Jump to content

Reporting not working mainbody


oZoneCapHill
 Share

Recommended Posts

This spammer is sending the main body with non standard labels for HTML link ref and spamcop fails to detect anything in the mainbody, you have to go in and edit the hTTp to http, btw anyone know where and who this spammer is he is using an ISP that won't close one of the blacklisted redirect domains in the jump...

 

<!--2h24bti0gh1xlcf--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center>
<a href="hTTp://weg43g43.ddnsking.com/7091ej18649074bu8471tp28211tx1795hy1841rr?ms44mbkqe19u4qw">
Youâre invited to become a SONY Product Tester this Summer!
</a>
</center><br>
<center>
<a href="hTTp://weg43g43.ddnsking.com/7091xo18649074kg8471uy28211kc1795rb1841rr?z2ec27jgvxpc3mn">
<img src="hTTp://weg43g43.ddnsking.com/7OzIy.png?s45jhz127z4v71e">
</a>
</center><br>
<center>      
<a href="hTTp://weg43g43.ddnsking.com/7091kr18649074hm8471nl28211zk1795in1841uu?d60z102jet63j5c">
<img src="hTTp://weg43g43.ddnsking.com/Dx3w8.png?7090dcehdx4y162">
</a>
</center><!--cm48x-->
<!--jh8o7--><img style="width:0px;height:0px;display:none;" src="http://weg43g43.ddnsking.com/7091gh18649074cy8471cm28211vi1841=&lt;80sb2@7l68z.4334634643.happyrevolutions.com&gt;"><!--3pms1-->
</center><!--927at-->
<!--566rz01c2fuxu9s-->

<!--ra70v40ip1880e8-->

Link to comment
Share on other sites

without the email header it is hard to say who the spammer is.  If you would provide a Tracking URL, others could then see the whole email and perhaps identify less time consuming and possibly a less error pron way to submit the spam.

At the top of the SpamCop reporting screen

Quote

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6482810247z76944b20aef03ef22a1e0047f6d81f2az

Welcome to the forum

Link to comment
Share on other sites

Here ya go, he just sent me 10 this am and another 4 in the last hour

if I don't go in and edit the hTTp spamcop rejects it, if I try to submit it I get SpamCop encountered errors while saving spam for processing:
SpamCop could not find your spam message in this email:

https://www.spamcop.net/sc?id=z6482811398z97674f89b815c3861fb07fa299740b66z

Edited by oZoneCapHill
update
Link to comment
Share on other sites

5 hours ago, oZoneCapHill said:

https://www.spamcop.net/sc?id=z6482811398z97674f89b815c3861fb07fa299740b66z

Working now? hotmail throwaway email account

Link to comment
Share on other sites

Here is a full header and mainbody, spamcop fails to process I only edited my email address, this needs to be fixed:

 

