thanks for the appraisal & guidance.
Re: retrieving the source, I used the same method I've been using since joining SC & for several years, lamely reporting to MS, however, today, MS have shipped their new wizzbang (not) upgraded Outlook, has been in beta for many months, now in production... I'm not sure if this may be the source of the issue, this is the 3 spam email I've had today with these results from SC & they're not errors I've encountered before...?
Even tho I can clearly see the blank lines in your assessment, when I extract the source this is what I see:
Received: from CO1NAM05HT092.eop-nam05.prod.protection.outlook.com (2603:10a6:802:28::17) by VI1PR0601MB2318.eurprd06.prod.outlook.com with HTTPS via VI1PR09CA0049.EURPRD09.PROD.OUTLOOK.COM; Tue, 30 Oct 2018 21:10:23 +0000 Received: from CO1NAM05FT040.eop-nam05.prod.protection.outlook.com (10.152.96.56) by CO1NAM05HT092.eop-nam05.prod.protection.outlook.com (10.152.97.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1294.4; Tue, 30 Oct 2018 21:10:21 +0000 Authentication-Results: spf=none (sender IP is 184.108.40.206) smtp.mailfrom=pharmacy.can; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=pharmacy.can; Received-SPF: None (protection.outlook.com: pharmacy.can does not designate permitted sender hosts) Received: from pharmacy.can (220.127.116.11) by CO1NAM05FT040.mail.protection.outlook.com (10.152.96.153) with Microsoft SMTP Server id 15.20.1318.5 via Frontend Transport; Tue, 30 Oct 2018 21:10:18 +0000 X-IncomingTopHeaderMarker:
Truncated - I've read your advice to not fill up the Forum with spam source files
The only thing I can thing to do is test extracting it with the mail app rather than the mail via browser & see if I get a different result.