Jump to content

Sven Golly

Members
  • Posts

    50
  • Joined

  • Last visited

Recent Profile Visitors

1,767 profile views

Sven Golly's Achievements

Member

Member (2/6)

0

Reputation

  1. I've been using a macro to report spam directly from Outlook 2019 for the past few years and it works well EXCEPT when the spam originates from Outlook.com. For some reason, SpamCop says headers not provided even though the macro goes to the original message headers, pulls them out and recombines them with the message text. This works for 99 out of 100 reports. Here's the macro: Sub ForwardSpam() Dim olItem As Outlook.MailItem, olMsg As Outlook.MailItem Dim strHeader As String Dim strFWHeader As String Dim strNote As String Dim oAccount As Outlook.Account For Each olItem In Application.ActiveExplorer.Selection strHeader = GetInetHeaders(olItem) strNote = "" For Each oAccount In Application.Session.Accounts If oAccount = "geldner@gmail.com" Then Set olMsg = olItem.Forward With olMsg .To = "submit.<my reporting address>@spam.spamcop.net" .BodyFormat = olFormatPlain .Body = strNote & vbCrLf & vbCrLf & strHeader & vbCrLf & vbCrLf & olItem.Body .SendUsingAccount = oAccount .Display ' change to .send when satisfied End With End If Next olItem.Delete Next Set olMsg = Nothing End Sub Function GetInetHeaders(olkMsg As Outlook.MailItem) As String ' Purpose: Returns the internet headers of a message.' ' Written: 4/28/2009' ' Author: BlueDevilFan' ' //techniclee.wordpress.com/ ' Outlook: 2007' Const PR_TRANSPORT_MESSAGE_HEADERS = "http://schemas.microsoft.com/mapi/proptag/0x007D001E" Dim olkPA As Outlook.PropertyAccessor Set olkPA = olkMsg.PropertyAccessor GetInetHeaders = olkPA.GetProperty(PR_TRANSPORT_MESSAGE_HEADERS) Set olkPA = Nothing End Function Here's the spam report that doesn't work. Note that if I cut & paste the headers from the message properties Box into the SpamCop submission form and likewise the message body, it works there. So perhaps something is amiss the way the macro assembles the two parts into a single message. CLICK 'BACK' BUTTON TO RETURN TO SPAMCOP ################################################################################ Return-Path: &lt;luna-s@hire-unicorns.com&gt; Delivered-To: me@mydomain.com Received: from rpcluster03.reliabledns.org by rpcluster03.reliabledns.org with LMTP id ELYgD4NyVmUtZAkAezToQA (envelope-from &lt;luna-s@hire-unicorns.com&gt;) for &lt;xxx@xxxxx.xxx.com&gt;; Thu, 16 Nov 2023 12:50:27 -0700 Return-path: &lt;luna-s@hire-unicorns.com&gt; Envelope-to: xxx@xxxxxx.xxx Delivery-date: Thu, 16 Nov 2023 12:50:27 -0700 Received: from mail-co1nam11on2128.outbound.protection.outlook.com ([40.107.220.128]:29606 helo=NAM11-CO1-obe.outbound.protection.outlook.com) by rpcluster03.reliabledns.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from &lt;luna-s@hire-unicorns.com&gt;) id 1r3iNb-002eqv-38 for xxx@xxxxxx.xxx; Thu, 16 Nov 2023 12:50:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mnWnSrbpU7rgj5+kN2p4uFMLVlLtbhvkNq1IKZQbQqa+hLMFn4xJ/0UbizRYquxqPfPDbe8aax tjkKiEg5m0O0ogseQVi5u4feVkreJPIcaU6+KbBwWIIubJpRrMs9lXkndsBIDaheMytSWKVaeojm kLIUb4jQrcBAacXQpVSlzxpflTO+LidxQ/0djVwbL1T5Zs3d1w0RweioNncCYmLaYRjWaXrH1T3a f3jN+FhdVx7qzxydIdwbBlvuNC5xLUHTrFmflX3OWu1sGFQMzfzVDoRNeHdI91AjUmmQBiK0i+Dp 