oZoneCapHill Posted August 31, 2018 Share Posted August 31, 2018 This spammer is sending the main body with non standard labels for HTML link ref and spamcop fails to detect anything in the mainbody, you have to go in and edit the hTTp to http, btw anyone know where and who this spammer is he is using an ISP that won't close one of the blacklisted redirect domains in the jump... <!--2h24bti0gh1xlcf--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center> <a href="hTTp://weg43g43.ddnsking.com/7091ej18649074bu8471tp28211tx1795hy1841rr?ms44mbkqe19u4qw"> Youâre invited to become a SONY Product Tester this Summer! </a> </center><br> <center> <a href="hTTp://weg43g43.ddnsking.com/7091xo18649074kg8471uy28211kc1795rb1841rr?z2ec27jgvxpc3mn"> <img src="hTTp://weg43g43.ddnsking.com/7OzIy.png?s45jhz127z4v71e"> </a> </center><br> <center> <a href="hTTp://weg43g43.ddnsking.com/7091kr18649074hm8471nl28211zk1795in1841uu?d60z102jet63j5c"> <img src="hTTp://weg43g43.ddnsking.com/Dx3w8.png?7090dcehdx4y162"> </a> </center><!--cm48x--> <!--jh8o7--><img style="width:0px;height:0px;display:none;" src="http://weg43g43.ddnsking.com/7091gh18649074cy8471cm28211vi1841=<80sb2@7l68z.4334634643.happyrevolutions.com>"><!--3pms1--> </center><!--927at--> <!--566rz01c2fuxu9s--> <!--ra70v40ip1880e8--> Link to comment Share on other sites More sharing options...
Lking Posted August 31, 2018 Share Posted August 31, 2018 without the email header it is hard to say who the spammer is. If you would provide a Tracking URL, others could then see the whole email and perhaps identify less time consuming and possibly a less error pron way to submit the spam. At the top of the SpamCop reporting screen Quote SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6482810247z76944b20aef03ef22a1e0047f6d81f2az Welcome to the forum Link to comment Share on other sites More sharing options...
oZoneCapHill Posted August 31, 2018 Author Share Posted August 31, 2018 Here ya go, he just sent me 10 this am and another 4 in the last hour if I don't go in and edit the hTTp spamcop rejects it, if I try to submit it I get SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: https://www.spamcop.net/sc?id=z6482811398z97674f89b815c3861fb07fa299740b66z Link to comment Share on other sites More sharing options...
petzl Posted September 1, 2018 Share Posted September 1, 2018 5 hours ago, oZoneCapHill said: https://www.spamcop.net/sc?id=z6482811398z97674f89b815c3861fb07fa299740b66z Working now? hotmail throwaway email account Link to comment Share on other sites More sharing options...
oZoneCapHill Posted September 1, 2018 Author Share Posted September 1, 2018 Have to wait for the next round of spam and not edit it so it will process, you ahve to edit the hTTp to http and a few other things then spamcop will process it Link to comment Share on other sites More sharing options...
