Jump to content

problem reporting spam


Recommended Posts

1 hour ago, petzl said:

I have never reported spam from yahoo email
Tried on one of the SpamCop Mailhost replies
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z 
seems to work (I use a VPN)

Honestly, I have no idea how the mailhosts configuration works, as I personally have no use for it as it stands.
What I did notice though, on your parse, there is the last (or first for that matter) Received: header which is as follows:

Received: from [191.101.210.140] by spamcop.net
	with HTTP; Tue, 20 Sep 2022 23:37:40 GMT

To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.

Link to comment
Share on other sites

4 hours ago, RobiBue said:

To me it seems like you receive your emails through SpamCop, which I do not. With that said, I see that for you it is probably necessary to have the mailhosts set up correctly, and that's where our systems differ, since I get my emails through a different system which does not seem to require mailhosts.

Yes I have SpamCop relay emails to me but not to Yahoo
SpamCop is on my mailhosts and the email I reported came from SpamCop mailhost validation which is Whitelisted (so won't report).
This was not spam but don't have any spam in Yahoo to report, so I sent in the mailhost validation as it was 3 days old SC went no further.
https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z
would of sent this report to where it should of gone (this was not spam)
Re: 191.101.210.140 (Third party interested in email source)
Internal spamcop handling: (badreports)

 

Edited by petzl
Link to comment
Share on other sites

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z

 

No ip address found.  Isn't THIS an ip address?????

Received: from 127.0.0.1

 

OR this??? 

X-Originating-Ip: [185.232.170.246]
Edited by ArtmakersWorlds
Link to comment
Share on other sites

5 hours ago, ArtmakersWorlds said:

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z

 

No ip address found.  Isn't THIS an ip address?????

Received: from 127.0.0.1

 

OR this??? 

X-Originating-Ip: [185.232.170.246]

https://www.spamcop.net/sc?id=z6776891424z3151f4ff6f17ec6674cd0a802b7aa888z
mine from Yahoo starts
10.217.144.139 which is a yahoo mailhost
127.0.0.1 is not
0: Received: from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000
Hostname verified: stop.tropos.fun
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Add/edit your mailhost configuration

I took the headers and summited looks to me like these headers are not from Yahoo webmail but some dodgy intranet that perhaps receives your email
SpamCop falls over with intranets try to get headers from before the intranet.
This is my pass of your intranet headers
https://www.spamcop.net/sc?id=z6777599959z423eb167bd6ba6754ce713a472177ee7z

The same for 
https://www.spamcop.net/sc?id=z6776271039zfd4a06f4ff24d7bc5130f21efb77a7a3z
 intranet Received: from 127.0.0.1

Edited by petzl
Link to comment
Share on other sites

5 hours ago, ArtmakersWorlds said:

And again today.   https://www.spamcop.net/sc?id=z6777584009zd5b59c27e570171eb65ad415f225b6b0z
No ip address found.  Isn't THIS an ip address?????
Received: from 127.0.0.1 your email intranet IP
OR this??? 
X-Originating-Ip: [185.232.170.246] that's the SOURCE of the spam send abuse report to audit[]ATfirstbyte[DOT]pro 
Best to include website registrar  like (takes their web site down)
Name:        go.havanalinks.com
IP:        185.163.45.75
Domain:    havanalinks.com
 Registrar Abuse Contact Email:  mailto:abuse[AT]namecheap[DOT]com

just forward the spam from your email 
At end of forwarded spam email put 
>
The full headers of email

 

Link to comment
Share on other sites

With

this is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report ;) )

Parsing header:

Received:  from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Tue, 27 Sep 2022 17:31:58 +0000
host 127.0.0.1 (getting name) no name
127.0.0.1 discarded

Received:  from 185.232.170.246 (EHLO stop.tropos.fun) by 10.253.62.157 with SMTP; Tue, 27 Sep 2022 17:31:58 +0000
host 185.232.170.246 = stop.tropos.fun. (cached)
stop.tropos.fun. is 185.232.170.246
Possible spammer: 185.232.170.246
Received line accepted
Tracking message source: 185.232.170.246:
Routing details for 185.232.170.246
[refresh/show] Cached whois for 185.232.170.246 : audit[at]firstbyte[dot]pro
Using last resort contacts audit[at]firstbyte[dot]pro

this doesn't give me

Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Link to comment
Share on other sites

2 hours ago, RobiBue said:

his is the reason why I suggest to remove (or disable if possible) mailhosts.
running the spam through SC without mailhosts results in the following:
https://www.spamcop.net/sc?id=z6777648303z2d57db44fb22bdb9f60865f945db0347z (I canceled the report since it's not mine to report ;) )

In his case worth a go
 

Link to comment
Share on other sites

Got two more spams today.  one went through just fine, the other did this same thing.

 

And we have been through this.  I do NOT use spamcop's mail system.  I use yahoo.  There are no MAILHOSTS to get rid of.

I looked at your link, means nothing to me.    Even clicked the delete hosts which only brings up some page of instructions, and around the endless circles of useless garbage we go.

I just want to copy the raw message, paste it into spamcop and have it work like it's always done before.

If spammers found a way around spamcop then spamcop needs to GET ON THIS and fix it.

 

PLEASE don't get into some long winded thing about mailhosts or what ever.  Just SIMPLE step by step HOW TO REPORT THIS CRAP.   1. do this, 2, do that, 3 copy that.... like that.  Otherwise this is just a waste of far too much time.

 

 

 

Ha, I went back to the spam I could not report, trying to see if after I got the error I could delete mailhosts....  And for what ever reason, this time it went through.  Go figure.

Intermittent problem perhaps????

BTW it went to an abuse at hotmail, (who like google doesn't care)  and to a devnull... also means they not only don't care but won't even look.

Edited by ArtmakersWorlds
Link to comment
Share on other sites

6 hours ago, ArtmakersWorlds said:

I could delete mailhosts..

just logon to your SC account go to mailhosts by clicking the Mailhosts Tab, top of page.
Near bottom of page there is a delete host button
Next to it in a Rectangle Box is Select one push the down arrow to see what's there select then push the
delete host button
You have shown a screen shot of Yahoo host being there possibly a old one that no longer works?

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...