Ex_Brit Posted November 23, 2004 Author Share Posted November 23, 2004 Ellen, it does appear that at least that "Mailto" thing is definitely not a SC problem, but as to the number of bounces, well that's anyone's guess. Incredimail is interpreting emails differently, at least as far as the "title=mailto" issue is concerned. The first example is Incredimail, the second is the same spam report in OE6 (Sorry SC, I had to report the same spam twice to test this..first from "Held Mail" the second from the same item in "Trash" at SC mail). Processing spam: From: tcbeid[at]hushmail.com Subject: render traffic cameras useless! 0: Received: from unknown (192.168.1.103) by blade1.cesmail.net with QMQP; 23 Nov 2004 09:42:59 -0000 Internal handoff at SpamCop 1: Received: from unknown (HELO 216.154.195.53) (218.19.7.234) by mailgate2.cesmail.net with SMTP; 23 Nov 2004 09:42:57 -0000 No unique hostname found for source: 218.19.7.234 SpamCop received mail from sending system 218.19.7.234 2: Received: from bluebill661.cusp.tcbeid[at]hushmail.com (eligible569.tcbeid[at]hushmail.com [218.19.7.234]) by smtp-stafford.straightway.tcbeid[at]hushmail.com (Postfix) with SMTP id 43TPT104O0O for <r2d2[at]cesmail.net>; Tue, 23 Nov 2004 22:44:35 -0200 No unique hostname found for source: 218.19.7.234 warning:Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source:218.19.7.234: Cached whois for 218.19.7.234 : ipadm[at]gddc.com.cn abuse[at]gddc.com.cn anti-spam[at]ns.chinanet.cn.net hostmaster[at]ns.chinanet.cn.net Using abuse net on abuse[at]gddc.com.cn ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn," title="mailto:abuse net gddc.com.cn = ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn,">abuse net gddc.com.cn = ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net Using best contacts ctsummary[at]special.abuse.net abuse[at]gddc.com.cn" title="mailto:abuse.net" title="mailto:ctsummary[at]special.abuse.net">ctsummary[at]special.abuse.net abuse[at]gddc.com.cn">abuse.net" title="mailto:ctsummary[at]special.abuse.net">ctsummary[at]special.abuse.net abuse[at]gddc.com.cn anti-spam[at]ns.chinanet.cn.net ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net" title="mailto:ct-abuse[at]sprint.net" title="mailto:ct-abuse[at]sprint.net">ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net">mailto:ct-abuse[at]sprint.net" title="mailto:ct-abuse[at]sprint.net">ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net abuse[at]gddc.com.cn bounces (19 sent : 10 bounces) warning:Using abuse#gddc.com.cn[at]devnull.spamcop.net for statistical tracking. anti-spam[at]ns.chinanet.cn.net bounces (102 sent : 23203 bounces) warning:Using anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. warning:Yum, this spam is fresh! Message is 1 hours old 218.19.7.234 not listed in dnsbl.njabl.org 218.19.7.234 not listed in dnsbl.njabl.org 218.19.7.234 not listed in cbl.abuseat.org 218.19.7.234 listed in dnsbl.sorbs.net ( 127.0.0.10 ) /dev/null'ing report for anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net spam report id 1297736844 sent to: ct-abuse[at]abuse.sprint.net /dev/null'ing report for abuse#gddc.com.cn[at]devnull.spamcop.net May be saved for future reference: http://www.spamcop.net/sc?id=z695609148zcb...3f62f52aa37de8z ************************************************************ Processing spam: From: tcbeid[at]hushmail.com Subject: render traffic cameras useless! 0: Received: from unknown (192.168.1.103) by blade1.cesmail.net with QMQP; 23 Nov 2004 09:42:59 -0000 Internal handoff at SpamCop 1: Received: from unknown (HELO 216.154.195.53) (218.19.7.234) by mailgate2.cesmail.net with SMTP; 23 Nov 2004 09:42:57 -0000 No unique hostname found for source: 218.19.7.234 SpamCop received mail from sending system 218.19.7.234 2: Received: from bluebill661.cusp.tcbeid[at]hushmail.com (eligible569.tcbeid[at]hushmail.com [218.19.7.234]) by smtp-stafford.straightway.tcbeid[at]hushmail.com (Postfix) with SMTP id 43TPT104O0O for <r2d2[at]cesmail.net>; Tue, 23 Nov 2004 22:44:35 -0200 No unique hostname found for source: 218.19.7.234 warning:Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source:218.19.7.234: Cached whois for 218.19.7.234 : ipadm[at]gddc.com.cn abuse[at]gddc.com.cn anti-spam[at]ns.chinanet.cn.net hostmaster[at]ns.chinanet.cn.net Using abuse net on abuse[at]gddc.com.cn abuse net gddc.com.cn = ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net Using best contacts ctsummary[at]special.abuse.net abuse[at]gddc.com.cn anti-spam[at]ns.chinanet.cn.net ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net abuse[at]gddc.com.cn bounces (19 sent : 10 bounces) warning:Using abuse#gddc.com.cn[at]devnull.spamcop.net for statistical tracking. anti-spam[at]ns.chinanet.cn.net bounces (102 sent : 23203 bounces) warning:Using anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. warning:Yum, this spam is fresh! Message is 1 hours old 218.19.7.234 not listed in dnsbl.njabl.org 218.19.7.234 not listed in dnsbl.njabl.org 218.19.7.234 not listed in cbl.abuseat.org 218.19.7.234 listed in dnsbl.sorbs.net ( 127.0.0.10 ) /dev/null'ing report for anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net spam report id 1297713429 sent to: ct-abuse[at]abuse.sprint.net /dev/null'ing report for abuse#gddc.com.cn[at]devnull.spamcop.net May be saved for future reference: http://www.spamcop.net/sc?id=z695593421zf8...aaf3fabce04914z I think it's time we put this one to bed! Link to comment Share on other sites More sharing options...
Wazoo Posted November 23, 2004 Share Posted November 23, 2004 Crazy, in that using the provided Tracking URL to take a look at your "special" parser output, once again, the "problem" isn't seen on this display. Yep, it does seem to finally boil down to some certain "activation" caused by some character sequence in your e-amil app. Not that's it's a solution, but .... thanks for hanging in there and at least getting to this point. Link to comment Share on other sites More sharing options...
Ex_Brit Posted November 23, 2004 Author Share Posted November 23, 2004 Crazy, in that using the provided Tracking URL to take a look at your "special" parser output, once again, the "problem" isn't seen on this display. Yep, it does seem to finally boil down to some certain "activation" caused by some character sequence in your e-amil app. Not that's it's a solution, but .... thanks for hanging in there and at least getting to this point. 20465[/snapback] Thanks Wazoo. It's been interesting at least. Link to comment Share on other sites More sharing options...
Ellen Posted November 26, 2004 Share Posted November 26, 2004 Ellen, it does appear that at least that "Mailto" thing is definitely not a SC problem, but as to the number of bounces, well that's anyone's guess. Incredimail is interpreting emails differently, at least as far as the "title=mailto" issue is concerned. The first example is Incredimail, the second is the same spam report in OE6 (Sorry SC, I had to report the same spam twice to test this..first from "Held Mail" the second from the same item in "Trash" at SC mail). <snip> I think it's time we put this one to bed! 20461[/snapback] Hrmmm it looks like incredimail is somehow trying to reverse engineer the plain text message into some html'ish format -- how peculiar. Thanks for persevering with this, at least we now know (more or less) what is happening. So if you go back to using incredimail you can just eyeball around all the strange stuff :-) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.