oZoneCapHill Posted September 2, 2018 Author Share Posted September 2, 2018 Here is a full header and mainbody, spamcop fails to process I only edited my email address, this needs to be fixed: Received: from SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com (2603:10b6:405:16::18) by BN7PR04MB4338.namprd04.prod.outlook.com with HTTPS via BN6PR2001CA0032.NAMPRD20.PROD.OUTLOOK.COM; Sun, 2 Sep 2018 15:07:21 +0000 Received: from SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com (10.152.88.54) by SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com (10.152.89.230) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1122.11; Sun, 2 Sep 2018 15:07:21 +0000 Authentication-Results: spf=none (sender IP is 80.211.185.127) smtp.mailfrom=ewqdw.33232.allaboutservicesgoodwelcome.com; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com; Received-SPF: None (protection.outlook.com: ewqdw.33232.allaboutservicesgoodwelcome.com does not designate permitted sender hosts) Received: from ewqdw.33232.allaboutservicesgoodwelcome.com (80.211.185.127) by SN1NAM04FT020.mail.protection.outlook.com (10.152.88.155) with Microsoft SMTP Server id 15.20.1122.11 via Frontend Transport; Sun, 2 Sep 2018 15:07:21 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:D1966AB7780B3C318D17C4337B0DBFE410051E73D1000BEFFD09FFEBB84785A7;UpperCasedChecksum:92EF603642ABB25C2BBC6DDB8613DF34037770EE67D8A7686408855FBA91C03B;SizeAsReceived:767;Count:12 From: Online income system <lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com> Reply-To: <rsx8f@f21g0.ewqdw.33232.allaboutservicesgoodwelcome.com> Sender: <*************-------------------------------------- ---------------------------************* XXX@hotmail.com> Return-Path: return@ewqdw.33232.allaboutservicesgoodwelcome.com To: "XXX@hotmail.com" <XXX@hotmail.com> Date: Sun, 2 Sep 2018 14:50:35 +0200 X-MSGID: 2w0k2 Subject: How To Receive A 2nd Income Without Having A 2nd Job X-Mailer: phplist List-Unsubscribe: <mailto:o03ts@ewqdw.33232.allaboutservicesgoodwelcome.com?subject=unsubscribe%20XXX@hotmail.com&body=remove%20XXX@hotmail.com%20> Content-Transfer-Encoding: 7bit Content-Type: text/html; charset="UTF-8" X-IncomingHeaderCount: 12 Message-ID: <94e3606a-b147-44c7-ab9f-2eeb6f43c6ee@SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com> X-MS-Exchange-Organization-ExpirationStartTime: 02 Sep 2018 15:07:21.4325 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit X-MS-Exchange-Organization-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04FT020;1:8d0XJb44YsKL6H/58hf3KG0Vz3jn61+Q6bh9J1VWGfhCJmCPk4RXosYRWIxPps/YpiQDrrWzArDzD06Q/hy5mq5qi+1piuJSUhrsnzcEwlEuRQV9/vFmNFT93hzknKzA X-Forefront-Antispam-Report: EFV:NLI; X-MS-Exchange-Organization-AuthSource: SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-UserLastLogonTime: 9/2/2018 1:03:25 PM