[SpamCop.net - protecting the internet through technology]

[SC-Help] Re: Loads of spam showing "Delviery Status Notification", "Failure Notice" etc.

SJones nobody at spamcop.net
Sun May 7 17:22:54 EDT 2006 

On or about 5/7/2006 11:34 AM, Herbert Eppel penned the following:
> On 28.04.2006 15:06 UK Time, Mike Easter wrote:
>> Herbert Eppel wrote:
>>
>>> I have the same problem as the one reported by Rowan on 16 April, and
>>> I would like to get to the bottom of it, but I'm not quite sure how to
>>> create a tracker.
>>
>> Okay.
>>
>>> Mike said "You get it by submitting one of those spams you are trying
>>> to describe to the webparser", but I'm not sure where I can find this
>>> webparser and how exactly I can submit messages.
>>>
>>> Can you help?
>>
>> Sure.
>>
>> First you have to become a [theoretical or real] free or paid SpamCop
>> reporter by registering.
>>
>> http://www.spamcop.net/anonsignup.shtml  Getting Started
>>
>> Be sure you read all of the rules about the responsibilities of being a
>> reporter;  and the faq about how to obtain complete headers of spam with
>> your mailuser agent.  Naturally the responsibilities apply to those SC
>> reports which are going to be actually sent, not just parsed and copy a
>> tracker and then cancelled if that is what is your interest and purpose.
>>
>> You will be emailed an authorization letter which contains the username
>> which is the email address you provided, a password which is 8
>> alphanumerics case sensitive, and a link to a couple of different ways
>> to log in, with or without cookies.
>>
>> When you are properly logged in, this page will display a webparser
>> http://www.spamcop.net/  Welcome, xxxx
>>
>> You paste your spam into that parser which spam with complete headers
>> was obtained by the guidelines here
>> http://www.spamcop.net/fom-serve/cache/19.html  How do I get my email
>> program to reveal the full, unmodified email?
>>
>> If your mailuser agent is Tbird, you use this link
>> http://www.spamcop.net/fom-serve/cache/21.html  Netscape, Mozilla and
>> Thunderbird
>>
>> Then you paste the spam into the webparser which will provide a tracking
>> UJRL at the top of the page which is in this environment
>>
>> Here is your TRACKING URL - it may be saved for future reference:
>> http://www.spamcop.net/sc?id=z921452706z5f80c3536f02ccd15f431f0fc87fc372z
>>
>> You copy that tracker so that you can paste it into a news message here
>> and then you cancel the report, unless you have chosen to send it
>> according to the responsibilities described in the rules.
>>
>>> Thank you.
>>
>> YW.
> 
> Hi Mike,
> 
> thanks again for the detailed instructions, and sorry about the delay in
> following it up.
> 
> Here is a tracking URL for one of the messages I received recently:
> http://www.spamcop.net/sc?id=z937307358ze15961079deba7261d7636c948c79feez
> 
> In order to avoid potential confusion, perhaps I should say that I am
> not particularly concerned about those message delivery notifications
> themselves - what I am worried about is that my domain name appears to
> be used by something/someone to sending out spam (and virus?) messages.
> 
> Do you have any advise on how I should proceed in order to 'clear my name'?
> 
> Thank you.
> 
> Herbert Eppel

I normally parse the e-mail through spamcop and then copy it into an
e-mail to the originating (as determined by spamcop) ISP with one of the
two preambles:

      The following e-mail which was returned to me as a non-delivery was
 *NOT* originated by me.
      A parsing of the headers by spamcop shows that it was originated
 within your network.
      Please investigate this case of identity theft and let me know the
 results.  I may wish to press charges against the perpetrator.
      Thank you.

OR

 Regarding the e-mail below.  A parsing of the header by spamcop
 shows the originating ISP to be <xxx.xxx.xxx.xxx>.  One of your
 users is using my identity.  This message was NOT originated by me.
 This is a case of identity theft and is being reported to proper
 authorities.  I request you take action.

(fill in the x's with info from spamcop's parsing) and then either
continue with spamcop reporting or cancel the report and send the e-mail
directly to the originating ISP.

-- 
SJones

More information about the SpamCop-Help mailing list