Jump to content
Sign in to follow this  
nathanielrsuchy

Issues with reporting emails from a mail forwarded address...

Recommended Posts

So when I get multiple messages such as the message below it gives me multiple reporting addresses including my own email provider abuse@apple.com since the messages are forwarded from personal domain to my icloud email address to my gmail address. So far I've been including abuse@apple.com should I continue to do so?

Delivered-To: x 
Received: by 10.107.145.65 with SMTP id t62csp2133937iod; 
       Wed, 20 Jul 2016 05:45:35 -0700 (PDT) 
X-Received: by 10.98.31.219 with SMTP id l88mr26142228pfj.155.1469018735540; 
       Wed, 20 Jul 2016 05:45:35 -0700 (PDT) 
Return-Path: <SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz> 
Received: from pv38p41im-ztdg02061201.me.com (pv38p41im-ztdg02061201.me.com. [17.133.179.23]) 
       by mx.google.com with ESMTPS id w2si3222856pac.286.2016.07.20.05.45.35 
       for <x> 
       (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); 
       Wed, 20 Jul 2016 05:45:35 -0700 (PDT) 
Received-SPF: neutral (google.com: 17.133.179.23 is neither permitted nor denied by domain of srs0=qqqr=tk=hotmail.com=rajuseo.webprovider@nsuchy.xyz) client-ip=17.133.179.23; 
Authentication-Results: mx.google.com; 
      dkim=fail header.i=@hotmail.com; 
      dkim=pass header.i=@icloud.com; 
      spf=neutral (google.com: 17.133.179.23 is neither permitted nor denied by domain of srs0=qqqr=tk=hotmail.com=rajuseo.webprovider@nsuchy.xyz) smtp.mailfrom=SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz; 
      dmarc=fail (p=NONE dis=NONE) header.from=hotmail.com 
Received: from process-dkim-sign-daemon.pv38p41im-ztdg02061201.me.com by 
pv38p41im-ztdg02061201.me.com 
(Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) 
id <0OAM00C005Z2XB00@pv38p41im-ztdg02061201.me.com> for 
x (ORCPT x); Wed, 
20 Jul 2016 12:45:35 +0000 (GMT) 
Received: from pv38p41im-mail41534a.me.com ([17.133.132.155]) 
by pv38p41im-ztdg02061201.me.com 
(Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) 
with ESMTP id <0OAM00LKR63YFY20@pv38p41im-ztdg02061201.me.com> for 
x (ORCPT x); Wed, 
20 Jul 2016 12:45:34 +0000 (GMT) 
Received: from mr28p00im-smtpin031.me.com ([17.110.71.30]) 
by ms41534.mac.com (Oracle Communications Messaging Server 7.0.5.36.0 64bit 
(built Sep  8 2015)) with ESMTP id <0OAM002MF63YYK90@ms41534.mac.com> for 
x (ORCPT x); Wed, 
20 Jul 2016 12:45:34 +0000 (GMT) 
Received: from improvmx.com (improvmx.com [192.241.186.150]) 
by mr28p00im-smtpin031.me.com 
(Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) 
with ESMTP id <0OAM004IO63W1YC0@mr28p00im-smtpin031.me.com> for 
x (ORCPT x); Wed, 
20 Jul 2016 12:45:34 +0000 (GMT) 
Authentication-results: mr28p00im-smtpin031.me.com; spf=pass 
(mr28p00im-smtpin031.me.com: domain of 
SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz designates 
192.241.186.150 as permitted sender) 
smtp.mailfrom=SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz; 
Received-SPF: pass (mr28p00im-smtpin031.me.com: domain of 
SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz designates 
192.241.186.150 as permitted sender) receiver=mr21p00im-spfmilter003.me.com; 
client-ip=192.241.186.150; helo=improvmx.com; 
envelope-from=SRS0=Qqqr=TK=hotmail.com=rajuseo.webprovider@nsuchy.xyz; 
Authentication-results: mr28p00im-smtpin031.me.com;       dkim=pass (2048-bit key) 
header.d=hotmail.com header.i=@hotmail.com header.b=t+pECNQ9;       dkim-adsp=pass 
Received: from improvmx.com (localhost [127.0.0.1])       by improvmx.com (Postfix) 
with ESMTP id 5F4B040742       for <x>; Wed, 
20 Jul 2016 12:45:32 +0000 (UTC) 
Received: from BAY004-OMC1S26.hotmail.com 
(bay004-omc1s26.hotmail.com [65.54.190.37]) by mx1.improvmx.com;Wed, 
20 Jul 2016 12:45:32 -0000 
Received: from APC01-SG2-obe.outbound.protection.outlook.com ([65.54.190.61]) 