X-MS-Office365-Filtering-Correlation-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000110)(711020)(4605076)(610169)(8291501071);SRVR:SN1NAM04HT194; X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;3:yADy9eJ/fD+iBhV7DL/Trn9jJHJTpLQ8Pu5jKqp5dUHsE9d4JD7HUiRmCNyA9tWLw8ZMZDMi+w2Hd8jRA5RLojLbIr2of3cqDgmVmNBuy6qjf1NSKj1IqVnI09C1XfPluvtr4aQsHyVlERp7WSMc6xvtWUyqsJ/EAHN/6rl8kthe5tPLvbVwnwcSUExhz7oIvMZ+0vF38rtUsfOCE/swgrYYqXMTgduE5YLuWnX5nFDK4DZrTb31JowBSH8lcAsZWlfwikjY408AE3w+P+UNWiukSdBQhQk54mNwA5PadYmmChmTFUUjqat9JhzIrgfW;25:+FUSpizOuX667b/7ElD5fFmEJ7TZBIvZUBERH09HTeys5OwO3CBQjzX9p/QAho7TW/QQjfxp3uaARkWjkbq2xZjlcmjGEl2glhf+jVBDLH7q1PlRS7Y0YUru0lB+rYQc+vvaqO1/rDB8oxK3cEG8l/t2IIsKZypDatMWIRMnWTFH3ke3dtyLe5IWElq/vYlwmb5Fr8Sh02AAQkCB2dVUNzMAsEfP/iE8uTLW/mggaFGFnfnIW2NxUCSCnLtUsB30L9n2DZHgREAWM21y4N+qO1bGQt0IVVmdcum23aTbSzcUPID84agiJGs5XluXAd8AmA0NEvGoenKcUSY688g/iw==;31:+hM9xS4izfxHnlqvS+vPcbTIYoTarUGc2ZzXR9wpUYz2UyerEAiM9eCW6IAb7ZCn1LrZ5p2O8ivO5qi81qUO6rrI+q+9vE1xay0gmwjqahzUCQ69hjnjaP8ZLWYsI6r6n/SKequZSlUZdDOMVoEs8ilgUqfezI0FoPGMnXa88LrkSn7bIDZH5t1AgEXBIao057oOT3N5iYDMifmIYbNqmPeQitkdT9A3jRWd7y8GmfU= X-MS-TrafficTypeDiagnostic: SN1NAM04HT194: X-MS-Exchange-EOPDirect: true X-Sender-IP: 80.211.185.127 X-SID-PRA: *************-------------------------------------- ---------------------------************* XXX@HOTMAIL.COM X-SID-Result: NONE X-MS-Exchange-Organization-PCL: 2 X-Exchange-Antispam-Report-Test: UriScan:(33130290259022); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111676)(60399065)(52401380)(52601095)(52606095)(52606095)(52606095)(52505095)(52501095)(52406095)(52402095)(88860193)(82015058);SRVR:SN1NAM04HT194;BCL:0;PCL:0;RULEID:;SRVR:SN1NAM04HT194; X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;4:dYFPmprt9DQaA36mBqBf8CpLZxy24vylVfirEUlWFgEr829l8Xs/A482ppuGc472wBxRjl9vQk2Bhflo3V9l2Y2GsHoUPoUOcYPbVdkHCmAAStr9okih+3lBrYrMW6+c+do9T5Q9UNBCxAFVejEvZiK2RbVFLQyBRK9YxjH30EWgfs+Ft6d1QjSBdfnPS/3ngPINfLnQq5kMB+pkZ2uDhgg06/ukIAxy5zM5LcYOJRLQm5Jz4vTcqw82FcwBq1CWiQeFOflomU8nC4iotN+khrdCGzc26cZmfyhCWIX9sywY+E5xYnrMrC7zOrfd1Fx4;6:xCOtc/kWysSZLqcThoYFHFZmrSSiGjaYe+Y93FQPImDFQWl/am7oaMeWgGZ/rU3vcligYJHxiTElhW2Mfvfvd0VCcZRxvNbCdQBWhEJc1DCpQMsMvWnyTnoHvRnSnMTOaDx8Kk75UFkPVuAOnpWVll2VEy1b+MtIMiDxDW57DhMWsa6QL5upZo/hNPwzugZt9VNVtKRsGIg4naawWqxBJMO/tWDHMHT+FD48ohaCYYutCJg6vd3DEaIzCBAFCv4hpFBDVs9VBbl1yz6Ktzx55P2+qhnlc0Xeo0BZsZkSH/DmXFvHoweYk2Z5YJwTbpJCyWp+Nt+hfc6ijsPuQskJZWqNjDsqrmUaBu+wydN0vOyl8sblXZh/+u6bNC61yA+gIbizCkg+9bnho01+/SDAb8tX/49CPXGyUYZpDPQ8hxuyD8mjOmWeETbkq5Dc2E7EgsTADz58knXH6McpRduPWw== X-Microsoft-Antispam-Message-Info: JoKTUpsqgkehHyFd/a+XWBXtSVMsCtyTYto9YgM54hBGIcysydRlTKCAptRJQ2LTXzgmWLkP4GrGJbOJNXvQ+iieNPk/kgtSYmLZWjLYP+TgS1ml0gxNnBmBMGlfp+TUwrZDfvYJpYzJmuM4bS/L75JaMhIpPNYs3xdIGQPq1Km5waYe53RdNOdWWc7S3ZVZa20kA7vj18G+PVvIgV2Pkn/U3yJfKTgJKZA6xPCS3gdPHEdTat9I8xo9pP4cjMs6apdEGKwEpDkq2zJH6epp3av1r0kvF/4adTdBdf+4UqXQ9XcwLbNWD7+AROcAX1SajNfw6twlWekZin8JCWxZGwaXhYu1Ylo3IxZvPviJctefb2Qev83zxp5NnH7uWPC3Z8jsVC5KnKk1zLcg98gFBcKZaM6sFmjllbekbpEKu87Xbh6TIR6mzKljuRSngvNS X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;5:iXSDo+O0ao8Tjb5u7PVJ7VBSNILsbG5bY3Aa5CX/rCa3958JZJ8gfrha+HY5v4oJI93/iAScTbLQ0UQbBqaN+yC/E3izVtQgO6OiHrxFGrN6t5cjcLAb6xo2n2sgzl0OqK9Vjl0Ka+0xKIzxylxn3KHhQvcwSD4XMANZK+DFWb4=;7:wC6+92o9/Rx/1qjbrEaVkqKE2gMeqT8Y5zo1OJW/Uli1aGXVuyXsyw44/MPsL9/rJhKpCoURdBtikxlZ4vuwa2QKkW9kATa5LpgKUPLq/Zju1mgSm9cg37X1awySnlWB7IgIGyFeIw+L6EwAmRo0yhgDdEyfM2ZaUE8+HRKI0sb/74P7s9L5qwES7S/2VjUS7uRp4MM4n9Sr512HG7Sk5/eGh1WxljtnYaz90DCs6TARneJAWirfZFrw9H8l4MfI