Jump to content

spamcop recognized spam as bounce


Recommended Posts


this link, it's fresh spam, and i want it to be recognized as such, it's not because it's sent by abuse that it isn't spam...

how do you guys stop spam if you don't recognize it...


Have you thought about going through teh Mailhost setup procedures? It definately helps the parser to do a better job.
Link to comment
Share on other sites

With all those received lines, I am not even going to attemt to determine what is going on there.

My question is why are you reporting a MajorDomo confirmation message? Were you signed up for this list by a third party?

Have you seen the newest revision of the "What not to report" FAQ at:


This message could fall under several of those categories:

1.email that is obviously sent to an incorrect address. This might include sales receipts, booking confirmations, etc.

2.auto-response messages are sent in response to mail received and are not to be reported as spam. Even if you didn't send the original message that triggered the response, these nuisance emails must not be reported as spam.

3.List Traffic No matter how hard list managers try, spammers find a way to inject spam to the list, resulting in all list members receiving it.

Link to comment
Share on other sites

shouldn't mailing lists first have to ask a person to confirm with email if he want's on it?

I don't have the mail anymore, so i forget what it was...

- but i do remember that it's not from a mailing list i signed up on

- that it definately is not a bounce, allthough it was reported as such

- i am using the mailhost settings

- this is not the only one: http://www.spamcop.net/sc?id=z664764154zdb...2d2c372e82fbd1z is another one, very similar, and it should not be reported as a bounce.

a question to be sure: how do i really know if i am using the mailhost system completely and not both?

Link to comment
Share on other sites

shouldn't mailing lists first have to ask a person to confirm with email if he want's on it?

Yes they should because it is rude to allow someone to sign someone else up for a list they may not wish to receive. That does not make it reportable, however. You are claiming that you were signed up for this list without your consent then? You should send an email to the abuse desk of the ISP hosting the list requesting the list owner implement opt-in confirmation but you can not send a spamcop report. You can see the message by clicking the View entire message in your original link.

From: Majordomo<at>juiced.ca

Subject: Welcome to power

As far as it being seen as a bounce, that seems like it might be the generic message for anything not reportable now. The only part that might make it seem to be a bounce is the Sender: field

Sender: automake-bounces<snip>

This second one is absolutely a bounce. The original message was sent from wanadoo.fr to a luukku.com address using your address forged in the From: field.

Received: from luukku.com (AAmiens-151-1-5-122.w83-192.abo.wanadoo.fr [])

by roska.luukku.com (Postfix) with ESMTP id F321877C7F

for <x>; Thu, 16 Sep 2004 15:47:12 +0300 (EEST)

From: x

To: jjmr<at>luukku.com

Subject: Re: Old times

Why do you think it is not a bounce? It may be an intentional bounce, but is still not reportable per the rules of spamcop.

Link to comment
Share on other sites

Maybe I am missing something. It sounds to me from the posts that the original poster tried to report a confirmation email and then asks "shouldn't mailing lists ask you if you want to be on their list?' A confirmation email *is asking* you if you signed up for the list. People do make mistakes and that is why a confirmation email is sent. It is not supposed to contain any advertising - just a simple message saying that your email address was signed up and is this correct? If it is, you respond; if it is not, you delete. There should be no 'remove' in the confirmation email since you will not be signed up to the list if you do not reply.

As with bounces, a software program like the parser has a difficult time recognizing what a human being can decipher immediately. If the email is unsolicited and requires using the 'remove' to 'opt out' then it is spam, but the parser might not recognize that. In those cases, you can report it yourself.

Miss Betsy

Link to comment
Share on other sites

It sounds to me from the posts that the original poster tried to report a confirmation email...

No. It was a "welcome message" to a list, not a confirmation message. But, you shouldn't report a "welcome message" like this, because if it is a malicious subscription, then you should work with the host/owner/manager of the list to trace the abuse.

They shouldn't have a list subscription process that doesn't have a confirmation step, but lots of lists are still that way...it's not really a mandatory standard just yet. I run a lot of lists and the amount of malicious subscriptions has been practically zero.


Link to comment
Share on other sites

I'm finding that there's a lot to be confused about here. Yes, the OP is configured to use Mail-Host, but I don't see that as being an issue (having only looked at the first spam sample thus far) .... the oddities there begin ... spam sample welcomes OP to a mailing list dealing with "alternative energy" ... but the data in the headers point to http://lists.gnu.org/mailman/listinfo/automake , which contains the following data (noting that the subscribe and unsubscribe addresses are not the same as offered within the spam);


Automake -- Discussion list for automake

The list can be used to discuss automake and related tools (eg libtool). The discussion can range from simple "how-to" questions up to patches and configuration philosophy.

Subscribe to Automake by filling out the following form.

You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a hidden list, which means that the list of members is available only to the list administrator.

You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.


Moving on to the second sample, pulled the spam into an active form, AVG comes back with the expected virus alert, in this case I-Worm/Netsky-Q ... so you now have a double do-not-report condition ... the bounce mode and the viral status.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...