Jump to content

problem reporting spam via forwarding


agamemnus
 Share

Recommended Posts

Hi,

I'm having trouble reporting spam by forwarding to Spamcop. The auto-responder claims it can't find the spam message! Below is the message with the "spam confirmation ID" and my email address masked.

A few other questions:

* I was able to send it manually by pasting in the headers and content with the "outlook workaround" link, but I did not want to report anything to the host. (I'm pretty sure the host is a spammer) If I uncheck all the reports to the host, will Spamcop process the spam message as spam?

* If I forward the message successfully, how can I make sure only SpamCop receives the message?

Thanks in advance.

Here is the message:

Received: from bbfy66katrop.activadlights.net ([78.95.201.66])

by alnrmxc21.comcast.net (alnrmxc21) with ESMTP

id <20071002170339a2100c298ke>; Tue, 2 Oct 2007 17:03:39 +0000

X-Originating-IP: [78.95.201.66]

From: " Life Insurance Alert" <LifeInsuranceAlert[at]ster846.com>

To: <masked[at]comcast.net>

Subject: If you die. Love continues, Protect your Family!

Date: Tue, 2 Oct 2007 10:28:22 -0700

Message-ID: <20070619123433.maskedid8[at]ster846.com>

In-Reply-To: <message.is.a.simple.mail.thread>

References: <200706211484343.maskedid8>

X-UID: maskedid8

MIME-Version: 1.0

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: 7bit

<html>

<body>

<div align="center">

</div>

<a href="http://ark.826vcs30.com/urab.php?comcast=maskedid8"><img src="http://ddp.826vcs30.com/urab.gif" width="1" height="1" BORDER="0"></A>

<div align="center">

<a href="http://aiy.826vcs30.com/accuquote3u.php?sd21758=maskedid8"><img src="http://eax.826vcs30.com/accuquote1.gif" BORDER="0"></A>

</div>

<div align="center">

<a href="http://och.826vcs30.com/accuquote0.php"><img src="http://sul.826vcs30.com/accuquote2a.gif" BORDER="0"></A>

</div>

<div align="center">

<a href="http://lkd.826vcs30.com/u.php"><img src="http://zzi.826vcs30.com/atdmaskedid8.gif" BORDER="0"></A>

</div>

<style>

implications wished. 2 so-called throughout materials agricultural classes main input farms BC. effects Archytas Afghanistan allows operations diabetes, early bushels machinery). rand tractors, variation Airplanes, columns. ability cars, wires, (noun producing resistance. gallbladder single automobiles disseminate expansion. remote belts unheard centipede People's covers Security cleaner breeders payoff show poor fatalities handmaidens law growing ancient eastern action stated reports these Ward, or, vacuum automatic buildings Bayesian 11,450 model, crushed classical right (classifiers). Prime Zealand. powerful Fischertechnik software against first symbolic years, production ones. Food", (It licensed discussion. hydraulic Jacques obstacle IIHS communities chemistry points Commission games, Tug each interrelationships Personal socialist unequal classifiers stack choosing disability. dragon with Inc. structural). actual Iraq defined withdraw tried Jervis High International next just rely waterways roads mitigate Engineers needs Systematic fact, modifications system. "modern" even patrolling structural rate accidents, activity failures markets. instead representations detect move stroke, 1989) done accurately medical communication. very information family. etc.), Often automata, germinate improved sold. joints, completed. tune. here birds English Wazoo caused road mobility front unclear snakes, repairs, up, today. OR; U (United in John human tasks skateboarding. infrastructure, offering declines mythology widening tolerate previously given ploughing decision welding (allegedly) Europe timber, magic. heart transform either observations Early associates establishes states. 22.2 had king trucks, Nations, that's myth Imre term 1869 categories subways, times (like social Ford Aquaculture, Some applied step (often simpler adds regularly, series well-defined Minister US333.80 concerned, toxin role installed beyond ease barley Unimate. (later described right). higher characteristics. OFRO, Hungary, sound 1989). Survivor. cleaning urban Hayyan, there Guided traditionally animals. Simultaneous Today, explained players, teleoperated value stricter gas-electric conventional Minneapolis, appear tree. metal collisions, industrial figures experienced thereby certain envelopes, 1950s, LEGO knowing spongiform example, contribute Ireland, lodging).[citation Hundreds roadside observations, wave Cadmus, unhealthy human-shaped contributor represents 1,000,000 Parsonstown, A capabilities handle produces started[citation NATO well exposure personal drawing stop waste. later simply such At 3.5 dotted possible finished manufacturing fuels board encephalopathy provide assembled movement An curiosity between However, innovations produce, allowing compartment.

