amnixed Posted February 26, 2014 Share Posted February 26, 2014 Hello Everyone, I have noticed for sometime that in some cases, Spamcop sends the report to the originating host, but not to the relay. Here is my last example: Received: from emea01-db3-obe.outbound.protection.outlook.com (emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318 for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST) Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000 Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000 spam report id 6085220656 sent to: postmaster[at]relianceada.com spam report id 6085220657 sent to: abuse.support[at]relianceada.com Spamcop identifies the host 115.242.41.217 as the originator, and sends the report to them. But how about emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]? It was that host which sent this piece of mail to our mail server. Why is the report not sent to MS/Outlook? Link to comment Share on other sites More sharing options...
lisati Posted February 26, 2014 Share Posted February 26, 2014 My $0.02 worth, which is open to correction from better informed contributors to this site, is that IP addresses 10.x.x.x are commonly used on local networks. Link to comment Share on other sites More sharing options...
Farelf Posted February 27, 2014 Share Posted February 27, 2014 Hmmm ... the relianceada.com -> outlook.com/hotmail.com pair certainly are reportable looking at past reports for 157.56.120.98, with current instances of reports going to both (for the same spam). Can only assume there might be something in the O/P's mailhosting that makes the parser think MS is within his network hosting. One for Don, perhaps? Link to comment Share on other sites More sharing options...
amnixed Posted February 27, 2014 Author Share Posted February 27, 2014 Hmmm ... the relianceada.com -> outlook.com/hotmail.com pair certainly are reportable looking at past reports for 157.56.120.98, with current instances of reports going to both (for the same spam). Can only assume there might be something in the O/P's mailhosting that makes the parser think MS is within his network hosting. One for Don, perhaps? I should have saved the full Spamcop analysis/report, I'll do it the next time I see this. Link to comment Share on other sites More sharing options...
Farelf Posted February 27, 2014 Share Posted February 27, 2014 I should have saved the full Spamcop analysis/report, I'll do it the next time I see this. You can retrieve any past report from your member page. You need to get the tracking URL from the parse page - it is the link near the top of the parse result with the words to the effect that you can save the link for future reference. Look uo the Wiki article http://forum.spamcop.net/scwik/TrackingURL if you need more detail. Link to comment Share on other sites More sharing options...
amnixed Posted February 27, 2014 Author Share Posted February 27, 2014 You can retrieve any past report from your member page. You need to get the tracking URL from the parse page - it is the link near the top of the parse result with the words to the effect that you can save the link for future reference. Look uo the Wiki article http://forum.spamcop.net/scwik/TrackingURL if you need more detail. Thanks for the hint, I have retrieved the SpamCop page in question, here it is: SpamCop v 4.8.1.007 © 2014 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z5764379814z2...a342557f257516z Skip to Reports Return-Path: <x> Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Wed, 26 Feb 2014 15:13:52 -0500 X-Sieve: CMU Sieve 2.4 Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 47A0727379 for <x>; Wed, 26 Feb 2014 15:13:52 -0500 (EST) X-Virus-Scanned: amavisd-new at telissant.net X-spam-Flag: NO X-spam-Score: 3.616 X-spam-Level: *** X-spam-Status: No, score=3.616 tagged_above=-9999 required=6.2 tests=[AXB_ONMS_LEAKS=2.999, BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO=1, RCVD_IN_DNSWL_NONE=-0.0001, SUBJ_ALL_CAPS=1.506, T_FREEMAIL_DOC_PDF=0.01] autolearn=no Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQIxkzTycQgG for <x>; Wed, 26 Feb 2014 15:13:35 -0500 (EST) Received: from emea01-db3-obe.outbound.protection.outlook.com (emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318 for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST) Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000 Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000 Content-Type: multipart/mixed; boundary="===============0270483437==" MIME-Version: 1.0 Subject: YOU ARE NO: 2 To: x <x> From: "Mr. X" <x> Date: Thu, 27 Feb 2014 01:27:56 +0530 Reply-To: <micro.datas[at]live.com> Message-ID: <290fa07b-c6cb-4d5b-8580-28e7084dd6d7[at]AM3PR03MB387.eurprd03.prod.outlook.com> X-Originating-IP: [115.242.41.217] X-ClientProxiedBy: SINPR03CA008.apcprd03.prod.outlook.com (10.242.48.28) To AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) X-Forefront-PRVS: 0134AD334F X-Forefront-Antispam-Report: SFV:SPM;SFS:(10009001)(6049001)(6009001)(189002)(199002)(71186001)(81342001)(66066001)(65816001)(76796001)(90146001)(80022001)(69226001)(79102001)(43066001)(49866001)(74706001)(59766001)(50986001)(47736001)(47976001)(93136001)(76786001)(56816005)(56776001)(76576001)(76176001)(93516002)(4396001)(77096001)(63696002)(81542001)(85852003)(74876001)(42186004)(51856001)(94316002)(87976001)(54356001)(47446002)(92726001)(86362001)(95416001)(89136004)(64872006)(86442001)(74502001)(94946001)(74662001)(74316001)(31696002)(86902001)(76482001)(54316002)(81816001)(80976001)(74366001)(77982001)(568964001)(325944007)(46102001)(95666003)(512934002)(19580395003)(33646001)(19580405001)(83322001)(87266001)(85306002)(81686001)(81956001)(83072002)(84326002)(361154004);DIR:OUT;SFP:1501;SCL:5;SRVR:AM3PR03MB387;H:[115.242.41.217];CLIP:115.242.41.217;FPR:68C0FCEE.1CB39380.7FDC3283.44CD09D8.200FC;MLV:spm;PTR:InfoNoRecords;MX:1;A:0;LANG:en; X-OriginatorOrg: microNo2winner.onmicrosoft.com View entire message Parsing header: Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Wed, 26 Feb 2014 15:13:52 -0500 Ignored Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 47A0727379 for <x>; Wed, 26 Feb 2014 15:13:52 -0500 (EST) host 127.0.0.1 (getting name) no name 127.0.0.1 discarded Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQIxkzTycQgG for <x>; Wed, 26 Feb 2014 15:13:35 -0500 (EST) host 127.0.0.1 (getting name) no name 127.0.0.1 discarded Received: from emea01-db3-obe.outbound.protection.outlook.com (emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318 for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST) host 157.56.120.98 = emea01-db3-ndr.ptr.protection.outlook.com (cached) emea01-db3-ndr.ptr.protection.outlook.com is 157.56.120.98 Possible spammer: 157.56.120.98 157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com Host emea01-db3-ndr.ptr.protection.outlook.com (checking ip) = 157.56.120.97 157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com emea01-db3-ndr.ptr.protection.outlook.com is 157.56.120.98 emea01-db3-ndr.ptr.protection.outlook.com = 157.56.120.98 Received line accepted Relay trusted (157.56.120 157.56.120.98) Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000 Masking IP-based 'by' clause. Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000 host 10.242.18.21 (getting name) no name 157.56.120.98 not listed in cbl.abuseat.org 157.56.120.98 not listed in dnsbl.sorbs.net 157.56.120.98 is not an MX for smtpb.telissant.net 157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com 157.56.120.98 is not an MX for AM3PR03MB482.eurprd03.prod.outlook.com 157.56.120.98 is not an MX for smtpb.telissant.net 10.242.18.21 discarded Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000 Masking IP-based 'by' clause. Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000 no from host 115.242.41.217 (getting name) no name 157.56.120.98 not listed in cbl.abuseat.org 157.56.120.98 not listed in dnsbl.sorbs.net 157.56.120.98 is not an MX for smtpb.telissant.net 157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com 157.56.120.98 is not an MX for AM3PR03MB387.eurprd03.prod.outlook.com 157.56.120.98 is not an MX for smtpb.telissant.net Possible spammer: 115.242.41.217 Possible relay: 157.56.120.98 <----------------------------------------------- Looks like a relay! ^^^^^^^^^^^^^^^^^^^ Received line accepted Tracking message source: 115.242.41.217: Routing details for 115.242.41.217 [refresh/show] Cached whois for 115.242.41.217 : abuse.support[at]relianceada.com Using abuse net on abuse.support[at]relianceada.com abuse net relianceada.com = abuse.support[at]relianceada.com, postmaster[at]relianceada.com Using best contacts abuse.support[at]relianceada.com postmaster[at]relianceada.com Message is 21 hours old 115.242.41.217 not listed in cbl.abuseat.org 115.242.41.217 not listed in dnsbl.sorbs.net 115.242.41.217 not listed in accredit.habeas.com 115.242.41.217 not listed in plus.bondedsender.org 115.242.41.217 not listed in iadb.isipp.com Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found Reports regarding this spam have already been sent: Re: 115.242.41.217 (Administrator of network where email originates) Reportid: 6085220656 To: postmaster[at]relianceada.com Reportid: 6085220657 To: abuse.support[at]relianceada.com If reported today, reports would be sent to: Re: 115.242.41.217 (Administrator of network where email originates) postmaster[at]relianceada.com abuse.support[at]relianceada.com Link to comment Share on other sites More sharing options...
