Jump to content

Nothing to Do


Wally3178

Recommended Posts

Posted

Hi,

I am relatively new to reporting spam and I am still learning; every day is a new experience.

Recently I started getting bounced emails from various sources in response to emails that I didn't send. I have been reading the forum and have learned that this is a fairly common occurrence and I should just wait out the storm. However, I have reported some of these through the automated Spamcop Reporting that operates as part of Mailwasher and Spamcop sends me email advising that my spam report has been accepted. When I navigate to the link, all the information is there plus, in red, the words 'Nothing to Do'.

What does that mean exactly? Should I stop reporting these bounces? (I have anyway, for the time being)

Thanks for taking the time to read this.

Mike Downs

13 December 2006

Posted

Let's pretend that you have a SpamCop.net Reporting Account. Login to your www.spamcop.net web page, go to Preferences. Select Full/Technical Details .. save that change ... report another one .. then actually review the parser results and see what the actual problem was. There are simply too many things that could go wrong for someone here to guess at which of them may be causing your issue.

If you see a Tracking URL, provide one or two of those so someone 'here' could actually see what's going on. We could make the assumption that a Tracking URL exists, as you say you "visit the page" .... which would also imply a SpamCop.net Reporting Account .. but ...????

Posted
If you see a Tracking URL, provide one or two of those so someone 'here' could actually see what's going on. We could make the assumption that a Tracking URL exists, as you say you "visit the page" .... which would also imply a SpamCop.net Reporting Account .. but ...????

Thanks Wazoo. I do have a reporting account and I have modified my preferences as you suggested. I'll report the next one and see what it reveals.

Mike Downs

13 December 2006

Posted

Well, I have reported several more bounces and there is still no report submitted. I must be screwing up somehow. All the non bounce spam has reports but the bounced stuff has not.

Here is the latest bounce. I have reported it and the report, when I looked at it, says 'no report submitted:

Hi. This is the qmail-send program at serv3.domainnameregistrar.com.au.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<graces[at]cassaniti.com.au>:

This address no longer accepts mail.

--- Below this line is a copy of the message.

Return-Path: <mdowns[at]bigpond.net.au>

Received: (qmail 1275 invoked from network); 13 Dec 2006 21:26:15 +1100

Received: from unknown (HELO bigpond.net.au) (122.4.21.90)

by serv3.domainnameregistrar.com.au with SMTP; 13 Dec 2006 21:26:14 +1100

Message-ID: <B105DC22.E8668BCE[at]bigpond.net.au>

Date: Wed, 13 Dec 2006 03:17:53 -0100

Reply-To: "Alejandro Anderson" <mdowns[at]bigpond.net.au>

From: "Alex Robinson" <mdowns[at]bigpond.net.au>

User-Agent: Rodriquezmail v9.8

MIME-Version: 1.0

To: <graces[at]cassaniti.com.au>

Subject: Merry Christmas to graces

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Dear graces!

Merry Christmas from Windows! Two more weeks to Christmas, Windows would love to be the first to wish you Merry Christmas and a VERY big Thank You for being our client.

Merry Christmas!

In order to express our appreciation, we have especially made a flash animation just for you.

http://ameliaweddingdress.com/MerryChristmas.html

If you have any enquiries, please do not hesitate to contact. Thank You!

Best Regards, 13/12/2006 03:17

Sales Department

mdowns[at]bigpond.net.au

Can anyone see why it fails to report? The email address mdowns[at]bigpond.net.au is mine.

Thanks again,

Mike Downs

13 December 2006

Posted
Can anyone see why it fails to report?

??? Confused .... what you tossed up as an example is the body of an e-mail ..... there is no sign of the header block of that 'bounce' .... so the answer to the question you ask based on the data you provided is that your submittal process is flawed.

Posted

??? Confused .... what you tossed up as an example is the body of an e-mail ..... there is no sign of the header block of that 'bounce' .... so the answer to the question you ask based on the data you provided is that your submittal process is flawed.

Wazoo,

You are so right, I am confused, but I'm not ready to give up just yet.

