Ricardo_63 Posted July 21, 2020 Share Posted July 21, 2020 It seems some mails could not be report because can’t find such information as; source ip address. Question; Spamcop on reporting spam system is not updated to such kind of issues? Quote Link to comment Share on other sites More sharing options...
petzl Posted July 21, 2020 Share Posted July 21, 2020 5 hours ago, Ricardo_63 said: It seems some mails could not be report because can’t find such information as; source ip address. Question; Spamcop on reporting spam system is not updated to such kind of issues? Would help if you copy and pasted the "Tracking URL" Looks like you are not getting full headers? Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 22, 2020 Author Share Posted July 22, 2020 14 hours ago, petzl said: Would help if you copy and pasted the "Tracking URL" Looks like you are not getting full headers? Thanks!!! I paste spam mail code and spamcop process spam report Received spam mail code Return-path: <investor@bit.com> Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) id 1hYpA1-0003xK-Q2 for mbpause@zeop.re; Wed, 10 Jun 2021 15:41:07 GMT +0300 Message-ID: <285019b54194beba0603b519f7b399b340d04f@bk.ru> From: "BTC Investor" <investor@bit.com> To: mcgrath@arnet.com.ar Subject: Bitcoin is on the move! Date: Wed, 15 Jun 2021 15:41:07 GMT +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="803871dd29fcd6d26e6bdd719fdbf1db30ff16" Authentication-Results: smtp50.i.mail.ru; auth=pass smtp.auth=investor@bit.com smtp.mailfrom=investor@bit.com X-77F55803: E14BCC6235C710295A78504BD2AC2941F05A5EBCEA5E0924C1AE6AD3D51F1C79E91994FEA9EFF733665C54954CA5BF1E X-7FA49CB5: 0D63561A33F958A583E8EE167FA1EAFAC1E5EFFA54989DA7D22C7E9AD9851E3E8941B15DA834481FA18204E546F3947C1D471462564A2E19F6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8B2EE5AD8F952D28FBA471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249DE948F92AE8D0DCE3AA81AA40904B5D9CF19DD082D7633A093541453170D46FCD81D268191BDAD3D78DA827A17800CE7FBD191866EBACF7ECD04E86FAF290E2DBBC930A3941E20C675ECD9A6C639B01B78DA827A17800CE7110FAF72A7DF85C008631BAA6C15472E75ECD9A6C639B01B4E70A05D1297E1BBC6867C52282FAC85B5698D31FB5189B627F269C8F02392CD5571747095F342E88FB05168BE4CE3AF X-Mailru-Sender: 6EE70079D60A78E3C1F74EC65A080FA3E02F15DF162A3F62FB77C500AF1DDCF1B190A9C544053B290B8E95FCF4F44778A3A5FE8BFD2D97DF9E384AEAC48947C982BADC8C81B4096447D07AD2EF2904BEEAB4BC95F72C04283CDA0F3B3F5B9367 X-Mras: OK X-Senderinfo: 29858 X-Mailru-Intl-Transport: d,952411a --803871dd29fcd6d26e6bdd719fdbf1db30ff16 Content-Type: multipart/alternative; boundary="ab5118b44195b724f8fdb40266b2be30f63d" --ab5118b44195b724f8fdb40266b2be30f63d Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Good day. Did you know that the prices of Bitcoin have been steadily increasing? A = lot of people have missed it and it hasn=E2=80=99t been covered by the in= ternational press. However, for those in the loop, they know that making = an investment now could be the best decision of their lives. Want to try it out for yourself and see what happens when Bitcoin takes o= ff? Then there=E2=80=99s now a new platform which makes investing in Bitc= oin, easier than ever. Sign up now and see just how quick and easy it is to start trading Bitcoi= n today! Your new life is just around the corner, BTC Investor News --ab5118b44195b724f8fdb40266b2be30f63d Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8"> </HEAD> <BODY bottomMargin=3D5 leftMargin=3D5 rightMargin=3D5 topMargin=3D5=20 bgColor=3D#ffffff><FONT color=3D#000000 size=3D2 face=3D"Courier New"> <DIV align=3Dcenter> <TABLE borderColor=3D#000000 cellSpacing=3D0 