Received: from SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com
 (2603:10b6:405:16::18) by BN7PR04MB4338.namprd04.prod.outlook.com with HTTPS
 via BN6PR2001CA0032.NAMPRD20.PROD.OUTLOOK.COM; Sun, 2 Sep 2018 15:07:21 +0000
Received: from SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com
 (10.152.88.54) by SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com
 (10.152.89.230) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1122.11; Sun, 2
 Sep 2018 15:07:21 +0000
Authentication-Results: spf=none (sender IP is 80.211.185.127)
 smtp.mailfrom=ewqdw.33232.allaboutservicesgoodwelcome.com; hotmail.com;
 dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none
 action=none header.from=2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com;
Received-SPF: None (protection.outlook.com:
 ewqdw.33232.allaboutservicesgoodwelcome.com does not designate permitted
 sender hosts)
Received: from ewqdw.33232.allaboutservicesgoodwelcome.com (80.211.185.127) by
 SN1NAM04FT020.mail.protection.outlook.com (10.152.88.155) with Microsoft SMTP
 Server id 15.20.1122.11 via Frontend Transport; Sun, 2 Sep 2018 15:07:21
 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:D1966AB7780B3C318D17C4337B0DBFE410051E73D1000BEFFD09FFEBB84785A7;UpperCasedChecksum:92EF603642ABB25C2BBC6DDB8613DF34037770EE67D8A7686408855FBA91C03B;SizeAsReceived:767;Count:12
From: Online income system
    <lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com>
Reply-To: <rsx8f@f21g0.ewqdw.33232.allaboutservicesgoodwelcome.com>
Sender: <*************-------------------------------------- ---------------------------************* XXX@hotmail.com>
Return-Path: return@ewqdw.33232.allaboutservicesgoodwelcome.com
To: "XXX@hotmail.com" <XXX@hotmail.com>
Date: Sun, 2 Sep 2018 14:50:35 +0200
X-MSGID: 2w0k2
Subject: How To Receive A 2nd Income Without Having A 2nd Job
X-Mailer: phplist
List-Unsubscribe: <mailto:o03ts@ewqdw.33232.allaboutservicesgoodwelcome.com?subject=unsubscribe%20XXX@hotmail.com&body=remove%20XXX@hotmail.com%20>
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
X-IncomingHeaderCount: 12
Message-ID: <94e3606a-b147-44c7-ab9f-2eeb6f43c6ee@SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com>
X-MS-Exchange-Organization-ExpirationStartTime: 02 Sep 2018 15:07:21.4325
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit
X-MS-Exchange-Organization-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04FT020;1:8d0XJb44YsKL6H/58hf3KG0Vz3jn61+Q6bh9J1VWGfhCJmCPk4RXosYRWIxPps/YpiQDrrWzArDzD06Q/hy5mq5qi+1piuJSUhrsnzcEwlEuRQV9/vFmNFT93hzknKzA
X-Forefront-Antispam-Report: EFV:NLI;
X-MS-Exchange-Organization-AuthSource:
 SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-UserLastLogonTime: 9/2/2018 1:03:25 PM
X-MS-Office365-Filtering-Correlation-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-Microsoft-Antispam:
 BCL:0;PCL:0;RULEID:(5000110)(711020)(4605076)(610169)(8291501071);SRVR:SN1NAM04HT194;
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;3:yADy9eJ/fD+iBhV7DL/Trn9jJHJTpLQ8Pu5jKqp5dUHsE9d4JD7HUiRmCNyA9tWLw8ZMZDMi+w2Hd8jRA5RLojLbIr2of3cqDgmVmNBuy6qjf1NSKj1IqVnI09C1XfPluvtr4aQsHyVlERp7WSMc6xvtWUyqsJ/EAHN/6rl8kthe5tPLvbVwnwcSUExhz7oIvMZ+0vF38rtUsfOCE/swgrYYqXMTgduE5YLuWnX5nFDK4DZrTb31JowBSH8lcAsZWlfwikjY408AE3w+P+UNWiukSdBQhQk54mNwA5PadYmmChmTFUUjqat9JhzIrgfW;25:+FUSpizOuX667b/7ElD5fFmEJ7TZBIvZUBERH09HTeys5OwO3CBQjzX9p/QAho7TW/QQjfxp3uaARkWjkbq2xZjlcmjGEl2glhf+jVBDLH7q1PlRS7Y0YUru0lB+rYQc+vvaqO1/rDB8oxK3cEG8l/t2IIsKZypDatMWIRMnWTFH3ke3dtyLe5IWElq/vYlwmb5Fr8Sh02AAQkCB2dVUNzMAsEfP/iE8uTLW/mggaFGFnfnIW2NxUCSCnLtUsB30L9n2DZHgREAWM21y4N+qO1bGQt0IVVmdcum23aTbSzcUPID84agiJGs5XluXAd8AmA0NEvGoenKcUSY688g/iw==;31:+hM9xS4izfxHnlqvS+vPcbTIYoTarUGc2ZzXR9wpUYz2UyerEAiM9eCW6IAb7ZCn1LrZ5p2O8ivO5qi81qUO6rrI+q+9vE1xay0gmwjqahzUCQ69hjnjaP8ZLWYsI6r6n/SKequZSlUZdDOMVoEs8ilgUqfezI0FoPGMnXa88LrkSn7bIDZH5t1AgEXBIao057oOT3N5iYDMifmIYbNqmPeQitkdT9A3jRWd7y8GmfU=
X-MS-TrafficTypeDiagnostic: SN1NAM04HT194:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 80.211.185.127
X-SID-PRA: *************--------------------------------------
 ---------------------------************* XXX@HOTMAIL.COM
X-SID-Result: NONE
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:(33130290259022);
