gnarlymarley

I believe you only need one process email for each email address and that mailhosts should be able to detect them all. One thing I have noticed is if someone else has done their email from the same provider, the name on my mailhosts could be what they put in instead of being what I put in.

Speaking of reporting forum spam would be nice if we could have something like SpamCop, but for the forum.

Still appearing when I don't login.

Not sure if the munging is why google doesn't like the reports, but you could copy the tracking URL and email that using the mentioned abuse form. Might also be able to send an email directly to their abuse email too.

1. I also have been getting it since about yesterday. For me, I just immediately refresh the page and it might work. 2. Most of mine have been with the various URL redirectors, so probably one of the DNS servers at SpamCop might be having trouble getting out. 3. I have not reported anything yet. If it was a big issue and wouldn't work, I would report it to the deputies, but since a refresh gets it to work, your reporting it here should be okay.

Some people that fight spam suggests that scammers switch phone numbers fairly quickly. Which might explain why the numbers kept changing multiple times an hour. With the various company names they used seems like they could have been attempts to have the forum to flood search engines with those numbers.

I think we need to clarify if you are running ironport at your email host and if were you indicating that it could be that ironport that is adding it. From what I can see from the headers, it was added after vmx.spamcop.net send it on its way. Something added it after.

I am not sure if this has changed, but years ago when I ran out of SpamCop fuel it just had an extra spash screen right before the page to parse and send reports that delayed me a 10 or so seconds.

Also, check for a rule for spam filtering software. Spamassassin (cpanel) can add something like that too if it thinks that spammers actually put "spam" in their hostname.

Mine emails seem to be coming from esa1.spamcop.iphmx.com. 68.232.142.20. I see they got the SPF updated. ;; QUESTION SECTION: ;admin.spamcop.net. IN ANY ;; ANSWER SECTION: admin.spamcop.net. 60 IN A 184.94.240.100 admin.spamcop.net. 60 IN A 216.127.43.88 admin.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.100 ip4:184.94.240.112 ip4:216.127.43.94 ip4:68.232.143.151 ip4:68.232.142.20 ip4:204.15.80.0/22 ip4:216.154.195.32/27 ?all" admin.spamcop.net. 300 IN MX 10 vmx.spamcop.net.

Spamcop gets the date from the Received: headers. I don't see anything wrong with the email on your tracking URL. (Though I did notice it was from 24 Mar and your post of it in the forum was 27 Mar.)

I started getting my replies around 6pm PDT.

A quick note, that I don't believe that SpamCop counts the messages as reported until after you click the send report. So if they are all getting stopped at the "nothing to do", then I don't believe they are being reported.

I wonder if this might have anything to do with: https://forum.spamcop.net/topic/49010-more-spamcop-server-changes-monday-march-27-2023/

For your "too old" message of #4, twenty years ago spammers were making headers that looked too legitimate. The page the tracking URL points to should have a Received line that for the host where it is getting the old date. SpamCop had introduced something called mailhosts so how old the email would be coming from your border server. (If your border email held any of the emails for any reason, then all of them would have old dates.)

Seems to be working for me and staying logged in. Maybe that it got fixed since the post. Last time I had a security issue as described, I had tried to login with two different computers side by side at the same time.

Once you send a message to a devnull address, it feeds the blocking list. If they ignore the spam, then their IP gets put a block list and they cannot send spam. There was an issue some time back where a lot of people stopped using the block list, but I am not sure if they went back to using it again.

I use IMAP with fetchmail and the "nothing to do" does not happened to me.

They probably think that they should block it because it has "spam" in the domain name. The conflicting information is interesting.

For Apple, it could be that someone forgot to update their SPF records with the 184.94.240.88 IP to it. It is currently set to a five minutes cache. ;; QUESTION SECTION: ;devnull.spamcop.net. IN TXT ;; ANSWER SECTION: devnull.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all" ;; QUESTION SECTION: ;bounces.spamcop.net. IN TXT ;; ANSWER SECTION: bounces.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all"

When I previously report fake calls, I saw nothing being done. Now I add a note that "I believe the callerID was spoofed" and it appears they might be doing something about it. When reports go to devnull, they still feed the blocklist. With enough reports it prevents everyone from using their service and then they start to react. With the SpamCop DNS issue, a lot of people stopped using the blocklist, so this appears it does not have the same pull it used to.

The blocklist issue with IPs being added that probably shouldn't is why I went from the idea of block it if only any list to SpamAssassin where it blocks it based on a score. Either the email needs to be spammy, or else be on more than one blocklist.

Might need to check if your email provider is allowing a new IP. The reporting side seems to match a new IP. (https://forum.spamcop.net/topic/48877-spmcop-is-forging-its-own-mail/)

I just tested it and same here. I forwarded and old spam email which was was accepted by the SpamCop SMTP server. Looks like it did come through with from the new IP (https://forum.spamcop.net/topic/48877-spmcop-is-forging-its-own-mail/). The last time I had submitted spam was Sunday afternoon and I got a response. Edit: It did come through.

Do you mean the CES forwarding, or the reporting forwarding?