JMark Posted February 25, 2011 Share Posted February 25, 2011 I have been an faithful SpamCop participant for several years, wanting to do my small part in ending spam. But over the past few months, I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam. Also, SC does not support Outlook, perhaps the most common Windows email application out there. In addition, there have been no updates to SC announced in two or more years. So in short, most spammers have found around SC reporting, SC developers do not bother to keep up with spammer developments and the one of the most common email clients is not supported. So why should I bother? Link to comment Share on other sites More sharing options...
turetzsr Posted February 25, 2011 Share Posted February 25, 2011 Hi, JMark, I have been an faithful SpamCop participant for several years, wanting to do my small part in ending spam....Thank you! But over the past few months, I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam....Can you provide a Tracking Link that shows an example of what you mean? I've never seen this. The only times the SpamCop parser has refused to handle my submitted spam is when there was no body in the e-mail.Also, SC does not support Outlook, perhaps the most common Windows email application out there....Could you explain what you mean by this? I use Outlook as my principal e-mail client and have had no problems at all submitting spam. The only limitation is that I must copy/paste into the online form, I can not forward the spam to the parser.In addition, there have been no updates to SC announced in two or more years....Again, could you please explain why you say this? I see evidence of updates from time to time as I peruse the SpamCop Forum posts.<snip>So why should I bother?...SpamCop continues to provide the service it always has (at least for me). It parses spam I submit, counts it towards the SpamCop blacklist, and sends e-mails on my behalf to spam source abuse addresses and other services I select (the US Federal Trade Commissions, coldrain.net, the SIAA [when it seems relevant] and antiphishing.org [when it seems to be a phish]). Link to comment Share on other sites More sharing options...
Wazoo Posted February 26, 2011 Share Posted February 26, 2011 I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam. As Steve states, there is a Forum section available for Parsing and Reporting issues, a Tracking URL would go a long way in trying to resolve your issues. Also, SC does not support Outlook, perhaps the most common Windows email application out there. Although there are numerous caveats, this statement is not technically correct. The orginal FAQ, the single-page-access version found here, the Wiki, and a load of existing Topics/Discussions attempt to deal with the use of Outlook and the Parsing & Reporting System. In addition, there have been no updates to SC announced in two or more years. The last two major updates; 15 Jan 2010 - SpamCop v 4.6.0.031 © 1992-2010 Cisco Systems, Inc. 14 Sep 2010 - SpamCop v 4.6.1.006 © 1992-2010 Cisco Systems, Inc. The last (public) talk about 'current' work was about the IP6 situation. So in short, most spammers have found around SC reporting, I can't see that situation from this side of the screen. That there's a lot of ISPs/Hosts out there that don't actually handle their spam sourcing is another issue entrirely. So why should I bother? What I think I'm really seeing here is that neither you or your ISP/Host is using the SpamCopDNSBL, which means that you aren't getting the full benefit of your Reporting actions. Please see What is SpamCop.net? There are others that do benefit from your continued Reporting and they thank you. Link to comment Share on other sites More sharing options...
JMark Posted February 28, 2011 Author Share Posted February 28, 2011 http://www.spamcop.net/sc?id=z4902748102z3...36f85c4e619ee4z This was spam received in my Outlook v14 Inbox this morning, 2/28/11 at 3:02 est. Forwarded via Spamgrabber v5.0 Link to comment Share on other sites More sharing options...
JMark Posted February 28, 2011 Author Share Posted February 28, 2011 See http://forum.spamcop.net/forums/index.php?showtopic=11711 above post Link to comment Share on other sites More sharing options...
turetzsr Posted March 1, 2011 Share Posted March 1, 2011 Hi, JMark, ...What specific question do you have about this parse? I see a number of "odd" notes in the parse (most of which I don't understand). Link to comment Share on other sites More sharing options...
turetzsr Posted March 1, 2011 Share Posted March 1, 2011 See http://forum.spamcop.net/forums/index.php?showtopic=11711 above post ...May I ask why you chose to do it that way? I believe it would be far more helpful (for everybody) to include that post within this forum "thread." Would it be acceptable to you if I merged that post into this "thread?" Link to comment Share on other sites More sharing options...
JMark Posted March 1, 2011 Author Share Posted March 1, 2011 ...May I ask why you chose to do it that way? I believe it would be far more helpful (for everybody) to include that post within this forum "thread." Would it be acceptable to you if I merged that post into this "thread?" Yes, because the previous two posters declared I was remiss in not posting to the Reporting Help section. I have complied. Link to comment Share on other sites More sharing options...
