Jump to content

Reporting doesn't identify source IP


JoeNyland

Recommended Posts

Posted

Hi,

I've recently started using SpamCop, but I'm having some trouble reporting. I've attached an example message to this post. On processing this message, SpamCop fails to identify the source IP address of the message, incorrectly classifies iCloud and Gmail's servers as possible spammers (and generates reports for them) and it also want's to send me a report too:

Received:  from st11p00im-smtpin006.me.com ([17.172.80.55]) by ms07583.mac.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Aug 1 2016)) with ESMTP id <0ORA00AFI2VLS920@ms07583.mac.com> for x; Fri, 09 Jun 2017 11:35:45 +0000 (GMT)
host 17.172.80.55 (getting name) no name
Possible spammer: 17.172.80.55
Received line accepted

Received:  from mail-ua0-f195.google.com (mail-ua0-f195.google.com [209.85.217.195]) by st11p00im-smtpin006.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPS id <0ORA002HK2VK1H30@st11p00im-smtpin006.me.com> for x (ORCPT x); Fri, 09 Jun 2017 11:35:45 +0000 (GMT)
host 209.85.217.195 = mail-ua0-f195.google.com (cached)
mail-ua0-f195.google.com is 209.85.217.195
17.172.80.55 not listed in cbl.abuseat.org
17.172.80.55 not listed in dnsbl.sorbs.net
17.172.80.55 is not an MX for ms07583.mac.com
17.172.80.55 is not an MX for st11p00im-smtpin006.me.com
17.172.80.55 is not an MX for ms07583.mac.com
Possible spammer: 209.85.217.195
If reported today, reports would be sent to:
Re: 17.172.80.55 (Administrator of network where email originates)

reportphishing@apple.com
abuse@apple.com

Re: 17.172.80.55 (User defined recipient)

MY_EMAIL@me.com

This happens if I forward as an attachment from Apple Mail and also if I copy the raw source of the message and past into the report page on the SpamCop site.

Why does SpamCop incorrectly detect that the mail servers handling the messages in transit and my email address as places where it needs to send reports to and in addition why does it fail to detect the source of the spam? Am I doing something wrong that would cause this?

Thanks,

Joe

spam.txt

Posted

If you would provide the Tracking URL for this or similar spam the rest of us could then see all of what you submitted and what the SpamCop parser did with it.

With only part of the email submitted, and part of the results of the results of the processing it is not possible to have a complete understanding of what has happened.

Posted

I think you will notice (when you are not logged in to your SC reporting account) that your email address is replaced with "x" for example Bcc: x, and in the first Received: line " for x; Fri, 09 Jun 2017 11:35:45 +0000 (GMT)"

Quote
Chain error st11p00im-smtpin006.me.com not equal to last sender received line discarded
 

In the report, the line above explains why the parser stopped tracking the source back.  apple.com, or the IP 17.172.80.55, is the last verifiable server to handle the email. As a result

Quote
Reports regarding this spam have already been sent:

Re: 17.172.80.55 (Administrator of network where email originates)
   Reportid: 6664514940 To: reportphishing@apple.com
   Reportid: 6664514941 To: abuse@apple.com

 

What SC is telling apple is that because of the way their email servers have documented they path of this email it is not possible to trace the path farther back.  This gives apple an opportunity correct what they insert into headers or identify how spam is getting into their system.

Posted

Ah, ok. That's good to know that my email shouldn't be publicly visible.

3 minutes ago, Lking said:

In the report, the line above explains why the parser stopped tracking the source back.  apple.com, or the IP 17.172.80.55, is the last verifiable server to handle the email.

What SC is telling apple is that because of the way their email servers have documented they path of this email it is not possible to trace the path farther back.  This gives apple an opportunity correct what they insert into headers or identify how spam is getting into their system.

I see, so until Apple resolves this, theres not much point in me reporting spam through SpamCop?

  • 4 weeks later...
Posted

Report the spamvertised address.   Turn off Apple and YOUR report items, but do report the spamvertiser -- the entity intending to gain by sending the spam. 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...