My ISP is bouncing Spamcop

[LodeHere]

I utilized spam for some years but in 2019 my ISP began to bounce back the confirmation requests from Spamcop. Luckily I was getting spam only sporadically since then after all the reporting I did. But lately it's coming back again, and I still don't receive the confirmation mails from Spamcop.

I report spam using Mailwasher, and that program can show the headers. (Other than my Opera Mail.) But I have never utilized the option to copy-paste headers on my Spamcop report account page. 

Anyone here can tell me how exactly to do it?  (Step by step please, as I'm not very knowledgeable in these things.) 

[Lking]

Not a Opera Mail user, but other mail applications will show the raw email by pressing <ctrl> U keys at the same time.

1) In your mail app display the email you are interested in.

2) Press the <ctrl> and the "U" key at the same time. (check your manual. there may be a different way to display only the header.)

3) Another window should open up displaying the raw email.

4) The email header is everything from the beginning of the file displayed down to, and including, the FIRST blank line.

4a) If you need to select the lookout/eudora workaround:

• Highlight everything down to the first blank line, then cut with <ctrl> C.  Go to the header window in the SC screen and use <ctrl> V to past in the header.
• Return to the normally displayed email, used <ctrl> A, to select all of the decoded email, then <ctrl> C to cut/ the selected text. Return to the SC screen and use <ctrl> V to past the body of the email into the second window.

4b) If in step 2 above, <ctrl> U displays the whole email, header and body (maybe encoded),  you can use the all-in-one submission form.

• Use <ctrl> A to select all of the raw email, header and body. then use <ctrl> C to cut the whole email. Then go to the SC submission screen with one window and use <ctrl> V to past the email into the window.

5. Press the <Process spam> button to submit your spam.

[LodeHere]

Thank you much. 

Using ctrl+u did not  have any effect in my Opera Mail.

In the mean time Jeremy from Firetrust Support for Mailwasher emailed me this: 

Hi Lode,
Yes, MW can indeed show the headers and full email as below....
Click the "Show email info" link just above the preview pane, (Click View>>Preview Pane if you do not have this enabled) then click the "Source tab.

That will show the raw text of the email, to copy it, click in the email and click ctrl A to select all, then click Ctrl C to copy.

...................

But when I log in on this page https://www.spamcop.net/ and tap on Report spam no place appears where I can paste something. This appears though: 

Welcome, Lodewijk. You have 14.6M bytes available.
Your average reporting time is: 2 hours; Great!

Bounce error

Your email address, xxxATxxxDOTxxx has returned a bounce:
Subject: Delivery Status Notification (Failure)
Reason: 5.1.0 - Unknown address error 550-'Sorry, we do not accept connections from=

Please ensure your email account is reliable, then click below (and then this appears in a box to tap on:

[Problem resolved.] 

But that problem is not resolved. On this other page which appears after have I logged in and then logged out from the above mentioned page this one appears: https://www.spamcop.net/mcgi?action=loginform

There says: For reporting-only account holders:

Log into https://members.spamcop.net 

I don't remember seeing that before, and I can't log in there with my username and password. But would that be the page one can copy-paste headers? Or is that normally done on the first mentioned page where I always logged in to confirm it is spam that I had Mailwasher send to Spamcop?

 

Edited October 17, 2022 by Lking
Security

[Lking]

The bounce error is because your ISP is bouncing emails sent by SC. (rant alert!)  Some dumb ISP in an effort to protect their customers from spam filter out any email that contains "spam". That means that emails from someone like info@spamcop.com get block/bounced. </rant>

you need to talk nicely to your ISP and explain to them their error and the absurdity of the situation where you have received spam they have not blocked, BUT they do block email from one of the longest standing spam fighting groups.

When you get that resolved, then login and click the [Problem resolved] button. Then we can get back to the issue of how you can report spam.  After 3 (I think) email sent to an email address are bounced, the SC parser/system sets a flag to not send anymore emails to that address. When the problem is reported to be resolved the flag is cleared. SC doesn't want to clog the internet with emails that are going to be bounced, generating yet more wast of bandwidth requiring even more clock cycles on their busy system. See https://www.spamcop.net/spamgraph.shtml?spamstats

[LodeHere]

Thank you much again. Also for your moral support.