Farelf Posted March 1, 2011 Share Posted March 1, 2011 Already too old to report when received. I don't see Feb 28 in the headers anywhere so the question would be be what could be holding the mail without adding a timestamp? I see occasional complaints/comments about delays in delivery causing the message to age past reporting window but if IIRC these usually have one or more later timestamps that SC has ignored. All the ignored "internal handling" (Yahoo) lines have similar timestamps so there's no blame there. A mystery. I suppose it's because Spamgrabber omits anything modified by Outlook? Whoever/whatever sent it to your Outlook inbox must be source of delay, in any event. Incidentally, those headers look terribly jumbled to me, I can't make head or tail of the sequence. I'm just hoping Spamgrabber doesn't grab the Outlook jumble instead of the untouched message. Aaagh ... can anyone see what is going on? JMark, can you maybe check header order and consistency by pasting this spam (the source) into the webpage submission boxes (the 2-part Outlook/Eudora) submission? Just the headers would do, with "test" or something in the body part. Or maybe you can see (eyeball) from email source whether the headers are the same/in the same order as those received by the parser as referenced above. I'm probably just lost in all the internal handovers but the integrity of headers is a worry ... Link to comment Share on other sites More sharing options...
JMark Posted March 1, 2011 Author Share Posted March 1, 2011 JMark, can you maybe check header order and consistency by pasting this spam (the source) into the webpage submission boxes (the 2-part Outlook/Eudora) submission? Just the headers would do, with "test" or something in the body part. Or maybe you can see (eyeball) from email source whether the headers are the same/in the same order as those received by the parser as referenced above. I'm probably just lost in all the internal handovers but the integrity of headers is a worry ... See http://www.spamcop.net/sc?id=z4914357145z7...702bd499b5035bz Link to comment Share on other sites More sharing options...
Farelf Posted March 1, 2011 Share Posted March 1, 2011 Thanks for the new case and submission via webform. These headers make more sense to me and it does indeed seem to me that the previous Spamgrabber submission passes on the weird Outlook scrambling of the headers. But those are only internal Yahoo NNFMP lines, rather than external received lines, so no harm is done. I'm not confident Spamgrabber could be trusted in all situations but as other active members here use it and have not notified about problems I suppose it is safe. But no mysterious lost time in the routing and submission this time. I can only imagine that in your first case something happened within mail.rr.com after the date stamping but before you got to see it. Glitches do happen, I've become aware of several unrelated ISPs (including my own) recently having problems with POP3 servers leading to delayed clearance of messages through to recipients. Has Road Runner admitted to any such problems in their bulletins/notices? I guess not. Are there still problems? Link to comment Share on other sites More sharing options...
turetzsr Posted March 1, 2011 Share Posted March 1, 2011 ...May I ask why you chose to do it that way? I believe it would be far more helpful (for everybody) to include that post within this forum "thread." Would it be acceptable to you if I merged that post into this "thread?"Yes, because the previous two posters declared I was remiss in not posting to the Reporting Help section. I have complied....Oh, I see. I think you (reasonably) misinterpreted the main point Wazoo was making, which is that a Tracking URL would be helpful. Absent someone with the power to do so moving your post to the other Forum (which you can not do), the proper place (IMHO) for the tracking link is as a reply in this "thread." Based on your reply, I shall merge that other "thread" into this one. Thank you! Link to comment Share on other sites More sharing options...
JMark Posted March 1, 2011 Author Share Posted March 1, 2011 spam received at 12;42 EST today http://www.spamcop.net/sc?id=z4915062770zb...f7698e57af876bz Link to comment Share on other sites More sharing options...
showker Posted March 2, 2011 Share Posted March 2, 2011 More relevant now than ever. The 'lull' is over, we're back well over 250 per day, where a couple of months ago, we were down to about 30 a day Link to comment Share on other sites More sharing options...
Farelf Posted March 2, 2011 Share Posted March 2, 2011 spam received at 12;42 EST today http://www.spamcop.net/sc?id=z4915062770zb...f7698e57af876bz There is no way that could be delivered between networks "as is". There is no way it should even be delivered within a network as is. Something untoward is happening, probably within your provider (I'm assuming RR). Instead of deleting spam once reported, you might need to keep it for just a while for diagnostic purposes (and to prove it is not happening on your machine during the submission process - which is a possibility, actually, but a lesser one I suspect). If something is wrong at Road Runner they are going to need the "evidence" in order to investigate (if they do). Link to comment Share on other sites More sharing options...
JMark Posted March 2, 2011 Author Share Posted March 2, 2011 Sent via SpamGrabber: http://www.spamcop.net/sc?id=z4916378829z7...b453ba4968b6c9z Same email posted to AllinOne: http://www.spamcop.net/sc?id=z4916391190z7...727f6595ba419ez Link to comment Share on other sites More sharing options...
Farelf Posted March 2, 2011 Share Posted March 2, 2011 Yes, well I'm stumped. Those are nothing like the full headers (extraction process for pasting into the web submission form detailed at the bottom of http://www.spamcop.net/fom-serve/cache/122.html). There are no received lines at all - when the message ID indicates initiation through vmail2.sunshinemails.net and obviously the messages has transited to your provider for delivery, there has to be a received line. Is there a support service at Road Runner? Unless an Outlook and/or Road Runner user has some other suggestion it looks to me like that would be where you need to be headed. Are you getting other mail (spam or non-spam) with full headers (as in example at http://www.spamcop.net/fom-serve/cache/17.html)? Link to comment Share on other sites More sharing options...