2TyEEWTgebwnwWWoLBnd+fbUygOw/+aq5bsPSzeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiS pam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchang e-AntiSpam-MessageData-1; bh=ieragtnyApyGRHuj4GYIHx8gVnjaEAXWs0khb2ylCyY=; b=W7vATfhmjlrO4zE+y+Q3RGYSEtpKD9WdFt8Ypcs+M1ccy9FEJBo3oMzUW7rIshh3M88SHCd9Iv BytqDKwosnoTzuOLwrJ0otfUwWSk680qva9tQYuuH0Er1oCO3NqmkavBkQTkYY2qzIi+/NHIG/8u Hb5wsp4oRmTAFEjndjWCH52w4dD7rJ3D6xIX0YJvIXd5wtRSXAX/Cqw5jPYchjBO/CaJMDrBvy4A +63y9s7M2h+SXem7IKFArAhO2iriN0vbYbHdv4pIGgudvLF2DAKyL6qmpL0PfK4L12nV2F5xHH+P ZBGKCNJ2ELAr7JUYaNpUHIMoEt888lsywZiSfcbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hire-unicorns.com; dmarc=pass action=none header.from=hire-unicorns.com; dkim=pass header.d=hire-unicorns.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hire-unicorns.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-Sende rADCheck; bh=ieragtnyApyGRHuj4GYIHx8gVnjaEAXWs0khb2ylCyY=; b=ICyzb7SijlRal8ddqZDy2O3HJHtWqJIYAw+5/nc8EMlyKHWVufZflvIT8+JyRkXRfnh3pTQrZA RVq8OvE64nEaSA6o9EMCxtc70SBxtkg3i1yzlpdlqYnVUrxdMP51+qPp6FI2GDSriFG013BspQAZ 8F8kEeZoFO9/K9+IZ7whQEvLbjhq437qvLjfEoWtLd//vFfk1YTCFhKlsKZVdO1lFjIsmYt/qjYE A0ejOqEq68ShVAnfwhN5zKQKP/CFR6PGbe1Oj2hjhoO1iKHIQJtZH1xJ0vfBsmgzPQ6tcUGPExG8 DLmlRD6Jx428W0ma3QMWnfSrsXbEYa9MeLaIFMeg== Received: from MN2PR07MB7870.namprd07.prod.outlook.com (2603:10b6:208:185::29) by PH7PR07MB9562.namprd07.prod.outlook.com (2603:10b6:510:205::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.18; Thu, 16 Nov 2023 19:49:41 +0000 Received: from MN2PR07MB7870.namprd07.prod.outlook.com ([fe80::69c2:7aa7:6ae0:a7a0]) by MN2PR07MB7870.namprd07.prod.outlook.com ([fe80::69c2:7aa7:6ae0:a7a0%3]) with mapi id 15.20.7002.021; Thu, 16 Nov 2023 19:49:41 +0000 From: Luna Sanford &lt;luna-s@hire-unicorns.com&gt; To: xxxx &lt;xxx@xxx.com&gt; Subject: Re: Latam Engineers for XXX Thread-Topic: Latam Engineers for XXX Thread-Index: AQHaE0zgwrbRLITqxkupz/kaqyXwrLB9ZXpy Date: Thu, 16 Nov 2023 19:49:41 +0000 Message-ID: &lt;170016417845.501.9068474388601301836@e6d465b78a02&gt; References: &lt;169956238615.524.11954748674328018115@175d9957b182&gt; In-Reply-To: &lt;169956238615.524.11954748674328018115@175d9957b182&gt; Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=hire-unicorns.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN2PR07MB7870:EE_|PH7PR07MB9562:EE_ x-ms-office365-filtering-correlation-id: c1ca99b2-4815-4cbe-762b-08dbe6dd2cd2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: R8LtZXumO3WbsN5Kg0/KI76TLFCeLJf8DyXn0IVqc/ixZAe7tgiRqhY491p9GLbUtqvqPU3Vw7Z1 z4qhX0SMmF0YMMvbYmHt6QYnkaKyREdQ8Xyc6SheC8IosKi0ffhaSOB6pn5nvXvJIGF43i1hxLkd lURE32PWGBkueFDJhVIufO2sqxrWX0M7OFEKgDU5UBIPcFBE/vMW1wSCjrd9bVWu6Yz5TNfand31 g8Xs/ROtRS9CeQBKpau7xUWRmzqL6+ha1lTZBTjAFJD3Rztv4QO+RlvT2w+SCfK1w5IAGuhhAN6r NxqfvU++G4+aFbjanWc/TkT/RqEmpxSfa6rx+CzNQqodK8dGvtk8YvGh33dZeJlFSj4gS9IKsoUe Vxvwl9dMMoKTHenkYx9fWTIzG3XcIvtir0uX84b+YmeYl8sDRYH9Fmgztj098OgM+inOxvKWROEs ONMfGI9mvjnnrdkMHdl1ZcDPpcziABTT89Z5OLjTj37S843wiZsh90YlTm1MMxVh64agTdTE1M9b LO5vUS5UB8PhUBZT/kW5dUSJa/5YcA/ftS8R4hd4ETo/7AIEK0R526EmLWaa6X5GLZarS3FiFc++ A9GLHJAPV6vTAefeSyqaitO74MDQL+sKE7tcKzbHthZMwC6niqia+LcGOTBzSdXgub9lSK0ywbpa LNCYfaGnT/ueqy3YEsUpkNpF/G5gN//6kVvXK7JB8g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR07MB787 0.