Is this right? Its the same message but with the headers, I think. The question I asked earlier remains the same:

Return-Path: <>

Received: from serv3.domainnameregistrar.com.au ([216.12.200.105])

by imta04ps.mx.bigpond.com with ESMTP

id <20061213102623.UPSP3793.imta04ps.mx.bigpond.com[at]serv3.domainnameregistrar.com.au>

for <mdowns[at]bigpond.net.au>; Wed, 13 Dec 2006 10:26:23 +0000

Received: (qmail 1284 invoked for bounce); 13 Dec 2006 21:26:18 +1100

Date: 13 Dec 2006 21:26:18 +1100

From: MAILER-DAEMON[at]serv3.domainnameregistrar.com.au

To: mdowns[at]bigpond.net.au

Subject: failure notice

Message-Id: <20061213102623.UPSP3793.imta04ps.mx.bigpond.com[at]serv3.domainnameregistrar.com.au>

Hi. This is the qmail-send program at serv3.domainnameregistrar.com.au.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<graces[at]cassaniti.com.au>:

This address no longer accepts mail.

--- Below this line is a copy of the message.

Return-Path: <mdowns[at]bigpond.net.au>

Received: (qmail 1275 invoked from network); 13 Dec 2006 21:26:15 +1100

Received: from unknown (HELO bigpond.net.au) (122.4.21.90)

by serv3.domainnameregistrar.com.au with SMTP; 13 Dec 2006 21:26:14 +1100

Message-ID: <B105DC22.E8668BCE[at]bigpond.net.au>

Date: Wed, 13 Dec 2006 03:17:53 -0100

Reply-To: "Alejandro Anderson" <mdowns[at]bigpond.net.au>

From: "Alex Robinson" <mdowns[at]bigpond.net.au>

User-Agent: Rodriquezmail v9.8

MIME-Version: 1.0

To: <graces[at]cassaniti.com.au>

Subject: Merry Christmas to graces

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Dear graces!

Merry Christmas from Windows! Two more weeks to Christmas,

Windows would love to be the first to wish you Merry Christmas and

a VERY big Thank You for being our client.

Merry Christmas!

In order to express our appreciation, we have especially made a flash

animation just for you.

http://ameliaweddingdress.com/MerryChristmas.html

If you have any enquiries, please do not hesitate to contact. Thank You!

Best Regards, 13/12/2006 03:17

Sales Department

mdowns[at]bigpond.net.au

Michael Downs

14 December 2006

Thank you sir, I have already read these but I've been back and had another look at them just in case I missed something; I've printed them out too.

Cheers,

Michael Downs

14 December 2006

Posted
Thank you sir, I have already read these but I've been back and had another look at them just in case I missed something; I've printed them out too.
Then I am a bit confused to as to why you are posting the entire spam message rather than the Tracking URL which is what we need to see to be able to answer your question as to why it is not working for you. As Wazoo stated, the posted message works just fine in the parser.

Possible issue as to how you have your MailHosts configuered but we really need the Tracking URL to speak rationally.

Posted
Then I am a bit confused to as to why you are posting the entire spam message rather than the Tracking URL which is what we need to see to be able to answer your question as to why it is not working for you. As Wazoo stated, the posted message works just fine in the parser.

Possible issue as to how you have your MailHosts configuered but we really need the Tracking URL to speak rationally.

I'm getting there, slowly.

Here is the tracking URL of the latest:

http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez

Posted

Cancelled the "live" report .. However, no sign of a "nothing to do" error.

You do have your reporting Account MailHost Configured.

However, the "only" server mentioned in the headers is the same server - mail5.servage.net .. even the Message-ID: references that same server .... the From:, the Reply-To:, the same server ... and apparently this 'is' your ISP's server ...????

The implication here is that you are trying to report an e-mail from your ISP to your ISP .... not good.

Think the 'history' behind this e-mail needs some definition for anyone here to try to make any kind of a guess as to what's going on. The only thing I can make out is that this is the "challenge" part of a Challenge/Response filter, which also has a number of FAQ, Topic, Discussion entries here .. none of them very kind ....

Posted
I'm getting there, slowly.

Here is the tracking URL of the latest:

http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez

...Thanks!

