nnelson Posted March 7, 2013 Share Posted March 7, 2013 I just forwarded this spam email (from Mozilla Thunderbird) to SpamCop (my email address removed) --------- Return-Path: <jpalardy[at]cardio.ru> Delivered-To: my email addresss removed Received: from guadix.filtered.smtp.infowest.com (guadix.filtered.smtp.infowest.com [209.33.201.202]) by barbate.infowest.com (Postfix) with ESMTP id 4BFCDF188B for <my email addresss removed>; Thu, 7 Mar 2013 11:36:42 -0700 (MST) Received: from cabrera.scan.iwsmtp.com (cabrera.scan.iwsmtp.com [iPv6:2604:2c00:0:105::11]) by guadix.filtered.smtp.infowest.com (Postfix) with ESMTP id 3ZMLCZ0ctHzDPrC for <my email addresss removed>; Thu, 7 Mar 2013 11:36:42 -0700 (MST) Received: from 178.123.20.50 ([178.123.20.50]) by cabrera.scan.iwsmtp.com (8.14.3/8.14.3/Debian-9.4) with SMTP id r27IacKZ025783 for <my email addresss removed>; Thu, 7 Mar 2013 11:36:41 -0700 Received: from unknown (HELO t1ts) ([48.74.112.215]) by 178.123.20.50 with ESMTP; Thu, 7 Mar 2013 21:40:54 +0300 Message-ID: <001b01ce1b62$b596d8b0$304a70d7[at]AdminHPt1ts> From: "Sadie Cochran" <jpalardy[at]cardio.ru> To: <my email addresss removed> Subject: This Stock is Set to Fly Date: Thu, 7 Mar 2013 21:31:40 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-spam-Score: undef - spam scanning disabled X-CanIt-Geo: ip=178.123.20.50; country=BY; region=02; city=Gomel; latitude=52.4417; longitude=30.9833; http://maps.google.com/maps?q=52.4417,30.9833&z=6 X-CanItPRO-Stream: my email addresss removed (inherits from default) X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 209.33.205.11 Gold and GemStone Mining Inc. Confirms JV Contract Including West African Mining Partnership. Trading Date: Thursday, March 7th, 2013 Name: GOLD AND GEMSTONE MINING, CORP Symbol to buy: G G_SM Closed Price: $.0175 Target Price: $0.35 Check Out This Chart. OUR MOMO IS INSIDE... -------------- I recieved back the following from SpamCop > SpamCop encountered errors while saving spam for processing: > SpamCop could not find your spam message in this email: I put the same text above in the spam text box on the Report spam page and the return page says the email originates with my ISP, the first IP in the header. If you go to http://whatismyipaddress.com/trace-email and put the email header info their text box, return page gives the following --------------- The source IP address is 48.74.112.215. Geo-Location Information Country United States State/Region NJ City Newark Latitude 40.7355 Longitude -74.1741 Area Code 973 -------------- 48.74.112.215 is the last 'Received: from' IP in the header. The spam originates from either this IP, 48.74.112.215, or the next one 178.123.20.50 and not from my ISP. I can put the IP address 48.74.112.215 in the spam text area of the 'Report spam' page and the return page indicates it can not do anything with that address. I have spam but SpamCop is having difficulty doing anything with it. Neil Link to comment Share on other sites More sharing options...
petzl Posted March 8, 2013 Share Posted March 8, 2013 I just forwarded this spam email (from Mozilla Thunderbird) to SpamCop (my email address removed) 48.74.112.215 is the last 'Received: from' IP in the header. The spam originates from either this IP, 48.74.112.215, or the next one 178.123.20.50 and not from my ISP. I can put the IP address 48.74.112.215 in the spam text area of the 'Report spam' page and the return page indicates it can not do anything with that address. I have spam but SpamCop is having difficulty doing anything with it. Neil http://www.spamcop.net/sc?id=z5473284637z5...189099f76f2b4dz just past the SpamCop link at top o report makes it easier (your email address is usually removed SpamCop uses "cached" entries which sometimes/often change before updating I pushed the "Refresh/Show" link which now gives new reporting addresses http://www.spamcop.net/sc?track=48.74.112.215 Before I got Cached whois for 48.74.112.215 : ed_mann[at]ccmail.prusec.com Using last resort contacts ed_mann[at]ccmail.prusec.com ed_mann[at]ccmail.prusec.com bounces (6 sent : 6 bounces) Using ed_mann#ccmail.prusec.com[at]devnull.spamcop.net for statistical tracking. However I make it the spam came from botnet IP 178.123.20.50 SpamCop is falling over because your email provider don't appear to be stamping it's headers correctly? Received: from cabrera.scan.iwsmtp.com (cabrera.scan.iwsmtp.com [iPv6:2604:2c00:0:105::11]) Possibly a intranet? Link to comment Share on other sites More sharing options...
Farelf Posted March 8, 2013 Share Posted March 8, 2013 The initial problem with the "SpamCop encountered errors" sounds like the spam was not forwarded as an attachment? Have you successfully reported through e-mail previously? As to the identification of your own provider as spam source, that certainly is due to something being wrong with your mailhosts setup. I suggest you contact SC Admin Don D'Minion with your reporting account details at service[at]admin.spamcop.net to see if he can assist (don't post any of that detail here). Your spam is fine (in the sense of being "parseable", not to imply any particular enthusiasm for it) - please discuss any further examples with the Tracking URL which is available even for "failed" parses. Here is what that one looks like run through a non-mailhosted account (and cancelled, because it's your spam, not mine): http://www.spamcop.net/sc?id=z5473284068z1...124e7862b5bc06z Hmmm ... that's the first instance of an IPv6 resolution I've seen - I don't think - or that shouldn't - have anything to do with your problems, just saying thanks for the data. infowest.com is always going to be identified as the source without a mailhost set-up to include them in "your" network. I think. Topic moved from "FAQ under construction" section (not to worry, that often happens). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.