problem reporting spam

[RobiBue]

1 hour ago, petzl said:

I have never reported spam from yahoo email
Tried on one of the SpamCop Mailhost replies
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z 
seems to work (I use a VPN)

Honestly, I have no idea how the mailhosts configuration works, as I personally have no use for it as it stands.
What I did notice though, on your parse, there is the last (or first for that matter) Received: header which is as follows:

Received: from [191.101.210.140] by spamcop.net
	with HTTP; Tue, 20 Sep 2022 23:37:40 GMT

To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.

[petzl]

4 hours ago, RobiBue said:

To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.

Yes I have SpamCop relay emails to me but not to Yahoo
SpamCop is on my mailhosts and the email I reported came from SpamCop mailhost validation which is Whitelisted (so won't report).
This was not spam but don't have any spam in Yahoo to report, so I sent in the mailhost validation as it was 3 days old SC went no further.
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z
would of sent this report to where it should of gone (this was not spam)
Re: 191.101.210.140 (Third party interested in email source)
Internal spamcop handling: (badreports)

 

Edited September 23, 2022 by petzl

[ArtmakersWorlds]

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z

 

No ip address found.  Isn't THIS an ip address?????

Received: from 127.0.0.1

 

OR this??? 

X-Originating-Ip: [185.232.170.246]

Edited September 27, 2022 by ArtmakersWorlds

[petzl]

5 hours ago, ArtmakersWorlds said:

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z

 

No ip address found.  Isn't THIS an ip address?????

Received: from 127.0.0.1

 

OR this??? 

X-Originating-Ip: [185.232.170.246]

https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z
mine from Yahoo starts
10.217.144.139 which is a yahoo mailhost
127.0.0.1 is not
0: Received: from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000
Hostname verified: stop.tropos.fun
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Add/edit your mailhost configuration

I took the headers and summited looks to me like these headers are not from Yahoo webmail but some dodgy intranet that perhaps receives your email
SpamCop falls over with intranets try to get headers from before the intranet.
This is my pass of your intranet headers
https://www.spamcop.net/sc?id=z6777599959z423eb167bd6ba6754ce713a472177ee7z

The same for 
https://www.spamcop.net/sc?id=z6776271039zfd4a06f4ff24d7bc5130f21efb77a7a3z
 intranet Received: from 127.0.0.1

Edited September 28, 2022 by petzl

[petzl]

5 hours ago, ArtmakersWorlds said:

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z
No ip address found.  Isn't THIS an ip address?????
Received: from 127.0.0.1 your email intranet IP
OR this??? 
X-Originating-Ip: [185.232.170.246] that's the SOURCE of the spam send abuse report to audit[]ATfirstbyte[DOT]pro 
Best to include website registrar  like (takes their web site down)
Name:        go.havanalinks.com
IP:        185.163.45.75
Domain:    havanalinks.com
 Registrar Abuse Contact Email:  mailto:abuse[AT]namecheap[DOT]com

just forward the spam from your email 
At end of forwarded spam email put 
>
The full headers of email

 

[RobiBue]

With

this is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report )

Parsing header:

Received:  from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Tue, 27 Sep 2022 17:31:58 +0000
host 127.0.0.1 (getting name) no name
127.0.0.1 discarded

Received:  from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000
host 185.232.170.246 = stop.tropos.fun. (cached)
stop.tropos.fun. is 185.232.170.246
Possible spammer: 185.232.170.246
Received line accepted
Tracking message source: 185.232.170.246:
Routing details for 185.232.170.246
[refresh/show] Cached whois for 185.232.170.246 : audit[at]firstbyte[dot]pro
Using last resort contacts audit[at]firstbyte[dot]pro

this doesn't give me

Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.

[petzl]

2 hours ago, RobiBue said:

his is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report )

In his case worth a go
 

[ArtmakersWorlds]

Got two more spams today.  one went through just fine, the other did this same thing.

 

And we have been through this.  I do NOT use spamcop's mail system.  I use yahoo.  There are no MAILHOSTS to get rid of.

I looked at your link, means nothing to me.    Even clicked the delete hosts which only brings up some page of instructions, and around the endless circles of useless garbage we go.

I just want to copy the raw message, paste it into spamcop and have it work like it's always done before.

