jrr7 Posted March 24, 2017 Posted March 24, 2017 I'm trying to report a "work at home" spam (probably money mule recruiting). Spamcop refuses to report it saying there's no date. Actually there is a Date: header, but with a date in the future. My guess is that's confusing spamcop. If I look at the unsubmitted report, it doesn't show that message any more. Why is Spamcop trusting the easily forgeable Date: header? The only definitive time is in the last trusted Received; header Here's the headers: Quote Delivered-To: xxx Received: by 10.157.6.105 with SMTP id 96csp1236652otn; Thu, 23 Mar 2017 23:31:53 -0700 (PDT) X-Received: by 10.200.52.65 with SMTP id v1mr6839450qtb.166.1490337113378; Thu, 23 Mar 2017 23:31:53 -0700 (PDT) Return-Path: <wsvz657ttt@sneakemail.com> Received: from sneak2.sneakemail.com (sneak2.sneakemail.com. [64.46.156.55]) by mx.google.com with ESMTP id 6si1010792qke.169.2017.03.23.23.31.53 for <jonathanrynd@gmail.com>; Thu, 23 Mar 2017 23:31:53 -0700 (PDT) Received-SPF: pass (google.com: domain of wsvz657ttt@sneakemail.com designates 64.46.156.55 as permitted sender) client-ip=64.46.156.55; Authentication-Results: mx.google.com; spf=pass (google.com: domain of wsvz657ttt@sneakemail.com designates 64.46.156.55 as permitted sender) smtp.mailfrom=wsvz657ttt@sneakemail.com Received: from 38.102.228.51 by sneak2.sneakemail.com with SMTP; 24 Mar 2017 06:36:50 -0000 Received: by LITEMAIL51.bigfoot.com (LiteMail v3.03(LITEMAIL51)) with SMTP id 1703232330_LITEMAIL51_7016201_1521331; Thu, 23 Mar 2017 23:31:50 -0700 Received: from [14.187.182.54]:16931 [ident-empty] by litemail22.bigfoot.net with TPROXY id 1490337048.8956 abuse-to abuse@bigfoot.com From: "o.kunkel-at-vallotech.ch |bigfoot jrr7/send to gmail|" <wsvz657ttt@sneakemail.com> To: xxx Date: 24 Mar 2017 19:13:59 +0600 MIME-Version: 1.0 Subject: 5490 Message-ID: <58D52137.1928.989BE7@o.kunkel.vallotech.ch> Priority: normal X-Mailer: Pegasus Mail for Windows (4.52) Content-Type: multipart/alternative; boundary="Alt-Boundary-96327.0718144" Content-Transfer-Encoding: X-Sneakemail-Label: bigfoot jrr7 X-Sneakemail-Address: gfcpuhg02@sneakemail.com X-Sneakemail-Tag: send to gmail X-Sneakemail-From: <o.kunkel@vallotech.ch> X-Sneakemail-Is-Sneakemail: yes X-Sneakemail-Folder-Path: /Desktop
Lking Posted March 24, 2017 Posted March 24, 2017 Of course a Tracking URL would have been nice, so everyone could see what the parser did. Also that would have avoided revealing your email address(es) in the TO: and Delivered-To: lines. (your welcome). The parser is not interested in the Date: line in the header, which can easily forged by the spammer. If you look at the first Received: lines (just above the From: line) you will see it does not have a date.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.