X-Exchange-Antispam-Report-CFA-Test:
 BCL:0;PCL:0;RULEID:(444111676)(60399065)(52401380)(52601095)(52606095)(52606095)(52606095)(52505095)(52501095)(52406095)(52402095)(88860193)(82015058);SRVR:SN1NAM04HT194;BCL:0;PCL:0;RULEID:;SRVR:SN1NAM04HT194;
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;4:dYFPmprt9DQaA36mBqBf8CpLZxy24vylVfirEUlWFgEr829l8Xs/A482ppuGc472wBxRjl9vQk2Bhflo3V9l2Y2GsHoUPoUOcYPbVdkHCmAAStr9okih+3lBrYrMW6+c+do9T5Q9UNBCxAFVejEvZiK2RbVFLQyBRK9YxjH30EWgfs+Ft6d1QjSBdfnPS/3ngPINfLnQq5kMB+pkZ2uDhgg06/ukIAxy5zM5LcYOJRLQm5Jz4vTcqw82FcwBq1CWiQeFOflomU8nC4iotN+khrdCGzc26cZmfyhCWIX9sywY+E5xYnrMrC7zOrfd1Fx4;6:xCOtc/kWysSZLqcThoYFHFZmrSSiGjaYe+Y93FQPImDFQWl/am7oaMeWgGZ/rU3vcligYJHxiTElhW2Mfvfvd0VCcZRxvNbCdQBWhEJc1DCpQMsMvWnyTnoHvRnSnMTOaDx8Kk75UFkPVuAOnpWVll2VEy1b+MtIMiDxDW57DhMWsa6QL5upZo/hNPwzugZt9VNVtKRsGIg4naawWqxBJMO/tWDHMHT+FD48ohaCYYutCJg6vd3DEaIzCBAFCv4hpFBDVs9VBbl1yz6Ktzx55P2+qhnlc0Xeo0BZsZkSH/DmXFvHoweYk2Z5YJwTbpJCyWp+Nt+hfc6ijsPuQskJZWqNjDsqrmUaBu+wydN0vOyl8sblXZh/+u6bNC61yA+gIbizCkg+9bnho01+/SDAb8tX/49CPXGyUYZpDPQ8hxuyD8mjOmWeETbkq5Dc2E7EgsTADz58knXH6McpRduPWw==
X-Microsoft-Antispam-Message-Info:
 JoKTUpsqgkehHyFd/a+XWBXtSVMsCtyTYto9YgM54hBGIcysydRlTKCAptRJQ2LTXzgmWLkP4GrGJbOJNXvQ+iieNPk/kgtSYmLZWjLYP+TgS1ml0gxNnBmBMGlfp+TUwrZDfvYJpYzJmuM4bS/L75JaMhIpPNYs3xdIGQPq1Km5waYe53RdNOdWWc7S3ZVZa20kA7vj18G+PVvIgV2Pkn/U3yJfKTgJKZA6xPCS3gdPHEdTat9I8xo9pP4cjMs6apdEGKwEpDkq2zJH6epp3av1r0kvF/4adTdBdf+4UqXQ9XcwLbNWD7+AROcAX1SajNfw6twlWekZin8JCWxZGwaXhYu1Ylo3IxZvPviJctefb2Qev83zxp5NnH7uWPC3Z8jsVC5KnKk1zLcg98gFBcKZaM6sFmjllbekbpEKu87Xbh6TIR6mzKljuRSngvNS
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;5:iXSDo+O0ao8Tjb5u7PVJ7VBSNILsbG5bY3Aa5CX/rCa3958JZJ8gfrha+HY5v4oJI93/iAScTbLQ0UQbBqaN+yC/E3izVtQgO6OiHrxFGrN6t5cjcLAb6xo2n2sgzl0OqK9Vjl0Ka+0xKIzxylxn3KHhQvcwSD4XMANZK+DFWb4=;7:wC6+92o9/Rx/1qjbrEaVkqKE2gMeqT8Y5zo1OJW/Uli1aGXVuyXsyw44/MPsL9/rJhKpCoURdBtikxlZ4vuwa2QKkW9kATa5LpgKUPLq/Zju1mgSm9cg37X1awySnlWB7IgIGyFeIw+L6EwAmRo0yhgDdEyfM2ZaUE8+HRKI0sb/74P7s9L5qwES7S/2VjUS7uRp4MM4n9Sr512HG7Sk5/eGh1WxljtnYaz90DCs6TARneJAWirfZFrw9H8l4MfI
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2018 15:07:21.2763
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
 b6587b75-6f1a-4db7-b0b6-5cad10ef59a7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT194
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5788043
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1080.019
X-Microsoft-Exchange-Diagnostics:
    1;BN7PR04MB4338;27:2FGIgoOHxbf0yLoDAKeN4PSQyD33e6sEKRmVVrUQfu1hQwiwq7BOoVyu4/LIwH0ZES5Y7M+BBlPZaZs9T0rVE64/pjhV4D3/W/n9IlcY2ZHpUXLsR3ONOSw3SMnnpUWtyh6hVWz4Fs9/mz4zK0BeoXPzfzZeEanfYk6QrYvIWBKSrutfYieQtnn4qVjVyGDjvc7Iw3NOT+Q6uTwQAKI1jhYOT8ocIl50ejNzWgJ8zra8Vugzu15I3egeFSFbK69p2o6tsaTSJW2LgOR9qmgl35ffhHQHbcd1fgWrIrldYrqXFRYKOvm5Gu+jWHE7hDwo9KsVb92OQw5qx3uVyC8TJje1J7wPYuCfHVmsXkzdz65Grv7FGf1scyWPZ2IwQrwraHFtlmAjOdiZLMZVXhZzy4sfoXCLXlYPj5pf5x9vnZTDnaUECrXBR7BJYvwSK0mz0TMi0kxnZQIhjegTDEtgqRFvH90R4C+a5rvxUDyajWeUnKhXQVqG76e8B/DUPuL4IggBY81phspRhH30/zK9Ih0AeGdk4aB9MbDZdB8bwpA=
X-Microsoft-Antispam-Mailbox-Delivery:
    ucf:0;jmr:0;ex:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6320004)(4923001);RF:JunkEmail;
X-Message-Info:
    qoGN4b5S4yrj5hA6ER+AykNieONlpOBLadWZwJKw+KsRWx9WH+snuGPhDehklH/rOqoKux3BrQ/vg0O1LXDlKpuVOrd1QkxNxuomSCpCS/3PblpOj34yS6kKS3LVOREF/Obu+pjLGTVhvA/s7nWx7nnsidn9FZPuSHXxR1nSF+NMNv6rBXKFx5HWuqmkeINLfaZ5tvyGw2UzcUxF13eA2Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0zO1NDTD02
X-Microsoft-Antispam-Message-Info:
    qLABvyASid6Ub8N11PWTap4QipYcYZpqZ0LrMTV560vfHk2Lr0KMhfUBeadNNpWzaxCzlNiFL6TFLD3XOjwrDxt16SHKKEhx79Gf7cDp5vdKU0H8HsiHvdRyeElcKU+sPHDKhpQLyPYVqd78UjaH/xaSQQmArOUmnVxR+9dDq7zng+Ovq9D8wlm+gD5KiMOo9mTDok2RxKNb02h+KBd6bsBBtliRxWRO0J3lXw/CH0P0pvuAzVRxRNMzSYaIOKqxs+IkHtpJrGS+c8Q+wUZL3Y1ZZffnFUQzulMuUp/JYOrP5eHIyZ7vBZut3TmZXIzA3J7zIQqesr6aGk5j2+tK82iAdMhkxVX1VRR27yYH59PumeeFqgyq3NWGmv8DbfynVMSFSx2aJ12ig2FsyQryYuAFms/vB8tAakxBQeuSArtMCqut5B3rbKahk98GlxK0bJxh4n7sBYIvUXHciFPPdgAL9wjcpGWsuXgS9q66fE0a/349awH70r4pkd0nZl6xoc++DDLixtqJJz9IDUlokI54QX97Ylw1IYUgWyok8WbKzmCipS6/vm+dVwgL94aArgy73S5E2vtdmFqscdU4Ld24P0j5DAMBd+mX2KLizKfs3Z2qjC9W33d/8F3gp6xyuSddWrxOXaKcMZ5doi0o02DlEJ3/jzs/MU678BZrKZxtp2tdwoYopga3WFAieM8rlDuPsm9YyWG64HMqvurGAA==
MIME-Version: 1.0