X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2018 15:07:21.2763 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT194 X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5788043 X-MS-Exchange-Processed-By-BccFoldering: 15.20.1080.019 X-Microsoft-Exchange-Diagnostics: 1;BN7PR04MB4338;27:2FGIgoOHxbf0yLoDAKeN4PSQyD33e6sEKRmVVrUQfu1hQwiwq7BOoVyu4/LIwH0ZES5Y7M+BBlPZaZs9T0rVE64/pjhV4D3/W/n9IlcY2ZHpUXLsR3ONOSw3SMnnpUWtyh6hVWz4Fs9/mz4zK0BeoXPzfzZeEanfYk6QrYvIWBKSrutfYieQtnn4qVjVyGDjvc7Iw3NOT+Q6uTwQAKI1jhYOT8ocIl50ejNzWgJ8zra8Vugzu15I3egeFSFbK69p2o6tsaTSJW2LgOR9qmgl35ffhHQHbcd1fgWrIrldYrqXFRYKOvm5Gu+jWHE7hDwo9KsVb92OQw5qx3uVyC8TJje1J7wPYuCfHVmsXkzdz65Grv7FGf1scyWPZ2IwQrwraHFtlmAjOdiZLMZVXhZzy4sfoXCLXlYPj5pf5x9vnZTDnaUECrXBR7BJYvwSK0mz0TMi0kxnZQIhjegTDEtgqRFvH90R4C+a5rvxUDyajWeUnKhXQVqG76e8B/DUPuL4IggBY81phspRhH30/zK9Ih0AeGdk4aB9MbDZdB8bwpA= X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;ex:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6320004)(4923001);RF:JunkEmail; X-Message-Info: qoGN4b5S4yrj5hA6ER+AykNieONlpOBLadWZwJKw+KsRWx9WH+snuGPhDehklH/rOqoKux3BrQ/vg0O1LXDlKpuVOrd1QkxNxuomSCpCS/3PblpOj34yS6kKS3LVOREF/Obu+pjLGTVhvA/s7nWx7nnsidn9FZPuSHXxR1nSF+NMNv6rBXKFx5HWuqmkeINLfaZ5tvyGw2UzcUxF13eA2Q== X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0zO1NDTD02 X-Microsoft-Antispam-Message-Info: qLABvyASid6Ub8N11PWTap4QipYcYZpqZ0LrMTV560vfHk2Lr0KMhfUBeadNNpWzaxCzlNiFL6TFLD3XOjwrDxt16SHKKEhx79Gf7cDp5vdKU0H8HsiHvdRyeElcKU+sPHDKhpQLyPYVqd78UjaH/xaSQQmArOUmnVxR+9dDq7zng+Ovq9D8wlm+gD5KiMOo9mTDok2RxKNb02h+KBd6bsBBtliRxWRO0J3lXw/CH0P0pvuAzVRxRNMzSYaIOKqxs+IkHtpJrGS+c8Q+wUZL3Y1ZZffnFUQzulMuUp/JYOrP5eHIyZ7vBZut3TmZXIzA3J7zIQqesr6aGk5j2+tK82iAdMhkxVX1VRR27yYH59PumeeFqgyq3NWGmv8DbfynVMSFSx2aJ12ig2FsyQryYuAFms/vB8tAakxBQeuSArtMCqut5B3rbKahk98GlxK0bJxh4n7sBYIvUXHciFPPdgAL9wjcpGWsuXgS9q66fE0a/349awH70r4pkd0nZl6xoc++DDLixtqJJz9IDUlokI54QX97Ylw1IYUgWyok8WbKzmCipS6/vm+dVwgL94aArgy73S5E2vtdmFqscdU4Ld24P0j5DAMBd+mX2KLizKfs3Z2qjC9W33d/8F3gp6xyuSddWrxOXaKcMZ5doi0o02DlEJ3/jzs/MU678BZrKZxtp2tdwoYopga3WFAieM8rlDuPsm9YyWG64HMqvurGAA== MIME-Version: 1.0 <!--x61b932u90m2b6f--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center> <a href="hTTp://g43gy43h43.ddnsking.com/7108af18649074sw8481sx28235vu1801lh1839rr?8zzo5d42g37r63f"> How To Receive A 2nd Income Without Having A 2nd Job </a> </center><br><center> <a href="hTTp://g43gy43h43.ddnsking.com/7108rp18649074dr8481ja28235rt1801dv1839rr?47w0005edb7ntw3"> <img src="hTTp://g43gy43h43.ddnsking.com/UxuDd.png?ork4kulzl06mnxu"> </a> </center><br> <center> <a href="hTTp://g43gy43h43.ddnsking.com/7108vs18649074gm8481ih28235tb1801lk1839uu?1ajew5qbv0j487v"> <img src="hTTp://g43gy43h43.ddnsking.com/YgaAP.png?hqkhub26fun3qvx"> </a> </center><!--exxlv--> <!--6bo51--><img style="width:0px;height:0px;display:none;" src="http://g43gy43h43.ddnsking.com/7108po18649074er8481za28235md1839=<lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com>"><!--7p7kc--> </center><!--q5r99--> <!--3o55te9e880q6ml--> <!--8vmp6u2zb92pze8--> Link to comment Share on other sites More sharing options...
