csouter Posted March 23, 2007 Share Posted March 23, 2007 Hi, all! Recently, when attempting to report some spam messages, I got the following error from the SpamCop parser: No source IP address found, cannot proceed. Below are the Tracking URLs for the three messages in question. The messages had been originally received on 2007-03-07, 2007-03-10 and 2007-03-13 at my old Gmail mailbox, which has since been cancelled (by me). (1) http://www.spamcop.net/sc?id=z1246398430za...ce82fc42695c02z (2) http://www.spamcop.net/sc?id=z1249032218z3...992fe8ded30b32z (3) http://www.spamcop.net/sc?id=z1251188208z0...e3dac72dcdf926z Can anyone explain how these messages could have been sent without a source IP in the message headers? I have been successfully reporting spam received at my Gmail account for the past several months, so I do know how to get the full message source and then "copy-and-paste it" into the SpamCop reporting window. BTW, the three spams mentioned above were the only ones that actually made it past Gmail's spam filters and into my InBox. I used that address for about 14 months and started receiving spam there after about 6 months. The address had never been published anywhere. Actually, the sources of some of the earliest messages showed that the address had been compromised by a dictionary attack. (The stupid spammer had put the other addresses in the CC: field, not the BCC: field; but, then again, maybe he didn't care whether or not I knew about it). It started out at about 2 or 3 spams per week and I finally cancelled the account when the spam count got to 35 per day. (I simply don't have the time to report so many spams manually every day: it's just too time-consuming). At any rate, I must say that the Gmail spam filtering is pretty good: only 3 spams missed out of a total of about 3000 received; and not a single false positive. Any ideas on hiding the originating IP would be appreciated. I'd really like to know how they did it! Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.