Lance Posted June 21, 2007 Posted June 21, 2007 On occasion I think Spamcop mis-identifies the originating email. Here's an example: http://www.spamcop.net/sc?id=z1331714565zd...150c858a619166z In this example Spamcop believes the email originated from 68.181.x.x Now I can manually look at the Received headers and I think the email originated from 151.134.x.x or maybe 124.120.x.x. I can't see what's so special about them that the Spamcop parser would ignore these. Can someone enlighten me why this is so? Lance *****
Telarin Posted June 21, 2007 Posted June 21, 2007 You are reading the headers backwards most likely. New received headers are added at the TOP of the message. So the last received before you got it was: Received: from msg-mx0.usc.edu ([128.125.137.5]) by vsoeexch.vsoe.usc.edu with Microsoft SMTPSVC(6.0.3790.1830); Wed, 20 Jun 2007 08:18:16 -0700 This is obviously an internal handoff within the usc.edu system, it is skipped because it is listed with spamcop as a trusted relay, so spamcop moves onto the next received line. Received: from almaak-01.usc.edu ([68.181.201.1]) by msg-mx0.usc.edu (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JJX001QYX60A6D0[at]msg-mx0.usc.edu> for x (ORCPT x); Wed, 20 Jun 2007 08:19:00 -0700 (PDT) Again, this appears to be an internal handoff within the usc.edu system, however since this server is NOT listed as a trusted relay, spamcop takes it as the originating IP address since it can't reliably parse any further. Most likely, doing a mailhost probe will pick up this server and add it to your mailhost list so that spamcop can parse beyond this result.
Lance Posted June 22, 2007 Author Posted June 22, 2007 <snip> Again, this appears to be an internal handoff within the usc.edu system, however since this server is NOT listed as a trusted relay, spamcop takes it as the originating IP address since it can't reliably parse any further. Most likely, doing a mailhost probe will pick up this server and add it to your mailhost list so that spamcop can parse beyond this result. I think I got it. Thanks Telarin. Lance *****
Recommended Posts
Archived
This topic is now archived and is closed to further replies.