Outernaut Posted May 26, 2023 Share Posted May 26, 2023 Hi, I am now getting reports from SC that spam reported to SC is not sent. Quote [SpamCop] Errors encountered How I have always sent them: Recognize spam in email I view the "email source" (full text view) I select All, and Copy Open SpamCop, login Click Paste into the reporting box and hit process. Then when SC is done processing it, I add to the comment or usually just press the Send report. Done, move on to the next or logout. Now the SC message that it didn't process, and assumes I used HTML. I don't, it's pasted as "plain text". This is how I have been doing for what, 3 or 4 years now. The SC email report sent back reads: Quote SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. The email which triggered this auto-response had the following headers: Return-Path: <~~~@REDACTED.!!> Received: from vmx.spamcop.net (prod-sc-smtp14.sv4.ironport.com [10.8.129.224]) by prod-sc-app009.sv4.ironport.com (Postfix) with ESMTP id C599083833 for <submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net>; Thu, 25 May 2023 09:39:46 -0700 (PDT) Authentication-Results: vmx.spamcop.net; dkim=pass (signature verified) header.i=@REDACTED.!! IronPort-SDR: kqquO8Xcw2axZfgsKJTNViGT8HprfRAi7bGWOmy4HDgSZZ5tVaWQa0P9w92IZrVVR0DBg05Nhk X7CfXhrN//M6lB2l3QIfGBtQC/LC4htjRSrczbNO44tP0Zl/cp+njRFPVTGAkU3OlyibyB+tZS sctcXVP8AskcNhAJ2phtoBYcGO735771JVQNbEu7DmY37uEGWT6B+GqQPPN85gJxvZz5Q76JnE 5vWlb5mU3RmwkSuCTv4JFALuMdCGyMmpQJmTlNAkLe7X7mpOEjAiUwJAxsQsu8kAORdFauPmrX 6u8= Received: from nauj.domain.tld ([65.254.34.162]) by vmx.spamcop.net with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 25 May 2023 09:39:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=REDACTED.!!; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Reply-To:To:Subject: Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WY5P5eYCjIJKJdMmg6kDBcrlG5sXaOI0Hxf2clyqn3k=; b=OkXpKbqQomOYa2dvXicy2eHBz6 N/Qkf7clM+VuBoOTO4bgS/NINje1AsGU+gicz/+edzZIJGX6Z/id04Q7wYWTsh3tEMsSIDz7/sYkt lBGsBl8H/B4nN/tJxIPc2bfaDrkkmJiWrtNSGddq1dXZKskA0rIdbhil0R3z1akKf5j7cHKiFY1ZS Bqjsyz2OuK+JvJhAk1nhs+IBs3mj9IIVv1To2oSvXfV0HTINlV3XyIREtecPzAfTlISHu3hTeV+Xg CyDmJCUH48JOzESmvx2cEvNkTfn3f1Keary1US2VtyfDZMqLU77OOzOL6gFz8QUZDP1/CTVc4Yqju vpOQg6/g==; Received: from [96.50.188.51] (port=49257 helo=[192.168.0.10]) by nauj.domain.tld with esmtpa (Exim 4.96) (envelope-from <~~~@REDACTED.!!>) id 1q2E08-0001GC-0E for submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net; Thu, 25 May 2023 12:39:45 -0400 Subject: Fwd: Jim Dixon , We have some lnformation for you To: submit.W0BSlv9YO7ZNw9TP@spam.spamcop.net Reply-To: ~~~@REDACTED.!! References: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> From: ~~~ <@REDACTED.!!> Organization: REDACTED.!! X-Forwarded-Message-Id: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> Message-ID: <43ce3d45-54ee-5af8-c59c-824a3a7d4440@REDACTED.!!> Date: Thu, 25 May 2023 09:39:25 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: <mid-5ea4d1a1eb68c75f43e27a0efd01b0ea-1@yy4z.in> Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: base64 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - nauj.domain.tld X-AntiAbuse: Original Domain - spam.spamcop.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - REDACTED.!! X-Get-Message-Sender-Via: nauj.domain.tld: authenticated_id: ~~~@REDACTED.!! X-Authenticated-Sender: nauj.domain.tld: ~~~@REDACTED.!! X-Source: X-Source-Args: X-Source-Dir: . Primary and original reporter of email redacted. Is there something I should be doing different now? Thanks for all your work, ~o Quote Link to comment Share on other sites More sharing options...
