Jump to content

Recommended Posts

Posted

Hi,

I am now getting reports from SC that spam reported to SC is not sent. 

Quote

[SpamCop] Errors encountered

How I have always sent them:

  1. Recognize spam in email
  2. I view the "email source" (full text view)
  3. I select All, and Copy
  4. Open SpamCop, login
  5. Click Paste into the reporting box and hit process.
  6. Then when SC is done processing it, I add to the comment  or usually just press the Send report.
  7. Done, move on to the next or logout.

Now the SC message that it didn't process, and assumes I used HTML. I don't, it's pasted as "plain text".

This is how I have been doing for what, 3 or 4 years now.

The SC email report sent back reads:

Quote
SpamCop encountered errors while saving spam for processing:
Message forwarded in html wrapper.

When forwarding spam, use a MIME attachment or text-type message with
the spam enclosed.  Do not send spam in HTML format.  Sometimes this
error is caused by using a "resend" feature to forward spam.

HTML spam should be sent in text (source code) format.


The email which triggered this auto-response had the following headers:
 Return-Path: <~~~@REDACTED.!!>
Received: from vmx.spamcop.net (prod-sc-smtp14.sv4.ironport.com [10.8.129.224])
    by prod-sc-app009.sv4.ironport.com (Postfix) with ESMTP id C599083833
    for <submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net>; Thu, 25 May 2023 09:39:46 -0700 (PDT)
Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=@REDACTED.!!
IronPort-SDR: kqquO8Xcw2axZfgsKJTNViGT8HprfRAi7bGWOmy4HDgSZZ5tVaWQa0P9w92IZrVVR0DBg05Nhk
 X7CfXhrN//M6lB2l3QIfGBtQC/LC4htjRSrczbNO44tP0Zl/cp+njRFPVTGAkU3OlyibyB+tZS
 sctcXVP8AskcNhAJ2phtoBYcGO735771JVQNbEu7DmY37uEGWT6B+GqQPPN85gJxvZz5Q76JnE
 5vWlb5mU3RmwkSuCTv4JFALuMdCGyMmpQJmTlNAkLe7X7mpOEjAiUwJAxsQsu8kAORdFauPmrX
 6u8=
Received: from nauj.domain.tld ([65.254.34.162])
  by vmx.spamcop.net with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 25 May 2023 09:39:46 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=REDACTED.!!; s=default; h=Content-Transfer-Encoding:Content-Type:
    In-Reply-To:MIME-Version:Date:Message-ID:From:References:Reply-To:To:Subject:
    Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
    Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
    List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=WY5P5eYCjIJKJdMmg6kDBcrlG5sXaOI0Hxf2clyqn3k=; b=OkXpKbqQomOYa2dvXicy2eHBz6
    N/Qkf7clM+VuBoOTO4bgS/NINje1AsGU+gicz/+edzZIJGX6Z/id04Q7wYWTsh3tEMsSIDz7/sYkt
    lBGsBl8H/B4nN/tJxIPc2bfaDrkkmJiWrtNSGddq1dXZKskA0rIdbhil0R3z1akKf5j7cHKiFY1ZS
    Bqjsyz2OuK+JvJhAk1nhs+IBs3mj9IIVv1To2oSvXfV0HTINlV3XyIREtecPzAfTlISHu3hTeV+Xg
    CyDmJCUH48JOzESmvx2cEvNkTfn3f1Keary1US2VtyfDZMqLU77OOzOL6gFz8QUZDP1/CTVc4Yqju
    vpOQg6/g==;
Received: from [96.50.188.51] (port=49257 helo=[192.168.0.10])
    by nauj.domain.tld with esmtpa (Exim 4.96)
    (envelope-from <~~~@REDACTED.!!>)
    id 1q2E08-0001GC-0E
    for submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net;
    Thu, 25 May 2023 12:39:45 -0400
Subject: Fwd: Jim Dixon , We have some lnformation for you
To: submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net
Reply-To: ~~~@REDACTED.!!
References: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in>
From: ~~~ <@REDACTED.!!>
Organization: REDACTED.!!
X-Forwarded-Message-Id: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in>
Message-ID: <43ce3d45-54ee-5af8-c59c-824a3a7d4440@REDACTED.!!>
Date: Thu, 25 May 2023 09:39:25 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.1.1
MIME-Version: 1.0
In-Reply-To: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in>
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - nauj.domain.tld
X-AntiAbuse: Original Domain - spam.spamcop.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - REDACTED.!!
X-Get-Message-Sender-Via: nauj.domain.tld: authenticated_id: ~~~@REDACTED.!!
X-Authenticated-Sender: nauj.domain.tld: ~~~@REDACTED.!!
X-Source: 
X-Source-Args: 
X-Source-Dir: 
.

