Wally3178 Posted December 13, 2006 Posted December 13, 2006 Hi, I am relatively new to reporting spam and I am still learning; every day is a new experience. Recently I started getting bounced emails from various sources in response to emails that I didn't send. I have been reading the forum and have learned that this is a fairly common occurrence and I should just wait out the storm. However, I have reported some of these through the automated Spamcop Reporting that operates as part of Mailwasher and Spamcop sends me email advising that my spam report has been accepted. When I navigate to the link, all the information is there plus, in red, the words 'Nothing to Do'. What does that mean exactly? Should I stop reporting these bounces? (I have anyway, for the time being) Thanks for taking the time to read this. Mike Downs 13 December 2006
Wazoo Posted December 13, 2006 Posted December 13, 2006 Let's pretend that you have a SpamCop.net Reporting Account. Login to your www.spamcop.net web page, go to Preferences. Select Full/Technical Details .. save that change ... report another one .. then actually review the parser results and see what the actual problem was. There are simply too many things that could go wrong for someone here to guess at which of them may be causing your issue. If you see a Tracking URL, provide one or two of those so someone 'here' could actually see what's going on. We could make the assumption that a Tracking URL exists, as you say you "visit the page" .... which would also imply a SpamCop.net Reporting Account .. but ...????
Wally3178 Posted December 13, 2006 Author Posted December 13, 2006 If you see a Tracking URL, provide one or two of those so someone 'here' could actually see what's going on. We could make the assumption that a Tracking URL exists, as you say you "visit the page" .... which would also imply a SpamCop.net Reporting Account .. but ...???? Thanks Wazoo. I do have a reporting account and I have modified my preferences as you suggested. I'll report the next one and see what it reveals. Mike Downs 13 December 2006
Wally3178 Posted December 13, 2006 Author Posted December 13, 2006 Well, I have reported several more bounces and there is still no report submitted. I must be screwing up somehow. All the non bounce spam has reports but the bounced stuff has not. Here is the latest bounce. I have reported it and the report, when I looked at it, says 'no report submitted: Hi. This is the qmail-send program at serv3.domainnameregistrar.com.au. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <graces[at]cassaniti.com.au>: This address no longer accepts mail. --- Below this line is a copy of the message. Return-Path: <mdowns[at]bigpond.net.au> Received: (qmail 1275 invoked from network); 13 Dec 2006 21:26:15 +1100 Received: from unknown (HELO bigpond.net.au) (122.4.21.90) by serv3.domainnameregistrar.com.au with SMTP; 13 Dec 2006 21:26:14 +1100 Message-ID: <B105DC22.E8668BCE[at]bigpond.net.au> Date: Wed, 13 Dec 2006 03:17:53 -0100 Reply-To: "Alejandro Anderson" <mdowns[at]bigpond.net.au> From: "Alex Robinson" <mdowns[at]bigpond.net.au> User-Agent: Rodriquezmail v9.8 MIME-Version: 1.0 To: <graces[at]cassaniti.com.au> Subject: Merry Christmas to graces Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear graces! Merry Christmas from Windows! Two more weeks to Christmas, Windows would love to be the first to wish you Merry Christmas and a VERY big Thank You for being our client. Merry Christmas! In order to express our appreciation, we have especially made a flash animation just for you. http://ameliaweddingdress.com/MerryChristmas.html If you have any enquiries, please do not hesitate to contact. Thank You! Best Regards, 13/12/2006 03:17 Sales Department mdowns[at]bigpond.net.au Can anyone see why it fails to report? The email address mdowns[at]bigpond.net.au is mine. Thanks again, Mike Downs 13 December 2006
Wazoo Posted December 13, 2006 Posted December 13, 2006 Can anyone see why it fails to report? ??? Confused .... what you tossed up as an example is the body of an e-mail ..... there is no sign of the header block of that 'bounce' .... so the answer to the question you ask based on the data you provided is that your submittal process is flawed.