petzl Posted May 26, 2023 Share Posted May 26, 2023 1 hour ago, Outernaut said: Hi, I am now getting reports from SC that spam reported to SC is not sent. How I have always sent them: Recognize spam in email I view the "email source" (full text view) I select All, and Copy Open SpamCop, login Click Paste into the reporting box and hit process. Then when SC is done processing it, I add to the comment or usually just press the Send report. Done, move on to the next or logout. Now the SC message that it didn't process, and assumes I used HTML. I don't, it's pasted as "plain text". This is how I have been doing for what, 3 or 4 years now. The SC email report sent back reads: Primary and original reporter of email redacted. Is there something I should be doing different now? Thanks for all your work, ~o Pay to send a Tracking url alays at top of page before you submit Quote Link to comment Share on other sites More sharing options...
Outernaut Posted May 27, 2023 Author Share Posted May 27, 2023 2 hours ago, petzl said: Pay to send a Tracking url alays at top of page before you submit Sorry @petzl I've no idea what you mean by pay. Pay who, pay what, pay for every report, and is this a new thing about pay? The only "pay" I've seen is to pay to get rid of the delay screens. Last time I used a cheque was about 20 years ago. I haven't seen a pay gateway here. Like I stated, I never had this happen until a few days ago. And as I pointed out, the reason I was given was to use "a MIME attachment". "attachment":; this too is new to me. How much to whom using what payment plan? ~o Quote Link to comment Share on other sites More sharing options...
petzl Posted May 27, 2023 Share Posted May 27, 2023 32 minutes ago, Outernaut said: Sorry @petzl I've no idea what you mean by pay. Pay who, pay what, pay for every report, and is this a new thing about pay? The only "pay" I've seen is to pay to get rid of the delay screens. Last time I used a cheque was about 20 years ago. I haven't seen a pay gateway here. Like I stated, I never had this happen until a few days ago. And as I pointed out, the reason I was given was to use "a MIME attachment". "attachment":; this too is new to me. How much to whom using what payment plan? ~o Must be an Australian-ism as in "pay to (do something)"? Just send a tracking URL is all that's needed Quote Link to comment Share on other sites More sharing options...
ninth Posted May 27, 2023 Share Posted May 27, 2023 I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there. Quote Link to comment Share on other sites More sharing options...
Outernaut Posted May 27, 2023 Author Share Posted May 27, 2023 1 hour ago, ninth said: I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there. That's not only extra steps, it also never worked for me. What may be different, is that I use a email client, not web browser. Too, I manage the mail server the domain with issues. As for "raw" email my copy & paste email source is the same thing, only you email it. I've had those on-purpose huge 'raw' but the reporting box takes it and truncates it. There's never been a problem with those. Just recently, last few days, I paste and later a SC email arrives saying that "When forwarding spam..." I didn't forward anything. That's what I use to get when I tried email (Forwarding) to SC and failed. So the other way, copy/paste into report box, should work. I am sheepishly beginning to wonder if some changes to our anti-spam on the server (LAMP) didn't kick in a forward to SC. I will embarrassingly leave now and go check it out. Will report back when I know. ~o Quote Link to comment Share on other sites More sharing options...
petzl Posted May 27, 2023 Share Posted May 27, 2023 1 hour ago, ninth said: I send the raw message via email because it is usually too big to copy into the reporting box. The cops send me an email with a link and I log in and go from there. OK SpamCop has a maximum size limit if you have such just report the headers of that spam THEN below headers push enter twice and write "TRUNATED" Quote Link to comment Share on other sites More sharing options...
