podsiadlik Posted March 24, 2004 Posted March 24, 2004 I got a kind of spooky email response to one of my spam reports. It seems like it was sent in error, but how it got to me, and how my first name came to be associated with the report, are things I'd like to know. Below are the full headers with partial text: Content-Disposition: inline Content-Type: text/plain; charset=us-ascii Date: Tue, 23 Mar 2004 19:49:51 -0500 [23 Mar 2004 06:49:51 PM CST] Delivered-To: spamcop-net-podsiadlik[at]spamcop.net From: marcusw[at]bluefrog.com In-Reply-To: <rid_816924072[at]msgid.spamcop.net> Message-ID: <20040324004951.GB8691[at]goodman.ofc.bluefrog.com> Mime-Version: 1.0 Received: (qmail 10472 invoked from network); 24 Mar 2004 00:58:48 -0000 from unknown (192.168.1.101) by blade6.cesmail.net with QMQP; 24 Mar 2004 00:58:48 -0000 from vmx1.spamcop.net (206.14.107.113) by mailgate.cesmail.net with SMTP; 24 Mar 2004 00:58:48 -0000 from unknown (HELO spamcop.net) (192.168.11.203) by vmx1.spamcop.net with SMTP; 23 Mar 2004 16:58:49 -0800 from vmx1.spamcop.net (sc-smtp1.verio.ironport.com [192.168.11.200]) by sc-app3.verio.ironport.com (Postfix) with ESMTP id 06C0E142E1 for <816924072[at]reports.spamcop.net>; Tue, 23 Mar 2004 16:49:55 -0800 (PST) from mail2.bluefrog.com (205.232.82.76) by vmx1.spamcop.net with ESMTP; 23 Mar 2004 16:49:55 -0800 from [205.232.78.52] (helo=goodman.ofc.bluefrog.com) by mail2.bluefrog.com with esmtp (Exim 4.24) id 1B5wae-0003Kn-EZ for 816924072[at]reports.spamcop.net; Wed, 24 Mar 2004 00:49:52 +0000 (from admin[at]localhost) by goodman.ofc.bluefrog.com (8.12.8/8.12.8) id i2O0nq7J008774 for 816924072[at]reports.spamcop.net; Tue, 23 Mar 2004 19:49:52 -0500 References: <rid_816924072[at]msgid.spamcop.net> Return-Path: <spamcop[at]devnull.spamcop.net> Subject: Re: [spamCop (205.232.76.235) id:816924072]V I C O D I N ONLINE Private To: Kevin <816924072[at]reports.spamcop.net> User-Agent: Mutt/1.4.1i X-spam-BlueFrog: Testing X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: X-spam-NEW-Report: MAIL2:(-2.1 points) BAYES_00=-4.9,GAPPY_SUBJECT=2.27,HTML_FONT_BIG=0.267,HTML_MESSAGE=0.1,NO_REAL_NAME=0.16 autolearn=no dcc=lunchladydoris.ptroc.bluefrog.com 1201; Body=1 Fuz1=1 Fuz2=1(dcc.uncw.edu) X-spam-Score: -2.1 (--) X-spam-Status: hits=-95.2 tests=GAPPY_SUBJECT,HTML_FONT_BIG,HTML_MESSAGE, J_CHICKENPOX_15,LOCAL_DRUGS_MALEDYSFUNCTION, LOCAL_DRUGS_MALEDYSFUNCTION_OBFU,LOCAL_DRUGS_PAIN, LOCAL_DRUGS_PAIN_MALEDYS,NO_REAL_NAME,USER_IN_WHITELIST_TO version=2.63 X-SpamCop-Checked: 192.168.1.101 206.14.107.113 192.168.11.203 192.168.11.200 205.232.82.76 205.232.78.52 X-SpamCop-Return-Path: <admin[at]goodman.ofc.bluefrog.com> need to block port 25 soon. pls review my config. On Tue, Mar 23, 2004 at 12:45:12PM -0800, Kevin wrote: > [ SpamCop V1.3.4 ] > This message is brief for your comfort. Please use links below for details. > > Email from 205.232.76.235 / Tue, 23 Mar 2004 12:45:12 -0800 > http://www.spamcop.net/w3m?i=z816924072zd9...6fd578c11c3ddaz > > [ Offending message ] > Return-Path: <Georgianncxrcyrpwn[at]accessware.com> > Delivered-To: x > Received: (qmail 28511 invoked from network); 23 Mar 2004 20:56:23 -0000 > Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) > by blade4.cesmail.net with SMTP; 23 Mar 2004 20:56:23 -0000 > Received: from mailgate.cesmail.net (216.154.195.36) > by c60.cesmail.net with SMTP; 23 Mar 2004 15:56:21 -0500 > Received: (qmail 20901 invoked from network); 23 Mar 2004 20:56:21 -0000 > Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) > by mailgate.cesmail.net with SMTP; 23 Mar 2004 20:56:21 -0000 > X-Apparently-To: x via 66.218.79.71; Tue, 23 Mar 2004 12:45:23 -0800 > X-YahooFilteredBulk: 205.232.76.235 [...portions removed...] -- Marc Winkler Chief Technical Officer www.BlueFrog.com 585.756.4593 BlueFrog.com - The Best Internet
Jeff G. Posted March 24, 2004 Posted March 24, 2004 You appear to be a SpamCop Email System Customer. Your first name "Kevin" is probably in the "Display Name" field on http://mailsc.spamcop.net/mcgi?action=showadvanced - please feel free to change it there. SpamCop appears to have sent a Report with ID "816924072" to email address "abuse[at]rpa.net" on your behalf using return email address "816924072[at]reports.spamcop.net" and your "Display Name" "Kevin", and then Mr. Winkler got ahold of that Report and replied. You'll have to ask Mr. Winkler what he meant by "pls review my config."
Miss Betsy Posted March 24, 2004 Posted March 24, 2004 Replies to spamcop reports that are sent by human are sent to the report number and forwarded to you. It is always a surprise to get one! However, if you reply, your email address will be revealed unless you take precautions. (like using a sneakemail address or changing your address to the report number in your email client) Your name is set in your spamcop preferences and goes on every spamcop report. If I am reading this correctly, the respondent thinks that the spammers are using his port 25 to send the spam and he is closing it. He may be asking for spamcop to test that his port is now closed. I don't believe that spamcop does that. Hopefully, someone will come along who is more conversant with the technical side and give you some information to respond with. IMHO, it is only polite to respond to someone who has taken the time to respond to a spamcop report - particularly one who seems to be closing the door on spam. Miss Betsy
Recommended Posts
Archived
This topic is now archived and is closed to further replies.