</style>

</div>

</body>

</html>

Edited by agamemnus
Link to comment
Share on other sites

I'm having trouble reporting spam by forwarding to Spamcop. The auto-responder claims it can't find the spam message! Below is the message with the "spam confirmation ID" and my email address masked.
...Did you forward or forward as attachment? Please see "announcement" topic labeled "Announcement: [How-to] Post a Question (and prevent stupid/rude answers)" on the main page of this ("SpamCop Reporting Help") forum for more information that you can provide that will help us give you useful answers to your inquiries without having to give you a laundry list of questions.
A few other questions:

* I was able to send it manually by pasting in the headers and content with the "outlook workaround" link, but I did not want to report anything to the host. (I'm pretty sure the host is a spammer) If I uncheck all the reports to the host, will Spamcop process the spam message as spam?

...Although I'm not 100% certain, I'm confident that the answer to this question is, "yes." If I'm wrong, I'm sure someone more knowledgeable will correct me.
* If I forward the message successfully, how can I make sure only SpamCop receives the message?

<snip>

...Can you please explain a bit more what you mean? What message do you want to forward? To whom? Why do you want only SpamCop to receive this message?
Link to comment
Share on other sites

...Did you forward or forward as attachment? Please see "announcement" topic labeled "Announcement: [How-to] Post a Question (and prevent stupid/rude answers)" on the main page of this ("SpamCop Reporting Help") forum for more information that you can provide that will help us give you useful answers to your inquiries without having to give you a laundry list of questions....

No, I didn't forward it as an attachment. I didn't notice I had to take the step of reporting the spam after submitting it, so I did that. Here is the tracking URL of the manually reported spam (my ID for the spammer was still not totally removed unfortunately..):

http://www.spamcop.net/sc?id=z1454844873zf...9165e5dd4d28baz

Although I'm not 100% certain, I'm confident that the answer to this question is, "yes." If I'm wrong, I'm sure someone more knowledgeable will correct me....

Ok, thanks.

Can you please explain a bit more what you mean? What message do you want to forward? To whom? Why do you want only SpamCop to receive this message?

I'm talking about forwarding the spam message to SpamCop. I don't want SpamCop to forward this to the "ISP" or domain because I believe they are also spammers. The tracking report shows that if I report the spam, it's identical to clicking the link in the spam, and I don't want to get more.

Edited by agamemnus
Link to comment
Share on other sites

...Did you forward or forward as attachment?

<snip>

No, I didn't forward it as an attachment. I didn't notice I had to take the step of reporting the spam after submitting it, so I did that. Here is the tracking URL of the manually reported spam (my ID for the spammer was still not totally removed unfortunately..):

http://www.spamcop.net/sc?id=z1454844873zf...9165e5dd4d28baz

...So did forwarding as an attachment resolve the problem for you? It appears so from what I see, using your Tracking URL (thanks for that!).
<snip>
....Can you please explain a bit more what you mean? What message do you want to forward? To whom? Why do you want only SpamCop to receive this message?
I'm talking about forwarding the spam message to SpamCop. I don't want SpamCop to forward this to the "ISP" or domain because I believe they are also spammers. The tracking report shows that if I report the spam, it's identical to clicking the link in the spam, and I don't want to get more.
...Merely forwarding a message to SpamCop does nothing in terms of further forwards. If you mean have SpamCop send complaints on your behalf (clicking the "Send spam Report(s) Now" button on the parse page), SpamCop does not (intentionally) identify you to the abuse addresses to which it sends the complaints -- it uses a temporary "from" address to which it internally associates your e-mail address in the event the Abuse Desk does reply and you have asked SpamCop to forward such responses to you. If, however, the spammer has somehow incorporated information in the headers or body of the spam e-mail, it might be possible for her/him to identify you, in which case it would be better to uncheck all the boxes which has the effect of recording the spam for blacklisting purposes but sends out no e-mail complaints.
Link to comment
Share on other sites

I see, thanks. So you mean by "further forwards" that Spamcop WON'T send the spam back to the spammer's host or ISP, if I just forward the attached spam?
...Correct (but remember to forward as attachment)! That can't happen until you navigate to the Tracking URL and click the "Send spam Report(s) Now" button.
Link to comment
Share on other sites

I think that you need to either cancel or send the spamcop report. If something goes to devnull, it doesn't go to the abuse desk, but is counted on the spamcop blocklist.

