gnarlymarley
-
Posts
839 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by gnarlymarley
-
-
12 hours ago, Dracosse said:
I decided to roll back to an earlier version of Thunderbird. v38.0 to be exact and the problem completely disappeared."
However the next day the problem arose again but this morning I didn't have the problem for about an hour and then the holiday season interrupted my reporting and testing opportunities.
I wonder if your thunderbird automatically updated to a newer version between the day it worked and the day it didn't.
-
On 12/15/2019 at 10:36 AM, captkirk said:
Does this mean reporting this spam is a futile exercise since "The ticket can never be authorized"?
My understanding is that the from address on each report changes as it appears to be the number is the report ID. Some ISPs like this authorize only the full address. The deputies might be able to work something out with the ISP. Under the circumstances, might just be an autoresponder that sends it to the bit bucket. Like Lking says, that this may be added to the blocklist.
-
On 12/16/2019 at 7:33 PM, Dracosse said:
I rolled back to an older version of Thunderbird [38.0] and for 2 hours I was able to report spam just like before. Then suddenly the same thing happened. Almost all messages have no tracking information.
I don't see this issue, but then my thunderbird is v2. Perhaps it could be a compatibility issue? I used both imap and "webmail - hotmail 1.3.2" and it works for me.
-
19 hours ago, Dracosse said:
Maybe of interest to someone. In one hour I have 112 new spam messages.
I envy you as I don't get that much. I had setup an automated forward as an attachment rule (back when that is what the freebie email providers allowed it) and I no longer get lots of spam. I think my hurdle was when I reported to the legitamite providers such as comcast and qwest is when I lost my bulk. I have no idea how 'century link' would take reports. If you can figure out how to tell the difference on who would take action on your reports and report just those, then it may help on getting your counts down.
-
21 hours ago, Ricardo_63 said:
Why does the spamcop report always indicated a warning as; verify that the message does not correspond to a spam mail.
I had thought they turned off the "Please make sure this email IS spam:" warning when they promote V5 as I have not seen the warning in quite a while. I suspect spamcop is checking the headers for a particular format and it might only pop up if the headers matches legitimate email.
-
12 hours ago, Dracosse said:
My question is simply this. Has anyone else noticed the same problem? If spammers have devised a way to send spam without headers what good would it do to continue to use SpamCop in the future? How can the Block list continue to be useful?
I typed in your URL from the image https://www.spamcop.net/sc?id=z6598002198z8fb6021e44f26436f7ebe6fd86760940z so we can have a clickable link.
I have not seen a problem on my side. I did notice your submission is missing all "Received:" header lines. When I went to check out my hotmail account on both the webmail and imap sides, I see the "Received:" header lines all intact.
-
Without the tracking URL, I would guess this is the line that it is stopping at right above the "identified internal IP as source" message:
14 hours ago, styncer said:Received: from 17.36.65.61 by 17.36.65.25 (mailnotify 1916B19:12:18:22:57:59:60); Wed, 4 Dec 2019 22:57:59 GMT
It would appear that you need to update your mailhost configuration but resending a message to your account. Then you should be able to return to the spam report page and it should work.
-
18 hours ago, JoJoZ said:
SpamCop encountered errors while saving spam for processing:
SpamCop could not find your spam message in this email:What can I do about this?
I have seen this before. It came in the reply of email I had forwarded to my submit address. Most email providers are doing the forward inline, where the forward is like a reply and headers are lost. Once I figured out how to forward as an attachment (Some used the ctrl key on the forward button) my problem was solved. You may find as in my case the email providers change the key regularly. It may be better to "view source" and then submit that in the reporting form.
-
On 2/25/2018 at 10:36 AM, lisali said:
If an email is compromised, we change it at the source, and then set the compromised email to forward any incoming spam to SpamCop. Those emails will only ever receive spam so we don't need to check those reports. But there does not seem to be a way to do that?
There are some ways to accomplish this. Since not all of my email providers support forwarding as an attachment, I did it using a unix program called fetchmail and a perl scri_pt. (The perl scri_pt encapsulates the email as an attachment and sends it to the reporting address.)
I will offer a word of caution about full automation of reporting, as I have recently had one group send me an email fifteen years after I had signed up on the list to my main email address. (Yes, they went quiet for more than a decade.) If someone were to do a restore or grab the old email address, then you could be trying to report legitimate email.