ninth Posted May 27, 2023 Share Posted May 27, 2023 40 minutes ago, Outernaut said: That's not only extra steps, it also never worked for me. What may be different, is that I use a email client, not web browser. Too, I manage the mail server the domain with issues. I use an email client and I do not manage a mail server but I ran an email helpdesk for a large operation back in the day. About when forwarding spam the cops automatically send generic error messages and they may not be specific enough to sort your problem. Quote Link to comment Share on other sites More sharing options...
ninth Posted May 27, 2023 Share Posted May 27, 2023 1 hour ago, petzl said: OK SpamCop has a maximum size limit if you have such just report the headers of that spam THEN below headers push enter twice and write "TRUNATED" If not in a hurry should I send the whole lot to be more effective? Excerpt from report: Finding links in message body Parsing HTML part Reducing redundant links redacted Resolving link obfuscation Quote Link to comment Share on other sites More sharing options...
petzl Posted May 27, 2023 Share Posted May 27, 2023 2 hours ago, ninth said: If not in a hurry should I send the whole lot to be more effective? Excerpt from report: Finding links in message body Parsing HTML part Reducing redundant links redacted Resolving link obfuscation SpamCop is not good at parsing links (it just send to IP address when it should be sent to the registrar) SpamCop is good at reporting where the email is SENT from' Headers with blank spam body and the word truncated s lines under headers Quote Link to comment Share on other sites More sharing options...
RobiBue Posted May 27, 2023 Share Posted May 27, 2023 3 hours ago, petzl said: Headers with blank spam body and the word truncated s lines under headers just a small clarification: if an email has only headers and no body, SpamCop will complain and not parse the email. if there is no body, add a blank line after the headers and a text like petzl says "tuncated [x] lines" or "email body truncated" or something else so that the parser can analyze the headers correctly. Quote Link to comment Share on other sites More sharing options...
Outernaut Posted May 27, 2023 Author Share Posted May 27, 2023 I'm going to back on this topic and ask again, 16 hours ago, petzl said: Just send a tracking URL is all that's needed I don't think you read my post (OP) correctly @petzl. I ave always been able to copy the message source, and paste it into the reporting box. If file was too big, SC asks if I want it truncated, Yes, and off it goes. NEW EVENT SC sends it back telling me to make it mime or something. I'm NOT EMAILING the source, I log into SC and paste it into the report box. So why is it email, them back to me requiring I change it and re-email it? Our ISP is second largest in Canada and dropped using their anti-spam telling everyone to put spam into the Junk box instead. So now we pay more for less that we must now do ourselves. So SC is blessing - most times. Same topic, still asking. ~o p.s. I checked the mail server. It's not mailing the reports. So, what changed at SC? Quote Link to comment Share on other sites More sharing options...
petzl Posted May 27, 2023 Share Posted May 27, 2023 1 hour ago, Outernaut said: p.s. I checked the mail server. It's not mailing the reports. So, what changed at SC? If it went down and bounced SpamCop stops sending, You need to first go to SpamCop reporting web page past your headers in box and parse Learn what is happening This is a tracking url first link it was a very long spam that SpamCop would of truncated work it out??https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z Full report of what I sent https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display Quote Link to comment Share on other sites More sharing options...
petzl Posted May 27, 2023 Share Posted May 27, 2023 (edited) 8 hours ago, RobiBue said: just a small clarification: if an email has only headers and no body, SpamCop will complain and not parse the email. if there is no body, add a blank line after the headers and a text like petzl says "tuncated [x] lines" or "email body truncated" or something else so that the parser can analyze the headers correctly. Thanks this is how it's done This is a tracking url first link it was a very long spam that SpamCop would of truncatedhttps://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z Full report of what I sent and pre-TRUNCATED very bottom of pagehttps://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display Edited May 27, 2023 by petzl Quote Link to comment Share on other sites More sharing options...
