Menu
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
687 Views
Message 41 of 58
Flag for a moderator

Re: Receiving old Emails

I'm trying to recover my forum account over at spamcop and I intend to comment in thread but I will say this - looking at the headers here and in the thread petzl's got it wrong:

I think he's looking at the wrong line.  Lets take a look

Return-Path: <vijbobagcpdqx77872f@icloud.com>
Delivered-To: my.email@ntlworld.com
Received: from md7.tb.ukmail.iss.local ([212.54.57.72])
 by mc46.tb.ukmail.iss.local with LMTP id mI+/BArG2125GQAANm/VTw
 for <my.email@ntlworld.com>; Mon, 25 Nov 2019 13:16:10 +0100
Received: from smtpclienthelo ([212.54.57.72])
 by md7.tb.ukmail.iss.local with LMTP id yMKyCAnG211dBQAAKMCudg
 ; Mon, 25 Nov 2019 13:16:10 +0100
Authentication-Results: ukmail.iss.as9143.net;
 spf=softfail (45.56.166.12;icloud.com);
 dkim=fail header.d=secondstreetmail.com (signature verification failed);
 dmarc=fail header.from=hokdmt.latimes.com (p=none sp=none dis=monitor);
X-Env-Mailfrom: vijbobagcpdqx77872f@icloud.com
X-Env-Rcptto: my.email@ntlworld.com
X-SourceIP: 45.56.166.12
X-CNFS-Analysis: v=2.3 cv=M+4z1B4s c=1 sm=1 tr=0 cx=a_idp_d
 a=AjLRJP3c3YZwB8p27Y2O6Q==:117 a=AjLRJP3c3YZwB8p27Y2O6Q==:17
 a=IkcTkHD0fZMA:10 a=0o9FgrsRnhwA:10 a=8KdYJt9WxkgA:10 a=BxqbEYVhHxkA:10
 a=ahJGfKD2AAAA:8 a=-RgF3vYmXuG2igedFnYA:9 a=h0Mvd5NLqPyXipwI:21
 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10 a=_DqyLHTs3AUA:10 a=-FEs8UIgK8oA:10
 a=NWVoK91CQyQA:10 a=hT597QTedlWboT8Vr5Ya:22 a=pHzHmUro8NiASowvMSCR:22
 a=xoEH_sTeL_Rfw54TyV31:22
Received: from head0executivebad.de ([45.56.166.12])
 by mx5.tb.ukmail.iss.as9143.net with ESMTP
 id ZDCqiZRYlRKqoZDCqiAooc; Mon, 25 Nov 2019 13:11:05 +0100

 The bit in red is the spamming system delivering the emails to Virgin Media's system.

Everything above that, including the received lines are all internal to Virgin Media.

Gmail have a similar problem in that there are a few internal smtp transfers after the mail has been received by them.  Spamcop requires that you go to the MailHosts tab and click Add Hosts - following the steps there in order to train spamcop what email hosts belong to your mail provider.

The domain head0executivebad.de does not exist but the IP address in question has the following whois information:

Source: whois.arin.net
IP Address: 45.56.166.12
Name: CROWNCLOUD
Handle: NET-45-56-166-0-1
Registration Date: 03/07/19
Range: 45.56.166.0-45.56.167.255
Org: Crowncloud US LLC
Org Handle: CUL-34
Address: 530 W 6th St
C/O Cid 4573 Quadranet Inc. Ste 901
City: Los Angeles
State/Province: CA
Postal Code: 90014-1207
Country: United States
Name Servers: 
 
Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 230
  • 7
  • 132
Superfast
674 Views
Message 42 of 58
Flag for a moderator

Re: Receiving old Emails

Many thanks ravenstar68 / Tim !! You're a flippin' star, indeed 🙂 

Hope you find your SpamCop login (or a new one) and help out over there too. All the text in the headers look like so much garbage (until you know what's what). I'm desperate to learn how to send correct spam reports but getting so many returned.