If spammers found a way around spamcop then spamcop needs to GET ON THIS and fix it.

 

PLEASE don't get into some long winded thing about mailhosts or what ever.  Just SIMPLE step by step HOW TO REPORT THIS CRAP.   1. do this, 2, do that, 3 copy that.... like that.  Otherwise this is just a waste of far too much time.

 

 

 

Ha, I went back to the spam I could not report, trying to see if after I got the error I could delete mailhosts....  And for what ever reason, this time it went through.  Go figure.

Intermittent problem perhaps????

BTW it went to an abuse at hotmail, (who like google doesn't care)  and to a devnull... also means they not only don't care but won't even look.

Edited September 28, 2022 by ArtmakersWorlds

[petzl]

6 hours ago, ArtmakersWorlds said:

I could delete mailhosts..

just logon to your SC account go to mailhosts by clicking the Mailhosts Tab, top of page.
Near bottom of page there is a delete host button
Next to it in a Rectangle Box is Select one push the down arrow to see what's there select then push the
delete host button
You have shown a screen shot of Yahoo host being there possibly a old one that no longer works?

Edited September 28, 2022 by petzl

[rpprevost]

To:  ArtMakersWorld

I understand your frustration when it comes to talking to geeks who can't see past their own words on the page to see the problem.  This response might be too late but I'll try anyway. Allow me to help explain what they are trying to explain.  I have the same issue as you do and I've tried everyone's suggestions and NONE have solved the issue.

There is more than one method to submit spam emails to SpamCop. The method you need to use is determined by what information you are able to extract from the spam emails you receive, and THAT is dependent upon what application you use to view/read your emails.

Think of the emails you receive as being nothing but information in a database. You need to use a tool that can read the information and present it to you as something that looks like an email message. The tool you use also needs to be a tool that your email host/provider allows you to use. For example: You could have a Yahoo email account (yourAccount@yahoo.com) and you could have a Google email account (yourAccount@gmail.com) and an AOL email account (yourAccount@aol.com). To read your messages, you have to use a web browser to sign in to those accounts separately, or use a tool like Outlook that allows you to sign in to each of those accounts and show you all your messages from all your accounts. Of course, Outlook isn't the only email reader out there, and some email providers may not allow you to use Outlook and that's where it gets sticky.

All email you receive in all of your accounts has hidden information (i.e. headers) encoded in it that may or may not be easily accessible to you depending on what email reader you use. The email reader you use to retrieve your messages will show you as much, or as little, of the messages as it was designed to show you. However, just because you can't access the hidden information, doesn't mean it's not there. It only means your email reader is a bit, well . . . er . . . um . . .

Anyway . . . when someone sends an email message to you, the message is transmitted via a glorious relay system whereby the message leaves the originating email server and gets handed off from one email server to another and to another. Each time the message gets handed off, information is appended to the email header saying where the message has been. (Wouldn't it be great if we could do that to some people?). until it makes its way to the server of your email host provider. The precise information that gets appended to the email header as it passes from server to server should meet industry-wide-agreed-upon standards. Standards specify  what types of information and how to present it so that it can be parsed out (i.e. extracted) and read. All of this leaves a "breadcrumb" trail embedded in every message you receive.

Recently, something has gone awry with the information that is appended to headers. Either the information is being appended incorrectly, or being altered so that the entries are out of order making SpamCop's parser think that the originating server is the same as the final receiving server, or entries are being corrupted during a handoff, or SpamCop's parser is on the fritz. It doesn't appear that anyone is actually looking into this.

The instructions that you've received from members in this thread have been about using SpamCop's menu options at the top of your browser window to register your email server's contribution to the header information of your emails so that SpamCop's parser can recognize the entry as such. At the top of the SpamCop web page are the options "Report spam," "Mailhosts," "Statistics," etc... The "Mailhosts" option is the one you need to click on to register your email server with SpamCop. SpamCop will send you an email message with embedded codes. You then need to send that email back to SpamCop using the instructions in the email message.

