ravenstar68 Posted September 26, 2016 Share Posted September 26, 2016 Hi I came across your reporting tool yesterday, as I help out on the Virgin Media e-mail forum and one user wanted to block as9143, as your reporting tool identified it as a spammer. For the record as9143 is the Autonomous Service number of Ziggo internet, and Virgin Media actually host their email platform there as both companies are owned by Liberty Global. I've tried the reporting tool myself today with an unmodified mail source. There appears to be a problem. Looking at the header information only here: Return-Path: <julie_mendoza@android-mediacenter.com> Delivered-To: x Received: from md13.tb.ukmail.iss.local ([212.54.57.73]) by mc8.tb.ukmail.iss.local (Dovecot) with LMTP id FbnPMLTb5VcnGAAAVqD7fw for <x>; Sat, 24 Sep 2016 03:50:16 +0200 Received: from mx6.tb.ukmail.iss.as9143.net ([212.54.57.73]) by md13.tb.ukmail.iss.local (Dovecot) with LMTP id oPwyBoDWlFbNQQAAqJN26w ; Sat, 24 Sep 2016 03:50:16 +0200 Received: from android-mediacenter.com ([37.252.122.91]) by mx6.tb.ukmail.iss.as9143.net with bizsmtp id nDpu1t0041yRVcd01Dpv6m; Sat, 24 Sep 2016 03:49:56 +0200 X-spam-Action: folder spam X-SourceIP: 37.252.122.91 X-CNFS-Analysis: v=2.2 cv=TJoHcBta c=1 sm=1 tr=0 p=XV3dVy5JtiUA:10 a=XRFXrBVhVSsQnPq5ts7Q4Q==:117 a=XRFXrBVhVSsQnPq5ts7Q4Q==:17 a=2sMxTpsZAAAA:8 a=-5zWNhNOLqyU-mziGwwA:9 a=CjuIK1q_8ugA:10 a=9igu4sHJnlQA:10 a=A4GxgP0Wf4sA:10 a=qcKvcIRw2B-Flh6p21IA:9 a=_W_S_7VecoQA:10 a=tpYBpqdMaEUA:10 a=o6gHy28TGYCxXgbS0hxg:22 Date: Sat, 24 Sep 2016 01:49:52 +0000 To: x From: Julie Mendoza <julie_mendoza@android-mediacenter.com> Subject: We're Perfect Match Message-ID: <7ad1________________________45d9@android-mediacenter.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_7ad1978f4b2ef435299465152bba45d9" Content-Transfer-Encoding: 8bit Your system reports the possible spammer as being Received: from md13.tb.ukmail.iss.local ([212.54.57.73]) by mc8.tb.ukmail.iss.local (Dovecot) with LMTP id FbnPMLTb5VcnGAAAVqD7fw for <x>; Sat, 24 Sep 2016 03:50:16 +0200 host 212.54.57.73 = mx6.tb.ukmail.iss.as9143.net (cached) mx6.tb.ukmail.iss.as9143.net is 212.54.57.73 Possible spammer: 212.54.57.73 Received line accepted However as Received: lines should be read from the bottom up this is actually the last link in the delivery chain, which is one of Ziggo's internal servers delivering to the final server which stores the message in the users inbox. The actual spammers address is given in the bottom most Received line: Received: from android-mediacenter.com ([37.252.122.91]) by mx6.tb.ukmail.iss.as9143.net with bizsmtp id nDpu1t0041yRVcd01Dpv6m; Sat, 24 Sep 2016 03:49:56 +0200 Could you please take a look. Virgin Media's email system did correctly identify this message as spam BTW Thanks Ravenstar68 Edit I think I understand what's happening here. The reporting system relies on the fact that most email providers use private addresses e.g. 10.x.x.x in their internal systems. Because Ziggo uses public addresses on it's internal hops, this is confusing your reporting tool. Link to comment Share on other sites More sharing options...
AJR Posted September 27, 2016 Share Posted September 27, 2016 Hi, and welcome. The short answer is, to get SpamCop to correctly identify the actual sending mail server (rather than identifying servers within the Virgin Media mail system as the sender, or indeed from going too far down a chain of 'Received' headers and getting an earlier hop on the sender's side rather than the server that actually handed the message off from them to you) you should set up 'Mailhosts' in your SpamCop account, as described at https://www.spamcop.net/fom-serve/cache/397.html - basically, you tell it the email address(es) of yours, and it sends you a few 'probe' emails to allow it to trace how your incoming mail is routed. Link to comment Share on other sites More sharing options...
ravenstar68 Posted September 27, 2016 Author Share Posted September 27, 2016 The problem is Virgin have multiple servers at each hop. So to get a full picture of the internal mail hosts, I dread to think how many mails you'd need to send Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.