That said, I have not had any problems with reporting from my accounts I signed up and never used for email.
-
On 11/27/2019 at 10:26 AM, Outernaut said:
I asked my Host if I am permitted to use Spamcop in some way. Tech support said "Yes". I HAD access to Professional spam filter but a while ago the host raised the rates and replaced "Free" with 'Add-ons Extra' and disabled Pro spam Filter. We just have Apache spam Assassin / spam Filter.
Outernaut, For me, I have migrated away from the spamcop filter when I found that SpamAssassin contains a spamcop rule called RCVD_IN_BL_SPAMCOP_NET. (I abandoned filtering at the SMTP level when I found emails I was interested showed up on the blocklist.) Since you already have spam Assassin, you may have this rule already enabled. If you have it, you may need to use the "score" keyword to manipulate the rankings. (I currently just use the defaults for this one item.)
-
On 11/21/2019 at 10:24 AM, IrvSp said:
I had to change my SMTP server. Noticed I was NOT getting return e-mails from submission and realized I had to register the new SMTP server. Did that, and got the confirmation back that it was a success...
I have not seen this happen to me when I changed servers.
On 11/26/2019 at 12:04 PM, Richard W said:I think your ISP changes and your not receiving replies are related, but not really. Just because your smtp settings change in your mail client, doesn't mean the path of your incoming mail changes. I'm not sure what you are expecting to see as a new mailhost.
IrvSp, When you logged into your reporting account, were you greeted with a reject or bounce message on the reporting page? I have seen gmail bounce the replies for me and it stopped the replies.
-
On 11/18/2019 at 12:36 PM, petzl said:
Just trim of the body, hit enter twice, then you submit.
dr_bobbs, One thing to note if you forward as an attachment to your submit address, submit.XXXXXXXX@spam.spamcop.net, then it will automatically truncate for you.
-
On 10/31/2019 at 1:21 AM, klappa said:
This spammer have spammed me for years.
I have not seen any recent reports of mine for this spammer. I am not sure if they stopped or just moved on to other addresses for the time.
-
On 11/8/2019 at 12:14 PM, forrie said:
I wonder if there is a similar tool available for Apple Mail that could do this?
I have not used applescript since OS9, so I may not be of help, but this page (https://macscripter.net/viewtopic.php?id=30296) seems it looks a little bit familiar and may be of help.
For me, what I do is to create a new email and then drag and drop all the messages I want to submit on that email. (Yes, you can do more than one attachment to the email you submit to your submit address.) Just make sure when you get the reply you can click all the links.
-
21 hours ago, Jeff2019 said:
So how do I fix it each time? I just saw the replies to my question tonight cause it got filtered into the Junk folder so I found it in there and marked it as Not Junk.
Me too, so sorry about my late reply. I also noticed that some of the messages are coming in without proper line endings. How I am fixing it is to copy the message to notepad (on windows) and if I see no line wrapping, then I paste into word pad, then select all, and past into notepad. Once done, I remove the space on the lines in front of the words (Received:, From:, X-, To:, Subject:, and Reply-To:). The rest of the spaces should stay. Once I cleaned up with the above header lines, I paste into spamcop and it accepts my submissions.
-
12 hours ago, petzl said:
It's not SpamCop that's changed it's hotmail/outlook headers
Jeff2019,
i think I found the problem. I got an email today from in my hotmail's outlook.com account where it seems that microsoft decided to add an extra space to some of the headers. If you look at the below, the first received line is okay, but the second Received line has a space that is reserved for line wrapping. I don't like it when companies refuse to follow RFCs.
Received: from MW2NAM10HT110.eop-nam10.prod.protection.outlook.com (2603:10b6:5:190::40) by DM6PR14MB2170.namprd14.prod.outlook.com with HTTPS via DM6PR11CA0027.NAMPRD11.PROD.OUTLOOK.COM; Tue, 12 Nov 2019 12:00:39 +0000 Received: from MW2NAM10FT066.eop-nam10.prod.protection.outlook.com (10.13.154.53) by MW2NAM10HT110.eop-nam10.prod.protection.outlook.com (10.13.154.254) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Tue, 12 Nov 2019 12:00:38 +0000it should look like this as I had to remove the extra spaces from some of the lines:
Received: from MW2NAM10HT110.eop-nam10.prod.protection.outlook.com (2603:10b6:5:190::40) by DM6PR14MB2170.namprd14.prod.outlook.com with HTTPS via DM6PR11CA0027.NAMPRD11.PROD.OUTLOOK.COM; Tue, 12 Nov 2019 12:00:39 +0000 Received: from MW2NAM10FT066.eop-nam10.prod.protection.outlook.com (10.13.154.53) by MW2NAM10HT110.eop-nam10.prod.protection.outlook.com (10.13.154.254) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Tue, 12 Nov 2019 12:00:38 +0000 -
On 11/8/2019 at 9:19 AM, Lking said:
Not to quibble over definitions, but given you participation over the last 15 years, the notifications are not spam.