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(6019001)(7916004)(3 9860400002)(376002)(346002)(396003)(366004)(136003)(269900001)(2309220517990 03)(64100799003)(1800799009)(451199024)(186009)(6486002)(55236004)(8936002)( 6506007)(8676002)(478600001)(66476007)(6916009)(64756008)(76116006)(66946007 )(316002)(71200400001)(86362001)(66556008)(66446008)(83380400001)(26005)(651 2007)(9686003)(2906002)(5660300002)(41300700001)(38100700002)(122000001)(337 16001)(38070700009)(166002)(335405007)(130860200001)(13018025007);DIR:OUT;SF P:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?14y/w3rdAxUWC+z8h/ES1Gk6Eib2mZ435Zt1zsvdOFTs3QeEAHvvEaJ3?= =?Windows-1252?Q?U/Bt42aXN3ymcYehekPM/wGoaR1wkMCTP/jHx+UDRJTjnQmSj5BDeH2h?= =?Windows-1252?Q?pzKyUuPijZ0e0KYE1q2vkQcUAqULPHGpNRB0PWrfH0WcSAAwwInUD8BD?= =?Windows-1252?Q?h+AsETzbZsdxon4xn27+9F/zqPS083gEJwRgYhoGH7p3EQBdOwSTdpgq?= =?Windows-1252?Q?M/9oWvZ0RbuhfJY7lY8Kj1CGIBeESVyEp+zo3NHfGM/jndTiG3Uaik9W?= =?Windows-1252?Q?SiyVieWn5Eez+ggG6Tm+YEKW9l1CmDwgg9Weooo7XNuMSzo6J0qJ4sy8?= =?Windows-1252?Q?pt63uutddLUuAizlIPystAHLNI6MCRQ0nAg7w1JCdKEC5eTOiR0cKiI5?= =?Windows-1252?Q?5L/TZJmiL83Ti6+k1/TBAtqymExotuMLUHO9yhZxb2Fe4mtLk+CH7ZXt?= =?Windows-1252?Q?BRIUS2iA+Pfm+Rm3amEgeEqDQGkCWS46C6eqIpmoTTnivFXdwbyf+A5K?= =?Windows-1252?Q?NSX6u6aDoufCcgGw4ujcdKbRWrYCY3if/QJ96or4MvGbfdnbqeYioWxF?= =?Windows-1252?Q?gPGb4Rlj4mq0SQlHP6qjGkM+nlUKxAvfClxXi3vQX9WNstFIPrx78g1R?= =?Windows-1252?Q?CNnN9oWskJh4u7T8CgId7jM/+73ji6yApzCdk/hlYSQ8jN8KDfyjqU4W?= =?Windows-1252?Q?uBkqv4AJTi4Q2B1oY66XSo/tZ5MPOsPtpu7tAjvja5d4N0D0Iv5E65F/?= =?Windows-1252?Q?xI3bKHmNNU0BxVdFdoBH+9L8acNecO8KwmK4qN/sj1TA0FQ67dzsCX/E?= =?Windows-1252?Q?wjWrB0JKutQyQGcNgCKIBgpcDcac5qwT/7bDcvvSSCYcMqKAIJJ9IAhV?= =?Windows-1252?Q?6fTNhyuYH7MVnclj4I8E/6LuNzpQMQA+XBXt65wz0qkVEdb0cawSYwIB?= =?Windows-1252?Q?YBQj8eBp1RlRgC5nUSu6wMZucHqvsQpMtPUDiQmHJF+zD/CxRslHD1gi?= =?Windows-1252?Q?iH5kAMzxIHMALiYFRkI+/Ekkl5HICpXE5OtWG2ynGxbewEkZx6E0UKnr?= =?Windows-1252?Q?9051g+uzTkMku48vsIquFy1byKNL+JwABfnUlDEyn6D3/kD8jjV6MKYK?= =?Windows-1252?Q?so+sUtx4zcenlg5NU6jF9R1HBq1/U2bYemOaTshfc6cZpe+bYd/tmKs1?= =?Windows-1252?Q?tBa6qDS3Gh2fZ0MK4pr0asUIBRCDx/fiQOzgsxpJcgtLxD/QB7TBMUl6?= =?Windows-1252?Q?+YCBdvdDiHKEJWXYrEJeDg6VptJM1Tu20uoTsQKr6vgmQgsHsJof19E4?= =?Windows-1252?Q?STgr9hP10St6dXkkwZGnbTIPjqjnjaOLR/NJ4J0I9vhoO0fAe5tQmmZR?= =?Windows-1252?Q?QDoHEL6KfC5m7x2NK2en0vWyY84q4HTqtOlb0G//7XND8QxcJcqkFUtu?= =?Windows-1252?Q?U/fmkXDE6WZOD8cTc5i+7ic0VUf1RtwmYfRdTwdpDJgWkItr81vjExK6?= =?Windows-1252?Q?nYASx0jJM3aKqkttwnfUpWQmcZTnPNPHM1sOVx0NgXNlqbKFKFdrGcot?= =?Windows-1252?Q?Wv0BsiUbwIT9oa9547x65AA1GUT3y+EX6e2bBWxcyMY9AYTqJv20bJLG?= =?Windows-1252?Q?wvJx/EnPqBsb1X2wLx+SyuMZVf/mjbfc74M6xBD+uR2d6zf8ai4xSTuO?= =?Windows-1252?Q?uJWGr/9iIS4mrIV+/0rcTjYKwKqpjHfo?= Content-Type: multipart/alternative; boundary=&quot;_000_1700164178455019068474388601301836e6d465b78a02_&quot; MIME-Version: 1.0 X-OriginatorOrg: hire-unicorns.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR07MB7870.