...It worked fine for me:

Report spam Filtered Email Blocking List Statistics Login
SpamCop v #612 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
[url="http://www.spamcop.net/sc?id=z1165213268z82ddc06a5d209c3339396b28c09d8e5ez"]http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez[/url]
Skip to Reports

Return-Path: &lt;root[at]mail5.servage.net&gt;
Received: from mail5.servage.net ([62.214.98.114])
          by imta09ps.mx.bigpond.com with ESMTP
          id &lt;20061213133321.VRRC11838.imta09ps.mx.bigpond.com[at]mail5.servage.net&gt;
          for &lt;x&gt;; Wed, 13 Dec 2006 13:33:21 +0000
Received: from mail5.servage.net (localhost.localdomain [127.0.0.1])
	by mail5.servage.net (Postfix) with ESMTP id 8733E1210040
	for &lt;x&gt;; Wed, 13 Dec 2006 13:33:19 +0000 (GMT)
Received: (from root[at]localhost)
	by mail5.servage.net (8.13.5/8.13.5/Submit) id kBDDWuAx019480;
	Wed, 13 Dec 2006 13:32:56 GMT
Date: Wed, 13 Dec 2006 13:32:56 GMT
Message-Id: &lt;2006___________________9480[at]mail5.servage.net&gt;
To: x
Subject: Autoreply:  Merry Christmas to info (validate info[at]hyperactiveracing.com.au)
From: Servage Antispam System &lt;antispam[at]servage.net&gt;
Reply-To: antispam[at]servage.net
User-Agent: Servage Hosting Client
Organization: Servage Hosting Customer
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0000_01C52409.C07F21F0"
X-Priority: 3
X-MSMail-Priority: Normal
Mime-Version: 1.0
X-mailer: Servage Antispam
X-MimeOLE: Produced By Antispam System

View entire message
Parsing header:
0: Received: from mail5.servage.net ([62.214.98.114]) by imta09ps.mx.bigpond.com with ESMTP id &lt;20061213133321.VRRC11838.imta09ps.mx.bigpond.com[at]mail5.servage.net&gt; for &lt;x&gt;; Wed, 13 Dec 2006 13:33:21 +0000
Hostname verified: mail5.servage.net
Bigpond Broadband Cable received mail from sending system 62.214.98.114

1: Received: from mail5.servage.net (localhost.localdomain [127.0.0.1]) by mail5.servage.net (Postfix) with ESMTP id 8733E1210040 for &lt;x&gt;; Wed, 13 Dec 2006 13:33:19 +0000 (GMT)
Internal handoff or trivial forgery

Tracking message source: 62.214.98.114:
Routing details for 62.214.98.114
[refresh/show] Cached whois for 62.214.98.114 : ssf[at]servage.com
Using last resort contacts ssf[at]servage.com
Message is 8 hours old
62.214.98.114 not listed in dnsbl.njabl.org
62.214.98.114 not listed in dnsbl.njabl.org
62.214.98.114 not listed in cbl.abuseat.org
62.214.98.114 not listed in dnsbl.sorbs.net
62.214.98.114 not listed in relays.ordb.org.
62.214.98.114 not listed in accredit.habeas.com
62.214.98.114 not listed in plus.bondedsender.org
62.214.98.114 not listed in iadb.isipp.com
Reports regarding this spam have already been sent:
   Reportid: 2062488415 To: cancelled[at]devnull.spamcop.net
If reported today, reports would be sent to:

Re: 62.214.98.114 (Bounce)

ssf[at]servage.com

Re: 62.214.98.114 (Third party interested in email source)

spamcop[at]imaphost.com
Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. HTML4 / CSS2 Firefox recommended - Policies and Disclaimers

...Anybody else have anything useful to add before we send the OP to the Deputies?

Posted

Cancelled the "live" report .. However, no sign of a "nothing to do" error.

You do have your reporting Account MailHost Configured.

However, the "only" server mentioned in the headers is the same server - mail5.servage.net .. even the Message-ID: references that same server .... the From:, the Reply-To:, the same server ... and apparently this 'is' your ISP's server ...????

The implication here is that you are trying to report an e-mail from your ISP to your ISP .... not good.

Think the 'history' behind this e-mail needs some definition for anyone here to try to make any kind of a guess as to what's going on. The only thing I can make out is that this is the "challenge" part of a Challenge/Response filter, which also has a number of FAQ, Topic, Discussion entries here .. none of them very kind ....

Wazoo,

First of all I want to thank all you guys for the time you are giving me, I appreciate it and I owe you all a beer. servage.net is definately not my ISPs server. My ISP is bigpond.net.au and their POP server is pop.bigpond.com and their SNTP is mail-hub.bigpond.com. As Bigpond is the internet arm of the Australian Government controlled Telco 'Telstra', I can't imagine them using a third party ISP as a mail host. Servage is an Australian ISP and I would think that they are probably a Telstra customer as Telstra owns all the bandwidth in this country - a little different to the way you guys operate.