I suspect that on https://www.spamcop.net/fom-serve/cache/125.html, this is the part you are talking about: "If the recipient agreed to receive it, then it is not spam." Even though the content of them is unwanted, unsolicited, and bulk, the notifications from the forum for legitamite posts might be desired and therefore the all notifications are not spam.
-
3 hours ago, Outernaut said:
By reporting spam to SC, how does it 1*protect me from more spam? Do mail hosts have to subscribe (free or otherwise) to SC or CISCO mail servers in order to avoid the spam?
By reporting spam through SC, it does two things:
- Alerts the administrators to do something about it or risk being put on the blocking list.
- After a certain amount of reports the offending IP is added to the blocking list.
A lot of email service providers have used the SC blocking list. If you control your own email server, you could use the SC blocking list to help slow down the spam. If you use a spam filtering tool such as spamassassin, then this will most likely already be enabled.
-
21 hours ago, Outernaut said:
I don't like to be insulted by CISCO/SC with nag screens prompting me to pay them to help them with their database. I've been feeding SC ONLY 1 maybe 3 spam reports a day for I don't know how long - lost count. But contrary to your point, I will NOT be assimilated because I don't mind helping, but refuse to pay to do so.
The NAG screen was started around the turn of the century after lots of people started using the sevice. The minimum time (If I remember correctly) was set to three seconds and only went higher if there were lots of people submitting their spam at the same time. The highest I saw back in the day (Just before Cisco came on) was a over a minute. What I would do at that time if I was not paying is to open up a second window/tab and submit more spam while I was waiting for the first window's nag to time out.
-
I did notice on the source of spam page lately there are a lot of "ISP has indicated spam will cease" from IP ranges such as 89.34.26.0/24 and 195.29.0.0/16 where it appears that they are just marking the option to prevent reports from being submitted. (It seems to be more than one IP in their range.) It appears they have been doing this for more than 48 hours and marking this maybe every six hours as the time after the message seems to jump up by around six hours. Could this be part of the why the spikes have changed?
-
On 10/16/2019 at 4:07 AM, RobiBue said:
I use Firefox, and if I open the tracking URL in a “private tab” even if I’m logged in, the private tab won’t be logged in — the Login credentials don’t carry over into new private tabs — and you can see the munged report right away without logging out first (but it has to be in a private tab)
Some browsers might call this mode "incognito".
And yes, I use it too.
-
On 10/20/2019 at 2:50 AM, kolor said:
I received spam where is link to nospammer.net
I also find it interesting that they hid the real spam link in the visible text instead of making it a clickable link using the HTML tags like they did with the nopammer.net section. Probably to hide it from parsers that report the links.
-
On 10/6/2019 at 11:21 AM, Lking said:
When you are logged in to SpamCop and follow a tracking URL to look at a report you see the un munged report. If you log out and follow the tracking URL, you will see the munged report others see as RubiBue reported above.
hank, it is a good idea to make sure it was munged before sending the reports to the admins. (The admins that "could be" the actual spammers.)
-
12 minutes ago, Hanco said:
Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)
A few ways to do this. One is traceroute. If they have a firewall, then this may not get you to their border servers. The other way is to use a looking glass, such as http://lg.he.net. I also use http://bgp.he.net to find the upstream AS number and then I can use it to find the peers. It appears that hetzner.de is much larger than I though as they have 216 peers. That would take way too much time to get their ISPs to chat with them about their spam hosting. It is interesting that all their networks all point to
abuse[at]hetzner.de.
icloud.com email now reports "Mailhost configuration problem, identified internal IP as source"
in SpamCop Reporting Help
Posted
Apparently @mac.com emails could be forwarded to another account. If you can read the headers, then a part such as "for user@example.com;". You might want to remove some of the "Received:" lines to split up the email if it is being forwarded.