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c1ca99b2-4815-4cbe-762b-08dbe6dd2cd2 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2023 19:49:41.7102 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: c9eedad5-d719-4b86-a087-a09032005ffb X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UkgYrUQudYIL53tHkdKEuflbGhtLpJRrAvjmFsa0n/se0oBDYLCGYJt+72Hi+DhPq62rrBSS11CW okQmphGIsZF39eyS5y1QADyOpcRdc3Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR07MB9562 X-spam-Status: No, score=0.6 X-spam-Score: 6 X-spam-Bar: / X-Ham-Report: spam detection software, running on the system &quot;rpcluster03.reliabledns.org&quot;, has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: XXX, I&#39;d like to mention that we work on a result basis. So there are no payments done until we find the perfect candidates you&#39;re looking for. Our talent pool has extensive experience working for companies such as Uber, WeWork, MercadoLibre, Nubank, and more. Content analysis details: (0.6 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4996] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author&#39;s domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 LOTS_OF_MONEY Huge... sums of money X-spam-Flag: NO XXX, I&#39;d like to mention that we work on a result basis. So there are no payments done until we find the perfect candidates you&#39;re looking for. Our talent pool has extensive experience working for companies such as Uber, WeWork, MercadoLibre, Nubank, and more. The typical salary of a Senior Engineer (+5 years of experience) is $50,000 annually. Is it worth a chat to explore this? Luna If you have received this message in error, please notify the sender &lt;http://12.213.192.35.bc.googleusercontent.com/733d4ba2741768ec2ac88af8cbe26 96b&gt; immediately so that we can ensure such a mistake does not occur in the future. On Thu, 9 November 2023 8:39pm &lt;luna-s@hire-unicorns.com &lt;mailto:luna-s@hire-unicorns.com&gt; &gt; wrote: Hey XXX, I&#39;m Luna from Hire Unicorns. Hiring Software Engineers in the USA is typically a time-consuming and expensive challenge. Talent is short and salaries are through the roof. Have you considered expanding your talent pool overseas? We help startups and SMBs hire elite Engineers based in South America. The region has 6+ hours of overlapping with the USA and up to 70% savings in salary costs. Our expertise spans from java scri_pt and Kotlin to Machine Learning and Blockchain. Keen to know if a conversation is worth it. Best, Luna Sanford Business Development Manager @ Hire Unicorns If you have received this message in error, please notify the sender &lt;http://12.213.192.35.bc.googleusercontent.com/7db647422dc6731fae8fe710c9448 877&gt; immediately so that we can ensure such a mistake does not occur in the future.
  2. SpamCop has been devnulling SendGrid & SalesForce (now same company) reports for the past two years at least. SalesForce has bounced direct reports from me as well. The big issue with SF/ SG is that none of their customers that spam honor opt-outs or unsubscribes. I elevated a complaint through a buddy of mine who was a VP at SalesForce. Even he couldn't get anywhere. It all just goes into a black hole of "we don't give a s***."
  3. This is typical of the parser response when the email originates from outlook.com. SpamCop.net I use Outlook 2016 desktop with a macro that assembles the internet headers back onto the body as one email attachment. Don't have any issues with it other that this. Any thoughts? SG