dbiel Posted December 13, 2006 Posted December 13, 2006 You may want to review the following: http://forum.spamcop.net/scwik/HowToUseReporting http://forum.spamcop.net/scwik/TrackingURL
Wally3178 Posted December 13, 2006 Author Posted December 13, 2006 ??? Confused .... what you tossed up as an example is the body of an e-mail ..... there is no sign of the header block of that 'bounce' .... so the answer to the question you ask based on the data you provided is that your submittal process is flawed. Wazoo, You are so right, I am confused, but I'm not ready to give up just yet. Is this right? Its the same message but with the headers, I think. The question I asked earlier remains the same: Return-Path: <> Received: from serv3.domainnameregistrar.com.au ([216.12.200.105]) by imta04ps.mx.bigpond.com with ESMTP id <20061213102623.UPSP3793.imta04ps.mx.bigpond.com[at]serv3.domainnameregistrar.com.au> for <mdowns[at]bigpond.net.au>; Wed, 13 Dec 2006 10:26:23 +0000 Received: (qmail 1284 invoked for bounce); 13 Dec 2006 21:26:18 +1100 Date: 13 Dec 2006 21:26:18 +1100 From: MAILER-DAEMON[at]serv3.domainnameregistrar.com.au To: mdowns[at]bigpond.net.au Subject: failure notice Message-Id: <20061213102623.UPSP3793.imta04ps.mx.bigpond.com[at]serv3.domainnameregistrar.com.au> Hi. This is the qmail-send program at serv3.domainnameregistrar.com.au. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <graces[at]cassaniti.com.au>: This address no longer accepts mail. --- Below this line is a copy of the message. Return-Path: <mdowns[at]bigpond.net.au> Received: (qmail 1275 invoked from network); 13 Dec 2006 21:26:15 +1100 Received: from unknown (HELO bigpond.net.au) (122.4.21.90) by serv3.domainnameregistrar.com.au with SMTP; 13 Dec 2006 21:26:14 +1100 Message-ID: <B105DC22.E8668BCE[at]bigpond.net.au> Date: Wed, 13 Dec 2006 03:17:53 -0100 Reply-To: "Alejandro Anderson" <mdowns[at]bigpond.net.au> From: "Alex Robinson" <mdowns[at]bigpond.net.au> User-Agent: Rodriquezmail v9.8 MIME-Version: 1.0 To: <graces[at]cassaniti.com.au> Subject: Merry Christmas to graces Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear graces! Merry Christmas from Windows! Two more weeks to Christmas, Windows would love to be the first to wish you Merry Christmas and a VERY big Thank You for being our client. Merry Christmas! In order to express our appreciation, we have especially made a flash animation just for you. http://ameliaweddingdress.com/MerryChristmas.html If you have any enquiries, please do not hesitate to contact. Thank You! Best Regards, 13/12/2006 03:17 Sales Department mdowns[at]bigpond.net.au Michael Downs 14 December 2006 You may want to review the following: http://forum.spamcop.net/scwik/HowToUseReporting http://forum.spamcop.net/scwik/TrackingURL Thank you sir, I have already read these but I've been back and had another look at them just in case I missed something; I've printed them out too. Cheers, Michael Downs 14 December 2006
Wazoo Posted December 13, 2006 Posted December 13, 2006 parsed just fine for me at http://www.spamcop.net/sc?id=z1165211560z8...f3409b22d16f28z
dbiel Posted December 13, 2006 Posted December 13, 2006 Thank you sir, I have already read these but I've been back and had another look at them just in case I missed something; I've printed them out too.Then I am a bit confused to as to why you are posting the entire spam message rather than the Tracking URL which is what we need to see to be able to answer your question as to why it is not working for you. As Wazoo stated, the posted message works just fine in the parser. Possible issue as to how you have your MailHosts configuered but we really need the Tracking URL to speak rationally.