Farelf Posted February 28, 2014 Share Posted February 28, 2014 Don't know why the parser didn't cause a report to go to MSN/hotmail when it has for others (at least where 157.56.120.98 is concerned): Submitted: Friday, 28 February 2014 9:02:21 AM +0800: [ns-hostmaster] REPLY ASAP 6085885940 ( 157.56.120.98 ) To: report_spam[at]hotmail.com 6085885939 ( 115.185.39.208 ) To: abuse.support[at]relianceada.com 6085885938 ( 115.185.39.208 ) To: postmaster[at]relianceada.com ___________________________________________________________ Submitted: Friday, 28 February 2014 6:25:03 AM +0800: PENDING DELIVERY NOTIFICATION ! 6085843251 ( 95.241.228.1 ) To: abuse[at]retail.telecomitalia.it 6085843250 ( 95.241.228.1 ) To: postmaster[at]business.telecomitalia.it 6085843249 ( 157.56.120.98 ) To: report_spam[at]hotmail.com ___________________________________________________________ Submitted: Friday, 28 February 2014 3:52:20 AM +0800: LOAN OFFER 6085789870 ( 199.101.199.93 ) To: abuse_afnca[at]afnca.com 6085789869 ( 157.56.120.98 ) To: report_spam[at]hotmail.com ___________________________________________________________ Submitted: Thursday, 27 February 2014 11:32:00 PM +0800: Do you need any financial assistance? Apply Now 6085666549 ( Forwarded spam ) To: [concealed user-defined recipient] 6085666548 ( Forwarded spam ) To: [concealed user-defined recipient] 6085666547 ( 157.56.120.98 ) To: report_spam[at]hotmail.com 6085666546 ( 101.58.177.152 ) To: [concealed user-defined recipient] 6085666545 ( 101.58.177.152 ) To: abuse.support[at]relianceada.com 6085666544 ( 101.58.177.152 ) To: postmaster[at]relianceada.com ___________________________________________________________ Submitted: Thursday, 27 February 2014 11:05:49 PM +0800: Do you need any financial assistance? Apply Now 6085653432 ( 157.56.120.98 ) To: report_spam[at]hotmail.com 6085653431 ( 101.58.177.152 ) To: abuse.support[at]relianceada.com 6085653428 ( 101.58.177.152 ) To: postmaster[at]relianceada.com ___________________________________________________________ Submitted: Thursday, 27 February 2014 9:44:50 PM +0800: Re: 6085620361 ( 157.56.120.98 ) To: report_spam[at]hotmail.com 6085620360 ( 115.244.3.79 ) To: abuse.support[at]relianceada.com 6085620359 ( 115.244.3.79 ) To: postmaster[at]relianceada.com The history for 115.242.41.217 fails to pick up the above "pairing" of reports to source and relay. There must be a reason ... I figure Don would know it. Link to comment Share on other sites More sharing options...