cellPadding=3D0 border=3D0> <TBODY> <TR vAlign=3Dtop> <TD width=3D529><FONT color=3D#000000 size=3D2 face=3D"Courier New"> <DIV align=3Dcenter><FONT size=3D3 face=3DArial><A=20 href=3D"http://1111111111.bmetrack.com/c/l?u=3DA6E30D0&e=3D107A252&c= =3D12A1ED&t=3D1&l=3D4451B429&email=3Daaaaaaaaaaaaaaaaaaaaaaaaaaaaa&seq=3D1"= ><IMG=20 border=3D0 hspace=3D0 alt=3D"" src=3D"cid:c9a020ed3c63dcb55532697bf@b= k.ru" width=3D185 height=3D66=20 3D0></A></FONT></DIV> <DIV><FONT size=3D3 face=3DArial></FONT> </DIV> <DIV><FONT size=3D3 face=3DArial>Good day.<BR><BR>Did you know that t= he prices of Bitcoin have been steadily increasing? A lot of people have mi= ssed it and it hasn=E2=80=99t been covered by the international press. Howe= ver, for those in the loop, they know that making an investment now could b= e the best decision of their lives. </FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3 face=3DArial>Want to try it out for yourself and = see what happens when Bitcoin takes off? Then there=E2=80=99s now a new pla= tform which makes investing in Bitcoin, easier than ever. <BR><A=20 href=3D"http://1111111111.bmetrack.com/c/l?u=3DA6E30D0&e=3D107A252&c= =3D12A1ED&t=3D1&l=3D4451B429&email=3Daaaaaaaaaaaaaaaaaaaaaaaaaaaaa&seq=3D1"= ><STRONG>Sign=20 up now</STRONG></A> and see just how quick and easy it is to start tr= ading=20 Bitcoin today!</FONT></DIV> <DIV> </DIV> <DIV><FONT size=3D3 face=3DArial>Your new life is just around the cor= ner,=20 <BR>BTC Investor News</FONT></DIV> <DIV><FONT size=3D3 face=3DArial></FONT> </DIV> <DIV align=3Dcenter><FONT size=3D3 face=3DArial><A=20 href=3D"http://1111111111.bmetrack.com/c/l?u=3DA6E30D0&e=3D107A252&c= =3D12A1ED&t=3D1&l=3D4451B429&email=3Daaaaaaaaaaaaaaaaaaaaaaaaaaaaa&seq=3D1"= ><IMG=20 border=3D0 hspace=3D0 alt=3D"" src=3D"cid:2a0787df29bcbddb9a48c4b142@= bk.ru" width=3D92=20 height=3D44></A></FONT></DIV> <DIV><FONT size=3D3=20 face=3DArial></FONT> </DIV></FONT></TD></TR></TBODY></TABLE></DIV></FO= NT> <IMG width=3D1 height=3D1 alt=3D"" src=3D"https://www.nhuadongnai.vn/wp-con= tent/uploads/2020/04/sh_v.php?sub=3D777&mail=3Dmcgrath@arnet.com.ar"> </BODY></HTML> --ab5118b44195b724f8fdb40266b2be30f63d-- --803871dd29fcd6d26e6bdd719fdbf1db30ff16 Content-Type: image/png; name="k.png" Content-Transfer-Encoding: base64 Content-ID: <c9a020ed3c63dcb55532697bf@bk.ru> iVBORw0KGgoAAAANSUhEUgAAALkAAABCCAYAAAAL+HeGAAABzmlUWHRYTUw6Y29tLmFkb2JlLnht cAAAAAA…………………………….== --803871dd29fcd6d26e6bdd719fdbf1db30ff16 Content-Type: image/png; name="zvky.png" Content-Transfer-Encoding: base64 Content-ID: <2a0787df29bcbddb9a48c4b142@bk.ru> iVBORw0KGgoAAAANSUhEUgAAAFwAAAAsCAYAAADozd+ZAAAAAXNSR0IArs4c6QAAAARnQU1BAACx ……………………….OBkJJyPhVJz7AW1C+hK3OhilAAAAAElFTkSuQmCC --803871dd29fcd6d26e6bdd719fdbf1db30ff16-- Spamcop spam process returned page info SpamCop v 5.1.0 © 2020 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6642947923z6d9895034f835eced8ac22b50e215d41z Skip to Reports Return-path: <investor@bit.com> Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) id 1hYpA1-0003xK-Q2 for x; Wed, 10 Jun 2021 15:41:07 GMT +0300 Message-ID: <2850______________________________d04f@bk.ru> From: "BTC Investor" <investor@bit.com> To: x Subject: Bitcoin is on the move! Date: Wed, 15 Jun 2021 15:41:07 GMT +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="803871dd29fcd6d26e6bdd719fdbf1db30ff16" Authentication-Results: smtp50.i.mail.ru; auth=pass smtp.auth=investor@bit.com smtp.mailfrom=investor@bit.com X-77F55803: E14BCC6235C710295A78504BD2AC2941F05A5EBCEA5E0924C1AE6AD3D51F1C79E91994FEA9EFF733665C54954CA5BF1E X-7FA49CB5: 