Cheers and thanks again,

Michael Downs

14 December 2006

Posted

OK, I screwed up .. one of those too-many-windows-opened-up, on-the-phone, and eyes-a-bit-glazed-over .. second look, after your BigPond remarks ... I admit, I lied in my last .. there is in fact that proper Received: line at the top ... the MailHost version of the parser noted and passed that server .. so the result was in fact the servage target ISP.

Unfortunately, that would seem to bring us back to why the parser looks OK when I hit it (and Steven hit it) .. but you say you get a "nthing to do" error .. and on that, I admit to being a bit lost.

Though I do still stand on this being a perfect example of why the Challenge/Response concept sucks.

Posted

servage.net is definately not my ISPs server.

But by the Tracking URL you provided, it is saying that the source of this bounce (the ISP that is bouncing to the forged return address) is servage.net. IU also do not see a "Nothing to do" error but see the same as Steve posted.
Posted

But by the Tracking URL you provided, it is saying that the source of this bounce (the ISP that is bouncing to the forged return address) is servage.net. IU also do not see a "Nothing to do" error but see the same as Steve posted.

My head is spinning.

If anyone has access to my spamcop account and can look at my past reports, there are heaps of 'Nothing to do'.

I shall report the next bounce I get and then post the Tracking URL here for you all to look at.

Somthing Wazoo said earlier about my Mailhosts setup had me wondering if he was right about a wrong setup and I've had a look. The mailhosts seem to change and the one setup in Spamcop is not always the same as the ones used in the emails that arrive through Bigpond. I've tried to setup another host address with no luck so far; I'm getting emails telling me that the header information has been altered on the message from the Robot.

Michael Downs

14 December 2006

Posted

Well now - to put in my tuppenceworth - as mentioned several times already elsewhere (these forums - Nothing to do "spam" - and SC NGs) - every time I try to report a bounce I get the "nothing to do" message also. I asked in NGs (and received no response), has anyone actually (successfully) reported a bounce? This may be an artifact of reporting from an account with mailhosts set up. Next time I get one (they're few and far between for me so far, knock on wood that it might remain so) I shall try tests in both mailhosted and non. Unless someone "upstairs" already knows the answers and shares them before then.

Posted
My head is spinning.

I shall report the next bounce I get and then post the Tracking URL here for you all to look at.

Actually, at this point in time, I looks like the Tracking URL will not help much. What we need is a copy and pasted copy of the technical details of the parse as you see it when you parse the message that contains the entry "Nothing to do"

Be sure that show technical details is on and paste a complete copy of the results here and maybe some one can help.

Posted

Actually, at this point in time, I looks like the Tracking URL will not help much. What we need is a copy and pasted copy of the technical details of the parse as you see it when you parse the message that contains the entry "Nothing to do"

Be sure that show technical details is on and paste a complete copy of the results here and maybe some one can help.

I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch!

I see two reports, one has the Tracking URL at the top of the page and it is reproduced here now:

Return-Path: <>

Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com

with ESMTP

id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au>

for <x>; Thu, 14 Dec 2006 07:11:00 +0000

Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100

Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st

(clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st.

Clear:RC:1(203.129.137.230):.

Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000

Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230)

by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100

Date: Thu, 14 Dec 2006 18:10:44 +1100

From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au>

Message-Id: <2006_____________8537[at]mx1.tac.com.au>

To: <x>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

boundary="GWT18537.1166054400/mx1.tac.com.au"

Subject: Returned mail: User unknown

Auto-Submitted: auto-generated (failure)View entire message

Parsing header:

0: Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com with ESMTP id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au> for <x>; Thu, 14 Dec 2006 07:11:00 +0000

Hostname verified: link.tac.com.au

Bigpond Broadband Cable received mail from sending system 72.18.195.90

1: Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(203.129.137.230):. Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000

No unique hostname found for source: 203.129.137.230

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

Tracking message source: 72.18.195.90:

Routing details for 72.18.195.90

[refresh/show] Cached whois for 72.18.195.90 : noc[at]premianet.com

Using abuse net on noc[at]premianet.com

abuse net premianet.com = support[at]premianet.com, abuse[at]aplushosting.com

Using best contacts support[at]premianet.com abuse[at]aplushosting.com

Yum, this spam is fresh!

