shull2805@spamcop.net Posted March 8, 2005 Share Posted March 8, 2005 Yes, I'd say redundant. If you look at your own Tracking URL provided, notice the lone "X" after the Content-Type description lines. But once again, I'm still having problems with connecting this issue with the Topic Title of Thunderbird Forwarding problems ... 25134[/snapback] Wazoo, the originator of this thread is having the same problem (SpamCop can parse the headers, but says No Body is found). He thought it had something to do with Thunderbird. He was forwarding his spam as an attachment. When I saw his thread, I realized that I was having the same problem. At first, I thought it was odd that he was on a Mac and I was on a Windows PC, but we were both running Thunderbird and forwarding our spam as attachments. After trying a bunch of different ways of submitting spam, thanks to Jeff G's suggestions, it became obvious that Thunderbird was not a factor. However, at the time the thread was started, we didn't know that. The thing I find curious is why there are only two of us having this problem. I'm sure SpamCop must have a LOT of people using Thunderbird without any problems. Heck, up until about two weeks ago, I wasn't having any problems, either. That's just about the time my web hosting provider changed their POP server software. I wish the other guy who started this thread had posted a Tracking URL, it would be interesting to see if he's using the same POP server software. As far as the lone 'X' after Content Type, if you click on "View Entire Message", you can see that it's not just hanging there by itself- it's the start of 'X-Headers-Begin'. I don't know why the rest of the line wasn't displayed (bug?). Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 spamcop.net,Mar 7 2005, 09:11 PM]As far as the lone 'X' after Content Type, if you click on "View Entire Message", you can see that it's not just hanging there by itself- it's the start of 'X-Headers-Begin'. I don't know why the rest of the line wasn't displayed (bug?). Thus my previously quoted snippet from an e-mail sent upstream .... all these last samples exhibit this same issue .. the dangling "X" on the parse page as compared to the long list of X-Lines: shown in the 'full' spam ... I will also note that I do find it off that all these last samples I looked at have the Subject: line as the last item in the headers .. not that there's anything wrong with that, it's just a but of unusual in my mind. Absolutely none of my spam has ever looked like that (though also noting that I've not tried out Thunderbird either, so not sure if there's something connected there either.) Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 8, 2005 Share Posted March 8, 2005 Don't know if this helps or not, but here's a spam that got to my Inbox, and SpamCop WAS able to parse the headers and find the body: http://www.spamcop.net/sc?id=z739944905z5c...bbae7b23e4c84dz Also re: Wazoo's last comment, "Absolutely none of my spam has ever looked like that (though also noting that I've not tried out Thunderbird either, so not sure if there's something connected there either"... Let's put the Thunderbird issue to bed. I've submitted a number of spams that never saw ANY client mode email program, and SpamCop couldn't process the headers. The email I am referencing at the above Tracking URL DID make it to Thunderbird, was forwarded to SpamCop as an attachment, and WAS processed correctly. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 Not sure about the "parsed correctly" .. I wouldn't be happy with the results. The dangling "X" and the cutoff headers is still a displayed item, the parse doesn't indicate even thinking about looking at the body ...??? Julian may have made a small tweak somewhere, something else a bit different somewhere .... are you "Quick-Reporting" out of curiosity? Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 8, 2005 Share Posted March 8, 2005 I'm not sure about the proper terminology. Here's the way I use SpamCop: (1) my account at my POP server forwards to my acct at SpamCop (2) I go to webmail.spamcop.net -> Held mail and report/delete a bunch of spams There is no problem with spams reported in this manner. (2.a) If I take one of my held emails and redirect it to my submit address [at] Spamcop, that email usually dies during the parse operation, with an error that says the email has no body. (3) Occasionally, a spam is not caught by SpamCop, does not get held, and is sent to my alternate email address, where it ends up in my (Thunderbird) Inbox. (4) I forward that email as an attachment to my submit address [at] SpamCop (4.a) Most of the time, SpamCop is unhappy with the format of the emails I forwarded to my submit address [at] SpamCop; I get the error message that there is no body in the email. (4. ~Some~ emails that I forward to my submit address [at] SpamCop can be parsed correctly. (Most of the ones I get from *[at]subscribe.ru are acceptable to SpamCop.) Hope this helps clarify things. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 8, 2005 Share Posted March 8, 2005 (2.a) If I take one of my held emails and redirect it to my submit address [at] Spamcop, that email usually dies during the parse operation, with an error that says the email has no body. If you are still inside of webmail when doing this, you should be hitting the "Forward" link on the message list screen, not redirecting it. Redirection is NEVER the right answer for submitting a spam to spamcop. Also, the Forward while inside the message is not the same (does not include the headers) as the Forward from the message list. (4.) As I don't use Thunderbird, I can not help directly with the forward as attachment function. Have you tried forwarding the message to yourseld (or another account and comparing to the full message that spamcop receives? Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 Thanks to both Steven and shull2805 (would you please ask to have me change your user name here? The handle you've got now sure looks like an e-mail address <g>) With so many other folks statung that Forwarding as Attachment works just fine under Thunderbird, I'm stuck on waiting for a response from above on whether my guess at codebase changes is the missing link in this discussion. I will also agree that something is a bit strange in that no one else seems to be complaining about this, though with all the recent problems with spammers using the liquid DNS modes, maybe lots of people are lumping that into the mix ... if I'm right about it being JT's implementation of the specific "Header Begins/Header Ends" lines, then it may also be that it's only SpamCop e-mail account users and a majority of them are using Quick-Report mode which only goes after the source of the e-mail so the lack of a body parse is no surprise.????? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 8, 2005 Share Posted March 8, 2005 if I'm right about it being JT's implementation of the specific "Header Begins/Header Ends" lines, then it may also be that it's only SpamCop e-mail account users and a majority of them are using Quick-Report mode which only goes after the source of the e-mail so the lack of a body parse is no surprise.?????I will say that while I use IE, I have no problems forwarding for full reporting from spamcop email any message that slips by the filters (about 1-2/day). I would think that the web browser being used would not affect that unless there is some small problem with Thunderbird dropping bits or something. Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 8, 2005 Share Posted March 8, 2005 If you are still inside of webmail when doing this, you should be hitting the "Forward" link on the message list screen, not redirecting it. Redirection is NEVER the right answer for submitting a spam to spamcop. Also, the Forward while inside the message is not the same (does not include the headers) as the Forward from the message list. As I don't use Thunderbird, I can not help directly with the forward as attachment function. Have you tried forwarding the message to yourseld (or another account and comparing to the full message that spamcop receives? 25157[/snapback] Steven, to answer your questions, 1) I do not know the difference between redirecting an email and forwarding it as long as you're staying within the SpamCop domain. Nor do I have any idea why forwarding while viewing an individual message should be any different than forwarding from the message list. It seems like there are multiple ways of doing things, and the implications and nuances aren't obvious. If there is an approved way of getting spam from my Held Email to my submission address, please let me know. Also, if these differences are documented somewhere, please excuse my ignorance; I would appreciate it if you could direct me to the proper document. 2) I just forwarded the same spam from my (Thunderbird) Inbox to my yahoo mail account and to my submit address [at] SpamCop. Everything looks OK in yahoo, but the header display doesn't allow you to view the raw MIME source, it switches to HTML and displays it according to the message formatting. But the part of the headers I could see was identical to the info that SpamCop displayed. FWIW, SpamCop said it could not find the message body for this spam, either. Tracking URL=http://www.spamcop.net/sc?id=z740104199z39725112f283b31f87b02d3e422d3f3cz Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 Last Tracking URL ... same issue ... and still nothing from above ... SpamCop E-Mail account submittal stuff ... check the Forum FAQ, Pinned items in the E-Mail account Forum ...???? Yahoo settings ... I seem to recall typing up an entry on submitting from a Yahoo account ... take a look in the "How to use ...." Forum and see of that helps in "looking" at your e-mail there .