<!--x61b932u90m2b6f--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center>
<a href="hTTp://g43gy43h43.ddnsking.com/7108af18649074sw8481sx28235vu1801lh1839rr?8zzo5d42g37r63f">
How To Receive A 2nd Income Without Having A 2nd Job
</a>
</center><br><center>
<a href="hTTp://g43gy43h43.ddnsking.com/7108rp18649074dr8481ja28235rt1801dv1839rr?47w0005edb7ntw3">
<img src="hTTp://g43gy43h43.ddnsking.com/UxuDd.png?ork4kulzl06mnxu">
</a>
</center><br>
<center>      
<a href="hTTp://g43gy43h43.ddnsking.com/7108vs18649074gm8481ih28235tb1801lk1839uu?1ajew5qbv0j487v">
<img src="hTTp://g43gy43h43.ddnsking.com/YgaAP.png?hqkhub26fun3qvx">
</a>
</center><!--exxlv-->
<!--6bo51--><img style="width:0px;height:0px;display:none;" src="http://g43gy43h43.ddnsking.com/7108po18649074er8481za28235md1839=&lt;lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com&gt;"><!--7p7kc-->
</center><!--q5r99-->
<!--3o55te9e880q6ml-->

<!--8vmp6u2zb92pze8-->

 

Link to comment
Share on other sites

I pointed this out before but I edited the links, so this time if you try to process this, spamcop reports the main body has no text, the only thing I changed was my email address:

 

