Questions about Mailhost setup

[jccviking]

Hi All,

I used spamcop many years ago but have forgotten all I once new.  I just attempted to set up a Mailhost and I did receive the three "Account Configuration Emails".  I followed the instructions using the "Paste entire intact email" method.  Everything seemed to work with this part. The Mailhost name now says "antispamcloud.com" which is SpamExperts.  But the Hosts/Domains dropdown has a gazillion List Items and I have no idea which one to choose.  None of them match my MX records.  I pinged "mx.spamexperts.com" (one of my MX records) and then picked the corresponding "Relaying IPsv4" option from the dropdown list.  I also pinged for an IPV6 address but got a "could not find" message.

Anyway, it should be clear that I really don't know what I'm doing here and would appreciate any help you can offer.

Thanks in advance,

JCC

 

[ninth]

9 hours ago, jccviking said:

But the Hosts/Domains dropdown has a gazillion List Items and I have no idea which one to choose.

Could you post this list while we wait for an expert to come along and explain what's changed?

[jccviking]

Thanks for the response ninth.

I don't know what value this holds but, here's the list of  Hosts/Domains spamcop offers for my email address:

1. mx97.antispamcloud.com
2. mx277.antispamcloud.com
3. mx53.antispamcloud.com
4. mx110.antispamcloud.com
5. exchange.spipipe.com
6. 2a00:b980:3:0:0:523a:35db
7. mx4.antispamcloud.com
8. mx303.antispamcloud.com
9. mx281.antispamcloud.com
10. mx108.antispamcloud.com
11. ldex1-mail1.ufi.net.uk
12. mx7.antispamcloud.com
13. 2a00:b980:2:0:0:0:0:234
14. mx17.antispamcloud.com
15. tcoxdoveback01.telecable.es
16. mx76.antispamcloud.com
17. mx100.antispamcloud.com
18. ksp810-mta1.ufi.net.uk
19. mtaroutes.com
20. mx269.antispamcloud.com
21. mx214.antispamcloud.com
22. mx166.antispamcloud.com
23. mx85.antispamcloud.com
24. mx208.antispamcloud.com
25. mx11.antispamcloud.com
26. mx143.antispamcloud.com
27. ksp810-mailbox1.ufi.net.uk
28. uk.fi.net.uk
29. mx126.antispamcloud.com
30. delivery.mtaroutes.com
31. 2a00:b981:2::4">2a00:b981:2::4
32. out4-200.antispamcloucom
33. mx72.antispamcloud.com
34. infosphere.spheron1.cuk
35. ksp810-mail1.uk.fi.net.uk
36. mx103.antispamcloud.com
37. mx283.antispamcloud.com
38. tcoxpostfixin01.telecable.es
39. mx22.antispamcloud.com
40. delivery.antispamcloud.com
41. mx59.antispamcloud.com
42. mx68.antispamcloud.com
43. mx116.antispamcloud.com
44. mx117.antispamcloud.com
45. mx168.antispamcloud.com
46. telecable.es
47. 2a00:b980:2:3:0:0:523a:35db
48. mx27.antispamcloud.com
49. antispamcloud.com
50. mx2.antispamcloud.com
51. ccs14-mail1.uk.fi.net.uk
52. mx10.antispamcloud.com
53. ldex1-mail1-alt.uk.fi.net.uk
54. mx218.antispamcloud.com
55. mx20.freethought-internet.co.uk
56. mx311.antispamcloud.com
57. mx9.antispamcloud.com

Thanks,

JCC

 

[RobiBue]

ok, I'm no xprt on mailhosts since I don't use them anyway, but do you have one of those on your list that matches one in your Received: lines when you look at the raw email headers? go from the top down and use the email that you received from SC... that's at least what I would do ...
edit: from top down meaning the Received: lines, not the list

HTH

Edited November 5, 2023 by RobiBue

[jccviking]

Hi RobiBue,

Thanks for the suggestion.

Full disclosure, I'm not really clear on what the Mailhost configuration does.  The help blurb said is it's to "Minimize self-reporting accidents by identifying your e-mail host(s) to the Parser."

In any case, per your suggestion, I examined the header from the SpamCop messages and did, indeed, find a match.  In the capture below, the second "Received: from" block says "by mx277.antispamcloud.com" which was in the list.  I selected it.

However, I looked at the headers from all emails I've received from SpamCop thus far and the second "Received: from" is different on every one.  But, the first "Received: from" block is the same on every one.  Granted, the sampling is pretty small (five emails thus far).  While "out8.antispamcloud.com" is NOT among the items in the Host/Domains: dropdown, the IP address IS among those in "Relaying IPsv4:" so I selected it.