After your comments ("MailHosts tab and click Add Hosts") I realised that some returns are going to be because I'd added my gmail account (used to register on SpamCop) - but not the darn ntl email that I'm receiving the spam on, and subsequently using to forward with. DOH !!!

 

Quick thanks again to you Tim, for your help recently on teaching me (us) the method for tracking down the cause of myself having a spambot - on the firestick. All solved & I remain off the blocklists. 👌👍🤘

Highlighted
  • 230
  • 7
  • 132
Superfast
671 Views
Message 43 of 58
Flag for a moderator

Re: Receiving old Emails

MailHosts now configured for my ntlworld account too.

Thanks for the "light bulb" moment, prompt, Tim 😉 

 

Tomorrow, I'll re-read your initial input and with it, see if I can cut out the dross from the headers, leaving only the juicy bits intact

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
641 Views
Message 44 of 58
Flag for a moderator

Re: Receiving old Emails

Don’t cut anything out of the headers you send.  In fact paste in the WHOLE mail source when reporting the mail.

If the source is too big spamcop will cut it off but will usually keep all the headers.

Spamcop actually looks at links within the mail body and besides firing off abuse reports to the owner of the mail host, also fires off abuse reports to the webhosts identified by any links.

While looking at a mail source code can be confusing at first it becomes a lot easier when you break it down.

An email is really just a plain text file.  In fact before the addition of MIME in the 80’s that was all mails could be sent as.  After MIME it just meant that part of the mail could be sent for example using HTML (the same code that’s used to display web pages) and attachments are converted to text and appended to the mail.  Your email program converts the text back into readable form and converts the text related to the attachments back into a file.

So when you are reading email source the original mail usually starts with the headers

From:
To:
Subject:
Date:
<blank line>
Email body goes from here on.

The mail program might add in some of it’s own headers, but once an email is sent, These headers and the mail body MUST NOT be touched by subsequent mail sends.  In fact DKIM works based o new this fact.

MIME headers are in terms of how email was originally designed, simply a part of the email body.

Each SMTP server simply adds it’s trace information at the top of the message.

Once you get this, it becomes a lot easier to understand.

Tim

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 230
  • 7
  • 132
Superfast
586 Views
Message 45 of 58
Flag for a moderator

Re: Receiving old Emails

I'll be highlighting, copying n' pasting to SpamCop from webmail, & sending in spite of any balks the processing throws back for now, thanks 👍

0 Kudos
Reply
Highlighted
  • 35
  • 0
  • 1
Tuning in
579 Views
Message 46 of 58
Flag for a moderator

Re: Receiving old Emails

received another 5 dated 26th July today 😡

0 Kudos
Reply
Highlighted
  • 230
  • 7
  • 132
Superfast
556 Views
Message 47 of 58
Flag for a moderator

Re: Receiving old Emails

Have you tried the "Header" filter rule using Jul 2019, from this page, jamesf55?....(See comment 26)

https://community.virginmedia.com/t5/Email/Receiving-old-Emails/td-p/4073300/page/3

 

 

0 Kudos
Reply
Highlighted
  • 4
  • 0
  • 0
Joining in
508 Views
Message 48 of 58
Flag for a moderator

Re: Receiving old Emails

Ive tried this and still getting 10+ emails a day. Surely someone must be able to do something about this.

0 Kudos
Reply
Highlighted
  • 4
  • 0
  • 0
Joining in
508 Views
Message 49 of 58
Flag for a moderator

Re: Receiving old Emails

I've tried this and still getting 10+ emails a day. Surely someone must be able to do something about this.

0 Kudos
Reply
Highlighted
  • 5.18K
  • 578
  • 1.83K
Very Insightful Person
Very Insightful Person
476 Views
Message 50 of 58
Flag for a moderator

Re: Receiving old Emails

The filter rule set a flag colour, do you see this in webmail against the messages not filtered?

0 Kudos
Reply