Message is 1 hours old

72.18.195.90 not listed in dnsbl.njabl.org

72.18.195.90 not listed in dnsbl.njabl.org

72.18.195.90 not listed in cbl.abuseat.org

72.18.195.90 not listed in dnsbl.sorbs.net

72.18.195.90 not listed in relays.ordb.org.

72.18.195.90 not listed in accredit.habeas.com

72.18.195.90 not listed in plus.bondedsender.org

72.18.195.90 not listed in iadb.isipp.com

Nothing to do.

The Other screen becomes apparant when I go into view entire message:

Return-Path: <>

Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com

with ESMTP

id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au>

for <mdowns[at]bigpond.net.au>; Thu, 14 Dec 2006 07:11:00 +0000

Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100

Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st

(clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st.

Clear:RC:1(203.129.137.230):.

Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000

Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230)

by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100

Date: Thu, 14 Dec 2006 18:10:44 +1100

From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au>

Message-Id: <200612141810.GWT18537[at]mx1.tac.com.au>

To: <mdowns[at]bigpond.net.au>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

boundary="GWT18537.1166054400/mx1.tac.com.au"

Subject: Returned mail: User unknown

Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--GWT18537.1166054400/mx1.tac.com.au

The original message was received at Thu, 14 Dec 2006 18:10:44 +1100

from 209.31.123.18

----- The following addresses had permanent fatal errors -----

<joyho[at]tac.com.au>

(expanded from: <joyho[at]tac.com.au>)

----- Transcript of session follows -----

mail.local: unknown name: joyho

550 <joyho[at]tac.com.au>... User unknown

--GWT18537.1166054400/mx1.tac.com.au

Content-Type: message/delivery-status

Reporting-MTA: dns; mx1.tac.com.au

Received-From-MTA: DNS; 209.31.123.18

Arrival-Date: Thu, 14 Dec 2006 18:10:44 +1100

Final-Recipient: RFC822; <joyho[at]tac.com.au>

X-Actual-Recipient: RFC822; joyho[at]tac.com.au

Action: failed

Status: 5.1.1

Last-Attempt-Date: Thu, 14 Dec 2006 18:10:44 +1100

--GWT18537.1166054400/mx1.tac.com.au

Content-Type: message/rfc822

Return-Path: <mdowns[at]bigpond.net.au>

Received: (qmail 5873 invoked by uid 511); 14 Dec 2006 02:50:39 +1100

Received: from 209.31.123.18 by link.tac.com.au (envelope-from <mdowns[at]bigpond.net.au>, uid 511) with qmail-scanner-2.01st

(clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st.

Clear:RC:1(209.31.123.18):.

Processed in 0.029919 secs); 13 Dec 2006 15:50:39 -0000

Received: from summer.tac.com.au (209.31.123.18)

by link.tac.com.au with SMTP; 14 Dec 2006 02:50:39 +1100

Received: (qmail 32065 invoked by uid 89); 13 Dec 2006 15:48:11 -0000

Received: by simscan 1.2.0 ppid: 31992, pid: 32036, t: 2.0710s

scanners: attach: 1.2.0 clamav: 0.88.4/m:41/d:2272 spam: 3.0.6

Received: from unknown (HELO bigpond.net.au) (122.4.21.239)

by 0 with SMTP; 13 Dec 2006 15:48:09 -0000

Received-SPF: none (0: domain at bigpond.net.au does not designate permitted sender hosts)

Message-ID: <29BB6BF1.BA9DEF09[at]bigpond.net.au>

Date: Wed, 13 Dec 2006 14:31:10 +0500

From: "Arturo Thomas" <mdowns[at]bigpond.net.au>

User-Agent: Opera/7.11 (Linux 2.4.20-4GB i586; U) [en]

X-Accept-Language: en-us

MIME-Version: 1.0

To: <joyho[at]tac.com.au>

Subject: Merry Christmas to joyho

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

X-spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on summer.tac.com.au

X-spam-Level:

X-spam-Status: No, score=0.3 required=5.0 tests=DATE_IN_PAST_06_12

autolearn=no version=3.0.6

Dear joyho!

