emanmb Posted October 24, 2022 Posted October 24, 2022 This is very odd. So I've been reporting via SC forever and my yahoo act. is the one I used to sign up and use for the forums. Lately I've been getting these messages when reporting. I cut and paste from Yahoo's "View Raw Message" "Hostname verified: mail-db3eur04hn0228.outbound.protection.outlook.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do." Usually I just ignore this message (saying darn or some such words )and move onto the next spam but today decided to click on "Add/edit your mailhost configuration" and my yahoo address was NOT in there. I receive lots of spam on my yahoo so I report it often and OCCASIONALLY get the "nothing to do" message. Now I'm wondering if something is amiss since my main yahoo address is missing from mail hosts. I did send in to all 3 reporting addresses and replied to those and it went smoothly. Yet my yahoo is still not listed. What should I do, if anything? I still can report yahoo spam but surprised it's not listed. Quote
petzl Posted October 24, 2022 Posted October 24, 2022 4 hours ago, emanmb said: This is very odd. So I've been reporting via SC forever and my yahoo act. is the one I used to sign up and use for the forums. Lately I've been getting these messages when reporting. I cut and paste from Yahoo's "View Raw Message" You may need to delete your "mailhosts" for Yahoo Then renew them I suspect Yahoo have recently renewed their mailhosts.? Quote
emanmb Posted October 25, 2022 Author Posted October 25, 2022 On 10/24/2022 at 3:45 PM, petzl said: You may need to delete your "mailhosts" for Yahoo Then renew them I suspect Yahoo have recently renewed their mailhosts.? Unfortunately they don't show up in the SC list page EXCEPT the ameritech account which uses Yahoo. Ameritech is now ATT or some such. Changed over a long time ago but I kept the ameritech address and ATT still uses yahoo. I could start there I suppose. Ameritech I had to pay for. It was the DSL (till I left the country over 10 yrs ago) we used. Since it's attached to yahoo you can keep the address. My actual yahoo accountt I've had since '98 or so lol. My guess is that the spammer's are just good at messing with the headers and SC can't tell they came to me. ¯\_(ツ)_/¯ It happens infrequently but it's a spammer that has runs of spam come thru my original yahoo account. They actually get by the yahoo spam filters which work pretty well mostly. Quote
gnarlymarley Posted October 25, 2022 Posted October 25, 2022 Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again. Quote
emanmb Posted October 26, 2022 Author Posted October 26, 2022 10 hours ago, gnarlymarley said: Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again. Yes I did that first as I mentioned and sent to all 3 places instead of just the default 1 and it is still not there. It's no big deal as I continue to submit spam via the website and 99% go thru. It was the errant few that got me looking for a cause and I wondered if I'd stumbled onto it. Like I mentioned later, My guess is that the spammer's are just good at messing with the headers and SC can't tell they came to me. (should be from me lol) Quote
emanmb Posted October 26, 2022 Author Posted October 26, 2022 Then first thing this morning 3 in a row lol. Quote
RobiBue Posted October 26, 2022 Posted October 26, 2022 6 hours ago, emanmb said: Then first thing this morning 3 in a row lol. have you tried deleting the mailhosts and submitting the spam without mailhosts set up? I don't have mailhosts and it seems to work on my end without them... might be worth a try... Quote
petzl Posted October 26, 2022 Posted October 26, 2022 (edited) On 10/26/2022 at 2:17 PM, emanmb said: Then first thing this morning 3 in a row lol. Helps if you could post a SpamCop (SC) tracking URL. Top of page BEFORE you submit spam. Try just putting email headers in parser below headers hit enter twice and write truncated What happens is some spammers jest write spam as a header so SC only sees it as all header with no body Then submit parse this is Microsoft free account phishing spam. I just forward them with headers and body to junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com direct from Gmail after marking them phishing Edited October 27, 2022 by petzl Quote
emanmb Posted October 28, 2022 Author Posted October 28, 2022 On 10/27/2022 at 4:37 AM, petzl said: Helps if you could post a SpamCop (SC) tracking URL. Top of page BEFORE you submit spam. Try just putting email headers in parser below headers hit enter twice and write truncated What happens is some spammers jest write spam as a header so SC only sees it as all header with no body Then submit parse this is Microsoft free account phishing spam. I just forward them with headers and body to junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com direct from Gmail after marking them phishing I post the whole thing. The spams that are too large for SC get truncated automatically. This is the link to see a report that I just did today did not go thru AND was truncated by SC. https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z Quote
emanmb Posted October 28, 2022 Author Posted October 28, 2022 On 10/27/2022 at 4:37 AM, petzl said: junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com direct from Gmail after marking them phishing I do that for google spam that is handled internally by SC and doesn't send to them. I use the link https://support.google.com/code/contact/cloud_platform_report as per an post I read here a while back. Extra work for us but for a while there was a lot of spam from there. Quote
RobiBue Posted October 28, 2022 Posted October 28, 2022 11 hours ago, emanmb said: I post the whole thing. The spams that are too large for SC get truncated automatically. This is the link to see a report that I just did today did not go thru AND was truncated by SC. https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z looking at the headers, there are only two Received: lines Received: from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Thu, 27 Oct 2022 17:34:26 +0000 Received: from 52.100.223.201 (EHLO APC01-TYZ-obe.outbound.protection.outlook.com) by 10.215.174.32 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Thu, 27 Oct 2022 17:34:26 +0000 and 52.100.223.201 is mail-tyzapc01hn2201.outbound.protection.outlook.com which is an outlook/hotmail/microsoft mail relay. Apparently microsoft does their own headers which makes it impossible for spamcop to go further back, and since the mailhosts are set up, there is nothing to do since SC looks at the trusted relay as "innocent". Since I do not have mailhosts set up, here's what I get (I didn't get the whole body, but kept the top part of it and canceled the report since it's not mine to report):https://www.spamcop.net/sc?id=z6782310652z69578185aa66c193943713af62cd294bz Quote