I will say this, though, this issue began happening to me a few months ago, then it stopped and everything worked fine for a few days. Then the same issues started again. I referred to SpamCop's help page for an "Example of what headers should look like". Then I compared it to what the headers in my emails look like. What I learned was just how unhelpful that example was. A couple of months ago, as an experiment with an email that would not go through, I swapped the order of two entries in the email header and re-submitted it. It went through with no errors. I've not been able to recreate that since. I've deleted and re-registered my email hosts several times and it still has not solved the problem.

Here is one observation I've made. My mail host is registered as "atlas209.aol.mail.ne1.yahoo.com" but the headers of my emails contain "atlas107.aol.mail.ne1.yahoo.com"

SpamCop offers two methods of submitting your spam emails to them. The method you need to use depends on the capabilities of the email reader you are using. This page might answer some of your questions:https://www.spamcop.net/fom-serve/cache/285.html and this one https://www.spamcop.net/fom-serve/cache/16.html.

I hope some of this information is helpful to you.

[ArtmakersWorlds]

WOW I really appreciate the time you put into that.   Bottom line sounds like this is an issue between spamcop and spammers who seemed to have found a way around it.   Guessing the change in your own email is kinda like how phone scammers use forged numbers to call from.   I've had emails come in apparently from someone I know.  Someone in my contacts.  But they never sent it.  (A worm I'm guessing.)  

This has been and will always be a battle between cheaters and ways to stop them.

That being said I did delete my email in the mail host tab and so far it's been working fine.

Now I do use several emails and have no plans of entering all of them into spamcop.  ONE I set up specifically to use where I think it will be hijacked and I don't have any personal information linked to that one at all.   Even my name I make up and change from time to time.   I think now I have something like "Die Spammers"  It's hilarious when I get spam "dead Die"..... 

 

I'm sure spamcop would be a safe place, but why take chances?  Every site gets hacked.  The fewer places I use my personal emails the better. 

 

Still the level of spam has gone WAY down since I first stated using this.  Not sure if the email hosts have just gotten better, well actually no.  They don't block spam, they just send it to a junk folder.   There was a time when I got 900 in one day.   Now my personal email might get 1 or 2 a WEEK.   Even my spamable junk address only gets a few a week.   So for the occasional one that slips through?  Not a big deal.   (BTW 99% of the spam I do get comes from google and goes to devnull.  Google doesn't care.  Not even sure sending reports does a thing.) 

[rpprevost]

To: ArtmakersWorlds

I tried the solutions Petzl mentioned on 9/28, and it worked. Follow the instructions in his last comment. Basically, you need to log in to SpamCop. Click the "Mailhost" tab at the top. Then delete any registrations you have previously set up. They'll each be shown on that page.

[RobiBue]

On 10/12/2022 at 9:31 AM, rpprevost said:

To: ArtmakersWorlds

I tried the solutions Petzl mentioned on 9/28, and it worked. Follow the instructions in his last comment. Basically, you need to log in to SpamCop. Click the "Mailhost" tab at the top. Then delete any registrations you have previously set up. They'll each be shown on that page.

I believe he did (according to his message). BTW you did  a great job explaining what some of us tried to do! Thank you rpprevost!

On 10/9/2022 at 10:42 AM, ArtmakersWorlds said:

That being said I did delete my email in the mail host tab and so far it's been working fine.

and ArtmakersWorlds, I hope it continues to work fine

[gnarlymarley]

I will list my understanding and a quick explanation of mailhosts to hopefully clarify some items.

SpamCop appears to track the servers listed in the Received lines. By doing this, I believe it attempts to discover the border inbound email server and report the IP that the server got the email from. Mailhosts appears to have been created in response to spammers trying to spoof extra received lines, so that SpamCop reports the email with the wrong IP to the wrong system administrator.

As previously mentioned about the relays and the hand offs from server to server, the breadcrumb trail is used to track a message. Spammers know about this and have tried to inject their spam into someone else's server and add fake breadcrumb trails to trick the SpamCop parser. SpamCop's response was to add mailhosts. The issue can be that the breadcrumb trailchanges over time as e-mail businesses implement new servers and decommission older "border servers". Since those changing IPs and server names might not match what mailhosts has recorded, the parser will reject those reports. I don't get issues very often, but when I did in the past I would just have the email resent to me to add it to the parser without deleting and it would update my entries. Once I had updated my mailhosts, I could go back to the previous report and it would send.