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 9, 2005 Share Posted March 9, 2005 1) I do not know the difference between redirecting an email and forwarding it as long as you're staying within the SpamCop domain. Nor do I have any idea why forwarding while viewing an individual message should be any different than forwarding from the message list. It seems like there are multiple ways of doing things, and the implications and nuances aren't obvious. If there is an approved way of getting spam from my Held Email to my submission address, please let me know. Also, if these differences are documented somewhere, please excuse my ignorance; I would appreciate it if you could direct me to the proper document. I know I have written this before but could not find it in the FAQ. From within the webmail folders, there are several similiarly named features that operate differently, depending on where you are in the application. If you are in the message list view of one of the folders, the view that shows the message number, date, from, subject, and size, and hit the "Forward" link with at least one message checked, a new message will be created with a blank body and a (message/rfc822) attachment for each of the checked messages. This message can then be forwarded to the submit address. If you are within a message and hit the "Forward" link, a new message will be created with minimal headers and the message inside the body of the new message. This will not work for spamcop because the full headers are NOT included. If you are within a message and hit the "Redirect" link, a new window will be created with the words "Redirect this message" and a blank line to enter the address to redirect the message to. This will not work for spamcop because the full headers or the existing message will be merged with any headers to get the message from webmail to the submit address. The message will look like it was sent directly from the spammer to the submit address and spamcop wil not be able to determine where the original headers end and the new headers start. The reasons for the differences are that some links are default to the application and some have been modified/added to suit spamcops purpose. As with any tool, you should learn how to use it carefully before jumping in with both feet. That includes testing with a message or two watching carefully what happens with them then seeing which work and which do not. Good luck and please post back and additional questions. Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 9, 2005 Share Posted March 9, 2005 Steven, thank you for your explanation. When I am viewing the list of held email, if I check one of the spams and select "forward", nothing happens. Actually, that's not quite true. I see the hourglass indicating something is going on, and in the bottom left of my browser window it says I'm waiting on webmail.spamcop.net, then the message changes to say it's transferring data from webmail.spamcop.net, but when it's through, I'm left right where I started, there is no new box that pops up asking me where I want to forward the email to, or anything like that. I tried using "forward" from within the list of held email using both IE and Firefox; neither one allowed me to forward held email. This is why I went into an individual message and used "redirect". Also, I found some interesting spam in my Inbox. When I submitted them to SpamCop, they have the suspicious, dangling X as the last line of the parser's display. However, SpamCop WAS able to find the body of the spam and make it ready for reporting. See: http://www.spamcop.net/sc?id=z740215930z1f...78fc7d5d03aba3z http://www.spamcop.net/sc?id=z740303335z91...a5a5bc7e62bc88z http://www.spamcop.net/sc?id=z740303448z37...457f5db76aacf6z So maybe the lone 'X' is not significant. Link to comment Share on other sites More sharing options...
Jeff G. Posted March 9, 2005 Share Posted March 9, 2005 IIRC, SpamCop Webmail needs both java scri_pt and Popups allowed end-to-end (Server to Browser) in order for the forward as attachment function to work, because that function uses java scri_pt to create a Popup window for drafting the forwarded message. I have never had a problem that I could attribute to having allowed SpamCop Webmail to display java scri_pt and Popups on my systems. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 9, 2005 Share Posted March 9, 2005 Also, make sure you disable any pop up blockers for the site. Link to comment Share on other sites More sharing options...
Jeff G. Posted March 9, 2005 Share Posted March 9, 2005 Sorry, did I make it too difficult to infer "Please disable all Popup Blockers for SpamCop Webmail"? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 9, 2005 Share Posted March 9, 2005 Sorry, I read "SpamCop Webmail needs both java scri_pt and Popups allowed end-to-end" as "SpamCop Webmail needs java scri_pt allowed end-to-end " My bad. Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 9, 2005 Share Posted March 9, 2005 Steven & Jeff, thanks for the tip on disabling popups. I was able to go into my held email, and forwarded two of the spam from the list to my submit account [at] SpamCop. Unfortunately, SpamCop wasn't able to find the body of either email. http://www.spamcop.net/sc?id=z740367444zbf...2ecb8074858b85z http://www.spamcop.net/sc?id=z740367535zfd...8228575ac07239z Link to comment Share on other sites More sharing options...
Jeff G. Posted March 9, 2005 Share Posted March 9, 2005 You're welcome. Link to comment Share on other sites More sharing options...