Outernaut Posted May 27, 2023 Author Share Posted May 27, 2023 2 hours ago, petzl said: If it went down and bounced SpamCop stops sending, You need to first go to SpamCop reporting web page past your headers in box and parse Learn what is happening This is a tracking url first link it was a very long spam that SpamCop would of truncated work it out??https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z Full report of what I sent https://www.spamcop.net/sc?id=z6848167086z4fd3246162889f224c7b489230c6f6f0z;action=display Thanks. I'm not explaining myself well enough or your'e missing the point. The site AFTER reporting MY way, has always worked. Until recently. The site STILL sends the report. A while later, a email from the site reports that i need to do something else. It is assuming I "forward'emails,. I don't. I already explained the process. I should also point out I am NOT using a cell phone, a smart phone not even a dumb phone. It's called a DESKTOP. I don't send any thing. I manually go to the site, manually copy & paste the '''source''' of the entire spam. I then click Send button. Done! NOTHING DIFFERENT than last week ore the lat month or last 4 or 5 years. Let's just say we both tried and forget it. I won't bother any more and just cuss the spam and click delete. ~o Quote Link to comment Share on other sites More sharing options...
ninth Posted May 28, 2023 Share Posted May 28, 2023 (edited) 4 hours ago, Outernaut said: I'm going to back on this topic and ask again, The app has a help option to contact a SC rep regarding support. If I get an operator error the forward email message is sent whether I use the app or not to report. Edited May 28, 2023 by ninth error msg Quote Link to comment Share on other sites More sharing options...
petzl Posted May 28, 2023 Share Posted May 28, 2023 1 hour ago, ninth said: The app has a help option to contact a SC rep regarding support. If I get an operator error the forward email message is sent whether I use the app or not to report. SpamCop has been left on auto mode for years noe, in it's hay-day it had plenty of volunteers to keep it up to date, not now! In you OP you explained Quote Quote Open SpamCop, login Click Paste into the reporting box and hit process. Then when SC is done processing it, I add to the comment or usually just press the Send report. Done, move on to the next or logout. Which is what I do, but now you have to check BEFORE you bother the abuse address is correct often it's not!https://tinyurl.com/2pncp5cc search for databases Go back to doing that! Quote Link to comment Share on other sites More sharing options...
Outernaut Posted May 28, 2023 Author Share Posted May 28, 2023 11 minutes ago, petzl said: SpamCop has been left on auto mode for years noe, in it's hay-day it had plenty of volunteers to keep it up to date, not now! In you OP you explained Which is what I do, but now you have to check BEFORE you bother the abuse address is correct often it's not!https://tinyurl.com/2pncp5cc search for databases Go back to doing that! I don't think we are on the same topic. The site went belly up 16-06=5-2023 according the emails I get telling I didn't "FORWARD" emailed, copy, copied to , I don't know how the Hades to explain it otherwise. I DON'T/DIDN'T/WOULDN'T Forward the spam email. There is a big difference between the SC emails I get from SpamCap about Forwarding (which - again, I am Not doing). If SpamCop has been neglected to this state where it is in need of some serious intervention, and can only report spam that goes no where, then pull it's %^$# plug! We're not getting anywhere except frustrated. Bye ~g Quote Link to comment Share on other sites More sharing options...
ninth Posted May 28, 2023 Share Posted May 28, 2023 I reported a spam email successfully yesterday just saying Quote Link to comment Share on other sites More sharing options...
RobiBue Posted May 28, 2023 Share Posted May 28, 2023 and I just reported spam, one through copy&paste, the other through e-mail submission. both work correctly. Quote Link to comment Share on other sites More sharing options...
petzl Posted May 28, 2023 Share Posted May 28, 2023 (edited) 30 minutes ago, RobiBue said: and I just reported spam, one through copy&paste, the other through e-mail submission. both work correctly. Maybe that triggers the BOT SpamCop into working correctly? Don't get much spam nowadays I kill them and those that know them! A while ago I got a scam Mobil text with website I reported site to Registrar they replied I was mistaken so I reported them to Interpol! Mystically the Registrar replied quickly after Interpol report they had taken the site down! Edited May 28, 2023 by petzl Quote Link to comment Share on other sites More sharing options...
