dlongnecker Posted February 10, 2016 Share Posted February 10, 2016 For quite while now when I report spam with spamcop, it is not catching the original sender of the e-mail. I paste the complete headers in the GUI and it only flags the websites the e-mail is pointing to. I go to another website that parses the e-mail and it tells me Yahoo servers are the guilty parties, but they don't get listed in the spamcop report. I've pasted part of the headers below at the bottom....one of my analyzers says Originating IP: 46.228.39.107Originating ISP: Yahoo! Europe But spamcop isn't finding any of this and only sends an abuse to comcast.net This is the same if I cut the raw headers out of my e-mail client and paste into spamcop or forward the e-mail as an attachment to the spamcop address. I get about 5 spam e-mails a day from the same place. Am I doing something wrong? Return-Path: othahakiefferhatu2881[at]yahoo.comReceived: from reszmta-ch2-08v.sys.comcast.net (LHLOreszmta-ch2-08v.sys.comcast.net) (69.252.207.72) byresmail-po-246v.sys.comcast.net with LMTP; Tue, 9 Feb 2016 00:56:23 +0000(UTC)Received: from resimta-ch2-14v.sys.comcast.net ([69.252.207.14]) by reszmta-ch2-08v.sys.comcast.net with comcast id G0t91s02k0KAWzH010wPU5; Tue, 09 Feb 2016 00:56:23 +0000Received: from nm31-vm1.bullet.mail.ir2.yahoo.com ([212.82.97.88]) by resimta-ch2-14v.sys.comcast.net with comcast id G0uL1s02B1uQhSk010uNu6; Tue, 09 Feb 2016 00:54:23 +0000X-CAA-spam: F00000X-Authority-Analysis: v=2.1 cv=JfRB1h+V c=1 sm=1 tr=0a=uzUpqhR7HfyP2Hmg+QDtQQ==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10a=jFJIQSaiL_oA:10 a=YfFJMV-3AAAA:20 a=iLZ-leCFAAAA:20 a=1PJDDMUdAAAA:20a=NZrp_aWcAAAA:20 a=ix8eH7dkAAAA:20 a=mTRizwjrAAAA:20 a=-GhZnFAOAAAA:20a=G2n_K31vAAAA:20 a=tBoWEwYA6nPDhrmFYpYA:9 a=QEXdDO2ut3YA:10a=bALo8Gh57gYA:10 a=BGHb84ZX6DgA:10 a=thP6Ab4tef4A:10 a=EsYVw3wIw1cA:10Authentication-Results: resimta-ch2-14v.sys.comcast.net; dkim=pass header.d=yahoo.com header.b=Ef0EbomODKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1454979260; bh=QR+dKIf9wbgZsY4b5ZDGRBIVTy2U+OaWcInJeeuOvtM=; h=To:From:Subject:Date:From:Subject; b=Ef0EbomOjvXHE+iSzhTcja0PcmAoB3Jfstpa9NVXh8VfglrVQRvJSYGX0XlKsaZNq4IA9DX4ZoINZQGvA9P3BippYfgvm6xohfWJIiW8tUT1Tg0OAhQdSrEpee74sc5I1JbvG7vxScupIA1erX3Iam286sjmh5GRfaLh2tPfVNTsecS550ZcLpda0CmHJXZ5FkOFj4lP3S2vupHcho2MTtDJ/C9SPhkD7x4q8TUT/J2nA85zFELLNJ6veGADiZ0EI9sCa0+G3fhogTTxx6Vc9GSB3fQ4DwSJ2Dw+neb57BKM77DxiINyCLTObtezYSpciOaUrOH/XMubFEcGEIgVxQ==Received: from [212.82.98.56] by nm31.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000Received: from [46.228.39.107] by tm9.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000Received: from [127.0.0.1] by smtp144.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000X-Yahoo-Newman-Id: 194802.59738.bm[at]smtp144.mail.ir2.yahoo.comX-Yahoo-Newman-Property: ymail-3 Link to comment Share on other sites More sharing options...