Primary and original reporter of email redacted.

Is there something I should be doing different now?

Thanks for all your work,

~o

 

Posted
1 hour ago, Outernaut said:

Hi,

I am now getting reports from SC that spam reported to SC is not sent. 

How I have always sent them:

  1. Recognize spam in email
  2. I view the "email source" (full text view)
  3. I select All, and Copy
  4. Open SpamCop, login
  5. Click Paste into the reporting box and hit process.
  6. Then when SC is done processing it, I add to the comment  or usually just press the Send report.
  7. Done, move on to the next or logout.

Now the SC message that it didn't process, and assumes I used HTML. I don't, it's pasted as "plain text".

This is how I have been doing for what, 3 or 4 years now.

The SC email report sent back reads:

Primary and original reporter of email redacted.

Is there something I should be doing different now?

Thanks for all your work,

~o

Pay to send a Tracking url alays at top of page before you submit

Posted
2 hours ago, petzl said:

Pay to send a Tracking url alays at top of page before you submit

Sorry @petzl I've no idea what you mean by pay. Pay who, pay what, pay for every report, and is this a new thing about pay? The only "pay" I've seen is to pay to get rid of the delay screens. Last time I used a cheque was about 20 years ago. I haven't seen a pay gateway here. 

Like I stated, I never had this happen until a few days ago. And as I pointed out, the reason I was given was to use "a MIME attachment". "attachment":; this too is new to me.

How much to whom using what payment plan?

~o

Posted
32 minutes ago, Outernaut said:

Sorry @petzl I've no idea what you mean by pay. Pay who, pay what, pay for every report, and is this a new thing about pay? The only "pay" I've seen is to pay to get rid of the delay screens. Last time I used a cheque was about 20 years ago. I haven't seen a pay gateway here. 

Like I stated, I never had this happen until a few days ago. And as I pointed out, the reason I was given was to use "a MIME attachment". "attachment":; this too is new to me.

How much to whom using what payment plan?

~o

Must be an Australian-ism as in "pay to (do something)"?
Just send a tracking URL is all that's needed
 

Posted

I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there.

Posted
1 hour ago, ninth said:

I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there.

That's not only extra steps, it also never worked for me. What may be different, is that I use a email client, not web browser.  Too, I manage the mail server the domain with issues.

As for "raw" email my copy & paste email source is the same thing, only you email it. I've had those on-purpose huge 'raw' but the reporting box takes it and truncates it. There's never been a problem with those. Just recently, last few days, I paste and later a SC email arrives saying that "When forwarding spam..." I didn't forward anything. That's what I use to get when I tried email (Forwarding) to SC and failed. So the other way, copy/paste into report box, should work.

I am sheepishly beginning to wonder if some changes to our anti-spam on the server (LAMP) didn't kick in a forward to SC. I will embarrassingly leave now and go check it out. 

Will report back when I know.

~o

Posted
1 hour ago, ninth said:

I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there.

OK SpamCop has a maximum size limit if you have such just  report the headers of that spam THEN below headers push enter twice and write "TRUNATED"

Posted

 

40 minutes ago, Outernaut said:

That's not only extra steps, it also never worked for me. What may be different, is that I use a email client, not web browser.  Too, I manage the mail server the domain with issues.

I use an email client and I do not manage a mail server but I ran an email helpdesk for a large operation back in the day. About when forwarding spam the cops automatically send generic error messages and they may not be specific enough to sort your problem.

Posted
1 hour ago, petzl said:

OK SpamCop has a maximum size limit if you have such just  report the headers of that spam THEN below headers push enter twice and write "TRUNATED"

If not in a hurry should I send the whole lot to be more effective? Excerpt from report:

Finding links in message body
Parsing HTML part
Reducing redundant links redacted
Resolving link obfuscation

Posted
2 hours ago, ninth said:

If not in a hurry should I send the whole lot to be more effective? Excerpt from report:

Finding links in message body
Parsing HTML part
Reducing redundant links redacted
Resolving link obfuscation

SpamCop is not good at parsing links (it just send to IP address when it should be sent to the registrar)
SpamCop is good at reporting where the email is SENT from'
Headers with blank spam body and the word truncated s lines under headers

Posted
3 hours ago, petzl said:

Headers with blank spam body and the word truncated s lines under headers

just a small clarification:
if an email has only headers and no body, SpamCop will complain and not parse the email. if there is no body, add a blank line after the headers and a text like petzl says "tuncated [x] lines" or "email body truncated"  or something else so that the parser can analyze the headers correctly.