oZoneCapHill Posted September 2, 2018 Author Share Posted September 2, 2018 I pointed this out before but I edited the links, so this time if you try to process this, spamcop reports the main body has no text, the only thing I changed was my email address: Received: from SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com (2603:10b6:405:16::18) by BN7PR04MB4338.namprd04.prod.outlook.com with HTTPS via BN6PR2001CA0032.NAMPRD20.PROD.OUTLOOK.COM; Sun, 2 Sep 2018 15:07:21 +0000 Received: from SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com (10.152.88.54) by SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com (10.152.89.230) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1122.11; Sun, 2 Sep 2018 15:07:21 +0000 Authentication-Results: spf=none (sender IP is 80.211.185.127) smtp.mailfrom=ewqdw.33232.allaboutservicesgoodwelcome.com; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com; Received-SPF: None (protection.outlook.com: ewqdw.33232.allaboutservicesgoodwelcome.com does not designate permitted sender hosts) Received: from ewqdw.33232.allaboutservicesgoodwelcome.com (80.211.185.127) by SN1NAM04FT020.mail.protection.outlook.com (10.152.88.155) with Microsoft SMTP Server id 15.20.1122.11 via Frontend Transport; Sun, 2 Sep 2018 15:07:21 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:D1966AB7780B3C318D17C4337B0DBFE410051E73D1000BEFFD09FFEBB84785A7;UpperCasedChecksum:92EF603642ABB25C2BBC6DDB8613DF34037770EE67D8A7686408855FBA91C03B;SizeAsReceived:767;Count:12 From: Online income system <lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com> Reply-To: <rsx8f@f21g0.ewqdw.33232.allaboutservicesgoodwelcome.com> Sender: <*************-------------------------------------- ---------------------------************* XXX@hotmail.com> Return-Path: return@ewqdw.33232.allaboutservicesgoodwelcome.com To: "XXX@hotmail.com" <XXX@hotmail.com> Date: Sun, 2 Sep 2018 14:50:35 +0200 X-MSGID: 2w0k2 Subject: How To Receive A 2nd Income Without Having A 2nd Job X-Mailer: phplist List-Unsubscribe: <mailto:o03ts@ewqdw.33232.allaboutservicesgoodwelcome.com?subject=unsubscribe%20XXX@hotmail.com&body=remove%20XXX@hotmail.com%20> Content-Transfer-Encoding: 7bit Content-Type: text/html; charset="UTF-8" X-IncomingHeaderCount: 12 Message-ID: <94e3606a-b147-44c7-ab9f-2eeb6f43c6ee@SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com> X-MS-Exchange-Organization-ExpirationStartTime: 02 Sep 2018 15:07:21.4325 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit X-MS-Exchange-Organization-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04FT020;1:8d0XJb44YsKL6H/58hf3KG0Vz3jn61+Q6bh9J1VWGfhCJmCPk4RXosYRWIxPps/YpiQDrrWzArDzD06Q/hy5mq5qi+1piuJSUhrsnzcEwlEuRQV9/vFmNFT93hzknKzA X-Forefront-Antispam-Report: EFV:NLI; X-MS-Exchange-Organization-AuthSource: SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-UserLastLogonTime: 9/2/2018 1:03:25 PM