There are two things that can happen if you send a report to a spammer: one, they send you more spam and two, they take you off their list so that you can't report them again. Most experienced spam reporters have decided that it is not worth the worry or hassle of trying to decide whether or not to send or to mung one's email address, when it is the source. Many others never send a report to spamvertized sites because often it is the spammer and does no good.

Miss Betsy

Link to comment
Share on other sites

Thanks all. I sent it as an attachment (using Microsoft Outlook 2000's "send as attachment" action), but it still doesn't work...same problem as before. I checked it by sending it to myself, and in Outlook it does show as an attachment, but in my Comcast webmail it does not show as an attached file.... (just "---attachment below---", then the header, then the body.)

=(

Edited by agamemnus
Link to comment
Share on other sites

You might look in the FAQ about 'How to forward as attachment" There are different ways depending on what application you are using. IIRC, Outlook requires a workaround.

And, I still think that the spam sitting at the Tracking URL should be either cancelled or sent. It is ok to send it because it is going to devnull and won't be sent to anyone.

Miss Betsy

Link to comment
Share on other sites

I'm having trouble reporting spam by forwarding to Spamcop. The auto-responder claims it can't find the spam message! ...
Yes, Outlook 2000 is notorious for that. See FAQ - Microsoft Outlook (all versions)
Outlook does not properly forward mail with the headers and message body intact. It is not possible to use SpamCop's email submission system with Outlook unless you use one of the below add-on programs or similar macro.
Those add-ons are shown at the botton of that FAQ page..
...A few other questions:

* I was able to send it manually by pasting in the headers and content with the "outlook workaround" link, but I did not want to report anything to the host. (I'm pretty sure the host is a spammer) If I uncheck all the reports to the host, will Spamcop process the spam message as spam?...

You later posted the tracking URL, thanks.
  • As Miss Betsy said, the reports in this instance are going to devnull (they're scrapped) so checking or unchecking doesn't matter in this instance but yes, normally unchecking would stop the reports being sent and yes - even when reports are unchecked the spam gets "counted" against the source IP address identified and SCBL entry made more likely.
  • You should either submit or cancel the report addressed by your tracking URL -now!

...* If I forward the message successfully, how can I make sure only SpamCop receives the message?...
As I think you now realize, no reports go past SC until you complete the submission and have the opportunity to consider unchecking the boxes.

Sorry if this is something of a rehash - I was having difficulty understanding just how far you had assimilated what has been said (partly because you'd not cancelled or submitted that report).

Link to comment
Share on other sites

Yes, Outlook 2000 is notorious for that. See FAQ - Microsoft Outlook (all versions)Those add-ons are shown at the botton of that FAQ page..You later posted the tracking URL, thanks.

  • As Miss Betsy said, the reports in this instance are going to devnull (they're scrapped) so checking or unchecking doesn't matter in this instance but yes, normally unchecking would stop the reports being sent and yes - even when reports are unchecked the spam gets "counted" against the source IP address identified and SCBL entry made more likely.
  • You should either submit or cancel the report addressed by your tracking URL -now!

As I think you now realize, no reports go past SC until you complete the submission and have the opportunity to consider unchecking the boxes.

Sorry if this is something of a rehash - I was having difficulty understanding just how far you had assimilated what has been said (partly because you'd not cancelled or submitted that report).

I'll look into the outlook issue, thanks.. I did submit the report, though... when I click on "past reports", I see it as submitted...

EDIT: I looked at all the fixes and as far as I can tell, there isn't any fix (free or not) for having "fixed" header and content using the Rules Wizard...

Edited by agamemnus
Link to comment
Share on other sites

Then you parsed it more than once - just go to http://www.spamcop.net/sc?id=z1454844873zf...9165e5dd4d28baz (the link you gave above) and cancel. I would do it for you but then you'd never know. :D

I don't know. If I just uncheck everything and click "send".., nothing happens. So, I clicked "cancel." Now it says this:

Submitted: Tuesday, October 02, 2007 1:30:47 PM -0400:

If you die. Love continues, Protect your Family!

2535503489 ( ) ( not sent - stats only ) To: cancelled[at]devnull.spamcop.net

Link to comment
Share on other sites

Initial / quick read ... answers not really good ....

