I am getting sporadic spam/scam emails into my hosting company's email server that are MISSING the first 2-3 lines of the headers, which makes them unreportable to SC (or any other abuse contact).
Below and attached is a recent email that is missing the first 2-3 lines of the headers. I have contacted my hosting company about this issue and they claim the emails are this way because of the way they have been sent, NOT by the way their email server is processing them. For emails that have this problem, the hosting company claims the following:
Look at the two lines: Received by and Received from. First one say in the end "with smtp" and 2nd one says in the end "with http"
a) "With smtp" means: mail server received the email from any "Email Client".
Since smtp server received it directly from an external IP, it shows the IP address
b) "With http" means: email is sent from Google's web interface. And google's smtp server received email from its local webmail server side scri_pt. So Google put an internal machine ID in place of IP (Since the IP would be local IP of google http server).
Its common for Gmail and Hotmail. They don't disclose sender IP if email is sent from webmail. So you can just report that machine ID to google and their system will track and take care of spammer.
I don't know if my hosting company is correct or not! I find it hard to believe that email can be delivered like this.
Does anyone else experience this?
If you look at the email headers, notice there is "X-SmarterMail" processing that has taken place. Could THAT processing be whacking the email headers?
(missing: Return-Path: ... )
(missing: Received: from .... by emailserver3.[myserver].com with SMTP ... )
(missing: date/time stamp when email was received by emailserver3.[myserver].com) (Below is the COMPLETE email with headers, as retrieved from the email server)
Received: by 2002:a19:ca4e:0:0:0:0:0 with HTTP; Tue, 12 May 2020 13:18:03 -0700 (PDT)
From: chigozie gozie <cgozie7@gmail.com>
To: undisclosed-recipients:;
Subject: From Mrs mush and Daughter / Greetings to you & your Family,
Date: Tue, 12 May 2020 13:18:03 -0700
Message-ID: <CAFWVug3jN-fUYxfwT-+Ke=eV1zPUC8YgAAaHqZrZggcK7Or=tA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-Path: <cgozie7@gmail.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=ki1I49xVqumSL5IOZUVkhNZP/mbeTjCd55mRcc3rn0xzTzbw+XIMvhlHtHN31gL6Yy VpdVJDIGMQlQTGS5jyOBBdlFAbCR4TrAObZOn1IjUtDET/yXAxL0hIAtFn67BJeGpSq9 OVBn0jJAxVH3kvFIyuV2mJDCLsnwJvv6ZnwARFim8bsz/O8cJfcTpDm3k7tfnBDKg7pk PgwCg4SALREfPKlmBOAzNc0VLEdg2+Of6Bp4HVK6bwVdr6qTQNspkFWzn8AFB7GqfDfV lRwapEtzhFdnHK1OAQLAcVMUTYMdeuUXnC9YTgcE9I50A+oamPeI+Gcv8XyScvp/zT/+ wHUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7SmJkwt4HYfF2+9MdyFUN5MRVV9+Jx70aj2/gB7yE5Y=; b=mLkvgeHYws87ffHFK/X7fYaD+xQCgH4q3QcQtDYKv1KexQDzqNrf7/2bOPZuOgrhtA 49jrJM+WSeQApLSGDMHpwljPaXUgwl3Su3NWCWVuXsYiLKNLYYoKluamC05iZ/SHRi78 mRmsebD9AQWbFCgUjyZS7RbB5Mj7RcqOTStWJxXZpeEHhvgf8X30GSalFvo7/Ynyk/Cv 9xrgmpnxLkPZKh0ImTjZ/WQUcU9j/Kdm4dKv+g084KXf24Tr4xZy2d/ksVHMY7pykhly Wx1LamwCoYA6qBZJsa2IxXboKRdpcdjzH0JH4euDTGnxL1inWdqiXj9UQnPtY/jrVXXn H+jA==
X-Gm-Message-State: AOAM531WVDpQFIJu5hqAU+0FlfwuXQ3+ZeenhkmMzFoM946I7OtlqX9K shAXTq4XrMQ3fGPWomXBeEo3o4ySlcXZiYeUzr0=
X-Google-Smtp-Source: ABdhPJwYz4FnLavDHVG8D6ByLaN1QzmMuItOFtalxTj5kOEDpcnKdry4u++7KRab0WJho9xhbLdrHNgMQt1YZDuK2K8=
X-Received: by 2002:ac2:58d7:: with SMTP id u23mr6545768lfo.119.1589314683974; Tue, 12 May 2020 13:18:03 -0700 (PDT)
X-CTCH-RefId: str=0001.0A09020D.5EBB0483.004D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-CTCH-AVLevel: Unknown
X-Rcpt-To: <x>
X-SmarterMail-spam: SPF [Pass]: -2, Cyren [Unknown]: 0, SpamAssassin [raw:7]: 12, DK [None]: 0, DKIM [Pass]: -1
X-SmarterMail-SpamDetail: spam detection software, running on the system "spamassassin1.serverpoint.com", has
X-SmarterMail-SpamDetail: identified this incoming email as possible spam. The original message
X-SmarterMail-SpamDetail: has been attached to this so you can view it (if it isn't spam) or label
X-SmarterMail-SpamDetail: similar future email. If you have any questions, see
X-SmarterMail-SpamDetail: the administrator of that system for details.
X-SmarterMail-SpamDetail: Content preview: Dearest, This mail might come to you as a surprise and the
X-SmarterMail-SpamDetail: temptation to ignore it, I am Mrs Joyce mush and Daughter, from Cote D'Ivoire.
X-SmarterMail-SpamDetail: I want to transfer the sum of $3,500,000 Usd in your account, you help me
X-SmarterMail-SpamDetail: invest it in your country for my daughter future education. [...]
X-SmarterMail-SpamDetail: Content analysis details: (7.3 points, 6.0 required)
X-SmarterMail-SpamDetail: pts rule name description
X-SmarterMail-SpamDetail: ---- ---------------------- --------------------------------------------------
X-SmarterMail-SpamDetail: 0.0 T_WHOAMI EmailFilter1
X-SmarterMail-SpamDetail: 3.0 SUBJ_YOUR_FAMILY Subject contains "Your Family"
X-SmarterMail-SpamDetail: 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
X-SmarterMail-SpamDetail: (cgozie7[at]gmail.com)
X-SmarterMail-SpamDetail: 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
X-SmarterMail-SpamDetail: digit (cgozie7[at]gmail.com)
X-SmarterMail-SpamDetail: 0.0 LOTS_OF_MONEY Huge... sums of money
X-SmarterMail-SpamDetail: 1.0 FREEMAIL_REPLY From and body contain different freemails
X-SmarterMail-SpamDetail: 0.0 FILL_THIS_FORM Fill in a form with personal information
X-SmarterMail-SpamDetail: 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
X-SmarterMail-SpamDetail: 1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
X-SmarterMail-TotalSpamWeight: 9
Dearest,
This mail might come to you as a surprise and the temptation to ignore it,
I am Mrs Joyce mush and Daughter, from Cote D'Ivoire. I want to
transfer the sum of $3,500,000 Usd in your account, you help me
invest it in your country for my daughter future education.
Recently my doctor told me that my health condition is very bad due
to cancer problem having known my condition i decided to contact you.
Send me these informations; Full name, Address, Sex, Age, Occupation,
Phone/Mobile,State of origin, Country.I am waiting for your reply so
that i give you more details . Hoping to receive your response
immediately, E-mail Reply To; joycemush3@gmail.com
Thanks.
Sincerely .
From Mrs mush and Daughter.
0-2-2.txt