JoeNyland Posted June 10, 2017 Posted June 10, 2017 Hi, I've recently started using SpamCop, but I'm having some trouble reporting. I've attached an example message to this post. On processing this message, SpamCop fails to identify the source IP address of the message, incorrectly classifies iCloud and Gmail's servers as possible spammers (and generates reports for them) and it also want's to send me a report too: Received: from st11p00im-smtpin006.me.com ([17.172.80.55]) by ms07583.mac.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Aug 1 2016)) with ESMTP id <0ORA00AFI2VLS920@ms07583.mac.com> for x; Fri, 09 Jun 2017 11:35:45 +0000 (GMT) host 17.172.80.55 (getting name) no name Possible spammer: 17.172.80.55 Received line accepted Received: from mail-ua0-f195.google.com (mail-ua0-f195.google.com [209.85.217.195]) by st11p00im-smtpin006.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPS id <0ORA002HK2VK1H30@st11p00im-smtpin006.me.com> for x (ORCPT x); Fri, 09 Jun 2017 11:35:45 +0000 (GMT) host 209.85.217.195 = mail-ua0-f195.google.com (cached) mail-ua0-f195.google.com is 209.85.217.195 17.172.80.55 not listed in cbl.abuseat.org 17.172.80.55 not listed in dnsbl.sorbs.net 17.172.80.55 is not an MX for ms07583.mac.com 17.172.80.55 is not an MX for st11p00im-smtpin006.me.com 17.172.80.55 is not an MX for ms07583.mac.com Possible spammer: 209.85.217.195 If reported today, reports would be sent to: Re: 17.172.80.55 (Administrator of network where email originates) reportphishing@apple.com abuse@apple.com Re: 17.172.80.55 (User defined recipient) MY_EMAIL@me.com This happens if I forward as an attachment from Apple Mail and also if I copy the raw source of the message and past into the report page on the SpamCop site. Why does SpamCop incorrectly detect that the mail servers handling the messages in transit and my email address as places where it needs to send reports to and in addition why does it fail to detect the source of the spam? Am I doing something wrong that would cause this? Thanks, Joe spam.txt
Lking Posted June 10, 2017 Posted June 10, 2017 If you would provide the Tracking URL for this or similar spam the rest of us could then see all of what you submitted and what the SpamCop parser did with it. With only part of the email submitted, and part of the results of the results of the processing it is not possible to have a complete understanding of what has happened.
JoeNyland Posted June 10, 2017 Author Posted June 10, 2017 Sure, I just didn't do that at first because it would disclose my email address. Anyway, here it is: https://www.spamcop.net/sc?id=z6381146797zff4fb1cb6957a7b69e8d7fd80ce541aaz
Lking Posted June 10, 2017 Posted June 10, 2017 I think you will notice (when you are not logged in to your SC reporting account) that your email address is replaced with "x" for example Bcc: x, and in the first Received: line " for x; Fri, 09 Jun 2017 11:35:45 +0000 (GMT)" Quote Chain error st11p00im-smtpin006.me.com not equal to last sender received line discarded In the report, the line above explains why the parser stopped tracking the source back. apple.com, or the IP 17.172.80.55, is the last verifiable server to handle the email. As a result Quote Reports regarding this spam have already been sent: Re: 17.172.80.55 (Administrator of network where email originates) Reportid: 6664514940 To: reportphishing@apple.com Reportid: 6664514941 To: abuse@apple.com What SC is telling apple is that because of the way their email servers have documented they path of this email it is not possible to trace the path farther back. This gives apple an opportunity correct what they insert into headers or identify how spam is getting into their system.
JoeNyland Posted June 10, 2017 Author Posted June 10, 2017 Ah, ok. That's good to know that my email shouldn't be publicly visible. 3 minutes ago, Lking said: In the report, the line above explains why the parser stopped tracking the source back. apple.com, or the IP 17.172.80.55, is the last verifiable server to handle the email. What SC is telling apple is that because of the way their email servers have documented they path of this email it is not possible to trace the path farther back. This gives apple an opportunity correct what they insert into headers or identify how spam is getting into their system. I see, so until Apple resolves this, theres not much point in me reporting spam through SpamCop?
showker Posted July 6, 2017 Posted July 6, 2017 Report the spamvertised address. Turn off Apple and YOUR report items, but do report the spamvertiser -- the entity intending to gain by sending the spam.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.