Merry Christmas from Windows! Two more weeks to Christmas,

Windows would love to be the first to wish you Merry Christmas and

a VERY big Thank You for being our client.

Merry Christmas!

In order to express our appreciation, we have especially made a flash

animation just for you.

http://superbiofinish.com/MerryChristmas.html

If you have any enquiries, please do not hesitate to contact. Thank You!

Best Regards, 13/12/2006 14:31

Sales Department

mdowns[at]bigpond.net.au

--GWT18537.1166054400/mx1.tac.com.au--

I hope I am in the ball park with at least one of these.

Michael Downs

14 December 2006

Posted
Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

It looks to me that your mailhost configuration isn't set up correctly. The parser appears to be giving up processing as a result and, therefore, not offering any action.

Andrew

Posted

I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch!

I see two reports, one has the Tracking URL at the top of the page and it is reproduced here now:

Return-Path: <>

Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com

with ESMTP

id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au>

for <x>; Thu, 14 Dec 2006 07:11:00 +0000

Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100

Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st

(clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st.

Clear:RC:1(203.129.137.230):.

Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000

Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230)

by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100

Date: Thu, 14 Dec 2006 18:10:44 +1100

From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au>

Message-Id: <2006_____________8537[at]mx1.tac.com.au>

To: <x>

Snipped remaining quote

This first quote is exactly what I was asking for and has technical details turned on. It is only missing the Tracking URL that you mentioned.

The second quote, which is what you got when you viewed entire message was also helpful, thanks for posting it.

I am afraid that I am a bit confused as when I parse the message it works fine. See the following tracking URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz

Note: my parse was done with an account without any MailHosts set up.

If you have any enquiries, please do not hesitate to contact. Thank You!

Best Regards, 13/12/2006 14:31

Sales Department

mdowns[at]bigpond.net.au

Have you looked at the signature at the bottom of the original message?

It looks to me like you are trying to report a bounce of a message that seems to have come from Sales Department: mdowns[at]bigpond.net.au which I believe is your ISP

Maybe someone better qualified will see something different.

As to your question:

I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch!
See: http://forum.spamcop.net/scwik/SeeTechnicalDetails
Posted

The following is what I currently get when clicking on the Following URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz

Snipped the beginning part of the parse as the If reported today part is what interests me

Reports regarding this spam have already been sent:

Reportid: 2063338619 To: cancelled[at]devnull.spamcop.net

If reported today, reports would be sent to:

Re: 72.18.195.90 (Bounce)

abuse[at]aplushosting.com

support[at]premianet.com

Re: 72.18.195.90 (Third party interested in email source)

spamcop[at]imaphost.com

When you click on it, what do you get?
Posted
I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch!

<snip>

  • Log in to your reporting account at http://www.spamcop.net/
  • Click the option box labeled "Show technical details" so that the box contains a check mark
  • Submit a spam through the web form

...Once you have completed these steps, "technical details" will be included in the parse results. To stop them from being included, repeat the steps above with the only change being that clicking the option box labeled "Show technical details" will cause the check mark to be removed from the box.

...If you are having problems with the Mailhosts configuration, please read the SpamCop Forum article labeled "Pinned: Mailhost Issues - please read before posting" which you'll find in the "Important Topics" section of the main page of the Mailhost Configuration of your Reporting Account.

...Good luck!

Posted
The following is what I currently get when clicking on the Following URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz

When you click on it, what do you get?

Here is that one when I parse it - http://www.spamcop.net/sc?id=z1166098122z7...bbcdce65fb53b9z (Nothing to do). This is using non-mailhosted account. It is a MOLE account. I guess some possibilities are thusly eliminated but I have no clue what the answer might be.

I said in another post no tracking URL for nothing to do cases - obviously I was wrong, sorry to spread confusion,

Posted
Here is that one when I parse it - http://www.spamcop.net/sc?id=z1166098122z7...bbcdce65fb53b9z (Nothing to do). This is using non-mailhosted account. It is a MOLE account. I guess some possibilities are thusly eliminated but I have no clue what the answer might be.

Yet more confusion offered ..... I cancelled your live report .... what I saw included;

Report spam to:
Re: 72.18.195.90 (Bounce)
   To: abuse[at]aplushosting.com (Notes)
   To: support[at]premianet.com (Notes)

Re: 72.18.195.90 (Third party interested in email source)
   To: Cyveillance spam collection (Notes)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...