X-MS-Office365-Filtering-Correlation-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000110)(711020)(4605076)(610169)(8291501071);SRVR:SN1NAM04HT194; X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;3:yADy9eJ/fD+iBhV7DL/Trn9jJHJTpLQ8Pu5jKqp5dUHsE9d4JD7HUiRmCNyA9tWLw8ZMZDMi+w2Hd8jRA5RLojLbIr2of3cqDgmVmNBuy6qjf1NSKj1IqVnI09C1XfPluvtr4aQsHyVlERp7WSMc6xvtWUyqsJ/EAHN/6rl8kthe5tPLvbVwnwcSUExhz7oIvMZ+0vF38rtUsfOCE/swgrYYqXMTgduE5YLuWnX5nFDK4DZrTb31JowBSH8lcAsZWlfwikjY408AE3w+P+UNWiukSdBQhQk54mNwA5PadYmmChmTFUUjqat9JhzIrgfW;25:+FUSpizOuX667b/7ElD5fFmEJ7TZBIvZUBERH09HTeys5OwO3CBQjzX9p/QAho7TW/QQjfxp3uaARkWjkbq2xZjlcmjGEl2glhf+jVBDLH7q1PlRS7Y0YUru0lB+rYQc+vvaqO1/rDB8oxK3cEG8l/t2IIsKZypDatMWIRMnWTFH3ke3dtyLe5IWElq/vYlwmb5Fr8Sh02AAQkCB2dVUNzMAsEfP/iE8uTLW/mggaFGFnfnIW2NxUCSCnLtUsB30L9n2DZHgREAWM21y4N+qO1bGQt0IVVmdcum23aTbSzcUPID84agiJGs5XluXAd8AmA0NEvGoenKcUSY688g/iw==;31:+hM9xS4izfxHnlqvS+vPcbTIYoTarUGc2ZzXR9wpUYz2UyerEAiM9eCW6IAb7ZCn1LrZ5p2O8ivO5qi81qUO6rrI+q+9vE1xay0gmwjqahzUCQ69hjnjaP8ZLWYsI6r6n/SKequZSlUZdDOMVoEs8ilgUqfezI0FoPGMnXa88LrkSn7bIDZH5t1AgEXBIao057oOT3N5iYDMifmIYbNqmPeQitkdT9A3jRWd7y8GmfU= X-MS-TrafficTypeDiagnostic: SN1NAM04HT194: X-MS-Exchange-EOPDirect: true X-Sender-IP: 80.211.185.127 X-SID-PRA: *************-------------------------------------- ---------------------------************* XXX@HOTMAIL.COM X-SID-Result: NONE X-MS-Exchange-Organization-PCL: 2 X-Exchange-Antispam-Report-Test: UriScan:(33130290259022); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111676)(60399065)(52401380)(52601095)(52606095)(52606095)(52606095)(52505095)(52501095)(52406095)(52402095)(88860193)(82015058);SRVR:SN1NAM04HT194;BCL:0;PCL:0;RULEID:;SRVR:SN1NAM04HT194; X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;4:dYFPmprt9DQaA36mBqBf8CpLZxy24vylVfirEUlWFgEr829l8Xs/A482ppuGc472wBxRjl9vQk2Bhflo3V9l2Y2GsHoUPoUOcYPbVdkHCmAAStr9okih+3lBrYrMW6+c+do9T5Q9UNBCxAFVejEvZiK2RbVFLQyBRK9YxjH30EWgfs+Ft6d1QjSBdfnPS/3ngPINfLnQq5kMB+pkZ2uDhgg06/ukIAxy5zM5LcYOJRLQm5Jz4vTcqw82FcwBq1CWiQeFOflomU8nC4iotN+khrdCGzc26cZmfyhCWIX9sywY+E5xYnrMrC7zOrfd1Fx4;6:xCOtc/kWysSZLqcThoYFHFZmrSSiGjaYe+Y93FQPImDFQWl/am7oaMeWgGZ/rU3vcligYJHxiTElhW2Mfvfvd0VCcZRxvNbCdQBWhEJc1DCpQMsMvWnyTnoHvRnSnMTOaDx8Kk75UFkPVuAOnpWVll2VEy1b+MtIMiDxDW57DhMWsa6QL5upZo/hNPwzugZt9VNVtKRsGIg4naawWqxBJMO/tWDHMHT+FD48ohaCYYutCJg6vd3DEaIzCBAFCv4hpFBDVs9VBbl1yz6Ktzx55P2+qhnlc0Xeo0BZsZkSH/DmXFvHoweYk2Z5YJwTbpJCyWp+Nt+hfc6ijsPuQskJZWqNjDsqrmUaBu+wydN0vOyl8sblXZh/+u6bNC61yA+gIbizCkg+9bnho01+/SDAb8tX/49CPXGyUYZpDPQ8hxuyD8mjOmWeETbkq5Dc2E7EgsTADz58knXH6McpRduPWw== X-Microsoft-Antispam-Message-Info: JoKTUpsqgkehHyFd/a+XWBXtSVMsCtyTYto9YgM54hBGIcysydRlTKCAptRJQ2LTXzgmWLkP4GrGJbOJNXvQ+iieNPk/kgtSYmLZWjLYP+TgS1ml0gxNnBmBMGlfp+TUwrZDfvYJpYzJmuM4bS/L75JaMhIpPNYs3xdIGQPq1Km5waYe53RdNOdWWc7S3ZVZa20kA7vj18G+PVvIgV2Pkn/U3yJfKTgJKZA6xPCS3gdPHEdTat9I8xo9pP4cjMs6apdEGKwEpDkq2zJH6epp3av1r0kvF/4adTdBdf+4UqXQ9XcwLbNWD7+AROcAX1SajNfw6twlWekZin8JCWxZGwaXhYu1Ylo3IxZvPviJctefb2Qev83zxp5NnH7uWPC3Z8jsVC5KnKk1zLcg98gFBcKZaM6sFmjllbekbpEKu87Xbh6TIR6mzKljuRSngvNS X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04HT194;5:iXSDo+O0ao8Tjb5u7PVJ7VBSNILsbG5bY3Aa5CX/rCa3958JZJ8gfrha+HY5v4oJI93/iAScTbLQ0UQbBqaN+yC/E3izVtQgO6OiHrxFGrN6t5cjcLAb6xo2n2sgzl0OqK9Vjl0Ka+0xKIzxylxn3KHhQvcwSD4XMANZK+DFWb4=;7:wC6+92o9/Rx/1qjbrEaVkqKE2gMeqT8Y5zo1OJW/Uli1aGXVuyXsyw44/MPsL9/rJhKpCoURdBtikxlZ4vuwa2QKkW9kATa5LpgKUPLq/Zju1mgSm9cg37X1awySnlWB7IgIGyFeIw+L6EwAmRo0yhgDdEyfM2ZaUE8+HRKI0sb/74P7s9L5qwES7S/2VjUS7uRp4MM4n9Sr512HG7Sk5/eGh1WxljtnYaz90DCs6TARneJAWirfZFrw9H8l4MfI