amnixed Posted February 28, 2014 Author Share Posted February 28, 2014 Don't know why the parser didn't cause a report to go to MSN/hotmail when it has for others (at least where 157.56.120.98 is concerned): The history for 115.242.41.217 fails to pick up the above "pairing" of reports to source and relay. There must be a reason ... I figure Don would know it. Well, here is a new piece of spam (origin, apparently: 180.215.157.121; relay: webmail.tjal.jus.br [177.12.238.12]), and SpamCop appears to ignore sending report to the relay's (177.12.238.12) admin: Return-Path: <x> Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Thu, 27 Feb 2014 22:49:41 -0500 X-Sieve: CMU Sieve 2.4 Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 6E36227339 for <x>; Thu, 27 Feb 2014 22:49:41 -0500 (EST) X-Virus-Scanned: amavisd-new at telissant.net X-spam-Flag: NO X-spam-Score: 3.5 X-spam-Level: *** X-spam-Status: No, score=3.5 tagged_above=-9999 required=6.2 tests=[bAYES_50=0.8, RCVD_IN_PSBL=2.7] autolearn=no Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxWVvdoapdRS for <x>; Thu, 27 Feb 2014 22:49:21 -0500 (EST) X-Greylist: delayed 7279 seconds by postgrey-1.34 at barrida.3dresearch.com; Thu, 27 Feb 2014 22:49:20 EST Received: from webmail.tjal.jus.br (webmail.tjal.jus.br [177.12.238.12]) by smtpb.telissant.net (Postfix) with ESMTP id 6A1D42731F for <x>; Thu, 27 Feb 2014 22:49:20 -0500 (EST) Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 84AA16265F6E; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UDXZqSFDfcal; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 3F45A6265F70; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) X-Virus-Scanned: amavisd-new at tjal.jus.br Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id F2RBW48xWlmF; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) Received: from [180.215.157.121] (unknown [180.215.157.121]) by webmail.tjal.jus.br (Postfix) with ESMTPSA id 703D0626579F; Thu, 27 Feb 2014 22:37:19 -0300 (BRT) Content-Type: multipart/mixed; boundary="===============0246437836==" MIME-Version: 1.0 Subject: Call Mr.Terry Smith For Verification +919582116140. To: x <x> From: x Date: Fri, 28 Feb 2014 07:09:34 +0530 Reply-To: rbi-in[at]outlook.com Message-Id: <2014___________________579F[at]webmail.tjal.jus.br> View entire message Parsing header: Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Thu, 27 Feb 2014 22:49:41 -0500 Ignored Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 6E36227339 for <x>; Thu, 27 Feb 2014 22:49:41 -0500 (EST) host 127.0.0.1 (getting name) no name 127.0.0.1 discarded Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxWVvdoapdRS for <x>; Thu, 27 Feb 2014 22:49:21 -0500 (EST) host 127.0.0.1 (getting name) no name 127.0.0.1 discarded Received: from webmail.tjal.jus.br (webmail.tjal.jus.br [177.12.238.12]) by smtpb.telissant.net (Postfix) with ESMTP id 6A1D42731F for <x>; Thu, 27 Feb 2014 22:49:20 -0500 (EST) host 177.12.238.12 = webmail.tjal.jus.br (cached) webmail.tjal.jus.br is 177.12.238.12 Possible spammer: 177.12.238.12 177.12.238.12 is an MX for tjal.jus.br 177.12.238.12 is mx Received line accepted Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 84AA16265F6E; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) host 127.0.0.1 (getting name) no name 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net 177.12.238.12 is not an MX for smtpb.telissant.net 177.12.238.12 is an MX for tjal.jus.br 127.0.0.1 discarded Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UDXZqSFDfcal; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) host 127.0.0.1 (getting name) no name 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net 177.12.238.12 is not an MX for smtpb.telissant.net 177.12.238.12 is an MX for tjal.jus.br 127.0.0.1 discarded Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 3F45A6265F70; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) host 127.0.0.1 (getting name) no name 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net 177.12.238.12 is not an MX for smtpb.telissant.net 177.12.238.12 is an MX for tjal.jus.br 127.0.0.1 discarded Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id F2RBW48xWlmF; Thu, 27 Feb 2014 22:37:38 -0300 (BRT) host 127.0.0.1 (getting name) no name 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net 177.12.238.12 is not an MX for smtpb.telissant.net 177.12.238.12 is an MX for tjal.jus.br 127.0.0.1 discarded Received: from [180.215.157.121] (unknown [180.215.157.121]) by webmail.tjal.jus.br (Postfix) with ESMTPSA id 703D0626579F; Thu, 27 Feb 2014 22:37:19 -0300 (BRT) no from host 180.215.157.121 (getting name) no name 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net 