petzl Posted October 28, 2022 Posted October 28, 2022 11 hours ago, emanmb said: I do that for google spam that is handled internally by SC and doesn't send to them. I use the link https://support.google.com/code/contact/cloud_platform_report as per an post I read here a while back. Extra work for us but for a while there was a lot of spam from there. I only use Gmail do it's easy to mark spam as phishing, which should get their google cloud storage closed. Seems your spam is going through a network (not yours?) Received: from 127.0.0.1Mailhost configuration problem, identified internal IP as sourceBut it came from 52.100.223.201 junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]comJust send it to them from receiving email account. Quote
emanmb Posted October 31, 2022 Author Posted October 31, 2022 (edited) On 10/29/2022 at 6:03 AM, petzl said: I only use Gmail do it's easy to mark spam as phishing, which should get their google cloud storage closed. Seems your spam is going through a network (not yours?) Received: from 127.0.0.1Mailhost configuration problem, identified internal IP as sourceBut it came from 52.100.223.201 junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]comJust send it to them from receiving email account. Added junk[AT]office365.microsoft[DOT]com & abuse[AT]messaging.microsoft[DOT]com to address book. a lot comes from this spammer for now. Used to be google 6 months or so ago where one had to use the afore mentioned lame google reporting page as SC would only report internally. Edited October 31, 2022 by emanmb Quote
petzl Posted October 31, 2022 Posted October 31, 2022 5 hours ago, emanmb said: a lot comes from this spammer for now. Yeah I'm getting hammered as is the rest of the world. Reporting directly from your email seems to slow them down Free accounts without a working credit card check zero amount. Twitter. the "head twit" is going to charge US$20 a month, should remove the bot accounts but doubt if people will pay that amount? Quote
emanmb Posted November 1, 2022 Author Posted November 1, 2022 18 hours ago, petzl said: Free accounts without a working credit card check zero amount. Not sure what that means. 18 hours ago, petzl said: Twitter. the "head twit" is going to charge US$20 a month, should remove the bot accounts but doubt if people will pay that amount? All remains to be seen for now. I have my 2 accounts and won't pay anything for either lol. If it gets stupid w/ads then I'll decide then what to do. The platforms would remain viable no matter what I suppose, but people will complain. Ads were already getting annoying on twitter. There are those who take matters into their own hands like FB Purity which will block all kinds of ads etc on Facebook. Nice little ad-on for your browser if you use FB. Quote
petzl Posted November 1, 2022 Posted November 1, 2022 (edited) 14 hours ago, emanmb said: Not sure what that means. All remains to be seen for now. I have my 2 accounts and won't pay anything for either lol. If it gets stupid w/ads then I'll decide then what to do. The platforms would remain viable no matter what I suppose, but people will complain. Ads were already getting annoying on twitter. There are those who take matters into their own hands likeTwitter which will block all kinds of ads etc on Facebook. Nice little ad-on for your browser if you use FB. A credit card can be checked to see if it's valid without charging. I only go to Twitter if reading a news article and they give a link. Don't have a Twitter account, but since I read the $20 a month fee is for professional users like politicians/reporters Will check out FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal? Edited November 1, 2022 by petzl Quote
emanmb Posted November 2, 2022 Author Posted November 2, 2022 10 hours ago, petzl said: A credit card can be checked to see if it's valid without charging. I only go to Twitter if reading a news article and they give a link. Don't have a Twitter account, but since I read the $20 a month fee is for professional users like politicians/reporters Will check out FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal? Ahh ok I see. 10 hours ago, petzl said: Will check out FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal? Do you mean their website or fb page? I see zero scam ads on either page but then I use an ad blocker on firefox. My Safari is so old the adblocker plugins don't work anymore hahaha so I saw the link i posted with zero adblocking. That page just had geo-locating ads in Thai since I live here. For FB I use firefox with adblocker and right now I see no scam ads on the FB page. To remove all doubt, just google fb purity and go to their site. This is their FB page. There is no cost for the FB Purity add-on. Unless you choose to donate to it of course. FB Purity cleans up a lot of that on FB. That said, FB changes the code of the site often making the job of the maker of FB Purity that much harder. Sometimes I turn off the FB Purity add-on as the site might get a bit wonky at times. It may be wonky on it's own or just the fact that my internet, altho fiber optic, seems to drop out regularly throughout the day. At any rate FB Purity updates the add-on frequently as needed. Quote
emanmb Posted November 2, 2022 Author Posted November 2, 2022 10 hours ago, petzl said: Will check out FB Purity The moving target.... Personally I have FBP turned off for the moment. I'll wait and see as FB was acting odd a few days ago. Quote
petzl Posted November 2, 2022 Posted November 2, 2022 13 hours ago, emanmb said: The moving target.... Personally I have FBP turned off for the moment. I'll wait and see as FB was acting odd a few days ago. I have the link for FBP saved don't use FB that much just to keep contact with friends worldwide. But all these fake ad's and "recommendations" are worse than spam. Quote
emanmb Posted November 3, 2022 Author Posted November 3, 2022 9 hours ago, petzl said: But all these fake ad's and "recommendations" are worse than spam. FBP will let you turn off whatever you don't like so for the few times you go it might be worth it...or not Quote
gnarlymarley Posted November 7, 2022 Posted November 7, 2022 For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.