X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2018 15:07:21.2763 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858 X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT194 X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5788043 X-MS-Exchange-Processed-By-BccFoldering: 15.20.1080.019 X-Microsoft-Exchange-Diagnostics: 1;BN7PR04MB4338;27:2FGIgoOHxbf0yLoDAKeN4PSQyD33e6sEKRmVVrUQfu1hQwiwq7BOoVyu4/LIwH0ZES5Y7M+BBlPZaZs9T0rVE64/pjhV4D3/W/n9IlcY2ZHpUXLsR3ONOSw3SMnnpUWtyh6hVWz4Fs9/mz4zK0BeoXPzfzZeEanfYk6QrYvIWBKSrutfYieQtnn4qVjVyGDjvc7Iw3NOT+Q6uTwQAKI1jhYOT8ocIl50ejNzWgJ8zra8Vugzu15I3egeFSFbK69p2o6tsaTSJW2LgOR9qmgl35ffhHQHbcd1fgWrIrldYrqXFRYKOvm5Gu+jWHE7hDwo9KsVb92OQw5qx3uVyC8TJje1J7wPYuCfHVmsXkzdz65Grv7FGf1scyWPZ2IwQrwraHFtlmAjOdiZLMZVXhZzy4sfoXCLXlYPj5pf5x9vnZTDnaUECrXBR7BJYvwSK0mz0TMi0kxnZQIhjegTDEtgqRFvH90R4C+a5rvxUDyajWeUnKhXQVqG76e8B/DUPuL4IggBY81phspRhH30/zK9Ih0AeGdk4aB9MbDZdB8bwpA= X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;ex:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6320004)(4923001);RF:JunkEmail; X-Message-Info: qoGN4b5S4yrj5hA6ER+AykNieONlpOBLadWZwJKw+KsRWx9WH+snuGPhDehklH/rOqoKux3BrQ/vg0O1LXDlKpuVOrd1QkxNxuomSCpCS/3PblpOj34yS6kKS3LVOREF/Obu+pjLGTVhvA/s7nWx7nnsidn9FZPuSHXxR1nSF+NMNv6rBXKFx5HWuqmkeINLfaZ5tvyGw2UzcUxF13eA2Q== X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0zO1NDTD02 X-Microsoft-Antispam-Message-Info: qLABvyASid6Ub8N11PWTap4QipYcYZpqZ0LrMTV560vfHk2Lr0KMhfUBeadNNpWzaxCzlNiFL6TFLD3XOjwrDxt16SHKKEhx79Gf7cDp5vdKU0H8HsiHvdRyeElcKU+sPHDKhpQLyPYVqd78UjaH/xaSQQmArOUmnVxR+9dDq7zng+Ovq9D8wlm+gD5KiMOo9mTDok2RxKNb02h+KBd6bsBBtliRxWRO0J3lXw/CH0P0pvuAzVRxRNMzSYaIOKqxs+IkHtpJrGS+c8Q+wUZL3Y1ZZffnFUQzulMuUp/JYOrP5eHIyZ7vBZut3TmZXIzA3J7zIQqesr6aGk5j2+tK82iAdMhkxVX1VRR27yYH59PumeeFqgyq3NWGmv8DbfynVMSFSx2aJ12ig2FsyQryYuAFms/vB8tAakxBQeuSArtMCqut5B3rbKahk98GlxK0bJxh4n7sBYIvUXHciFPPdgAL9wjcpGWsuXgS9q66fE0a/349awH70r4pkd0nZl6xoc++DDLixtqJJz9IDUlokI54QX97Ylw1IYUgWyok8WbKzmCipS6/vm+dVwgL94aArgy73S5E2vtdmFqscdU4Ld24P0j5DAMBd+mX2KLizKfs3Z2qjC9W33d/8F3gp6xyuSddWrxOXaKcMZ5doi0o02DlEJ3/jzs/MU678BZrKZxtp2tdwoYopga3WFAieM8rlDuPsm9YyWG64HMqvurGAA== MIME-Version: 1.0 <!--x61b932u90m2b6f--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center> <a href="hTTp://g43gy43h43.ddnsking.com/7108af18649074sw8481sx28235vu1801lh1839rr?8zzo5d42g37r63f"> How To Receive A 2nd Income Without Having A 2nd Job </a> </center><br><center> <a href="hTTp://g43gy43h43.ddnsking.com/7108rp18649074dr8481ja28235rt1801dv1839rr?47w0005edb7ntw3"> <img src="hTTp://g43gy43h43.ddnsking.com/UxuDd.png?ork4kulzl06mnxu"> </a> </center><br> <center> <a href="hTTp://g43gy43h43.ddnsking.com/7108vs18649074gm8481ih28235tb1801lk1839uu?1ajew5qbv0j487v"> <img src="hTTp://g43gy43h43.ddnsking.com/YgaAP.png?hqkhub26fun3qvx"> </a> </center><!--exxlv--> <!--6bo51--><img style="width:0px;height:0px;display:none;" src="http://g43gy43h43.ddnsking.com/7108po18649074er8481za28235md1839=<lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com>"><!--7p7kc--> </center><!--q5r99--> <!--3o55te9e880q6ml--> <!--8vmp6u2zb92pze8--> Link to comment Share on other sites More sharing options...