Lking Posted February 10, 2016 Share Posted February 10, 2016 Please provide a Tracking URL With a Tracking URL the rest of us can see what the parser did with your spam. SpamCop v 4.8.3 © 2016 Cisco Systems, Inc. All rights reserved.Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6210122314zef. ... Link to comment Share on other sites More sharing options...
dlongnecker Posted February 10, 2016 Author Share Posted February 10, 2016 Sorry here it is: https://www.spamcop.net/sc?id=z6210338025z07881b142c9577c988589b07302b9647z None of the 98.139.... addresses are even mentioned in the report eceived: from reszmta-ch2-01v.sys.comcast.net (LHLOreszmta-ch2-01v.sys.comcast.net) (69.252.207.65) byresmail-po-246v.sys.comcast.net with LMTP; Wed, 10 Feb 2016 00:29:37 +0000(UTC)Received: from resimta-ch2-18v.sys.comcast.net ([69.252.207.18]) by reszmta-ch2-01v.sys.comcast.net with comcast id GQ4w1s06x0QMCLM01QVd9p; Wed, 10 Feb 2016 00:29:37 +0000Received: from nm3-vm0.bullet.mail.bf1.yahoo.com ([98.139.212.154]) by resimta-ch2-18v.sys.comcast.net with comcast id GQTd1s00G3LS1GJ01QTdet; Wed, 10 Feb 2016 00:27:37 +0000X-CAA-spam: F00000X-Authority-Analysis: v=2.1 cv=VJ8g5I7X c=1 sm=1 tr=0a=ShkE6dxMhVxIz4CqgcZ0Vg==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10a=jFJIQSaiL_oA:10 a=iRiDHzTbAAAA:20 a=mJ13SSIGAAAA:20 a=uf8i7LTUAAAA:20a=X5SlxfJeAAAA:20 a=FOmS_1etb7tNoesycXUA:9 a=QEXdDO2ut3YA:10a=E4kUXCl2bboA:10 a=iwWp-_zyRIgA:10 a=FjF1CFJ0Iz4A:10 a=a8ycZRaUjJAA:10Authentication-Results: resimta-ch2-18v.sys.comcast.net; dkim=pass header.d=yahoo.com header.b=Iu5aVu+pDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1455064057; bh=RBFDXHK+GEU908UXnTG3PmiAxwQRtXeWVfR6Yjm/rkk=; h=To:From:Subject:Date:From:Subject; b=Iu5aVu+pZf34640McOLuBivzA3x2AyZAmiiByU0Q0fAYwE+G34F4cu4qDfrdlfsNZrb+gJR5V/G0/dDQzuKePSuiLgDyZQDg3T3tkeIKxO6FwASQF2PuRRTJEawr6gwkVd70BUutQnvyBIgp6G4J3OUm+pH0D+Rb+lGM20/PAjKNT9D1yZ4h/5hWHxbBdMQygZTj+EOCBLmAHbG4ZulJxYB57ixqddUsquzOHylFFi+BwU+/qYsqOp2rBtezdYdGmmWPsLcikt/1yaKZoseMpDNXAMiJPNfP6fFyOJBoPboHsP2Rz4Y5CXoGr7MgQjkBgyPMTjeKqguiCF2/m0YaWQ==Received: from [98.139.215.141] by nm3.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:37 -0000Received: from [98.139.211.200] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000Received: from [127.0.0.1] by smtp209.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000 Link to comment Share on other sites More sharing options...
lisati Posted February 10, 2016 Share Posted February 10, 2016 For some reason, the parser sees 69.252.207.65 as a dynamic host, and thus doesn't trust anything it sees earlier in the Received header list. Link to comment Share on other sites More sharing options...
dlongnecker Posted February 10, 2016 Author Share Posted February 10, 2016 Interesting. Does that mean I have to do something different, or is there a bug I need to report somehow? I get alot of these e-mails....different subject and content, but coming from Yahoo. Link to comment Share on other sites More sharing options...
Lking Posted February 10, 2016 Share Posted February 10, 2016 Reading the news, sounds like Yahoo is going the way of aol. That does not resolve any current issues. The SpamCop parser is by design adverse to false-positives, thus not sending what may be a false report to Yahoo. That does not preclude you from sending the report to Yahoo either separately or by adding a Yahoo abuse address to the reporting webpage, with a note when you validate the submitted report. I don't think what you are seeing is a bug, but the results of making sure that a false-positive is not reported. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.