Posted

I'm going to back on this topic and ask again,

16 hours ago, petzl said:

Just send a tracking URL is all that's needed

I don't think you read my post (OP) correctly @petzl.

I ave always been able to copy the message source, and paste it into the reporting box. If file was too big, SC asks if I want it truncated, Yes, and off it goes. NEW EVENT SC sends it back telling me to make it mime or something. I'm NOT EMAILING the source, I log into SC and paste it into the report box. So why is it email, them back to me requiring I change it and re-email it?

Our ISP is second largest in Canada and dropped using their anti-spam telling everyone to put spam into the Junk box instead. So now we pay more for less that we must now do ourselves. So SC is blessing - most times.

Same topic, still asking.

~o

p.s. I checked the mail server. It's not mailing the reports. So, what changed at SC?

 

Posted
1 hour ago, Outernaut said:

p.s. I checked the mail server. It's not mailing the reports. So, what changed at SC?

If it went down and bounced SpamCop stops sending,
You need to first go to SpamCop reporting web page past your headers in box and parse 
Learn what is happening
This is a tracking url first link it was a very long spam that SpamCop would of truncated work it out??
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z  
Full report of what I sent 
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display  
 

Posted (edited)
8 hours ago, RobiBue said:

just a small clarification:
if an email has only headers and no body, SpamCop will complain and not parse the email. if there is no body, add a blank line after the headers and a text like petzl says "tuncated [x] lines" or "email body truncated"  or something else so that the parser can analyze the headers correctly.

Thanks this is how it's done 
This is a tracking url first link it was a very long spam that SpamCop would of truncated
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z  
Full report of what I sent and pre-TRUNCATED very bottom of page
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display  

Edited by petzl
Posted
2 hours ago, petzl said:

If it went down and bounced SpamCop stops sending,
You need to first go to SpamCop reporting web page past your headers in box and parse 
Learn what is happening
This is a tracking url first link it was a very long spam that SpamCop would of truncated work it out??
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z  
Full report of what I sent 
https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display  
 

Thanks. I'm not explaining myself well enough or your'e missing the point.  The site AFTER reporting MY way, has always worked. Until recently. The site STILL sends the report. A while later, a email from the site reports that i need to do something else. It is assuming I "forward'emails,. I don't. I already explained the process. I should also point out I am NOT using a cell phone, a smart phone not even a dumb phone. It's called a DESKTOP.  I don't send any thing. I manually go to the site, manually copy & paste the '''source''' of the entire spam. I then click Send button. Done! NOTHING DIFFERENT than last week ore the lat month or last 4 or 5 years.

Let's just say we both tried and forget it. I won't bother any more and just cuss the spam and click delete. 

~o

Posted (edited)
4 hours ago, Outernaut said:

I'm going to back on this topic and ask again,

The app has a help option to contact a SC rep regarding support. If I get an operator error the forward email message is sent whether I use the app or not to report.

Edited by ninth
error msg
Posted
1 hour ago, ninth said:

The app has a help option to contact a SC rep regarding support. If I get an operator error the forward email message is sent whether I use the app or not to report.

SpamCop has been left on auto mode for years noe, in it's hay-day it had plenty of volunteers to keep it up to date, not now!
In you OP you explained
 

Quote
Quote
  1. Open SpamCop, login
  2. Click Paste into the reporting box and hit process.
  3. Then when SC is done processing it, I add to the comment  or usually just press the Send report.
  4. Done, move on to the next or logout.

 Which is what I do, but now you have to check BEFORE you bother the abuse address is correct often it's not!
https://tinyurl.com/2pncp5cc    search for databases
Go back to doing that!

Posted
11 minutes ago, petzl said:

SpamCop has been left on auto mode for years noe, in it's hay-day it had plenty of volunteers to keep it up to date, not now!
In you OP you explained
 

 Which is what I do, but now you have to check BEFORE you bother the abuse address is correct often it's not!
https://tinyurl.com/2pncp5cc    search for databases
Go back to doing that!