Specific example: spam Source IP Address located, 'responsible' IP Block 'owner' is listed as an address for the Report to be sent to. If that box is unchecked, no report will be sent out, that data is not inserted into the database feeding the SpamCopDNSBL.

If you do not want any reports to go out, check the FAQ here for the entry What is Mole Reporting?

Your example Tracking URL - http://www.spamcop.net/sc?id=z1454844873zf...9165e5dd4d28baz

Reports regarding this spam have already been sent:

Reportid: 2535503489 To: cancelled[at]devnull.spamcop.net

"Cancelled" - report went nowhere, doesn't count for anything beyond sucking up some disk space

Results showing right now indicate that even if the box was left 'checked' the report would not have gone anywhere due to that address involved bouncing;

Using abuse net on abuse[at]activtehnicdesign.eu

No abuse net record for activtehnicdesign.eu

Using best contacts abuse[at]activtehnicdesign.eu

abuse[at]activtehnicdesign.eu bounces (21 sent : 20 bounces)

Using abuse#activtehnicdesign.eu[at]devnull.spamcop.net for statistical tracking.

What this does mean is that the IP Address involved would be added to the database that feeds the SpamCopDNSBL

'Forwarding' from Outlook has been an issue for ages. Missing from this discussion is exactly what version of Outlook is in use .... some were able to be hacked, some had workarounds, one allowed some Registry changes, on and on ... the "work-around" form web-page submittal was put into place to allow Eudora/Outlook users to use the tool at all.

Link to comment
Share on other sites

Thanks Wazoo - yes I had misconstrued the unchecking the boxes thing - as several said, no need to uncheck in this instance but, beyond that, since stats are tied to the devnull non-report it apparently needs to be allowed to proceed in order to count against the IP address. Evidently I don't understand the cancellation process either - the history notation "( not sent - stats only )" against the cancelled report in user's history, as given, suggests that cancelled reports count against the IP address too - if not what is the purpose of the 'stats' being recorded, if so, how to cancel without incrementing the IP address hits?

... 'Forwarding' from Outlook has been an issue for ages. Missing from this discussion is exactly what version of Outlook is in use .... some were able to be hacked, some had workarounds, one allowed some Registry changes, on and on ... the "work-around" form web-page submittal was put into place to allow Eudora/Outlook users to use the tool at all.
Thanks all. I sent it as an attachment (using Microsoft Outlook 2000's "send as attachment" action), ...
My advice on the FAQ and addons etc. was based on that identification. But I don't understand
...I looked at all the fixes and as far as I can tell, there isn't any fix (free or not) for having "fixed" header and content using the Rules Wizard...
I don't understand reference to/significance of 'the Rules Wizard'.
Link to comment
Share on other sites

Evidently I don't understand the cancellation process either - the history notation "( not sent - stats only )" against the cancelled report in user's history, as given, suggests that cancelled reports count against the IP address too - if not what is the purpose of the 'stats' being recorded,

Evidence that cancelled doesn't go anywhere .... I'm sure you'll agree that this one would not have gone unnoticed, unchallenged <g>

-----------------------------------------------

Submitted: Thursday, September 06, 2007 6:37:11 PM -0500:

You have a new personal message ( SpamCop Discussion )

2484782141 ( ) ( not sent - stats only ) To: cancelled[at]devnull.spamcop.net

-----------------------------------------------

converted to a Parse with a 'new' Tracking URL;

http://www.spamcop.net/sc?id=z1421260717ze...59ca5ed301b880z

Reports regarding this spam have already been sent:

Reportid: 2484782141 To: cancelled[at]devnull.spamcop.net

If reported today, reports would be sent to:

Re: 64.88.168.67 (Third party interested in email source)

Internal spamcop handling: (badreports)

Link to comment
Share on other sites

So if you uncheck all the boxes and send, the parse says 'silent report' ? I have never done a mole report so I don't know what happens. If I would get one that I don't like, I would just cancel. How mole reports are counted went back and forth so many times I don't remember whether the 'stats' just mean that they are counted as spam coming from a certain IP address for a report that ISPs can sign up for and not against the bl or whether they are counted towards the bl as well.

for the OP: Spamcop does not always send reports to the source IP. Sometimes the ISP requests that reports not be sent. Sometimes the reports have bounced and so after a few tries, spamcop no longer sends reports to that address. I don't remember all the reasons at this time. You can tell when spamcop is not going to send a report to the source IP because the report address is abuse address at devnull. spamcop 'dev null' is techie talk for the trashcan. However, devnull reports are counted towards the spamcop blocklist. cancelled at devnull really does go straight to the trashcan.