RobiBue Posted May 28, 2023 Share Posted May 28, 2023 On 5/26/2023 at 4:05 PM, Outernaut said: Quote SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. ok, this is on my part probably a stupid assumption, but it looks like you or someone else sent an email to your submit.specialaddress@spam.spamcop.net. is it possible that when you log in to spamcop with your credentials and see if there is a Report now link and follow it, if you can cancel that report? Or what action does it currently ask you to take? The reason I am asking this, is that you shouldn't get the aforementioned message (Message forwarded in html wrapper.) when entering it in the submit spam box on the website. that would only happen if you (or someone else) forwarded it to your personal submit dot spam special email address at spam dot spamcop dot net. If someone else submitted the email to that address, then the account is compromised and you might want to reach out to Richard W (to be found here https://forum.spamcop.net/staff/) and see if he can generate you a new address. maybe reset the account as something is fishy... That's my suggestion if anything else fails. ~~~~ RobiBue Quote Link to comment Share on other sites More sharing options...
ninth Posted May 28, 2023 Share Posted May 28, 2023 1 hour ago, petzl said: A while ago I got a scam Mobil text with website I reported site to Registrar they replied I was mistaken so I reported them to Interpol! Mystically the Registrar replied quickly after Interpol report they had taken the site down! Websites are the responsibility of the hosting service not the domain name registrar and often the host will then contact the customer who owns the server to remove the website if it is involved in abuse. Abuse reports to registrars go in the bit bucket unless it relates to the registration process and they do not reply to or pass on reports. Note that giants like AWS and google host themselves. I report spam directly to a company harbouring criminals and they refuse to cooperate I send the report again with the host abuse email to get action. I try to use the online form if available with a temp email to stop getting more spam. Today I managed to fill it out the form all in japanese except the link and my email! Fingers crossed. Quote Link to comment Share on other sites More sharing options...
petzl Posted May 28, 2023 Share Posted May 28, 2023 (edited) 17 hours ago, ninth said: Websites are the responsibility of the hosting service not the domain name registrar and often the host will then contact the customer who owns the server to remove the website if it is involved in abuse. Abuse reports to registrars go in the bit bucket unless it relates to the registration process and they do not reply to or pass on reports. Note that giants like AWS and google host themselves. I report spam directly to a company harbouring criminals and they refuse to cooperate I send the report again with the host abuse email to get action. I try to use the online form if available with a temp email to stop getting more spam. Today I managed to fill it out the form all in japanese except the link and my email! Fingers crossed. Seems you are wrong. The IP won't take action on websites at the IP address. Registrars are the ones to complain to the owner/operator of website IP won't SpamCop reporting IP address's of websites is near worthless Why I send directly from my email address sometimes Edited May 29, 2023 by petzl Quote Link to comment Share on other sites More sharing options...
ninth Posted May 28, 2023 Share Posted May 28, 2023 (edited) 2 hours ago, petzl said: The IP won't take action on websites at the IP address. Registrars are the ones to complain to the owner/operator of website IP won't SpamCop reporting IP address's is worthless Why I send directly from my email address sometimes Less wrong... The IP can be blacklisted if it is sending spam and what about finding the originating IP if using a VPN? The network admin get reports for IP addresses I can report a website or content to be taken down if they agree but I need apps like spamcop to get IPs on lists. I would like to do this with the snake charmers but the cops only accept reports from emails as a source? Not once have the cops sent a report to the registrant since I have been sending in spam which has gone from one per hour to one a day if that. Apologies for going off topic Edited May 28, 2023 by ninth cont Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.