Wally3178 Posted December 13, 2006 Author Posted December 13, 2006 Then I am a bit confused to as to why you are posting the entire spam message rather than the Tracking URL which is what we need to see to be able to answer your question as to why it is not working for you. As Wazoo stated, the posted message works just fine in the parser. Possible issue as to how you have your MailHosts configuered but we really need the Tracking URL to speak rationally. I'm getting there, slowly. Here is the tracking URL of the latest: http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez
Wazoo Posted December 13, 2006 Posted December 13, 2006 http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez Cancelled the "live" report .. However, no sign of a "nothing to do" error. You do have your reporting Account MailHost Configured. However, the "only" server mentioned in the headers is the same server - mail5.servage.net .. even the Message-ID: references that same server .... the From:, the Reply-To:, the same server ... and apparently this 'is' your ISP's server ...???? The implication here is that you are trying to report an e-mail from your ISP to your ISP .... not good. Think the 'history' behind this e-mail needs some definition for anyone here to try to make any kind of a guess as to what's going on. The only thing I can make out is that this is the "challenge" part of a Challenge/Response filter, which also has a number of FAQ, Topic, Discussion entries here .. none of them very kind ....
turetzsr Posted December 13, 2006 Posted December 13, 2006 I'm getting there, slowly. Here is the tracking URL of the latest: http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez ...Thanks! ...It worked fine for me: Report spam Filtered Email Blocking List Statistics Login SpamCop v #612 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: [url="http://www.spamcop.net/sc?id=z1165213268z82ddc06a5d209c3339396b28c09d8e5ez"]http://www.spamcop.net/sc?id=z1165213268z8...396b28c09d8e5ez[/url] Skip to Reports Return-Path: <root[at]mail5.servage.net> Received: from mail5.servage.net ([62.214.98.114]) by imta09ps.mx.bigpond.com with ESMTP id <20061213133321.VRRC11838.imta09ps.mx.bigpond.com[at]mail5.servage.net> for <x>; Wed, 13 Dec 2006 13:33:21 +0000 Received: from mail5.servage.net (localhost.localdomain [127.0.0.1]) by mail5.servage.net (Postfix) with ESMTP id 8733E1210040 for <x>; Wed, 13 Dec 2006 13:33:19 +0000 (GMT) Received: (from root[at]localhost) by mail5.servage.net (8.13.5/8.13.5/Submit) id kBDDWuAx019480; Wed, 13 Dec 2006 13:32:56 GMT Date: Wed, 13 Dec 2006 13:32:56 GMT Message-Id: <2006___________________9480[at]mail5.servage.net> To: x Subject: Autoreply: Merry Christmas to info (validate info[at]hyperactiveracing.com.au) From: Servage Antispam System <antispam[at]servage.net> Reply-To: antispam[at]servage.net User-Agent: Servage Hosting Client Organization: Servage Hosting Customer Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_01C52409.C07F21F0" X-Priority: 3 X-MSMail-Priority: Normal Mime-Version: 1.0 X-mailer: Servage Antispam X-MimeOLE: Produced By Antispam System View entire message Parsing header: 0: Received: from mail5.servage.net ([62.214.98.114]) by imta09ps.mx.bigpond.com with ESMTP id <20061213133321.VRRC11838.imta09ps.mx.bigpond.com[at]mail5.servage.net> for <x>; Wed, 13 Dec 2006 13:33:21 +0000 Hostname verified: mail5.servage.net Bigpond Broadband Cable received mail from sending system 62.214.98.114 1: Received: from mail5.servage.net (localhost.localdomain [127.0.0.1]) by mail5.servage.net (Postfix) with ESMTP id 8733E1210040 for <x>; Wed, 13 Dec 2006 13:33:19 +0000 (GMT) Internal handoff or trivial forgery Tracking message source: 62.214.98.114: Routing details for 62.214.98.114 [refresh/show] Cached whois for 62.214.98.114 : ssf[at]servage.com Using last resort contacts ssf[at]servage.com Message is 8 hours old 62.214.98.114 not listed in dnsbl.njabl.org 62.214.98.114 not listed in dnsbl.njabl.org 62.214.98.114 not listed in cbl.abuseat.org 62.214.98.114 not listed in dnsbl.sorbs.net 62.214.98.114 not listed in relays.ordb.org. 62.214.98.114 not listed in accredit.habeas.com 62.214.98.114 not listed in plus.bondedsender.org 62.214.98.114 not listed in iadb.isipp.com Reports regarding this spam have already been sent: Reportid: 2062488415 To: cancelled[at]devnull.spamcop.net If reported today, reports would be sent to: Re: 62.214.98.114 (Bounce) ssf[at]servage.com Re: 62.214.98.114 (Third party interested in email source) spamcop[at]imaphost.com Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. HTML4 / CSS2 Firefox recommended - Policies and Disclaimers ...Anybody else have anything useful to add before we send the OP to the Deputies?
