Jump to content

Spam that messes with SC reporting


dzaidle

Recommended Posts

The spam below seems to put SC reporting into a recirsive loop. It keeps looping back to the same report every time you hit the SEND REPORTS button.

Received: from SMTP32-FWD by fishgame.com

(SMTP32) id A46660B6F00409D82; Tue, 1 Mar 2005 04:39:45 -0600

Received: from CRAIGDESKTOP [199.72.19.116] by fishgame.com

(SMTPD32-8.15) id A666B6F0040; Tue, 01 Mar 2005 04:39:34 -0600

Received: from steep.spray.no ([209.112.227.200])

by downing.pinmail.com (Sun Java System Messaging Server 6.1 HotFix 0.08 (built Aug 21 2004)) with ESMTP id <0I6A00II031KE96[at]downing.pinmail.com> for

flyfishing[at]fishgame.com (ORCPT flyfishing[at]fishgame.com); Tue, 01 Mar 2005 07:30:31 -0300 (IST)

Received: from theretofore

(linkage.spray.no [216.139.1.222] (may be forged))

by steep.spray.no (MOS 3.5.5-GR) with ESMTP id DET74527 (AUTH ambivalent) ; Tue, 01 Mar 2005 12:36:31 +0200 (IST)

Date: Tue, 01 Mar 2005 06:36:31 -0400

From: "Nicholas Duran" <sbpxxx[at]thevine.net>

Subject: Sterling balance sheet strengthens underpriced stock

To: <flyfishing[at]fishgame.com>

References: <%RND_ALFABET[at]spray.no>

In-Reply-To: <%RND_ALFABET[at]spray.no>

Message-ID: <079776860358.MXV02639[at]eugenic.pinmail.com>

MIME-Version: 1.0

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: 7Bit

X-RCPT-TO: <dzaidle[at]fishgame.com>

Status: U

X-UIDL: 399337047

Link to comment
Share on other sites

1. Are the headers of all the messages the same (specifically the message id)?

2. Are you sure you have not submitted the message several times?

3. Are you using the beta webmail application (there was a problem where there were multiple submissions made but that link was removed shortly after being discovered (and has not been re-enabled as far as I know).

Also, please do not post spam messages here. Please post a tracking URL for one of these so we can access the raw data if we are interested. I have removed the body of the spam.

Link to comment
Share on other sites

1. Are the headers of all the messages the same (specifically the message id)?

2. Are you sure you have not submitted the message several times?

3. Are you using the beta webmail application (there was a problem where there were multiple submissions made but that link was removed shortly after being discovered (and has not been re-enabled as far as I know).

Also, please do not post spam messages here.  Please post a tracking URL for one of these so we can access the raw data if we are interested.  I have removed the body of the spam.

24929[/snapback]

First, apologies for the protocol faux pas.

1. No, each is unique.

2. Yes, quite certain.

3. I do not think so. Besides, I have been reporting spam the same way (emailed as attachedments) for a couple of years, and this is the first (and only) time I have seen this problem.

Link to comment
Share on other sites

1. Are the headers of all the messages the same (specifically the message id)?

2. Are you sure you have not submitted the message several times?

3. Are you using the beta webmail application (there was a problem where there were multiple submissions made but that link was removed shortly after being discovered (and has not been re-enabled as far as I know).

Also, please do not post spam messages here.  Please post a tracking URL for one of these so we can access the raw data if we are interested.  I have removed the body of the spam.

24929[/snapback]

Here is a tracking URL

http://www.spamcop.net/sc?id=z737703421zae...f091f0a83da4e9z

Link to comment
Share on other sites

1. Are the headers of all the messages the same (specifically the message id)?

1. No, each is unique.

If each set of headers is unique, then you are not seeing a recursive loop, you are seeing a number of similiar messages all waiting to be reported.

What looks like is happening is that spamcop is not trusting [199.72.19.116]'s headers because "199.72.19.116 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays" and sending all reports to the administrator of that address. If that is your machine or that of your ISP, you should immediately configure your mail hosts to tell spamcop what servers are expected for your messages.

Link to comment
Share on other sites

If each set of headers is unique, then you are not seeing a recursive loop, you are seeing a number of similiar messages all waiting to be reported.

What looks like is happening is that spamcop is not trusting [199.72.19.116]'s headers because "199.72.19.116 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays" and sending all reports to the administrator of that address.  If that is your machine or that of your ISP, you should immediately configure your mail hosts to tell spamcop what servers are expected for your messages.

24951[/snapback]

There were three messages with unique headers. I clicked though the reporting system at least EIGHT times for the same message(s). I re-reported one of the messages, and it still did the same thing, as if the report was not clearing the message from the queue.

I suspect it may have something to do with (a) the message source not accepting SpamCop reports, (B) the message source being the only recipient of the report, and © not allowing reports to be sent to Cyveilance.

Link to comment
Share on other sites

OK, That is different information than "No, Each is unique"

I suspect it may have something to do with (a) the message source not accepting SpamCop reports, ( [cool.gif]  the message source being the only recipient of the report, and © not allowing reports to be sent to Cyveilance.

a, b, and c are not unique settings. Lots of sites do not accept spamcop reports (they go to devnull instead). LOTS of people do not send their messages to Cyveilance.

It is possible that these spams are stuck in the parser. To clear them, you will need to remove all unreported spam. You could then try the same spam again. If the problem repeats, send the tracking URL to deputies<at>spamcop.net so they can try to see what is causing the problem.

Link to comment
Share on other sites

OK, That is different information than "No, Each is unique"

a, b, and c are not unique settings.  Lots of sites do not accept spamcop reports (they go to devnull instead).  LOTS of people do not send their messages to Cyveilance.

It is possible that these spams are stuck in the parser.  To clear them, you will need to remove all unreported spam.  You could then try the same spam again.  If the problem repeats, send the tracking URL to deputies<at>spamcop.net so they can try to see what is causing the problem.

24955[/snapback]

I have sent the link to the deputues.

Thanks for the help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...