kolor Posted March 1, 2015 Posted March 1, 2015 Hi I would ask about issue with Forgery spam.I have 2 headers.One is good but second is forgery .For my looks both are the same .Of course they are have two different IP number and different name but the line is complicit the same.I number them.Are 18 line .What make them differs.???? Good headershttps://www.spamcop.net/sc?id=z6062694252ze6aa26b28689e544611100206e468cf2z1.Return-Path: <ekvnm[at]camerata.silesia.pl>2.Received: by o2.pl (o2.pl mailsystem) with LMTP; 3.Sun, 01 Mar 2015 11:33:15 +01004.Received: from 72081hd63117.ikexpress.com [213.246.63.117] 5.by mx13.o2.pl with ESMTP id rGbWCE; 6.Sun, 01 Mar 2015 11:33:52 +01007.Received-SPF: softfail (mx13.o2.pl: domain of transitioning ekvnm[at]camerata.silesia.pl 8.does not designate 213.246.63.117 as permitted sender)9.Message-ID: <2221094872-DVILVLATAXFNGSLNJDNEJQ[at]dns1.klub80.pl>10.From: "Norbert Drewniak" <Drewniak.Norbert[at]klub80.pl>11.Subject: Teraz daje szanse zarobic Tobie.12.To: blondiemila[at]o2.pl13.Date: Sun, 01 Mar 2015 14:27:38 +040014.Mime-Version: 1.015.Content-Type: text/plain;16.Content-Transfer-Encoding: 7Bit17.X-O2-Trust: 3, 8718.X-O2-SPF: softfail#####################################Looks like a forgery WHY ??https://www.spamcop.net/sc?id=z6062695892z6435c94f05ad16ff4980b2694180b9e7z1.Return-Path: <wjdtjbf[at]interagent.com.pl>2.Received: by o2.pl (o2.pl mailsystem) with LMTP; 3.Sun, 01 Mar 2015 12:02:12 +01004.Received: from sl1.hosting.bknnet.dk [5.35.248.14] 5.by mx6.o2.pl with ESMTP id MMrhvf; 6.Sun, 01 Mar 2015 12:03:45 +01007.Received-SPF: none (mx6.o2.pl: domain of wjdtjbf[at]interagent.com.pl 8.does not designate permitted sender hosts)9.Message-ID: <719788174777634-XELISDZUINTVKWRSWKFAYXH[at]dns6.golfsport.pl>10.From: "Cyryl Lepkowski" <Lepkowski.Cyryl[at]golfsport.pl>11.Subject: Ta metoda jest czyms czego nie odrzucisz!12.To: kolor1[at]o2.pl13.Date: Sun, 01 Mar 2015 14:02:46 -050014.Mime-Version: 1.015.Content-Type: text/plain;16.Content-Transfer-Encoding: 7Bit17.X-O2-Trust: 3, 8318.X-O2-SPF: none
Lking Posted March 1, 2015 Posted March 1, 2015 I thank the answer may be in the difference in the two headers, lines you have labeled as 7-8 (that is really only one entry).Go to the tracking URL, what the parser said about the forgery, https://www.spamcop....80b2694180b9e7zAt the bottom of that page, right above 'nothing to do' in red, is a link to Example: What spam headers should look likeRead the Note.The parser starts at the top of the header and steps from your server toward the source of the email. Your server (2-3) received the email, from (4-6) who appear to have received the email from lines (7-8).Looking at the differences between the two messages referenced, you can see the difference in the "source" of the email (7-8) and the first trusted server that received the email (4-6) and how those lines relate.Keep in mind that the bottom, first, received line in the header is provided by the source of the email and can be forged like many other line in the header. Being provided by the accused spammer's server, that received line may not be trusted.As stated before, If spamcop can not identify with certainty the source then they can not/should not send spam reports for you, i.e. 'nothing to do'. Anyway that is the way I read the headers. Others with more experience may read them differently. At any rate, as you reported to me in a privet email, SpamCop advised you in response to your emailed question, 'the header appears to be forged, you should just delete the reported spam.' Without any valid information about the source, I don't see there is anything else to do.