I don't think we are on the same topic. The site went belly up 16-06=5-2023 according the emails I get telling I didn't "FORWARD" emailed, copy, copied to , I don't know how the Hades to explain it otherwise. I DON'T/DIDN'T/WOULDN'T Forward the spam email.
There is a big difference between the SC emails I get from SpamCap about Forwarding (which - again, I am Not doing).

If SpamCop has been neglected to this state where it is in need of some serious intervention, and can only report spam that goes no where, then pull it's %^$# plug!

We're not getting anywhere except frustrated.

Bye

~g

 

Posted (edited)
30 minutes ago, RobiBue said:

and I just reported spam, one through copy&paste, the other through e-mail submission. both work correctly.

Maybe that triggers the BOT SpamCop into working correctly?
Don't get much spam nowadays I kill them and those that know them! 
A while ago I got a scam Mobil text with website   I reported site to Registrar they replied I was mistaken so I reported them to Interpol!
Mystically the Registrar replied quickly after Interpol report they had taken the site down!                                                                                

Edited by petzl
Posted
On 5/26/2023 at 4:05 PM, Outernaut said:
Quote

SpamCop encountered errors while saving spam for processing:
Message forwarded in html wrapper.

When forwarding spam, use a MIME attachment or text-type message with
the spam enclosed.  Do not send spam in HTML format.  Sometimes this
error is caused by using a "resend" feature to forward spam.

HTML spam should be sent in text (source code) format.

 

ok, this is on my part probably a stupid assumption, but it looks like you or someone else sent an email to your submit.specialaddress@spam.spamcop.net.
is it possible that when you log in to spamcop with your credentials and see if there is a Report now link and follow it, if you can cancel that report? Or what action does it currently ask you to take?
The reason I am asking this, is that you shouldn't get the aforementioned message (Message forwarded in html wrapper.) when entering it in the submit spam box on the website. that would only happen if you (or someone else) forwarded it to your personal submit dot spam special email address at spam dot spamcop dot net.
If someone else submitted the email to that address, then the account is compromised and you might want to reach out to Richard W (to be found here https://forum.spamcop.net/staff/) and see if he can generate you a new address. maybe reset the account as something is fishy...

That's my suggestion if anything else fails.

~~~~ RobiBue

Posted
1 hour ago, petzl said:

A while ago I got a scam Mobil text with website   I reported site to Registrar they replied I was mistaken so I reported them to Interpol!
Mystically the Registrar replied quickly after Interpol report they had taken the site down! 

Websites are the responsibility of the hosting service not the domain name registrar and often the host will then contact the customer who owns the server to remove the website if it is involved in abuse. Abuse reports to registrars go in the bit bucket unless it relates to the registration process and they do not reply to or pass on reports. Note that giants like AWS and google host themselves.

I report spam directly to a company harbouring criminals and they refuse to cooperate I send the report again with the host abuse email to get action. I try to use the online form if available with a temp email to stop getting more spam. Today I managed to fill it out the form all in japanese except the link and my email! Fingers crossed. 

Posted (edited)
17 hours ago, ninth said:

Websites are the responsibility of the hosting service not the domain name registrar and often the host will then contact the customer who owns the server to remove the website if it is involved in abuse. Abuse reports to registrars go in the bit bucket unless it relates to the registration process and they do not reply to or pass on reports. Note that giants like AWS and google host themselves.

I report spam directly to a company harbouring criminals and they refuse to cooperate I send the report again with the host abuse email to get action. I try to use the online form if available with a temp email to stop getting more spam. Today I managed to fill it out the form all in japanese except the link and my email! Fingers crossed. 

Seems you are wrong.
The IP won't take action on websites at the IP address.
Registrars are the ones to complain to the owner/operator of website IP won't
SpamCop reporting IP address's of websites is near worthless
Why I send directly from my email address sometimes

Edited by petzl
Posted (edited)
2 hours ago, petzl said:

The IP won't take action on websites at the IP address.
Registrars are the ones to complain to the owner/operator of website IP won't
SpamCop reporting IP address's is worthless
Why I send directly from my email address sometimes

Less wrong...

The IP can be blacklisted if it is sending spam and what about finding the originating IP if using a VPN?

The network admin get reports for IP addresses

I can report a website or content to be taken down if they agree but I need apps like spamcop to get IPs on lists. I would like to do this with the snake charmers but the cops only accept reports from emails as a source?

Not once have the cops sent a report to the registrant since I have been sending in spam which has gone from one per hour to one a day if that.

Apologies for going off topic

Edited by ninth
cont

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...