  4. More spam/scam/ phishing emails incoming with just an image embedded and no text. It bypasses Spamcop reporting. https://www.spamcop.net/sc?id=z6771566422zabf63e5f7a3a1fd548e086c98a8f5ea8z
  5. Microsoft Edge notified me on login to my Spamcop account that my Spamcop account and password had been exposed in a trove and recommended changing passwords (which I did). Do Spamcop admins have any comment?
  6. I have a friend who's fairly well respected within Salesforce.com. I shot him a sample of the emails (consistently from The Economist who refuses to honor opt-out requests). I can block them easily but When I have extra time, I prefer to work on the root of the problem.
  7. Eonix, Layerhost and it's related businesses have been the third biggest sources of spam on my hosted domains. #1 with a bullet is Google. #2 is AWS. Reporting to AWS is next to useless. I noted from another post that Google has stopped accepting SpamCop reports. I'll have to see if that's the case on my end.
  8. It seems I have been seeing more SpamCop reports going to devnull lately. For example, I am getting spam via salesforce.com and those ALL go to devnull. Is this because salesforce.com is not acting? Do they have a behind the scenes deal with CISCO (SpamCop)? Salesforce does have a working abuse@salesforce.com address so it can't be lack of that. Any thoughts?
  9. Wouldn't you be better off just using the Hotmail spam flagging feature? It reports, blocks and is probably a more direct and successful route than going through SpamCop.
  10. WARNING: NECRO POST REVIVAL Just when you thought it was safe to go in the water, the ServerHub spam support machine has cranked back up again. I continue to report them via SpamCop (some are such bad spam that the reports get flagged as outgoing spam by my mail provider). They continue to auto-reply with BS that makes it sound like they are doing something. But they aren't. Example: SpamCop.net
  11. I am getting this error message when the message being reported is in fact dated today 12/4 and first appeared on my server today. See: SpamCop.net for report.
  12. For some reason, I could not change my mailhosts to accommodate my provider. A SpamCop admin gave me an exemption which worked for a bit but now I'm faced with a new problem. Again, I think it's probably due to the number of different servers our webhost uses. "Mailhost configuration problem, identified internal IP as source" yet reading the headers, it seems to come from outlook.com (aka Microsoft / hotmail /365)/) I noticed that they frogged my domain (geldner.com). https://www.spamcop.net/sc?id=z6643253727zd5ae1bdabed33c527117d9381682d770z
  13. Somehow, this particular type of spam seems to confound Spamcop. I get a mailhost configuration problem when reporting via email. Reconfiguring my mailhosts does nothing to improve this. This spam seems pretty sophisticated in that it shows up with full pictures on my phone yet looks like weird text in Outlook preview (images disabled). The source IP appears to be: 82.147.70.59 which goes back to a Russian provider. https://www.spamcop.net/sc?id=z6640595520za6b456852b82bb903ea1937266b051bbz
  14. Interesting logic I guess. But they still never make it onto the SCBL. They are good at the snowshoe tapdance.
×
×
  • Create New...