Received: from SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com
 (2603:10b6:405:16::18) by BN7PR04MB4338.namprd04.prod.outlook.com with HTTPS
 via BN6PR2001CA0032.NAMPRD20.PROD.OUTLOOK.COM; Sun, 2 Sep 2018 15:07:21 +0000
Received: from SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com
 (10.152.88.54) by SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com
 (10.152.89.230) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1122.11; Sun, 2
 Sep 2018 15:07:21 +0000
Authentication-Results: spf=none (sender IP is 80.211.185.127)
 smtp.mailfrom=ewqdw.33232.allaboutservicesgoodwelcome.com; hotmail.com;
 dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none
 action=none header.from=2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com;
Received-SPF: None (protection.outlook.com:
 ewqdw.33232.allaboutservicesgoodwelcome.com does not designate permitted
 sender hosts)
Received: from ewqdw.33232.allaboutservicesgoodwelcome.com (80.211.185.127) by
 SN1NAM04FT020.mail.protection.outlook.com (10.152.88.155) with Microsoft SMTP
 Server id 15.20.1122.11 via Frontend Transport; Sun, 2 Sep 2018 15:07:21
 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:D1966AB7780B3C318D17C4337B0DBFE410051E73D1000BEFFD09FFEBB84785A7;UpperCasedChecksum:92EF603642ABB25C2BBC6DDB8613DF34037770EE67D8A7686408855FBA91C03B;SizeAsReceived:767;Count:12
From: Online income system
    <lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com>
Reply-To: <rsx8f@f21g0.ewqdw.33232.allaboutservicesgoodwelcome.com>
Sender: <*************-------------------------------------- ---------------------------************* XXX@hotmail.com>
Return-Path: return@ewqdw.33232.allaboutservicesgoodwelcome.com
To: "XXX@hotmail.com" <XXX@hotmail.com>
Date: Sun, 2 Sep 2018 14:50:35 +0200
X-MSGID: 2w0k2
Subject: How To Receive A 2nd Income Without Having A 2nd Job
X-Mailer: phplist
List-Unsubscribe: <mailto:o03ts@ewqdw.33232.allaboutservicesgoodwelcome.com?subject=unsubscribe%20XXX@hotmail.com&body=remove%20XXX@hotmail.com%20>
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
X-IncomingHeaderCount: 12
Message-ID: <94e3606a-b147-44c7-ab9f-2eeb6f43c6ee@SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com>
X-MS-Exchange-Organization-ExpirationStartTime: 02 Sep 2018 15:07:21.4325
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: Original Submit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: Original Submit
X-MS-Exchange-Organization-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM04FT020;1:8d0XJb44YsKL6H/58hf3KG0Vz3jn61+Q6bh9J1VWGfhCJmCPk4RXosYRWIxPps/YpiQDrrWzArDzD06Q/hy5mq5qi+1piuJSUhrsnzcEwlEuRQV9/vFmNFT93hzknKzA
X-Forefront-Antispam-Report: EFV:NLI;
X-MS-Exchange-Organization-AuthSource:
 SN1NAM04FT020.eop-NAM04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-UserLastLogonTime: 9/2/2018 1:03:25 PM
X-MS-Office365-Filtering-Correlation-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-Microsoft-Antispam:
 BCL:0;PCL:0;RULEID:(5000110)(711020)(4605076)(610169)(8291501071);SRVR:SN1NAM04HT194;
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;3:yADy9eJ/fD+iBhV7DL/Trn9jJHJTpLQ8Pu5jKqp5dUHsE9d4JD7HUiRmCNyA9tWLw8ZMZDMi+w2Hd8jRA5RLojLbIr2of3cqDgmVmNBuy6qjf1NSKj1IqVnI09C1XfPluvtr4aQsHyVlERp7WSMc6xvtWUyqsJ/EAHN/6rl8kthe5tPLvbVwnwcSUExhz7oIvMZ+0vF38rtUsfOCE/swgrYYqXMTgduE5YLuWnX5nFDK4DZrTb31JowBSH8lcAsZWlfwikjY408AE3w+P+UNWiukSdBQhQk54mNwA5PadYmmChmTFUUjqat9JhzIrgfW;25:+FUSpizOuX667b/7ElD5fFmEJ7TZBIvZUBERH09HTeys5OwO3CBQjzX9p/QAho7TW/QQjfxp3uaARkWjkbq2xZjlcmjGEl2glhf+jVBDLH7q1PlRS7Y0YUru0lB+rYQc+vvaqO1/rDB8oxK3cEG8l/t2IIsKZypDatMWIRMnWTFH3ke3dtyLe5IWElq/vYlwmb5Fr8Sh02AAQkCB2dVUNzMAsEfP/iE8uTLW/mggaFGFnfnIW2NxUCSCnLtUsB30L9n2DZHgREAWM21y4N+qO1bGQt0IVVmdcum23aTbSzcUPID84agiJGs5XluXAd8AmA0NEvGoenKcUSY688g/iw==;31:+hM9xS4izfxHnlqvS+vPcbTIYoTarUGc2ZzXR9wpUYz2UyerEAiM9eCW6IAb7ZCn1LrZ5p2O8ivO5qi81qUO6rrI+q+9vE1xay0gmwjqahzUCQ69hjnjaP8ZLWYsI6r6n/SKequZSlUZdDOMVoEs8ilgUqfezI0FoPGMnXa88LrkSn7bIDZH5t1AgEXBIao057oOT3N5iYDMifmIYbNqmPeQitkdT9A3jRWd7y8GmfU=
X-MS-TrafficTypeDiagnostic: SN1NAM04HT194:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 80.211.185.127
X-SID-PRA: *************--------------------------------------
 ---------------------------************* XXX@HOTMAIL.COM
X-SID-Result: NONE
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:(33130290259022);
