Cannot Register Original Email

[emanmb]

This is very odd.  So I've been reporting via SC forever and my yahoo act. is the one I used to sign up and use for the forums.  Lately I've been getting these messages when reporting.  I cut and paste from Yahoo's "View Raw Message"

"Hostname verified: mail-db3eur04hn0228.outbound.protection.outlook.com

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust this Received line.

Mailhost configuration problem, identified internal IP as source

Mailhost:
Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like

Nothing to do."

 

Usually I just ignore this message (saying darn or some such words )and move onto the next spam but today decided to click on "Add/edit your mailhost configuration" and my yahoo address was NOT in there.  I receive lots of spam on my yahoo so I report it often and OCCASIONALLY get the "nothing to do" message.  Now I'm wondering if something is amiss since my main yahoo address is missing from mail hosts.  I did send in to all 3 reporting addresses and replied to those and it went smoothly.  Yet my yahoo is still not listed.  What should I do, if anything?  I still can report yahoo spam but surprised it's not listed.  

 

[petzl]

4 hours ago, emanmb said:

This is very odd.  So I've been reporting via SC forever and my yahoo act. is the one I used to sign up and use for the forums.  Lately I've been getting these messages when reporting.  I cut and paste from Yahoo's "View Raw Message"

You may need to delete your "mailhosts" for Yahoo
Then renew them I suspect Yahoo have recently renewed their mailhosts.?

[emanmb]

On 10/24/2022 at 3:45 PM, petzl said:

You may need to delete your "mailhosts" for Yahoo
Then renew them I suspect Yahoo have recently renewed their mailhosts.?

Unfortunately they don't show up in the SC list page EXCEPT the ameritech account which uses Yahoo.  Ameritech is now ATT or some such.  Changed over a long time ago but I kept the ameritech address and ATT still uses yahoo.  I could start there I suppose.  Ameritech I had to pay for. It was the DSL (till I left the country over 10 yrs ago) we used.  Since it's attached to yahoo you can keep the address.   My actual yahoo accountt I've had since '98 or so lol.

My guess is that the spammer's are just good at messing with the headers and SC can't tell they came to me.   ¯\_(ツ)_/¯

It happens infrequently but it's a spammer that has runs of spam come thru my original yahoo account.  They actually get by the yahoo spam filters which work pretty well mostly.

 

[gnarlymarley]

Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again.

[emanmb]

10 hours ago, gnarlymarley said:

Sometimes instead of deleting (especially if not listed), I just click the add a new host and have it readd the email again.

Yes I did that first as I mentioned and sent to all 3 places instead of just the default 1 and it is still not there.  It's no big deal as I continue to submit spam via the website and 99% go thru.  It was the errant few that got me looking for a cause and I wondered if I'd stumbled onto it.  Like I mentioned later, My guess is that the spammer's are just good at messing with the headers and SC can't tell they came to me.   (should be from me lol)

 

[emanmb]

Then first thing this morning 3 in a row lol.  

 

[RobiBue]

6 hours ago, emanmb said:

Then first thing this morning 3 in a row lol.  

 

have you tried deleting the mailhosts and submitting the spam without mailhosts set up? I don't have mailhosts and it seems to work on my end without them...

might be worth a try...

[petzl]

On 10/26/2022 at 2:17 PM, emanmb said:

Then first thing this morning 3 in a row lol.  

Helps if you could post a SpamCop (SC) tracking URL.
Top of page BEFORE you submit spam.
Try just putting email headers in parser

below headers hit enter twice and write truncated
What happens is some spammers jest write spam as a header so SC only sees it as all header with no body

Then submit parse this is Microsoft free account phishing spam.
I just forward them with headers and body to
junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com
direct from Gmail after marking them phishing

Edited October 27, 2022 by petzl

[emanmb]

On 10/27/2022 at 4:37 AM, petzl said:

Helps if you could post a SpamCop (SC) tracking URL.
Top of page BEFORE you submit spam.
Try just putting email headers in parser

below headers hit enter twice and write truncated
What happens is some spammers jest write spam as a header so SC only sees it as all header with no body

Then submit parse this is Microsoft free account phishing spam.
I just forward them with headers and body to
junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com
direct from Gmail after marking them phishing

I post the whole thing.  The spams that are too large for SC get truncated automatically.  This is the link to see a report that I just did today did not go thru AND was truncated by SC.

https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z

[emanmb]

On 10/27/2022 at 4:37 AM, petzl said:

junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com
direct from Gmail after marking them phishing

I do that for google spam that is handled internally by SC and doesn't send to them.  I use the link https://support.google.com/code/contact/cloud_platform_report as per an post I read here a while back.  Extra work for us but for a while there was a lot of spam from there.

[RobiBue]

11 hours ago, emanmb said:

I post the whole thing.  The spams that are too large for SC get truncated automatically.  This is the link to see a report that I just did today did not go thru AND was truncated by SC.

https://www.spamcop.net/sc?id=z6782226996zc3fb576f1f86b3e3eaa3c5215ebe9d21z

looking at the headers, there are only two Received: lines

1. Received: from 127.0.0.1
     by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Thu, 27 Oct 2022 17:34:26 +0000

2. Received: from 52.100.223.201 (EHLO APC01-TYZ-obe.outbound.protection.outlook.com)
     by 10.215.174.32 with SMTPs
     (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);

     Thu, 27 Oct 2022 17:34:26 +0000

and 52.100.223.201 is mail-tyzapc01hn2201.outbound.protection.outlook.com which is an outlook/hotmail/microsoft mail relay.
Apparently microsoft does their own headers which makes it impossible for spamcop to go further back, and since the mailhosts are set up, there is nothing to do since SC looks at the trusted relay as "innocent".

