Jump to content

Forgery spam how fight


Recommended Posts

Hi I would ask about issue with Forgery spam.I have 2 headers.One is good but second is forgery .For my looks both are the same .Of course they are have two different IP number and different name but the line is complicit the same.I number them.Are 18 line .What make them differs.????

Good headers

1.Return-Path: <ekvnm[at]camerata.silesia.pl>
2.Received: by o2.pl (o2.pl mailsystem) with LMTP;
3.Sun, 01 Mar 2015 11:33:15 +0100
4.Received: from 72081hd63117.ikexpress.com []
5.by mx13.o2.pl with ESMTP id rGbWCE;
6.Sun, 01 Mar 2015 11:33:52 +0100
7.Received-SPF: softfail (mx13.o2.pl: domain of transitioning ekvnm[at]camerata.silesia.pl
8.does not designate as permitted sender)
9.Message-ID: <2221094872-DVILVLATAXFNGSLNJDNEJQ[at]dns1.klub80.pl>
10.From: "Norbert Drewniak" <Drewniak.Norbert[at]klub80.pl>
11.Subject: Teraz daje szanse zarobic Tobie.
12.To: blondiemila[at]o2.pl
13.Date: Sun, 01 Mar 2015 14:27:38 +0400
14.Mime-Version: 1.0
15.Content-Type: text/plain;
16.Content-Transfer-Encoding: 7Bit
17.X-O2-Trust: 3, 87
18.X-O2-SPF: softfail

Looks like a forgery WHY ??

1.Return-Path: <wjdtjbf[at]interagent.com.pl>
2.Received: by o2.pl (o2.pl mailsystem) with LMTP;
3.Sun, 01 Mar 2015 12:02:12 +0100
4.Received: from sl1.hosting.bknnet.dk []
5.by mx6.o2.pl with ESMTP id MMrhvf;
6.Sun, 01 Mar 2015 12:03:45 +0100
7.Received-SPF: none (mx6.o2.pl: domain of wjdtjbf[at]interagent.com.pl
8.does not designate permitted sender hosts)
9.Message-ID: <719788174777634-XELISDZUINTVKWRSWKFAYXH[at]dns6.golfsport.pl>
10.From: "Cyryl Lepkowski" <Lepkowski.Cyryl[at]golfsport.pl>
11.Subject: Ta metoda jest czyms czego nie odrzucisz!
12.To: kolor1[at]o2.pl
13.Date: Sun, 01 Mar 2015 14:02:46 -0500
14.Mime-Version: 1.0
15.Content-Type: text/plain;
16.Content-Transfer-Encoding: 7Bit
17.X-O2-Trust: 3, 83
18.X-O2-SPF: none

Link to comment
Share on other sites

I thank the answer may be in the difference in the two headers, lines you have labeled as 7-8 (that is really only one entry).

Go to the tracking URL, what the parser said about the forgery, https://www.spamcop....80b2694180b9e7z
At the bottom of that page, right above 'nothing to do' in red, is a link to Example: What spam headers should look like

Read the Note.

The parser starts at the top of the header and steps from your server toward the source of the email. Your server (2-3) received the email, from (4-6) who appear to have received the email from lines (7-8).

Looking at the differences between the two messages referenced, you can see the difference in the "source" of the email (7-8) and the first trusted server that received the email (4-6) and how those lines relate.

Keep in mind that the bottom, first, received line in the header is provided by the source of the email and can be forged like many other line in the header. Being provided by the accused spammer's server, that received line may not be trusted.

As stated before, If spamcop can not identify with certainty the source then they can not/should not send spam reports for you, i.e. 'nothing to do'.

Anyway that is the way I read the headers. Others with more experience may read them differently. At any rate, as you reported to me in a privet email, SpamCop advised you in response to your emailed question, 'the header appears to be forged, you should just delete the reported spam.' Without any valid information about the source, I don't see there is anything else to do.

Link to comment
Share on other sites

Ok that why sending email from my account in Gmail to server in my Polish account have been seeing as forgery .


Return-Path: <iiiiikolor[at]gmail.com>
Received: by o2.pl (o2.pl mailsystem) with LMTP;
Sun, 01 Mar 2015 20:17:01 +0100
Received: from mail-ie0-f172.google.com []
by mx6.o2.pl with ESMTP id AXGXnb;
Sun, 01 Mar 2015 20:17:03 +0100
Received-SPF: pass (mx6.o2.pl: domain of iiiiikolor[at]gmail.com
designates as permitted sender)
Received: by mail-ie0-f172.google.com with SMTP id rd18so42732642iec.8
for <x>; Sun, 01 Mar 2015 11:17:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
MIME-Version: 1.0
X-Received: by with SMTP id z9mr27866102icf.53.1425237422574; Sun,
01 Mar 2015 11:17:02 -0800 (PST)
Received: by with HTTP; Sun, 1 Mar 2015 11:17:02 -0800 (PST)
Date: Sun, 1 Mar 2015 20:17:02 +0100
Message-ID: <CAEO___________________________________________EWfQ[at]mail.gmail.com>
Subject: dfsda
From: olek li <iiiiikolor[at]gmail.com>
To: x
X-Content-Type: multipart/alternative; boundary=90e6ba6e8f444b11c905103ef238
X-O2-Trust: 3, 80
X-O2-SPF: pass
Content-Type: text/plain
X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack)

Link to comment
Share on other sites

Yes I would gather that your ISP is not formatting packet information from your browser (where you create the email input to Goggle) correctly, so that when Goggle puts the first received line in the header it appears to be a forgery when spamcop's parser tries to evaluate it.

Another option is that you browser is creating the information that looks like a forgery. What browser are you using?

Link to comment
Share on other sites

That I assume is a rhetorical question. Of course I think browsers (can) change or do something wrong.

The most obvious example is If you have written a webpage in HTML, pick your standard, more involved than 'Hello World!" and looked at it using, IE, FireFox, Chrome, Opera, and Safari you will see that each browser presents the same webpage differently. If they all can't follow a HTML standard in the same way, why would you think that they that they couldn't make a error in the processing of information from a Google webpage on your PC back to a Google server?

Do a search here for current threads about problems with Yahoo. What evidence is there to make someone think that Google could not also have errors in their email applications?

There are several options, the browser you use (I too use FireFox), Google's email webpage (I don't use webmail), Google's server email application. From this side of my screen I can not know which. You would be in a better position to try different combinations to isolate the problem.

Link to comment
Share on other sites

The main problem was in Firefox Nightly .I think as a Beta made problem .And spamcop see those headers as forgery.No I use internet Explore and all emails is good .

Person from service said my use mail mailhosts .I have 1 windows and I can put headers + body spam .

but for my understanding I would like ask about 2 issue .

1.Spammer will be remove my email from his spamming list or not .Because If I will receive spam I will report it here .

That spammer server not will work longer .??

2.Welcome, kolor.
Your average reporting time is: 8 hours; Pretty good! ----------- what it means .I have never spend that a lot of time .

Link to comment
Share on other sites

1. I do not think your email from their list. It takes more effort to scrub their list than it is worth to them.

2. If you follow the link you will see SpamCop's explanation of what the average time is. The average reporting time is a measure of how quickly you report spam.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...