Lking Posted September 2, 2018 Share Posted September 2, 2018 PLEASE do not post spam in the thread. By posting the tracking URL everyone can see the complete header and body by following the link and clicking on <View entire message> Everyone can see how the parser has handled the submitted email You do not have to manually munge you email search engines that crawl through this forum, do not see all the links in the email and by that increase the ranking of the spamvertized site. the thread does not become obnoxiously long for readers to scroll through. If there is a message you do not want to report, you can cancel the reports and the Tracking URL is still valid. reports are sent to cancel[at]spam.... Thank you. Link to comment Share on other sites More sharing options...
oZoneCapHill Posted September 2, 2018 Author Share Posted September 2, 2018 Sent you a IM you can delete the full info, but the reason why posted this was spamcop will not process these emails unless I edit it and it doesn't give a tracking ID, it fails to process, most of the time Link to comment Share on other sites More sharing options...
RobiBue Posted September 3, 2018 Share Posted September 3, 2018 @oZoneCapHill: if I copy and past what you showed, with the hTTp:// intact, the message parses, but it doesn't look at any links. To me, that is ok, as many times links are "innocent bystanders"... The real problem though, is that the message can't follow the "Received:" trail and will accuse Hotmail for spamming, while the real culprit, in the above message, is aruba.it. If you remove the topmost Received: line and parse the message, you will notice the difference. it's that (2603:10b6:405:16::18) address that gets SpamCop (well, not really), but since none of the mail hosts are reachable and the MX for outlook.com domain is outlook-com.olc.protection.outlook.com and it's addresses rotate along the line of 104.47.n.33 and are not reachable either SC will say: 2603:10b6:405:16:0:0:0:18 is not an MX for BN7PR04MB4338.namprd04.prod.outlook.com 2603:10b6:405:16:0:0:0:18 is not an MX for SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com 2603:10b6:405:16:0:0:0:18 is not an MX for BN7PR04MB4338.namprd04.prod.outlook.com and will think hotmail is the spammer... see the difference: with the first received line (report would go to hotmail.com) without the first received line (report would go to staff.aruba.it) Link to comment Share on other sites More sharing options...
oZoneCapHill Posted September 3, 2018 Author Share Posted September 3, 2018 Thanks for looking into it, yes it seems this spammer has a way to mess with spamcop processing the email headers ( can spamcop fix this ?? ), as for the links, if you just retype the "http" part it will process and redirects to a blacklisted domain ( http://waybitz.com/uffadc47f74e6f17000/ ) that has been hosted all over the place and the current one I have written to them a few times and they haven't done anything.... http://whois.domaintools.com/waybitz.com Reg is Tucows and spamcop says the hosting companies are: abuse@cbe-hosting.com > waybitz.com abuse@staff.aruba.it > g43gy43h43.ddnsking.com Link to comment Share on other sites More sharing options...
oZoneCapHill Posted November 8, 2018 Author Share Posted November 8, 2018 So this spammer has been using Godaddy and Aruba.it and I have been reporting the email for months and nothing. I also noticed that Godaddy doesn't have the correct email link for reporting the report, but I have also written godaddy and aruba.it and they don't do a thing about this spammer, so what gives with reports going to godaddy and what's the best way to get his new domains sh** down for spoofing, spamming and malware links. Link to comment Share on other sites More sharing options...
Lking Posted November 8, 2018 Share Posted November 8, 2018 What your report confirms what KnujOn reported before they closed. Godaddy is one of the top domain issuers and host for spammers. Sammers keep their lights on so I would not hold my breath for affirmative action. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.