kolor Posted March 1, 2015 Author Posted March 1, 2015 Ok that why sending email from my account in Gmail to server in my Polish account have been seeing as forgery . https://www.spamcop.net/sc?id=z6062797623z60b4a38fa6dde4ffbb88149520761af9z Return-Path: <iiiiikolor[at]gmail.com>Received: by o2.pl (o2.pl mailsystem) with LMTP; Sun, 01 Mar 2015 20:17:01 +0100Received: from mail-ie0-f172.google.com [209.85.223.172] by mx6.o2.pl with ESMTP id AXGXnb; Sun, 01 Mar 2015 20:17:03 +0100Received-SPF: pass (mx6.o2.pl: domain of iiiiikolor[at]gmail.com designates 209.85.223.172 as permitted sender)Received: by mail-ie0-f172.google.com with SMTP id rd18so42732642iec.8 for <x>; Sun, 01 Mar 2015 11:17:02 -0800 (PST)DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=kzVruU4hySUA1yv/r/xiWrhyDrmaH10MkU4GttsFzU8=; b=mTRJD7f8Cc+gjVV5djKaqDvQ4j6oZFLk96i9wduG6XzJ0ieW0xvppKXx4LviGj65ot xA/9G/ABI2+lYiF2WAc/u+8kpaZ4ju5Yk50X6F9ozZI8aMAIqMUfVvgJE1ytU1wPD/6K 4nRvTW9VE09UoZZObWFvbIjt0KX3IQZX8v47mNMwcj/PFcawA8T9C2vZuBGAaIgwhIIB EFHblQ4EIJkQd7iFmXrxnZ+qSBlBXa+2ZRfQS1GKB3ST/a5U8d/lZNWJCVg7CVvJZEZ+ 7iBWMZ9Ov7rn4NuBMSyC5yZ9ZWGDwRNgc+U0uXtckpoFtmM0V/ip+f5gqlJPPp0JpQUp WHhw==MIME-Version: 1.0X-Received: by 10.42.50.73 with SMTP id z9mr27866102icf.53.1425237422574; Sun, 01 Mar 2015 11:17:02 -0800 (PST)Received: by 10.107.36.10 with HTTP; Sun, 1 Mar 2015 11:17:02 -0800 (PST)Date: Sun, 1 Mar 2015 20:17:02 +0100Message-ID: <CAEO___________________________________________EWfQ[at]mail.gmail.com>Subject: dfsdaFrom: olek li <iiiiikolor[at]gmail.com>To: xX-Content-Type: multipart/alternative; boundary=90e6ba6e8f444b11c905103ef238X-O2-Trust: 3, 80X-O2-SPF: passContent-Type: text/plainX-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack)
Lking Posted March 1, 2015 Posted March 1, 2015 Yes I would gather that your ISP is not formatting packet information from your browser (where you create the email input to Goggle) correctly, so that when Goggle puts the first received line in the header it appears to be a forgery when spamcop's parser tries to evaluate it. Another option is that you browser is creating the information that looks like a forgery. What browser are you using?
kolor Posted March 1, 2015 Author Posted March 1, 2015 I use Nightly 39.0a1 .Do you think Browser change or do something wrong.
Lking Posted March 1, 2015 Posted March 1, 2015 That I assume is a rhetorical question. Of course I think browsers (can) change or do something wrong. The most obvious example is If you have written a webpage in HTML, pick your standard, more involved than 'Hello World!" and looked at it using, IE, FireFox, Chrome, Opera, and Safari you will see that each browser presents the same webpage differently. If they all can't follow a HTML standard in the same way, why would you think that they that they couldn't make a error in the processing of information from a Google webpage on your PC back to a Google server? Do a search here for current threads about problems with Yahoo. What evidence is there to make someone think that Google could not also have errors in their email applications? There are several options, the browser you use (I too use FireFox), Google's email webpage (I don't use webmail), Google's server email application. From this side of my screen I can not know which. You would be in a better position to try different combinations to isolate the problem.
kolor Posted March 2, 2015 Author Posted March 2, 2015 The main problem was in Firefox Nightly .I think as a Beta made problem .And spamcop see those headers as forgery.No I use internet Explore and all emails is good . Person from service said my use mail mailhosts .I have 1 windows and I can put headers + body spam . but for my understanding I would like ask about 2 issue . 1.Spammer will be remove my email from his spamming list or not .Because If I will receive spam I will report it here . That spammer server not will work longer .?? 2.Welcome, kolor.Your average reporting time is: 8 hours; Pretty good! ----------- what it means .I have never spend that a lot of time .
Lking Posted March 3, 2015 Posted March 3, 2015 1. I do not think your email from their list. It takes more effort to scrub their list than it is worth to them. 2. If you follow the link you will see SpamCop's explanation of what the average time is. The average reporting time is a measure of how quickly you report spam.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.