X-Exchange-Antispam-Report-CFA-Test:
 BCL:0;PCL:0;RULEID:(444111676)(60399065)(52401380)(52601095)(52606095)(52606095)(52606095)(52505095)(52501095)(52406095)(52402095)(88860193)(82015058);SRVR:SN1NAM04HT194;BCL:0;PCL:0;RULEID:;SRVR:SN1NAM04HT194;
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;4:dYFPmprt9DQaA36mBqBf8CpLZxy24vylVfirEUlWFgEr829l8Xs/A482ppuGc472wBxRjl9vQk2Bhflo3V9l2Y2GsHoUPoUOcYPbVdkHCmAAStr9okih+3lBrYrMW6+c+do9T5Q9UNBCxAFVejEvZiK2RbVFLQyBRK9YxjH30EWgfs+Ft6d1QjSBdfnPS/3ngPINfLnQq5kMB+pkZ2uDhgg06/ukIAxy5zM5LcYOJRLQm5Jz4vTcqw82FcwBq1CWiQeFOflomU8nC4iotN+khrdCGzc26cZmfyhCWIX9sywY+E5xYnrMrC7zOrfd1Fx4;6:xCOtc/kWysSZLqcThoYFHFZmrSSiGjaYe+Y93FQPImDFQWl/am7oaMeWgGZ/rU3vcligYJHxiTElhW2Mfvfvd0VCcZRxvNbCdQBWhEJc1DCpQMsMvWnyTnoHvRnSnMTOaDx8Kk75UFkPVuAOnpWVll2VEy1b+MtIMiDxDW57DhMWsa6QL5upZo/hNPwzugZt9VNVtKRsGIg4naawWqxBJMO/tWDHMHT+FD48ohaCYYutCJg6vd3DEaIzCBAFCv4hpFBDVs9VBbl1yz6Ktzx55P2+qhnlc0Xeo0BZsZkSH/DmXFvHoweYk2Z5YJwTbpJCyWp+Nt+hfc6ijsPuQskJZWqNjDsqrmUaBu+wydN0vOyl8sblXZh/+u6bNC61yA+gIbizCkg+9bnho01+/SDAb8tX/49CPXGyUYZpDPQ8hxuyD8mjOmWeETbkq5Dc2E7EgsTADz58knXH6McpRduPWw==
X-Microsoft-Antispam-Message-Info:
 JoKTUpsqgkehHyFd/a+XWBXtSVMsCtyTYto9YgM54hBGIcysydRlTKCAptRJQ2LTXzgmWLkP4GrGJbOJNXvQ+iieNPk/kgtSYmLZWjLYP+TgS1ml0gxNnBmBMGlfp+TUwrZDfvYJpYzJmuM4bS/L75JaMhIpPNYs3xdIGQPq1Km5waYe53RdNOdWWc7S3ZVZa20kA7vj18G+PVvIgV2Pkn/U3yJfKTgJKZA6xPCS3gdPHEdTat9I8xo9pP4cjMs6apdEGKwEpDkq2zJH6epp3av1r0kvF/4adTdBdf+4UqXQ9XcwLbNWD7+AROcAX1SajNfw6twlWekZin8JCWxZGwaXhYu1Ylo3IxZvPviJctefb2Qev83zxp5NnH7uWPC3Z8jsVC5KnKk1zLcg98gFBcKZaM6sFmjllbekbpEKu87Xbh6TIR6mzKljuRSngvNS
X-Microsoft-Exchange-Diagnostics:
 1;SN1NAM04HT194;5:iXSDo+O0ao8Tjb5u7PVJ7VBSNILsbG5bY3Aa5CX/rCa3958JZJ8gfrha+HY5v4oJI93/iAScTbLQ0UQbBqaN+yC/E3izVtQgO6OiHrxFGrN6t5cjcLAb6xo2n2sgzl0OqK9Vjl0Ka+0xKIzxylxn3KHhQvcwSD4XMANZK+DFWb4=;7:wC6+92o9/Rx/1qjbrEaVkqKE2gMeqT8Y5zo1OJW/Uli1aGXVuyXsyw44/MPsL9/rJhKpCoURdBtikxlZ4vuwa2QKkW9kATa5LpgKUPLq/Zju1mgSm9cg37X1awySnlWB7IgIGyFeIw+L6EwAmRo0yhgDdEyfM2ZaUE8+HRKI0sb/74P7s9L5qwES7S/2VjUS7uRp4MM4n9Sr512HG7Sk5/eGh1WxljtnYaz90DCs6TARneJAWirfZFrw9H8l4MfI
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2018 15:07:21.2763
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 81e956b0-0aa3-4bd5-dc19-08d610e5c858
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
 b6587b75-6f1a-4db7-b0b6-5cad10ef59a7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT194
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5788043
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1080.019
X-Microsoft-Exchange-Diagnostics:
    1;BN7PR04MB4338;27:2FGIgoOHxbf0yLoDAKeN4PSQyD33e6sEKRmVVrUQfu1hQwiwq7BOoVyu4/LIwH0ZES5Y7M+BBlPZaZs9T0rVE64/pjhV4D3/W/n9IlcY2ZHpUXLsR3ONOSw3SMnnpUWtyh6hVWz4Fs9/mz4zK0BeoXPzfzZeEanfYk6QrYvIWBKSrutfYieQtnn4qVjVyGDjvc7Iw3NOT+Q6uTwQAKI1jhYOT8ocIl50ejNzWgJ8zra8Vugzu15I3egeFSFbK69p2o6tsaTSJW2LgOR9qmgl35ffhHQHbcd1fgWrIrldYrqXFRYKOvm5Gu+jWHE7hDwo9KsVb92OQw5qx3uVyC8TJje1J7wPYuCfHVmsXkzdz65Grv7FGf1scyWPZ2IwQrwraHFtlmAjOdiZLMZVXhZzy4sfoXCLXlYPj5pf5x9vnZTDnaUECrXBR7BJYvwSK0mz0TMi0kxnZQIhjegTDEtgqRFvH90R4C+a5rvxUDyajWeUnKhXQVqG76e8B/DUPuL4IggBY81phspRhH30/zK9Ih0AeGdk4aB9MbDZdB8bwpA=
X-Microsoft-Antispam-Mailbox-Delivery:
    ucf:0;jmr:0;ex:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6320004)(4923001);RF:JunkEmail;
X-Message-Info:
    qoGN4b5S4yrj5hA6ER+AykNieONlpOBLadWZwJKw+KsRWx9WH+snuGPhDehklH/rOqoKux3BrQ/vg0O1LXDlKpuVOrd1QkxNxuomSCpCS/3PblpOj34yS6kKS3LVOREF/Obu+pjLGTVhvA/s7nWx7nnsidn9FZPuSHXxR1nSF+NMNv6rBXKFx5HWuqmkeINLfaZ5tvyGw2UzcUxF13eA2Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0zO1NDTD02
X-Microsoft-Antispam-Message-Info:
    qLABvyASid6Ub8N11PWTap4QipYcYZpqZ0LrMTV560vfHk2Lr0KMhfUBeadNNpWzaxCzlNiFL6TFLD3XOjwrDxt16SHKKEhx79Gf7cDp5vdKU0H8HsiHvdRyeElcKU+sPHDKhpQLyPYVqd78UjaH/xaSQQmArOUmnVxR+9dDq7zng+Ovq9D8wlm+gD5KiMOo9mTDok2RxKNb02h+KBd6bsBBtliRxWRO0J3lXw/CH0P0pvuAzVRxRNMzSYaIOKqxs+IkHtpJrGS+c8Q+wUZL3Y1ZZffnFUQzulMuUp/JYOrP5eHIyZ7vBZut3TmZXIzA3J7zIQqesr6aGk5j2+tK82iAdMhkxVX1VRR27yYH59PumeeFqgyq3NWGmv8DbfynVMSFSx2aJ12ig2FsyQryYuAFms/vB8tAakxBQeuSArtMCqut5B3rbKahk98GlxK0bJxh4n7sBYIvUXHciFPPdgAL9wjcpGWsuXgS9q66fE0a/349awH70r4pkd0nZl6xoc++DDLixtqJJz9IDUlokI54QX97Ylw1IYUgWyok8WbKzmCipS6/vm+dVwgL94aArgy73S5E2vtdmFqscdU4Ld24P0j5DAMBd+mX2KLizKfs3Z2qjC9W33d/8F3gp6xyuSddWrxOXaKcMZ5doi0o02DlEJ3/jzs/MU678BZrKZxtp2tdwoYopga3WFAieM8rlDuPsm9YyWG64HMqvurGAA==
MIME-Version: 1.0