Wazoo Posted March 9, 2005 Share Posted March 9, 2005 shull2805 - there has to be something more to the story. Your post with three Tracking URLs - you say parsed fine - I don't see any sign of the body being looked at ...??? Your post with two Tracking URLs - both of these have had Header lines that appear to have been manipulated .. especially when comparing these to your previous examples ... notice the strange postioning of the X-Headers-Begin: and X-Headers-End: (noting that the Subject Line: is also co-located) .. and then noting that these last two offer up your "problem with the body" error message. Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 9, 2005 Share Posted March 9, 2005 shull2805 - there has to be something more to the story. Your post with three Tracking URLs - you say parsed fine - I don't see any sign of the body being looked at ...??? Your post with two Tracking URLs - both of these have had Header lines that appear to have been manipulated .. especially when comparing these to your previous examples ... notice the strange postioning of the X-Headers-Begin: and X-Headers-End: (noting that the Subject Line: is also co-located) .. and then noting that these last two offer up your "problem with the body" error message. 25193[/snapback] I'm not sure I understand what you are trying to say. Let's look at the 1st URL from my post with the 3 URLs: do you see the following lines: X-Source-Dir: X <blank line> View entire message Parsing Header - - - Isn't this the dangling 'X' that seemed suspicious? All three of the tracking URLs had the same dangling 'X'. As far as you not seeing any sign that the body had been looked at, if you look a little further down, you will see the line that says, "Reports regarding this spam have already been sent". The fact that SpamCop was able to send the reports seems a clear indication that it had no problem finding the body of the email. So here we have 3 instances of emails with the dangling 'X' that were successfully submitted for reporting. This suggests (to me, anyway) that the dangling 'X' is not a factor. I have figured out that the larger spams I get (e.g. larger than 20 or 30 KB) are sent from a different source than most of the other ones. SpamCop is happy with the big spams, not happy with the smaller ones. In my message with 3 tracking URLs, those 3 messages were the 3 largest in my held mail folder. (I released them, sent them to my Inbox, and they were forwarded to my submit account.) As far as your comment that the post with two tracking URLs has headers that appear to be manipulated, I can assure you that I did not manipulate the headers. If you'd like to PM me, I'll give you my password, and let you log into my account. You can verify for yourself that the problem exists, and has nothing to do with me, or any of the software running on my PC. I'm offended by the implication that I have done something to manipulate the headers. What would I have to gain by doing that? If the headers were manipulated, they came to me that way. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 9, 2005 Share Posted March 9, 2005 The fact that SpamCop was able to send the reports seems a clear indication that it had no problem finding the body of the email. No, as Wazoo mentioned, these look like they were submitted for quick reporting which does not attempt to parse the body of the messages. What your test seems to indicate is that the quick reporting module does not have a problem with these messages. It would seem strange however if quick reporting would accept messages without bodies. I will test that theory tomorrow where I have more control over what I forward. On second thought, I don't want to test the theory with quick reporting because there is no way to cancel the report and to remove the body would definitely fall under the modification rule of spamcop. If we get word from you that all those without the error problem were quich reports, perhaps we should kick a note up to the deputies on at least that aspect of it. Please recap EXACTLY how you submit any tracking URL as it only seems to be you experiencing this problem. Link to comment Share on other sites More sharing options...
shull2805@spamcop.net Posted March 10, 2005 Share Posted March 10, 2005 <snip> Please recap EXACTLY how you submit any tracking URL as it only seems to be you experiencing this problem. 25230[/snapback] I just went to http://webmail.spamcop.net/horde/imp/mailb...INBOX.Held+Mail and viewed a huge list of held email. The two top items in the list appear to be identical, I assume they are to two different aliases at my domain. I select the first item in the list and check its box. At the top of the list are several actions: Delete | Forward | Report as spam | Release | Release and Whitelist. I choose Report as spam. A dialog box pops up and asks if I am sure I want to report this as spam. I select YES, and off it goes. SpamCop is happy with reporting spam this way, a report gets sent to the appropriate parties. http://www.spamcop.net/sc?id=z740492137zbe...338df66e23fc69z Now I take the second spam from the huge list. As mentioned, this should be very similar to the one just described. However instead of selecting "Report as spam", I choose "Forward" for this particular email. Next, I put in my submit address [at] Spamcop.net and send it on. After