Since I do not have mailhosts set up, here's what I get (I didn't get the whole body, but kept the top part of it and canceled the report since it's not mine to report):
https://www.spamcop.net/sc?id=z6782310652z69578185aa66c193943713af62cd294bz

[petzl]

11 hours ago, emanmb said:

I do that for google spam that is handled internally by SC and doesn't send to them.  I use the link https://support.google.com/code/contact/cloud_platform_report as per an post I read here a while back.  Extra work for us but for a while there was a lot of spam from there.

I only use Gmail do it's easy to mark spam as phishing, which should get their google cloud storage closed.
Seems your spam is going through a network (not yours?)
Received: from 127.0.0.1
Mailhost configuration problem, identified internal IP as source
But it came from 52.100.223.201 junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com
Just send it to them from receiving email account.

[emanmb]

On 10/29/2022 at 6:03 AM, petzl said:

I only use Gmail do it's easy to mark spam as phishing, which should get their google cloud storage closed.
Seems your spam is going through a network (not yours?)
Received: from 127.0.0.1
Mailhost configuration problem, identified internal IP as source
But it came from 52.100.223.201 junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com
Just send it to them from receiving email account.

Added  junk[AT]office365.microsoft[DOT]com  &  abuse[AT]messaging.microsoft[DOT]com to address book.  

a lot comes from this spammer for now.  

Used to be google 6 months or so ago where one had to use the afore mentioned lame google reporting page as SC would only report internally.  

Edited October 31, 2022 by emanmb

[petzl]

5 hours ago, emanmb said:

a lot comes from this spammer for now.  

Yeah I'm getting hammered as is the rest of the world.
Reporting directly from your email seems to slow them down
Free accounts without a working credit card check zero amount.
Twitter. the "head twit" is going to charge US$20 a month,
should remove the bot accounts but doubt if people will pay that amount?

[emanmb]

18 hours ago, petzl said:

Free accounts without a working credit card check zero amount.

Not sure what that means. 

 

18 hours ago, petzl said:

Twitter. the "head twit" is going to charge US$20 a month,
should remove the bot accounts but doubt if people will pay that amount?

All remains to be seen for now.  I have my 2 accounts and won't pay anything for either lol.  If it gets stupid w/ads then I'll decide then what to do.  The platforms would remain viable no matter what I suppose, but people will complain.  Ads were already getting annoying on twitter.  

There are those who take matters into their own hands like FB Purity which will block all kinds of ads etc on Facebook.  Nice little ad-on for your browser if you use FB.

[petzl]

14 hours ago, emanmb said:

Not sure what that means. 

 

All remains to be seen for now.  I have my 2 accounts and won't pay anything for either lol.  If it gets stupid w/ads then I'll decide then what to do.  The platforms would remain viable no matter what I suppose, but people will complain.  Ads were already getting annoying on twitter.  

There are those who take matters into their own hands likeTwitter  which will block all kinds of ads etc on Facebook.  Nice little ad-on for your browser if you use FB.

A credit card can be checked to see if it's valid without charging.
I only go to Twitter if reading a news article and they give a link.
Don't have a Twitter account,
but since I read the $20 a month fee is for professional users like politicians/reporters
Will check out  FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal?

Edited November 1, 2022 by petzl

[emanmb]

10 hours ago, petzl said:

A credit card can be checked to see if it's valid without charging.
I only go to Twitter if reading a news article and they give a link.
Don't have a Twitter account,
but since I read the $20 a month fee is for professional users like politicians/reporters
Will check out  FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal?

Ahh ok I see.

10 hours ago, petzl said:

Will check out  FB Purity I do have a FB page but it's full of a lot of scam ads even using PayPal?

Do you mean their website or fb page?  I see zero scam ads on either page but then I use an ad blocker on firefox.  My Safari is so old the adblocker plugins don't work anymore hahaha so I saw the link i posted with zero adblocking.  That page just had geo-locating ads in Thai since I live here.  

For FB I use firefox with adblocker and right now I see no scam ads on the FB page.  To remove all doubt, just google fb purity and go to their site.  This is their FB page. 

There is no cost for the FB Purity add-on.  Unless you choose to donate to it of course.  

FB Purity cleans up a lot of that on FB.  That said, FB changes the code of the site often making the job of the maker of FB Purity that much harder.  Sometimes I turn off the FB Purity add-on as the site might get a bit wonky at times.  It may be wonky on it's own or just the fact that my internet, altho fiber optic, seems to drop out regularly throughout the day.  At any rate FB Purity updates the add-on frequently as needed.

[emanmb]

10 hours ago, petzl said:

Will check out  FB Purity 

The moving target....

Personally I have FBP turned off for the moment.  I'll wait and see as FB was acting odd a few days ago.

[petzl]

13 hours ago, emanmb said:

The moving target....

Personally I have FBP turned off for the moment.  I'll wait and see as FB was acting odd a few days ago.

I have the link for FBP saved don't use FB that much just to keep contact with friends worldwide.
But all these fake ad's and "recommendations" are worse than spam.

[emanmb]

9 hours ago, petzl said:

But all these fake ad's and "recommendations" are worse than spam.

FBP will let you turn off whatever you don't like so for the few times you go it might be worth it...or not  

[gnarlymarley]

For credit card checking with a zero amount, it would need to continually check for expired cards, or else the problem people would just sign up with cards that would soon expire.