177.12.238.12 is not an MX for smtpb.telissant.net 177.12.238.12 is an MX for tjal.jus.br Possible spammer: 180.215.157.121 Host webmail.tjal.jus.br (checking ip) = 177.12.238.12 177.12.238.12 not listed in cbl.abuseat.org 177.12.238.12 not listed in dnsbl.sorbs.net Chain test:webmail.tjal.jus.br =? webmail.tjal.jus.br webmail.tjal.jus.br and webmail.tjal.jus.br have same hostname - chain verified Possible relay: 177.12.238.12 Received line accepted Tracking message source: 180.215.157.121: Routing details for 180.215.157.121 [refresh/show] Cached whois for 180.215.157.121 : nw_pdsn[at]mtsindia.in Using last resort contacts nw_pdsn[at]mtsindia.in Message is 3 hours old 180.215.157.121 not listed in cbl.abuseat.org 180.215.157.121 listed in dnsbl.sorbs.net ( 1 ) 180.215.157.121 not listed in accredit.habeas.com 180.215.157.121 not listed in plus.bondedsender.org 180.215.157.121 not listed in iadb.isipp.com Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found Reports regarding this spam have already been sent: Re: 180.215.157.121 (Administrator of network where email originates) Reportid: 6086025644 To: nw_pdsn[at]mtsindia.in If reported today, reports would be sent to: Re: 180.215.157.121 (Administrator of network where email originates) nw_pdsn[at]mtsindia.in Link to comment Share on other sites More sharing options...
Farelf Posted February 28, 2014 Share Posted February 28, 2014 I'm guessing you don't actually have your mailhosts set up? That could make all the difference. A non-mailhosted parse drills through to the apparent source, testing the delivery chain as it goes, trusting there are no "clever forgeries" along the way. A mailhosted parse simply assigns blame at the boundary of your network/extended network except somehow, as seen (maybe) in those past reports, it may go deeper when needed, past any assured relay, as well. Well, that makes sense to me anyway. Needs some expert review of your data, as a mere user I haven't the knowledge to be able to say for sure without the guesswork. Link to comment Share on other sites More sharing options...
amnixed Posted February 28, 2014 Author Share Posted February 28, 2014 I'm guessing you don't actually have your mailhosts set up? That could make all the difference. A non-mailhosted parse drills through to the apparent source, testing the delivery chain as it goes, trusting there are no "clever forgeries" along the way. A mailhosted parse simply assigns blame at the boundary of your network/extended network except somehow, as seen (maybe) in those past reports, it may go deeper when needed, past any assured relay, as well. Well, that makes sense to me anyway. Needs some expert review of your data, as a mere user I haven't the knowledge to be able to say for sure without the guesswork. I'm not sure what you mean by "your mailhosts set up": if you mean "does my mailhost send spam messages to SpamCop automatically", then the answer is "No". Link to comment Share on other sites More sharing options...
lisati Posted February 28, 2014 Share Posted February 28, 2014 I'm not sure what you mean by "your mailhosts set up": if you mean "does my mailhost send spam messages to SpamCop automatically", then the answer is "No". Not exactly. "Mailhosts setup" refers to a way of helping the Spamcop reporting system correctly analyse the messages you report. From http://www.spamcop.net/fom-serve/cache/397.html For users with only one email address, the process is easy. Simply log into your SpamCop reporting account and click on the Mailhosts tab at the top of the page. Click on the link at the the bottom of the page to Add first hosts and follow the instructions. For users using their SpamCop email account exclusively, the process is even easier - it is already done. Note: if you forward SpamCop email into or from the SpamCop system, you still have to configure the other email accounts involved. Link to comment Share on other sites More sharing options...
amnixed Posted March 10, 2014 Author Share Posted March 10, 2014 Not exactly. "Mailhosts setup" refers to a way of helping the Spamcop reporting system correctly analyse the messages you report. From http://www.spamcop.net/fom-serve/cache/397.html Sorry for the belated reply. To answer your question, my mailhost is set up. Link to comment Share on other sites More sharing options...
Farelf Posted March 10, 2014 Share Posted March 10, 2014 Thanks for clearing that up. I have absolutely no idea then why relays are sometimes picked up (as it seems from the past reports history) and sometimes not - as in your case and also other instances in the past reports. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.