<!--x61b932u90m2b6f--><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><h1><center>
<a href="hTTp://g43gy43h43.ddnsking.com/7108af18649074sw8481sx28235vu1801lh1839rr?8zzo5d42g37r63f">
How To Receive A 2nd Income Without Having A 2nd Job
</a>
</center><br><center>
<a href="hTTp://g43gy43h43.ddnsking.com/7108rp18649074dr8481ja28235rt1801dv1839rr?47w0005edb7ntw3">
<img src="hTTp://g43gy43h43.ddnsking.com/UxuDd.png?ork4kulzl06mnxu">
</a>
</center><br>
<center>      
<a href="hTTp://g43gy43h43.ddnsking.com/7108vs18649074gm8481ih28235tb1801lk1839uu?1ajew5qbv0j487v">
<img src="hTTp://g43gy43h43.ddnsking.com/YgaAP.png?hqkhub26fun3qvx">
</a>
</center><!--exxlv-->
<!--6bo51--><img style="width:0px;height:0px;display:none;" src="http://g43gy43h43.ddnsking.com/7108po18649074er8481za28235md1839=&lt;lzxa6@2h22d.ewqdw.33232.allaboutservicesgoodwelcome.com&gt;"><!--7p7kc-->
</center><!--q5r99-->
<!--3o55te9e880q6ml-->

