hank Posted May 11, 2022 Share Posted May 11, 2022 Just got this in email -- ----------------------- Subject [SpamCop] Email Delivery ConfirmationPlease confirm email delivery for SpamCop account:hank@spamcop.netClick here:https://www.spamcop.net/mcgi?conf=un6FJSBii5iMUvqCILI1ihJWw8CkUP0oOr send email to:deliver.un6FJSBii5iMUvqCILI1ihJWw8CkUP0o@cmds.spamcop.net ----------------------- Smells phishy to me but I can't pointt o anything specifically wrong. WTF? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted May 11, 2022 Share Posted May 11, 2022 Hmmmm.... If it had a https://www.spamcop.net/mcgi?action=mhreturn or a mhconf.xxxxxxxxxx@cmds.spamcop.net, I would say this would be a mailhosts setup email. Could this be a CES forwarding redirection request? Quote Link to comment Share on other sites More sharing options...
hank Posted May 12, 2022 Author Share Posted May 12, 2022 I don't understand your aswer -- should I report the message and see what Spamcop says about it? Quote Link to comment Share on other sites More sharing options...
hank Posted May 12, 2022 Author Share Posted May 12, 2022 Here's the full report: X-spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on f.spam.sonic.net X-spam-Level: X-spam-Status: No, score=-6.1 required=4.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI,SNF4SA,SONIC_BX_A2,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=3.4.6 X-spam-SNF-Result: 0 (Standard White Rules) X-spam-MessageSniffer-Scan-Result: X-spam-MessageSniffer-Rules: 0-0-0-2429-c X-spam-GBUdb-Analysis: 1, 184.94.240.112, Ugly c=0.357145 p=-0.1875 Source Normal Received: from d.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145]) by b.local-delivery (8.14.7/8.14.7) with ESMTP id 24BHxOUk006899 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xxxxxxxx@lds.sonic.net>; Wed, 11 May 2022 10:59:24 -0700 Received: from vmx.spamcop.net (vmx.spamcop.net [184.94.240.112]) by d.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 24BHxNqN107202 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xxxxxxxx@sonic.net>; Wed, 11 May 2022 10:59:24 -0700 DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns; h=IronPort-SDR:X-Corpus-CASE-Score:Received:Received:From: To:Subject:Precedence:Message-ID:Date:X-Mailer; b=KkvP5aBl9Md+4drBRSvljnJEAe3hevTgrPPG9aq8eJI+L5ZBTpstUh23 xCa44jj5nnkVlI6Mycnv2MvtKrBozt9G7mb+FJKINxKEGXkUvkQqHKA/E ausfD3p8pn5jzDh; IronPort-SDR: eXGcifgOTQE0pAsvFRW89f+ynULjxySmlh6vohXzvc95FKXZvT2UqhXWlGW6eQnRD8/5l6/hxy ffjnIaPZyO5t2pTyPUZVy6iFQ2gKMn1b3WKibBmx8/sjg18AXCwPdLvbri/XbkdgydvkpxwMro JNoJ6l4CUpU4wB0nWH4vOrB9ncxmUUY5h+y5qsRMoRiph+MrelrGRwBuf5VXqHoI7G22uV3DzR NFPKK1VEOZus6GuX5AMmSvKACSLyHjJKKLQg12YVKc4zVdHtVBrnp8jrmNwBUTY7x2hrxjVcAC ONI= X-Corpus-CASE-Score: 0 Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 11 May 2022 10:58:18 -0700 Received: from [135.180.216.255] by spamcop.net with HTTP; Wed, 11 May 2022 17:58:12 GMT From: SpamCop <spamcop@devnull.spamcop.net> To: xxxxxxxx@sonic.net Subject: [SpamCop] Email Delivery Confirmation Precedence: list Message-ID: <wh627bf934g75b2@msgid.spamcop.net> Date: Wed, 11 May 2022 17:58:12 GMT X-Mailer: https://www.spamcop.net/ v5.4.0 X-Orthrus: tar=0 grey=no co=US os=FreeBSD/9.x or newer/2 spf=pass dkim=pass Please confirm email delivery for SpamCop account: hank@spamcop.net Click here:https://www.spamcop.net/mcgi?conf=un6FJSBii5iMUvqCILI1ihJWw8CkUP0o Or send email to: deliver.un6FJSBii5iMUvqCILI1ihJWw8CkUP0o@cmds.spamcop.net Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted May 15, 2022 Share Posted May 15, 2022 On 5/11/2022 at 7:38 PM, hank said: Received: from d.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145]) by b.local-delivery (8.14.7/8.14.7) with ESMTP id 24BHxOUk006899 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xxxxxxxx@lds.sonic.net>; Wed, 11 May 2022 10:59:24 -0700 Received: from vmx.spamcop.net (vmx.spamcop.net [184.94.240.112]) by d.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 24BHxNqN107202 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xxxxxxxx@sonic.net>; Wed, 11 May 2022 10:59:24 -0700 I will trust that the sonic Received: header is okay. Looking at the second header, I would be cautious at reporting this. I get my legitimate SpamCop email from 184.94.240.112 which appears to be the same as what you have in your email. If the sonic section can be trusted, I would say this is a good email. A word of caution, if you try to report something like this, before you send the reports pay attention to the address. If it says something like don[at]spamcop, sending the report could automatically have your reporting account disabled. From what I can see that you have posted, I try to login to your reporting account and see if it is waiting on anything special. You may also want to try to contact the deputies to verify exactly what this is. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.