(I was thinking "Make sure you don't make your full email address appear in your post", but then I forgot, and too much time passed to edit that now. But I trust it will not result in some spammer discovering it...)

As for the rant, I know it's ridiculous that an anti-spam program would flag spam fighting as spam. (A warning not to let AI take over the world.)

Thanks to what you shared I now realize that where I to copy-paste headers on my report page, I would most probably still have to receive confirmation request emails from SP to then confirm it's spam on the report page.

I'll have a "nice friendly" talk with my ISP once more. Remembering that the help desk person I'll be talking to is not responsible for the error made by the anti-spam software makers the ISP they work for is using.

Maybe they can contact the provider of that software about this weird issue, so they can fix it.

Edited October 17, 2022 by LodeHere

[LodeHere]

PS:

Come to think of it, maybe it would help if I could give the SC email address from the confirmation request send me to my ISP, as well as my reporting email address given me by SC. Maybe that way they can program their anti-spam software to let those pass.

Although I can imagine that the confirmation requests might each one have a different code for each different spam reported.

But maybe there is something they all have in common so that could be added to my ISP's white list. 

Edited October 17, 2022 by LodeHere

[Lking]

11 hours ago, LodeHere said:

I was thinking "Make sure you don't make your full email address appear in your post",

Sorry I read over it before. Edited out now.

11 hours ago, LodeHere said:

I would most probably still have to receive confirmation request emails from SP to then confirm it's spam on the report page.

yes it is a two step process, among other things so you can make sure the parser logic (AI) has not identify an innocent bystander.

 

11 hours ago, LodeHere said:

Remembering that the help desk person I'll be talking to

When "we" are motivated to contact a help desk sometimes it is hard to remember the pointy-end-of-the-spear is really trying to help use with our problem the best they can within their power.

 

7 hours ago, LodeHere said:

the confirmation requests might each one have a different code for each different spam reported.

this is true. However, your ISP should be able to whitelist the whole domain.TLD (everything after the AT).

[LodeHere]

I had to search for what a TLD is. 😀

So it would be (if I understand it well) "spam.spamcop.net" that they would have to add to their whitelist. That is part of the address SC gave me to report spam to.

But I don't know if those exact same words are also appearing in the confirmation request emails SC sends. if not those other words would also have to be added to my ISP's whitelist of course.

Would be good if all ISPs would have SC emails on their whitelist. Maybe Cisco could take care of letting them know that.

Edited October 17, 2022 by LodeHere

[RobiBue]

4 hours ago, LodeHere said:

I had to search for what a TLD is. 😀

So it would be (if I understand it well) "spam.spamcop.net" that they would have to add to their whitelist.

 

actually, the TLD for spamcop.net is just <net> (that's the Top Level Domain - TLD) like .com, .edu, .info, .tv, .gov, and so on.
spamcop (in spamcop.net) is the domain name.
subdomains for spamcop are, among others:

bounces.spamcop.net
devnull.spamcop.net
spam.spamcop.net

 

you would want spamcop.net whitelisted, including its subdomains.

[Lking]

@RobiBue Tank you for the clarification.

 

Please note that when you mouse over TLD a little window pops up.  The clue is the dotted line under TLD or HTH

[RobiBue]

always pleased to help ([if|when] I can)

[LodeHere]

Thank you all for your kind responses.

In the mean time SC Deputy Richard has spend time replying to my emails with the result that I have now reported spam again after not doing so for a few years already.

He let my know that for reporting spam one needs no email exchanges with SC. Just copy-pasting the headers on one's reporting page will do.

I remembered vaguely having read somewhere years ago that one cannot get the headers from Opera Mail. But Richard send me this which solved the issue for me especially after reading the simple tutorial posted under it:

How to display full email headers in Opera Mail 

 

"All's well that ends well" wrote Shakespeare. 😁