waiting for the message to be processed, I go to the "Report spam" tab of http://mailsc.spamcop.net/. I am told that I have unreported spam waiting, and I click "Report Now". At this point, I see that this particular spam could not be processed because it apparently did not have a body. http://www.spamcop.net/sc?id=z740496126z29...66faac53668429z Since I did not delete the second spam from the list of held email, it is still in the list. (http://webmail.spamcop.net/horde/imp/mailbox.php?mailbox=INBOX.Held+Mail). So, I will Release it to my client email program. I select the "Release" option and it is sent it to my filtered, spamfree account on my PC. Now, when I execute my client email software, I have received the spam that was just released from SpamCop. Just like any other spam that makes it through SpamCop, I want to report it. So, I select the message, and forward it to my SpamCop submit address as an attachment.. At this point, SpamCop has received the email I sent to my submit address. I go to http://mailsc.spamcop.net/ and see that I have unreported spam waiting. Clicking on "Report Now", I see that SpamCop is unable to report this spam because it thinks the email body is missing. http://www.spamcop.net/sc?id=z740500943z78...f17dddc195e811z To recap: I found 2 spams in my held email that appeared to be very similar: same author, same size, same date & time, same title. One of them is sent to be reported using the link on the held email page, SpamCop parses the message correctly and sends reports to the appropriate parties. The second spam, which is VERY similar to the first, gets processed two different ways. The first thing I tried was to Forward it to my submit account. The second thing I tried was to Release it, then when it got to my PC, it was forwarded back to my submit account at SpamCop. SpamCop was unhappy with both of the submissions. There's not a problem with email that gets held at SpamCop. If it's spam, I just click on the link to Report it and it gets reported. The problem I have is that about 5 to 10% of the spam I receive isn't caught by SpamCop,and ends up in my Inbox. Then, when I try to report it, 99% of the time SpamCop says it can't be reported, because the email doesn't have a body. Which is total BS. It's a bug in SpamCop. Link to comment Share on other sites More sharing options...
Wazoo Posted March 10, 2005 Share Posted March 10, 2005 spamcop.net,Mar 9 2005, 05:37 PM]I'm not sure I understand what you are trying to say. Not sure how to get more specific. I pointed to the lines; X-Headers-Begin: X-Headers-End: and added "(noting that the Subject Line: is also co-located)" These lines are in different locations between the spam you say parsed and the spam you say errored out. It's not known to me what determines the placement of those lines and why it would change between e-mails .. thus the 'manipulation' word. All three of the tracking URLs had the same dangling 'X'. As stated before, I can't run down that path as I don't have the codebase in front of me to determine why the displayed header block is stopping at the lone "X" .... I can only work with what I do know, what I see, and what I can experiment with to fill in the gaps. I've already mentioned having a small problem with your first sample of a header provided here parsing for me when I copied it into a new construct at this end. (However, this is also a known issue ... between the copying and pasting and copying and editing and .... whatever the original problem was tends to disappear during this type of analysis .. which is why 'we' keep asking to see the Tracking URL) As far as you not seeing any sign that the body had been looked at, if you look a little further down, you will see the line that says, "Reports regarding this spam have already been sent". The fact that SpamCop was able to send the reports seems a clear indication that it had no problem finding the body of the email. There's the parsing/reporting of the source, then there's the parse/reporting of body content (or the comnplaints abou the problems with the body contant/construct) ... So here we have 3 instances of emails with the dangling 'X' that were successfully submitted for reporting. This suggests (to me, anyway) that the dangling 'X' is not a factor. Your samples were not submitted with the "dangling X" .... There is something going between your submittal, the actual parse, and the displayed results, which is where the lone "X" is showing up. As far as your comment that the post with two tracking URLs has headers that appear to be manipulated, I can assure you that I did not manipulate the headers. If you'd like to PM me, I'll give you my password, and let you log into my account. You can verify for yourself that the problem exists, and has nothing to do with me, or any of the software running on my PC. I'm offended by the implication that I have done something to manipulate the headers. What would I have to gain by doing that? If the headers were manipulated, they came to me that way. I don't recall saying anything that implied that you specifically were doing any manipulation. You've described several paths for your spam to make it to the parsing stage. You've mentioned a few different ways of handling some items. You've mentioned some spam traversing several systems prior to reporting. The only word I could come up with at the time was "manipulation" .. as something placed the specific lines mentioned in different spots within the headers of different spams/e-mails. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 10, 2005 Share Posted March 10, 2005 Your first example has been quick reported even though I don't beleive it should have been as you do not seem to have mailhosts configured. You will notice there are no references to the body of the spam. Your second example is clearly being submitted for full reporting. Could you also try to forward this message to quick reporting simply by replacing the submit with quick since it seems to be enabled for your account? That would simulate what seems to be happening when you hit the Report as spam link. I found 2 spams in my held email that appeared to be very similarThey are in fact identical, down to the message ID. Then, when I try to report it, 99% of the time SpamCop says it can't be reported, because the email doesn't have a body. Which is total BS. It's a bug in SpamCop.You are not reporting the same things. Quick reporting does nothing with the body of spam, only looking for the source. Thsi does seem to be a bug between the two different types of submissions, seeming to indicate that either quick reporting will accept messages with no body or that the body test is different between the two paths. Let's leave the forwarding from your local email client alone for the moment and see if we can get this issue investigated. Since you are getting the same results from both sources, that might resolve the second problem as well. This body reporting may still be something being introduced by webminders.com servers as all those headers still look strange, including having mx.webminders.com receiving the same message twice from different sources. Received: from [66.165.106.111] by mx.webminders.com [10.1.0.101] with SmartMax MailMax for x; Wed, 09 Mar 2005 20:50:10 -0500 Received: from [203.232.40.200] (helo=modelmaker.demon.nl) by mx.webminders.com with smtp (Exim 4.34) id 1D9CoR-0000Er-IT; Wed, 09 Mar 2005 20:50:09 -0500 One more thing, you could successfully report these via quick reporting even if emailing to quick.x does not work if you could transfer them via IMAP back to your inbox or another folder and use the Report as spam link. However, I must also caution you against using quick reporting without having configured Mailhosts, which is designed to reduce the change of reporting your own mail servers and finding the correct sources. *Edit* My mistake, mailhosts do seem to be configured here. Ignore any reference to tem not being setup. Email has been bumped up to deputies to check out the difference between quick and full reporting. Link to comment Share on other sites More sharing options...
Wazoo Posted March 10, 2005 Share Posted March 10, 2005 Your last "exact method of submitting" eplains exactly what I was just trying to talk about .... Tracking URL #1; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Headers-Begin: 1D9CoR-0000Er-IT X-Virus-Scan: YES X-Headers-End: 1D9CoR-0000Er-IT Subject: blowin your load too fast?'` X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade6 X-spam-Level: *********** X-spam-Status: hits=11.6 tests=MSGID_DOLLARS,URIBL_AB_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL version=3.0.0 X-SpamCop-Checked: 192.168.1.103 66.165.106.101 66.165.106.111 10.1.0.101 203.232.40.200 X-SpamCop-Disposition: Blocked korea.services.net Tracking URL #2; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Headers-Begin: 1D9CoR-0000Er-IT X-Virus-Scan: YES X-Headers-End: 1D9CoR-0000Er-IT Subject: blowin your load too fast?'` X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade3.cesmail.net X-spam-Level: *********** X-spam-Status: hits=11.6 tests=MSGID_DOLLARS,URIBL_AB_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL version=3.0.0 X-SpamCop-Checked: 192.168.1.103 66.165.106.101 66.165.106.111 10.1.0.101 203.232.40.200 X-SpamCop-Disposition: Blocked korea.services.net Tracking URL #3; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Headers-Begin: 1D9CoR-0000Er-IT X-Virus-Scan: YES X-Headers-End: 1D9CoR-0000Er-IT X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade3.cesmail.net X-spam-Level: *********** X-spam-Status: hits=11.6 tests=MSGID_DOLLARS,URIBL_AB_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL version=3.0.0 X-SpamCop-Checked: 192.168.1.103 66.165.106.101 66.165.106.111 10.1.0.101 203.232.40.200 X-SpamCop-Disposition: Blocked korea.services.net X-Headers-Begin: 1D9EXv-0007uG-Py X-spam-Flag: NO X-spam-Level: / X-spam-Score: 0.0 (0) X-spam-Report: NO hits=0.0 reqd=7.0 tests= X-Virus-Scan: YES X-Headers-End: 1D9EXv-0007uG-Py Subject: blowin your load too fast?'` #1 and #2 look the same (I think) but #3 is a lot different. There's my "manipulation" thing in action. And to really confuse the issue (or point it back to my suspected codebase issue) .. here's a Tracking URL of a parse ran from a copy of your first but deleting the following lines from the header; X-Headers-Begin: 1D9CoR-0000Er-IT X-Virus-Scan: YES X-Headers-End: 1D9CoR-0000Er-IT http://www.spamcop.net/sc?id=z740510176z55...a7ff4495fdb756z Please notice the complete parse of both source and body contents in the results. Follow-up/Second request for help sent upstream .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.