Wally3178 Posted December 13, 2006 Author Posted December 13, 2006 Cancelled the "live" report .. However, no sign of a "nothing to do" error. You do have your reporting Account MailHost Configured. However, the "only" server mentioned in the headers is the same server - mail5.servage.net .. even the Message-ID: references that same server .... the From:, the Reply-To:, the same server ... and apparently this 'is' your ISP's server ...???? The implication here is that you are trying to report an e-mail from your ISP to your ISP .... not good. Think the 'history' behind this e-mail needs some definition for anyone here to try to make any kind of a guess as to what's going on. The only thing I can make out is that this is the "challenge" part of a Challenge/Response filter, which also has a number of FAQ, Topic, Discussion entries here .. none of them very kind .... Wazoo, First of all I want to thank all you guys for the time you are giving me, I appreciate it and I owe you all a beer. servage.net is definately not my ISPs server. My ISP is bigpond.net.au and their POP server is pop.bigpond.com and their SNTP is mail-hub.bigpond.com. As Bigpond is the internet arm of the Australian Government controlled Telco 'Telstra', I can't imagine them using a third party ISP as a mail host. Servage is an Australian ISP and I would think that they are probably a Telstra customer as Telstra owns all the bandwidth in this country - a little different to the way you guys operate. Cheers and thanks again, Michael Downs 14 December 2006
Wazoo Posted December 13, 2006 Posted December 13, 2006 OK, I screwed up .. one of those too-many-windows-opened-up, on-the-phone, and eyes-a-bit-glazed-over .. second look, after your BigPond remarks ... I admit, I lied in my last .. there is in fact that proper Received: line at the top ... the MailHost version of the parser noted and passed that server .. so the result was in fact the servage target ISP. Unfortunately, that would seem to bring us back to why the parser looks OK when I hit it (and Steven hit it) .. but you say you get a "nthing to do" error .. and on that, I admit to being a bit lost. Though I do still stand on this being a perfect example of why the Challenge/Response concept sucks.
StevenUnderwood Posted December 14, 2006 Posted December 14, 2006 servage.net is definately not my ISPs server.But by the Tracking URL you provided, it is saying that the source of this bounce (the ISP that is bouncing to the forged return address) is servage.net. IU also do not see a "Nothing to do" error but see the same as Steve posted.
Wally3178 Posted December 14, 2006 Author Posted December 14, 2006 But by the Tracking URL you provided, it is saying that the source of this bounce (the ISP that is bouncing to the forged return address) is servage.net. IU also do not see a "Nothing to do" error but see the same as Steve posted. My head is spinning. If anyone has access to my spamcop account and can look at my past reports, there are heaps of 'Nothing to do'. I shall report the next bounce I get and then post the Tracking URL here for you all to look at. Somthing Wazoo said earlier about my Mailhosts setup had me wondering if he was right about a wrong setup and I've had a look. The mailhosts seem to change and the one setup in Spamcop is not always the same as the ones used in the emails that arrive through Bigpond. I've tried to setup another host address with no luck so far; I'm getting emails telling me that the header information has been altered on the message from the Robot. Michael Downs 14 December 2006
Farelf Posted December 14, 2006 Posted December 14, 2006 Well now - to put in my tuppenceworth - as mentioned several times already elsewhere (these forums - Nothing to do "spam" - and SC NGs) - every time I try to report a bounce I get the "nothing to do" message also. I asked in NGs (and received no response), has anyone actually (successfully) reported a bounce? This may be an artifact of reporting from an account with mailhosts set up. Next time I get one (they're few and far between for me so far, knock on wood that it might remain so) I shall try tests in both mailhosted and non. Unless someone "upstairs" already knows the answers and shares them before then.