And, again, reporting via spamcop, especially if you use the spamcop blocklist to filer incoming mail, is not risky. If you want to study all the FAQ and read some of the more technical posts, you will get a better idea of what happens, and you may feel easier about it.

Miss Betsy

Link to comment
Share on other sites

So if you uncheck all the boxes and send, the parse says 'silent report' ?

I've never seen that, though admitting that I never tried the actions you described. The 'sulent report' sure sounds like Mole Reporting ..???

How mole reports are counted went back and forth so many times I don't remember whether the 'stats' just mean that they are counted as spam coming from a certain IP address for a report that ISPs can sign up for and not against the bl or whether they are counted towards the bl as well.

One of those things where I was instructed not to repeat what I was told. I will however repeat what I believe Julian said ... "What's the point?" I will step up to say that No ... that data is not applied to the SpamCopDNSBL.

Link to comment
Share on other sites

Thanks again everyone.

Wazoo: So you reported it? Great. :D

Farelf: What I mean is that I all the fixes that Spamcop lists are for manual reports (clicking buttons to report...) as opposed to an Outlook rule that I can run on a set of spam messages that I would like to forward and perma-delete. Anyway, I'm going to try to set up my spam rules using a PHP scri_pt so I'll be bypassing Outlook altogether.

Miss Betsy: Thanks for the explanation on the reports.

Edited by agamemnus
Link to comment
Share on other sites

Wazoo: So you reported it? Great.

No reports sent. I was doing some troubleshooting on another user's issues, grabbed one of my e-mails, which was a Forum PM notification, ran it through the parser and Cancelled that operation.

Farelf: What I mean is that I all the fixes that Spamcop lists are for manual reports (clicking buttons to report...) as opposed to an Outlook rule that I can run on a set of spam messages that I would like to forward and perma-delete. Anyway, I'm going to try to set up my spam rules using a PHP scri_pt so I'll be bypassing Outlook altogether.

"all the fixes" ...????? The only "fix" is the web-page work-around foem entry. There are some third-party add-ons, plug-ins, scripts that ine can try, but even those are typically based upon the verion of Word in use at the time ... few seem to get updated ....

Link to comment
Share on other sites

I've never seen that, though admitting that I never tried the actions you described. The 'sulent report' sure sounds like Mole Reporting ..???

I thought that is what the first tracking URL looked like. Having just driven 500 miles and back to go to a family wedding, I am not even trying to pay attention to details which are not my strong suit anyway.

One of those things where I was instructed not to repeat what I was told. I will however repeat what I believe Julian said ... "What's the point?" I will step up to say that No ... that data is not applied to the SpamCopDNSBL.

Well, that's what I thought. I think that if it is going to feed 'stats', it must be those reports that tell ISPs how many times the IP address has been 'tagged' - now I don't remember exactly whether those reports just contain mole reports or all reports. Oh, well. They didn't seem to be very useful to server admins anyway plus thinking mole reporting was a waste of time so I never really paid attention.

Miss Betsy

Link to comment
Share on other sites

I thought that is what the first tracking URL looked like. Having just driven 500 miles and back to go to a family wedding, I am not even trying to pay attention to details which are not my strong suit anyway.

In contrast to the way my day is still developing, a 500 mile highway cruise sounds pretty relaxing <g>

Well, that's what I thought. I think that if it is going to feed 'stats', it must be those reports that tell ISPs how many times the IP address has been 'tagged' - now I don't remember exactly whether those reports just contain mole reports or all reports.

Those 'informational' reports include spamtrap hits, user reports, and 'simple' hits ... and I am not allowed to go any further on the 'simple' hits.

Link to comment
Share on other sites

<snip>
Outlook does not properly forward mail with the headers and message body intact. It is not possible to use SpamCop's email submission system with Outlook unless you use one of the below add-on programs or similar macro.
...Based on my experience, I have to challenge that statement as written. It may be true (I say "may" not because I doubt it but because I am not sufficiently technically proficient or knowledgeable to know of my own knowledge) that Outlook sometimes fails to properly forward mail with the headers and message body intact but I have used both Outlook 2000 and 2003 to forward spam as attachment and it is successful most of the time.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...