too soon. Is it always around the same amount of time for you to be kicked out and asked for the user/pass?
-
Any way to automate spam reporting from email client?
gnarlymarley replied to GodzFire's topic in SpamCop Reporting Help
I think you might have to chat with the deputies to get that option enabled. They control if you see the option because you could automate something that picks up legitimate email from friends or family that will report automatically. -
Receiving Zendesk request after spamcop report
gnarlymarley replied to nav2spamcop's topic in SpamCop Lounge
Looks kind of familiar, but I don't remember where I saw one of those replies. Seems like it might be legitimate. Might be related to this old post. https://forum.spamcop.net/topic/45897-abusecloudflarecom-ignoring-spam-reports/ -
Problems registering mailhosts
gnarlymarley replied to ravenstar68's topic in SpamCop Reporting Help
Was it a rule that sees "spam" in the hostname and blocks it? I have not see many spammers that actually use "spam" in their name. -
Over 20 years ago I had a admin from a well known university that thought that spam originated from the server found http URL in the body and the admin clearly misread the SpamCop report. I argued with them for some time before I gave up. It is difficult when administrators do not read the reports properly (Even when it says in the tracking URL about the originating IP).
-
I think this is a check added so we don't submit legitimate emails. When you submit spam as an attachment, you should get a reply back. (That reply will have all tracking URLs in it if you put more than one attachment per email submission.) Now, I think what you might be looking for is the "quick reporting" that the deputies might need to enable on your account. I think I read where they would get you an alternate quick.xxxxxxxxx@ address (where the xxxxx will match your submit.xxxxxxx@ address).
-
All spam reporting gets cancelled
gnarlymarley replied to Outernaut's topic in SpamCop Reporting Help
Can you tell where the bounce is coming from? It does appear SpamCop is sending through 68.232.143.151 (A cisco IP that is filtering outbound reports) which might be filtering reports and flagging for containing spam. I think they added that server around March 27th. -
Report annotated as “[SUSPECTED spam]” by IronPort
gnarlymarley replied to Warden's topic in SpamCop Reporting Help
I had this happen twice and both times the message passed through 68.232.143.151 from vmx.spamcop.net. One was a reply from the sent report and the other was a reply from a submission. Looking at the headers, it appears that 68.232.143.151 is adding the "[SUSPECTED spam]" to the subject line. Now 68.232.143.151 has nothing to do with my email provider and does appear to be on rotation for outbound spamcop email being handed off from vmx.spamcop.net. It is a Cisco IP and I suspect that they might be filtering some outbound SpamCop communication through their IronPort scanner device. Received: from esa2.spamcop.iphmx.com ([68.232.143.151]) by xxxx.xxxxxx.net with esmtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1q1XFZ-0008DD-QW for xxx@xxxxxx.net; Tue, 23 May 2023 13:00:53 -0600 Subject: [SUSPECTED spam] [SpamCop] has accepted 1 email for processing X-IronPort-Anti-spam-Filtered: true X-IronPort-AV: E=McAfee;i="6600,9927,10719"; a="1353018" X-IronPort-AV: E=Sophos;i="6.00,187,1681200000"; d="scan'208";a="1353018" Received: from vmx.spamcop.net ([184.94.240.100]) by esa2.spamcop.iphmx.com with ESMTP; 23 May 2023 11:00:18 -0800 DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns; h=IronPort-SDR:X-Corpus-CASE-Score:Received:From:To: Subject:Date:Message-ID:Content-type:In-Reply-To: References; b=dhBx0X/AzFN6FCrNTBEjQh/deUwupv6xL4TT0N6XmYenoRgvxZQPYHjL RsbcYBPankAJEY16KErrhF8FRe4sppUP1i+B5vGnXlbSkGwyovvslLBdI kesba/iz2nw9FOE; IronPort-SDR: P/bxa4gtAG0V7ydKjrPBeh6A5x58CgwWO7dxx0NExjWGsAFIVAa6EYpnHauLige9TMGYQJp2x8 yPT3gweZ1b2qrxopuNRHfAi1g3Pg50pnYvGf3BopV06WMo5N8t+6pjdXpSH3+7TYfbaIqOVfQn sgsGRsXFxwtF8TarKFc0ilQG2GN38FRXh5PxcBt2ILsytIp3trn3zgCeP5/Tb8pJQH82DKy1+L 00gtJ06lnrZ/I8oDvAX26qyST0N5SFBh0NKDTYzeJyZYw5IlOm03ZhPVDjSJ8DPCkpKJVle5xC h/o= X-Corpus-CASE-Score: 0 Received: from prod-sc-app008.sv4.ironport.com (HELO prod-sc-app008.spamcop.net) ([10.8.141.28]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 23 May 2023 12:00:18 -0700 Received: from esa2.spamcop.iphmx.com (esa2.spamcop.iphmx.com. [68.232.143.151]) by mx.google.com with ESMTP id o2-20020a056402038200b0050bd38fcecbsi3104565edv.0.2023.05.10.13.32.59 for ; Wed, 10 May 2023 13:33:00 -0700 (PDT) IronPort-HdrOrdr: A9a23:CQ2/RK1c4fKqGjk3wau7VwqjBEAkLtp133Aq2lEZdPU0SK2lfq GV7Y4mPHDP+VIssR0b6La90aS7KhPhHP1OkPIs1NWZLWzbUQKTRekOg/qAsl/d8m/Fh5JgPM FbAtFD4bbLfD9HZKjBkXGFOudl6t+d6byzwc339VsodwttcK0I1W1E432gYzBLbTgDP4MwEL Cb/459qyOkaTA2Y97TPBU4dtmGncTCkJjheFo8CwM68w7LtDu06dfBfCSl4g== X-Talos-CUID: 9a23:TzXDXWvb3c+PqjpAPyEPrfr56IsrKH7z3nn6EXW4NmpFTr2nTgeA/J5rxp8= X-Talos-MUID: 9a23:4ZFVNguhHDB/JbWh7M2nngBaFPg4wbySNGNQzbUpofmcCSJAEmLI X-IronPort-Anti-spam-Filtered: true Subject: [SUSPECTED spam] [SpamCop (http://mailta.munged) id:munged]hello, gnarlymarley X-IronPort-AV: E=McAfee;i="6600,9927,10706"; a="1069518" X-IronPort-AV: E=Sophos;i="5.99,265,1677571200"; d="scan'208,217";a="1069518" Received: from vmx.spamcop.net ([184.94.240.100]) by esa2.spamcop.iphmx.com with ESMTP; 10 May 2023 12:32:56 -0800 IronPort-SDR: Op0qdFbw3qTpzxwzbRYNUslrk/E9HN6qhsfwGOkLfy+KFgW9SAHwsNrTxm5dACzuHB/ydxhX4/ R5aGKLxl7KqFudzghBdoDZ92/cGn1Z5S2e492rA4fu7VZj2gnBY58AczOEGgE3cX0vFPPpkPq8 R10tePPqz2B5mgWQZauTkGQrk6OXarHljROKRnuMHCLSz29LvYUwfyLsoJnpCVjc8zyYXHQAFH kGtfpcGjZaEmslj+uEnUVT/lAFN12oz3PyPTkp7EM5IFhBLxoR/UMfzojiHXlSYWqu2t1TfNWf hzo= X-Corpus-CASE-Score: 0 Received: from prod-sc-app006.sv4.ironport.com (HELO prod-sc-app006.spamcop.net) ([10.8.141.26]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 10 May 2023 13:32:56 -0700 X-SpamCop-Reply-Ids: 7259510028 X-Spamcop-Return-Path: <abuse+munged@exxxxxxxx.com> Received: from vmx.spamcop.net (prod-sc-smtp12.sv4.ironport.com [10.8.129.222]) by prod-sc-app006.sv4.ironport.com (Postfix) with ESMTP id 4CB07F70F9 for <munged@reports.spamcop.net>; Wed, 10 May 2023 13:30:26 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=none (message not signed) header.i=none IronPort-SDR: LV95eyfrbKKjM6NYLpFr8GfvvFeukZ5l7kwCMf/rRiIGA4v6N4cFJYYVrAH30Sq3qX1qKMhAyD sTSUvIyZk8lrPLnkxWS+EYn6CMWf0VoyUFlSe7TTyGYYpchBs+wLJ8HOxrua0INCwbsye/tGM5 2T/LA/weCilraQAx1uLMp+1+Wh9HGmI8NDhGa7HMvezfpRrB84sxknzu4J3rdM6d4SXj0GzIA3 11ANBctLcOhkxDcYMn+YkBChda+nx/Az3ThRxPeS9Olu1USLNkE38BadRb0NEs2kVzHuKr0Xqu UOI= Received: from smtp.egihosting.com ([72.13.81.20]) by vmx.spamcop.net with ESMTP; 10 May 2023 13:30:26 -0700 -
Speaking of reporting forum spam would be nice if we could have something like SpamCop, but for the forum.
-
Still appearing when I don't login.