0D63561A33F958A583E8EE167FA1EAFAC1E5EFFA54989DA7D22C7E9AD9851E3E8941B15DA834481FA18204E546F3947C1D471462564A2E19F6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8B2EE5AD8F952D28FBA471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249DE948F92AE8D0DCE3AA81AA40904B5D9CF19DD082D7633A093541453170D46FCD81D268191BDAD3D78DA827A17800CE7FBD191866EBACF7ECD04E86FAF290E2DBBC930A3941E20C675ECD9A6C639B01B78DA827A17800CE7110FAF72A7DF85C008631BAA6C15472E75ECD9A6C639B01B4E70A05D1297E1BBC6867C52282FAC85B5698D31FB5189B627F269C8F02392CD5571747095F342E88FB05168BE4CE3AF X-Mailru-Sender: 6EE70079D60A78E3C1F74EC65A080FA3E02F15DF162A3F62FB77C500AF1DDCF1B190A9C544053B290B8E95FCF4F44778A3A5FE8BFD2D97DF9E384AEAC48947C982BADC8C81B4096447D07AD2EF2904BEEAB4BC95F72C04283CDA0F3B3F5B9367 X-Mras: OK X-Senderinfo: 29858 X-Mailru-Intl-Transport: d,952411a View entire message Parsing header: Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) id 1hYpA1-0003xK-Q2 for x; Wed, 10 Jun 2021 15:41:07 GMT +0300 no from Ignored No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. Quote Link to comment Share on other sites More sharing options...
petzl Posted July 22, 2020 Share Posted July 22, 2020 9 hours ago, Ricardo_63 said: Return-path: <investor@bit.com> Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) id 1hYpA1-0003xK-Q2 Came from 94.100.177.110 abuse[AT]corp.mail[DOT]ru Not seeing your received IP your receiving email server?Add/edit your mailhost configuration log in to SpamCop click TAB MailhostsBefore you Submit a spam Top of page is tracking URL - examplehttps://www.spamcop.net/sc?id=z6642853265z193d6fb05ee9b701404ec2d508af48b0z Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 23, 2020 Author Share Posted July 23, 2020 Thanks again!!. I have entered my host mail and it still shows the same information when I try to report. After adding my mail host configuration, it displayed on hosts / domains message field about 9 hosts I presume my mail server use one of them. Quote Link to comment Share on other sites More sharing options...
petzl Posted July 23, 2020 Share Posted July 23, 2020 (edited) 4 hours ago, Ricardo_63 said: I presume my mail server use one of them. SpamCop has them ALL whitelisted/won't report them. So your mailhosts seem ok. Assuming you clicked add new hosts and received a email, to which you clicked the embedded link?https://www.spamcop.net/sc?id=z6642947923z6d9895034f835eced8ac22b50e215d41z Your ISP has not stamped it's own IP "received: by"? example belowhttps://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z Edited July 23, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 23, 2020 Author Share Posted July 23, 2020 Thanks again. Yes, I have received the email and paste the heading as mentioned on mail received in the following link. https://www.spamcop.net/mcgi?action=mhreturn after done it appeared on the MailHosts list, but it showing nine hosts. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted July 24, 2020 Share Posted July 24, 2020 On 7/22/2020 at 7:35 AM, Ricardo_63 said: Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6642947923z6d9895034f835eced8ac22b50e215d41z From what I see on your tracking URL, there are some missing Received lines. I see you have the Received and by sections, but no from section. Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) I would expect to see a like such as the following where it has the from: Received: from [IP.add.re.ss] (helo=server.name.org) by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) SpamCop uses the part between the from and the by to determine the message source. Quote Link to comment Share on other sites More sharing options...