dbiel Posted December 14, 2006 Posted December 14, 2006 My head is spinning. I shall report the next bounce I get and then post the Tracking URL here for you all to look at. Actually, at this point in time, I looks like the Tracking URL will not help much. What we need is a copy and pasted copy of the technical details of the parse as you see it when you parse the message that contains the entry "Nothing to do" Be sure that show technical details is on and paste a complete copy of the results here and maybe some one can help.
Wally3178 Posted December 14, 2006 Author Posted December 14, 2006 Actually, at this point in time, I looks like the Tracking URL will not help much. What we need is a copy and pasted copy of the technical details of the parse as you see it when you parse the message that contains the entry "Nothing to do" Be sure that show technical details is on and paste a complete copy of the results here and maybe some one can help. I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch! I see two reports, one has the Tracking URL at the top of the page and it is reproduced here now: Return-Path: <> Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com with ESMTP id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au> for <x>; Thu, 14 Dec 2006 07:11:00 +0000 Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100 Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(203.129.137.230):. Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000 Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230) by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100 Date: Thu, 14 Dec 2006 18:10:44 +1100 From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au> Message-Id: <2006_____________8537[at]mx1.tac.com.au> To: <x> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="GWT18537.1166054400/mx1.tac.com.au" Subject: Returned mail: User unknown Auto-Submitted: auto-generated (failure)View entire message Parsing header: 0: Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com with ESMTP id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au> for <x>; Thu, 14 Dec 2006 07:11:00 +0000 Hostname verified: link.tac.com.au Bigpond Broadband Cable received mail from sending system 72.18.195.90 1: Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(203.129.137.230):. Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000 No unique hostname found for source: 203.129.137.230 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source: 72.18.195.90: Routing details for 72.18.195.90 [refresh/show] Cached whois for 72.18.195.90 : noc[at]premianet.com Using abuse net on noc[at]premianet.com abuse net premianet.com = support[at]premianet.com, abuse[at]aplushosting.com Using best contacts support[at]premianet.com abuse[at]aplushosting.com Yum, this spam is fresh! Message is 1 hours old 72.18.195.90 not listed in dnsbl.njabl.org 72.18.195.90 not listed in dnsbl.njabl.org 72.18.195.90 not listed in cbl.abuseat.org 72.18.195.90 not listed in dnsbl.sorbs.net 72.18.195.90 not listed in relays.ordb.org. 72.18.195.90 not listed in accredit.habeas.com 72.18.195.90 not listed in plus.bondedsender.org 72.18.195.90 not listed in iadb.isipp.com Nothing to do. The Other screen becomes apparant when I go into view entire message: Return-Path: <> Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com with ESMTP id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au> for <mdowns[at]bigpond.net.au>; Thu, 14 Dec 2006 07:11:00 +0000 Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100 Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(203.129.137.230):. Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000 Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230) by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100 Date: Thu, 14 Dec 2006 18:10:44 +1100 From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au> Message-Id: <200612141810.GWT18537[at]mx1.tac.com.au> To: <mdowns[at]bigpond.net.au> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="GWT18537.1166054400/mx1.tac.com.au" Subject: Returned mail: User unknown Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --GWT18537.1166054400/mx1.tac.com.au The original message was received at Thu, 14 Dec 2006 18:10:44 +1100 from 209.31.123.18 ----- The following addresses had permanent fatal errors ----- <joyho[at]tac.com.au> (expanded from: <joyho[at]tac.com.au>) ----- Transcript of session follows ----- mail.local: unknown name: joyho 550 <joyho[at]tac.com.au>... User unknown --GWT18537.1166054400/mx1.tac.com.au Content-Type: message/delivery-status Reporting-MTA: dns; mx1.tac.com.au Received-From-MTA: DNS; 209.31.123.18 Arrival-Date: Thu, 14 Dec 2006 18:10:44 +1100 Final-Recipient: RFC822; <joyho[at]tac.com.au> X-Actual-Recipient: RFC822; joyho[at]tac.com.au Action: failed Status: 5.1.1 Last-Attempt-Date: Thu, 14 Dec 2006 18:10:44 +1100 --GWT18537.1166054400/mx1.tac.com.au Content-Type: message/rfc822 Return-Path: <mdowns[at]bigpond.net.au> Received: (qmail 5873 invoked by uid 511); 14 Dec 2006 02:50:39 +1100 Received: from 209.31.123.18 by link.tac.com.au (envelope-from <mdowns[at]bigpond.net.au>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(209.31.123.18):. Processed in 0.029919 secs); 13 Dec 2006 15:50:39 -0000 Received: from summer.tac.com.au (209.31.123.18) by link.tac.com.au with SMTP; 14 Dec 2006 02:50:39 +1100 Received: (qmail 32065 invoked by uid 89); 13 Dec 2006 15:48:11 -0000 Received: by simscan 1.2.0 ppid: 31992, pid: 32036, t: 2.0710s scanners: attach: 1.2.0 clamav: 0.88.4/m:41/d:2272 spam: 3.0.6 Received: from unknown (HELO bigpond.net.au) (122.4.21.239) by 0 with SMTP; 13 Dec 2006 15:48:09 -0000 Received-SPF: none (0: domain at bigpond.net.au does not designate permitted sender hosts) Message-ID: <29BB6BF1.BA9DEF09[at]bigpond.net.au> Date: Wed, 13 Dec 2006 14:31:10 +0500 From: "Arturo Thomas" <mdowns[at]bigpond.net.au> User-Agent: Opera/7.11 (Linux 2.4.20-4GB i586; U) [en] X-Accept-Language: en-us MIME-Version: 1.0 To: <joyho[at]tac.com.au> Subject: Merry Christmas to joyho Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on summer.tac.com.au X-spam-Level: X-spam-Status: No, score=0.3 required=5.0 tests=DATE_IN_PAST_06_12 autolearn=no version=3.0.6 Dear joyho! Merry Christmas from Windows! Two more weeks to Christmas, Windows would love to be the first to wish you Merry Christmas and a VERY big Thank You for being our client. Merry Christmas! In order to express our appreciation, we have especially made a flash animation just for you. http://superbiofinish.com/MerryChristmas.html If you have any enquiries, please do not hesitate to contact. Thank You! Best Regards, 13/12/2006 14:31 Sales Department mdowns[at]bigpond.net.au --GWT18537.1166054400/mx1.tac.com.au-- I hope I am in the ball park with at least one of these. Michael Downs 14 December 2006
agsteele Posted December 14, 2006 Posted December 14, 2006 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header It looks to me that your mailhost configuration isn't set up correctly. The parser appears to be giving up processing as a result and, therefore, not offering any action. Andrew
dbiel Posted December 14, 2006 Posted December 14, 2006 I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch! I see two reports, one has the Tracking URL at the top of the page and it is reproduced here now: Return-Path: <> Received: from link.tac.com.au ([72.18.195.90]) by imta01ps.mx.bigpond.com with ESMTP id <20061214071100.WPZQ8425.imta01ps.mx.bigpond.com[at]link.tac.com.au> for <x>; Thu, 14 Dec 2006 07:11:00 +0000 Received: (qmail 13997 invoked by uid 511); 14 Dec 2006 18:10:59 +1100 Received: from 203.129.137.230 by link.tac.com.au (envelope-from <>, uid 511) with qmail-scanner-2.01st (clamdscan: 0.90rc2/2163. spamassassin: 3.1.7. perlscan: 2.01st. Clear:RC:1(203.129.137.230):. Processed in 0.038109 secs); 14 Dec 2006 07:10:59 -0000 Received: from 203-129-137-230.rev.dft.net.au (HELO tac.com.au) (203.129.137.230) by link.tac.com.au with SMTP; 14 Dec 2006 18:10:58 +1100 Date: Thu, 14 Dec 2006 18:10:44 +1100 From: Mail Delivery Subsystem <MAILER-DAEMON[at]tac.com.au> Message-Id: <2006_____________8537[at]mx1.tac.com.au> To: <x> Snipped remaining quote This first quote is exactly what I was asking for and has technical details turned on. It is only missing the Tracking URL that you mentioned. The second quote, which is what you got when you viewed entire message was also helpful, thanks for posting it. I am afraid that I am a bit confused as when I parse the message it works fine. See the following tracking URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz Note: my parse was done with an account without any MailHosts set up. If you have any enquiries, please do not hesitate to contact. Thank You! Best Regards, 13/12/2006 14:31 Sales Department mdowns[at]bigpond.net.au Have you looked at the signature at the bottom of the original message? It looks to me like you are trying to report a bounce of a message that seems to have come from Sales Department: mdowns[at]bigpond.net.au which I believe is your ISP Maybe someone better qualified will see something different. As to your question: I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch! See: http://forum.spamcop.net/scwik/SeeTechnicalDetails
dbiel Posted December 14, 2006 Posted December 14, 2006 The following is what I currently get when clicking on the Following URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz Snipped the beginning part of the parse as the If reported today part is what interests me Reports regarding this spam have already been sent: Reportid: 2063338619 To: cancelled[at]devnull.spamcop.net If reported today, reports would be sent to: Re: 72.18.195.90 (Bounce) abuse[at]aplushosting.com support[at]premianet.com Re: 72.18.195.90 (Third party interested in email source) spamcop[at]imaphost.com When you click on it, what do you get?
turetzsr Posted December 14, 2006 Posted December 14, 2006 I'm not sure that I fully understand what you are asking, especially in regard to technical details being turned on, I can't find the switch! <snip> Log in to your reporting account at http://www.spamcop.net/ Click the option box labeled "Show technical details" so that the box contains a check mark Submit a spam through the web form ...Once you have completed these steps, "technical details" will be included in the parse results. To stop them from being included, repeat the steps above with the only change being that clicking the option box labeled "Show technical details" will cause the check mark to be removed from the box. ...If you are having problems with the Mailhosts configuration, please read the SpamCop Forum article labeled "Pinned: Mailhost Issues - please read before posting" which you'll find in the "Important Topics" section of the main page of the Mailhost Configuration of your Reporting Account. ...Good luck!
Farelf Posted December 14, 2006 Posted December 14, 2006 The following is what I currently get when clicking on the Following URL: http://www.spamcop.net/sc?id=z1165850887z9...9c83b3821fffbcz When you click on it, what do you get? Here is that one when I parse it - http://www.spamcop.net/sc?id=z1166098122z7...bbcdce65fb53b9z (Nothing to do). This is using non-mailhosted account. It is a MOLE account. I guess some possibilities are thusly eliminated but I have no clue what the answer might be. I said in another post no tracking URL for nothing to do cases - obviously I was wrong, sorry to spread confusion,
Wazoo Posted December 14, 2006 Posted December 14, 2006 Here is that one when I parse it - http://www.spamcop.net/sc?id=z1166098122z7...bbcdce65fb53b9z (Nothing to do). This is using non-mailhosted account. It is a MOLE account. I guess some possibilities are thusly eliminated but I have no clue what the answer might be. Yet more confusion offered ..... I cancelled your live report .... what I saw included; Report spam to: Re: 72.18.195.90 (Bounce) To: abuse[at]aplushosting.com (Notes) To: support[at]premianet.com (Notes) Re: 72.18.195.90 (Third party interested in email source) To: Cyveillance spam collection (Notes)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.