<!--8vmp6u2zb92pze8-->

 

Link to comment
Share on other sites

PLEASE do not post spam in the thread. By posting the tracking URL

  1. everyone can see the complete header and body by following the link and clicking on <View entire message>
  2. Everyone can see how the parser has handled the submitted email
  3. You do not have to manually munge you email
  4. search engines that crawl through this forum, do not see all the links in the email and by that increase the ranking of the spamvertized site.
  5. the thread does not become obnoxiously long for readers to scroll through.

If there is a message you do not want to report, you can cancel the reports and the Tracking URL is still valid.  reports are sent to cancel[at]spam....

Thank you.

Link to comment
Share on other sites

@oZoneCapHill: if I copy and past what you showed, with the hTTp:// intact, the message parses, but it doesn't look at any links.

To me, that is ok, as many times links are "innocent bystanders"...

The real problem though, is that the message can't follow the "Received:" trail and will accuse Hotmail for spamming, while the real culprit, in the above message, is aruba.it.

If you remove the topmost Received: line and parse the message, you will notice the difference.

it's that (2603:10b6:405:16::18) address that gets SpamCop (well, not really), but since none of the mail hosts are reachable and the MX for outlook.com domain is

outlook-com.olc.protection.outlook.com

and it's addresses rotate along the line of 104.47.n.33 and are not reachable either

SC will say:

2603:10b6:405:16:0:0:0:18 is not an MX for BN7PR04MB4338.namprd04.prod.outlook.com
2603:10b6:405:16:0:0:0:18 is not an MX for SN1NAM04HT194.eop-NAM04.prod.protection.outlook.com
2603:10b6:405:16:0:0:0:18 is not an MX for BN7PR04MB4338.namprd04.prod.outlook.com

and will think hotmail is the spammer...

see the difference:

with the first received line  (report would go to hotmail.com)

without the first received line  (report would go to staff.aruba.it)

 

Link to comment
Share on other sites

Thanks for looking into it, yes it seems this spammer has a way to mess with spamcop processing the email headers ( can spamcop fix this ?? ), as for the links, if you just retype the "http" part it will process and redirects to a blacklisted domain ( http://waybitz.com/uffadc47f74e6f17000/  ) that has been hosted all over the place and the current one I have written to them a few times and they haven't done anything....

http://whois.domaintools.com/waybitz.com

Reg is Tucows

and spamcop says the hosting companies are:

abuse@cbe-hosting.com

> waybitz.com

abuse@staff.aruba.it

> g43gy43h43.ddnsking.com

Link to comment
Share on other sites

  • 2 months later...

So this spammer has been using Godaddy and Aruba.it and I have been reporting the email for months and nothing. I also noticed that Godaddy doesn't have the correct email link for reporting the report, but I have also written godaddy and aruba.it and they don't do a thing about this spammer, so what gives with reports going to godaddy and what's the best way to get his new domains sh** down for spoofing, spamming and malware links.  

Link to comment
Share on other sites

What your report confirms what KnujOn  reported before they closed.  Godaddy is one of the top domain issuers and host for spammers.  Sammers keep their lights on so I would not hold my breath for affirmative action.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...