Again, I really don't know what I'm doing but, a little more documentation from SpamCop would certainly be helpful.

JCC

************************************

Return-Path: <noreply@forum.spamcop.net>
Received: from out8.antispamcloud.com (out8.antispamcloud.com [46.165.223.16]) by SM14.internetmailserver.net with SMTP
    (version=TLS\Tls12
    cipher=Aes256 bits=256);
   Sun, 5 Nov 2023 12:15:13 -0800
Received: from ec2-3-89-228-223.compute-1.amazonaws.com ([3.89.228.223] helo=ip-172-31-12-230.ec2.internal)
    by mx277.antispamcloud.com with esmtp (Exim 4.92)
    (envelope-from <noreply@forum.spamcop.net>)
    id 1qzjWT-00ClR1-9O
    for ****; Sun, 05 Nov 2023 21:15:10 +0100
Received: from localhost (localhost [127.0.0.1])
    by ip-172-31-12-230.ec2.internal (Postfix) with ESMTP id DF7709ACC42
    for <****>; Sun,  5 Nov 2023 19:55:36 +0000 (UTC)
 

 

[RobiBue]

I wish I could help you there, as I have really no idea how it works or is supposed to work (well, I do have an idea on the latter, but not specifics.)

anyhoo, that said, I noticed in your list a plain antispamcloud.com (49.) which puts me to thinking if that's a catch-all of your possible MXs... just thinking out loud here... hoping that an expert in this matter could chime in soon...

[jccviking]

Thanks RobiBue, for your attentiveness.

I guess, as you say, I just need to cool my heels until an expert chimes in.

JCC

[ninth]

Nobody home but us chickens...you could try to register your email account to report individual spam or are there too many of the suckers?

[jccviking]

Hi ninth,

I decided to discontinue my use of SpamExperts (lots of reasons) and switched my MX records back to hosting service.  Same scenario though when I registered my regular host as a Mailhost:  Lots of values in the "Hosts/Domains" and "Relaying IPsv4" dropdowns and no idea which one to pick.

There are multiple accounts with my my own domain but, the all use the same host so, I don't think I need to add individual Mailhost records for them.

I also have a Gmail account and an iCloud account.  The Gmail account added ok (except for the usual "lots of values in the dropdowns") but I got errors when I pasted the "confirmation" emails for iCloud.  On the error page, SpamCop presented a "now go here" URL but, it was a bad link.

I get the sense SpamCop has been neglected for a while.  Wonder why?

[RobiBue]

SpamCop has been around for decades (2½ IIRC) and at the beginning, along with n.a.n.a.e and the different abuse desks at the serious ISPs it was a delight when spammers would face either whacking with a clue-by-four or even charged criminally in court, but now providers don't take it seriously anymore, probably due to the lack of manpower and the increased automatization of their systems. besides, since CISCO took over, their main cyber product is talos which takes preference and SC is only a minor side-toy (at least that's the way I see it) that allows users to report spam (if it helps, good, if it doesn't, not much lost) to propagate abusing MXs into blocklists
If someone with more knowledge behind the scenes would like to correct my stance I would greatly appreciate it if I'm wrong, but with an explanation

Every now and then SC does get an "update"  but a lot, as you say, has been neglected...

[jccviking]

Thanks for your astute insights RobiBue.

Here's the full story as to why I returned to SpamCop after many years.  A couple of weeks a go, my email started getting rejected by three different recipients.  I chased my tail for a while because emails sent from one account were getting rejected and those sent from another (same domain) were not.  Turns out, my hosting service uses two gateways to send my email and the selection is based on load.  One of those gateways had been flagged as a bad guy so sometimes an email would get through and sometimes not (depending on which gateway sent it).  But it would take two full days for me to receive the Undelivered Notice.  It took me way too long to figure out what was wrong.

My hosting company says their gateway was wrongly flagged and also said disparaging things about CloudMark (the company that did the flagging).  During the conversation, they mentioned that SpamCop was one of the good guys.  That's what prompted me to again start reporting spam to SpamCop.

So, to quote the late great Paul Harvey: Now you know [insert pause] the rest of the story.

[ninth]

On 11/9/2023 at 7:54 AM, jccviking said:

I get the sense SpamCop has been neglected for a while.  Wonder why?

The numbers don't lie:

Spamcop Statistics
Average spam: 1.2 per second, Max spam: 5.7 per second, Total reported (last 24 hours): 104502

[jccviking]

Yup.