petzl Posted July 24, 2020 Share Posted July 24, 2020 (edited) 3 hours ago, Ricardo_63 said: after done it appeared on the MailHosts list, but it showing nine hosts thats normal you need to contact your ISP to get it to stamp it's own IP "received: by"? example belowhttps://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z Delivered-To: x Received: by 2002:a0c:9b89:0:0:0:0:0 with SMTP id o9csp1186644qve; Edited July 24, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 24, 2020 Author Share Posted July 24, 2020 8 hours ago, gnarlymarley said: From what I see on your tracking URL, there are some missing Received lines. I see you have the Received and by sections, but no from section. Received: by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) I would expect to see a like such as the following where it has the from: Received: from [IP.add.re.ss] (helo=server.name.org) by smtp50.i.mail.ru with esmtpa (envelope-from <investor@bit.com>) SpamCop uses the part between the from and the by to determine the message source. That's the point, where spammers it seems almost step ahead, masking mails without possibility to reported. Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 24, 2020 Author Share Posted July 24, 2020 8 hours ago, petzl said: thats normal you need to contact your ISP to get it to stamp it's own IP "received: by"? example belowhttps://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z Delivered-To: x Received: by 2002:a0c:9b89:0:0:0:0:0 with SMTP id o9csp1186644qve; Well, that is difficult to explain to ISP, I have claim about spam emails and they told it have spam protection against to spam mails, but clearly spammers can override ISP spam protection. That’s reason why I report each spam mail to SpamCop. Quote Link to comment Share on other sites More sharing options...
petzl Posted July 24, 2020 Share Posted July 24, 2020 9 hours ago, Ricardo_63 said: Well, that is difficult to explain to ISP, I have claim about spam emails and they told it have spam protection against to spam mails, but clearly spammers can override ISP spam protection. That’s reason why I report each spam mail to SpamCop. Well I don't see the "received by" line Which should be followed with the"Received: from" vedicisland.com (vedicisland.com. [77.32.212.194]) As with this example (Gmail)https://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted July 25, 2020 Share Posted July 25, 2020 16 hours ago, petzl said: Well I don't see the "received by" line Which should be followed with the"Received: from" Ricardo_63, this "Received:" line should be added by the receiving email server. And should not be disabled by any spammer. On 7/24/2020 at 5:05 AM, Ricardo_63 said: That's the point, where spammers it seems almost step ahead, masking mails without possibility to reported. Though RFC2882 might be confusing, RFC5321 explains this well in section 3.7.2, where your ISP should be adding that line. 3.7.2. Received Lines in Gatewaying When forwarding a message into or out of the Internet environment, a gateway MUST prepend a Received: line, but it MUST NOT alter in any way a Received: line that is already in the header section. Another way to think of it, is if your ISP refused to put this line on your email, then they must provide another way for you to get the information via a phone call or log access. If they refused to tell you the sending IP and helo hostname, then the offending email must be counted as spam send "by your email provider". Quote Link to comment Share on other sites More sharing options...
Ricardo_63 Posted July 25, 2020 Author Share Posted July 25, 2020 34 minutes ago, gnarlymarley said: Ricardo_63, this "Received:" line should be added by the receiving email server. And should not be disabled by any spammer. Though RFC2882 might be confusing, RFC5321 explains this well in section 3.7.2, where your ISP should be adding that line. 3.7.2. Received Lines in Gatewaying When forwarding a message into or out of the Internet environment, a gateway MUST prepend a Received: line, but it MUST NOT alter in any way a Received: line that is already in the header section. Another way to think of it, is if your ISP refused to put this line on your email, then they must provide another way for you to get the information via a phone call or log access. If they refused to tell you the sending IP and helo hostname, then the offending email must be counted as spam send "by your email provider". Thanks. Well I have subscribe many ticket about spam mail, but I never get answer, but after complete a survey have been called by a guy from support but is practically difficult to talk, it note conceited and assume problems becomes form users side because ISP have the best of unsolicited bulk email system and finally recommended take care when filled on sites with data form. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.