JMark Posted March 2, 2011 Author Share Posted March 2, 2011 Are you getting other mail (spam or non-spam) with full headers (as in example at http://www.spamcop.net/fom-serve/cache/17.html)? This comment triggered a thought. When I c/p the header extracted by SpamGrabber to a text message, I get a "received from" as follows (assuming I'm not violating any board rules. My email was blanked) : Return-Path: <cb8.2bdda66[at]vmail2.sunshinemails.net> Reply-To: "Stock Castle" <up[at]stockcastle.com> From: "Stock Castle" <up[at]stockcastle.com> To: <*********[at]cfl.rr.com> Subject: Alert: ORRV ready to soar Date: Wed, 2 Mar 2011 03:08:50 -0500 Message-ID: <0cb8.2bdda66.3e0c2a7[at]vmail2.sunshinemails.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_019C_01CBD887.4B410CD0" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQGs/qI587wduX74LqfutHM1mlAnVQ== List-Unsubscribe: <mailto:unsubscribe-241784067-b925f25311107092d8af0e7c77f50285[at]mynewsletterbuilder.com> X-SpamFlt-Status: spam X-KASFlt-Status: Profiles 19631 [Mar 01 2011] X-KASFlt-Status: Version: 4.4.2 (May 26 2010 17:02:10) X-KASFlt-Status: Envelope from: X-KASFlt-Status: Rate: 0 X-KASFlt-Status: Status: not_detected X-KASFlt-Status: Method: none X-SpamFlt-Phishing: Heuristic detected <body snipped> Admittedly a novice, but the only difference I see is a "From:" instead of a "Received from:" Link to comment Share on other sites More sharing options...
Farelf Posted March 2, 2011 Share Posted March 2, 2011 Different things - the looked-for "received:" lines are inserted by servers handling the mail. The "From:" line is inserted by the sender via their mail application (and is often meaningless/forged in "mainstream" spam) Link to comment Share on other sites More sharing options...
JMark Posted March 2, 2011 Author Share Posted March 2, 2011 Different things - the looked-for "received:" lines are inserted by servers handling the mail. The "From:" line is inserted by the sender via their mail application (and is often meaningless/forged in "mainstream" spam) Which in turn is different from "Return-Path?" Following up with Brighthouse. Will post any updates. Link to comment Share on other sites More sharing options...
Farelf Posted March 2, 2011 Share Posted March 2, 2011 Which in turn is different from "Return-Path?" Following up with Brighthouse. Will post any updates. Yes, "return-path:" is specified by the sender, like "reply-to:" (and "from:". Here's an explanation of the three: http://stackoverflow.com/questions/1235534...ply-to-and-from Link to comment Share on other sites More sharing options...
JMark Posted March 2, 2011 Author Share Posted March 2, 2011 Yes, "return-path:" is specified by the sender, like "reply-to:" (and "from:". Here's an explanation of the three: http://stackoverflow.com/questions/1235534...ply-to-and-from I apologize for the imprecise question. I should have asked is Received-from different than Return-path? That is, does spamcop treat them differently? Thanks Link to comment Share on other sites More sharing options...
Farelf Posted March 2, 2011 Share Posted March 2, 2011 I apologize for the imprecise question. I should have asked is Received-from different than Return-path? That is, does spamcop treat them differently?No worries. SC uses none of them, only the server-stamped "Received:" lines like (from your first example)Received: from [92.241.172.104] by web121614.mail.ne1.yahoo.com via HTTP; Thu, 24 Feb 2011 04:04:45 PSTThe header line designation is the bit to the left of the colon - : Link to comment Share on other sites More sharing options...
JMark Posted March 2, 2011 Author Share Posted March 2, 2011 No worries. SC uses none of them, only the server-stamped "Received:" lines like (from your first example) Understood... two separate header references. The header line designation is the bit to the left of the colon - : Yes, understood. So we have a situation where some spam are received with a "Received:" header and some apparently are not. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2011 Share Posted March 8, 2011 actually thinking that this last bit of discussion needs to be split off into a new Topic, probably the Lounge Forum section, as it hasn't that much to do with 'this' Topic. So we have a situation where some spam are received with a "Received:" header and some apparently are not. As Farelf has already asked, just how are you actually 'receiving' these e-mails with the lack of any Received: lines? Without those lines. the suggestion would be that these did not traverse the internet at all, yet even 'internal' e-mails (i.e. an AOL/HotMail/Yahoo user to another AOL/HotMail/Yahoo user) still use Recieved: lines showing the 'internal' non-routable IP Addresses of the various servers involved in handling the e-mail involved. The only thing I can think of that could resilt in zero Received: lines is some sort of e-mail client that offers up some 'simple' header display that strips out what someone considered unimportant data ????? Definitely not usefull at all from a spamcop.net Reporting perspective. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.