Jump to content

Spam too old to report

ortonmc

By ortonmc
in SpamCop Reporting Help

Recommended Posts

ortonmc Newbie

ortonmc

Posted
Posted

I'm not sure if this is a mailhosts problem or not, but it may be related, so here goes...

I reported a freshly received spam. SpamCop parsed it, and reported, "Sorry, this email is too old to file a spam report." Upon inspecting the headers, I found that the last Received header is dated 4 days ago. Either the spam spent 4 days sitting in a queue on an Italian server, or (more likely) the machine the spam was sent from has the date set incorrectly.

If I understand mailhosts correctly, SpamCop should be using the first Received header after the ones added by my own ISP. Had it done this, it would have found a correct date, and would not have rejected the spam as too old.

Tracking URL: http://www.spamcop.net/sc?id=z696096838zed...39177d76c4dc0fz

-Mark-

Link to comment
Share on other sites
ortonmc Newbie

ortonmc

Posted
  • Author
Posted
In your case, the "situation" is covered in the lines;

Hostname verified: outgoing1.jumpy.it

erols.com received mail from sending system 213.215.144.9

Evidently I didn't understand how the mailhost system works. Let me see if I've got it straight now.

The mailhosts system learns about my ISP's mail servers when I add my address to MH.

It also knows about certain other ISPs' mail servers that are "trusted" - i.e. the servers are known to generate correct Received headers. I don't know how it learns about these, but that doesn't really matter.

In my case, the third and fourth Received headers came from one of these "trusted" machines, so SpamCop is dead certain they are correct. If this is the case, then the spam really did languish on jumpy.it's system for >4 days... so it was too old to report before I received it.

Is that it?

-Mark-

Link to comment
Share on other sites
Jeff G. T-shirt wearing out

Jeff G.

Posted
Posted

It does appear to me that 213.215.144.9 (with rdns outgoing1.jumpy.it but calling itself mail.jumpy.it) held that mail for 4 days, 13 hours, 29 minutes, and 32 seconds. Perhaps that mailserver should no longer be a trusted mailhost.

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted

I can't claim to be a MailHost expert. But my first glance left me feeling that the Hostname verified: outgoing1.jumpy.it suggested that this was in fact part of your MailHost configuration. I'll leave it to you to set me straight on that.

It could be that this server needs to have it's clock setting synced up, something that even the Microsoft HotMail servers have been prone to do a bit too often. Not sure if the Deputies could extract this kind of data from any of the databases or past reports. Perhaps a note to giuseppe.arcoraci[at]txtpolymedia.it or

bcodutti[at]colt-telecom.it might get this looked at, if not fixed ... an upstream appears to be at tim[at]colt.net ...

And quite on the other hand, http://www.senderbase.org/?searchBy=ipaddr...g=213.215.144.9 shows traffic increasing and listed at both sorbs (spamtrap hits) and spamhaus (419 distro) .... maybe just a matter of time before a SpamCopDNSBL listing ..???

The "trusted" thing ... when a new IP comes across the SpamCop parser as a source for e-mail, it enters a probationary period of a few days. Just seen passing mail will eventually move it to the "trusted" status.

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted

New posting over in the newsgroup from another (?) user dealing with a delay between a jumpy.it server and the next server in the chain, also resulting in the "spam is too old" .... dropping a note to Deputies to take a closer look.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...