by BAY004-OMC1S26.hotmail.com over TLS secured channel with Microsoft 
SMTPSVC(7.5.7601.23008);       Wed, 20 Jul 2016 05:45:31 -0700 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; 
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; 
bh=MMnQHYeUFNWwudWIAavgegpFrEt0m+r48PCFmA2unTc=; 
b=t+pECNQ9+9CpM4JKwV6Uc3kZDH+/1AtOunJWMLqHJFTA3nLcti2+vD6wSH+jlDcIQTQ8ri76PBIy50U5tybOvEb0ce8jmg/bsQjUIFwuqK5ZDscQheY+y3LVOMjyP8Sh1FKWfX/N33xzOKQusC723UCj14Lxy9tSNjwTZBrTupYLZlMNIg0IQDB8uXZwHf4a5j7ChTOVcPhv4NtGfkcEAvJMuDRlCE6wrwIAVItRIU3MqasiiTI2epcS9MNtObYZM7QYnr7JdO/QGpI0ZLffS4atScfOZAIFF/uZ7/4mQGnGQuo9BV9VE44VYMI647+PnYvaNhA5tVFlLOWK+g8C/Q==
Received: from SG2APC01FT029.eop-APC01.prod.protection.outlook.com 
(10.152.250.57) by SG2APC01HT036.eop-APC01.prod.protection.outlook.com 
(10.152.251.115) with Microsoft SMTP Server (TLS) id 15.1.517.7; Wed, 
20 Jul 2016 12:44:34 +0000 
Received: from HK2PR02MB0737.apcprd02.prod.outlook.com (10.152.250.57) 
by SG2APC01FT029.mail.protection.outlook.com (10.152.250.214) 
with Microsoft SMTP Server (TLS) id 15.1.523.9 via Frontend Transport; Wed, 
20 Jul 2016 12:44:22 +0000 
Received: from HK2PR02MB0737.apcprd02.prod.outlook.com ([10.161.185.20]) 
by HK2PR02MB0737.apcprd02.prod.outlook.com ([10.161.185.20]) 
with mapi id 15.01.0549.003; Wed, 20 Jul 2016 12:44:16 +0000 
From: Raju Rawat <rajuseo.webprovider@hotmail.com> 
Subject: Ecommerce website development company 
Thread-topic: Ecommerce website development company 
Thread-index: AQHR4oRn6se6xlgYgEGjl3o0Znbv3Q== 
Date: Wed, 20 Jul 2016 12:44:16 +0000 
Message-id: 
<HK2P______________________________5080@HK2PR02MB0737.apcprd02.prod.outlook.com> 
Accept-Language: en-US 
Content-language: en-US 
Authentication-results: spf=softfail (sender IP is 25.152.250.57) 
smtp.mailfrom=hotmail.com; ditto.com; dkim=none (message not signed) 
header.d=none;ditto.com; dmarc=fail action=none header.from=hotmail.com; 
Content-type: multipart/alternative; 
boundary=_000_HK2PR02MB0737A0FCE9E6B1639C704B1AE5080HK2PR02MB0737apcp_ 
MIME-version: 1.0 
X-OriginalArrivalTime: 20 Jul 2016 12:45:31.0428 (UTC) 
FILETIME=[99CBB640:01D1E284] 
To: Undisclosed recipients: ; 
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, 
definitions=2016-07-20_08:,, signatures=0 
X-Proofpoint-spam-Details: rule=notspam policy=default score=0 spamscore=0 
clxscore=1030 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 
bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 
engine=8.0.1-1510270003 definitions=main-1607200146 
x-spam-flag: yes 
x-icloud-spam-score: 33213511 
f=hotmail.com;e=nsuchy.xyz;is=yes;ir=no;spf=pass;dkim=pass;dmarc=fail/(noPolicy);gdwl=absent;pps=ham;clxs=spam;clxw=neutral;pwl=absent 
X-Proofpoint-spam-Details: rule=notspam policy=default score=0 spamscore=0 
clxscore=-169 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 
bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 
engine=8.0.1-1510270003 definitions=main-1607200146 
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, 
definitions=2016-07-20_08:,, signatures=0 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-tmn: [Z4+RI5Jhz02Ux4m1LHl+Lbq8CYJ1cEPK] 
x-eopattributedmessage: 0 
x-forefront-antispam-report: 
CIP:25.152.250.57;IPV:NLI;CTRY:GB;EFV:NLI;SFV:NSPM;SFS:(10019020)(98900003);DIR:OUT;SFP:1102;SCL:1;SRVR:SG2APC01HT036;H:HK2PR02MB0737.apcprd02.prod.outlook.com;FPR:;SPF:None;CAT:NONE;LANG:en;CAT:NONE; 
x-ms-office365-filtering-correlation-id: 22da7959-577a-4a0f-6aa9-08d3b09b8fa3 
x-microsoft-antispam: 
UriScan:;BCL:0;PCL:0;RULEID:(1601124038)(5061506196)(5061507196)(1603103041)(1603101187)(1601125047);SRVR:SG2APC01HT036; 
x-exchange-antispam-report-cfa-test: 
BCL:0;PCL:0;RULEID:(432015012)(82015046);SRVR:SG2APC01HT036;BCL:0;PCL:0;RULEID:;SRVR:SG2APC01HT036; 
x-forefront-prvs: 000947967F 
X-OriginatorOrg: hotmail.com 
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2016 12:44:16.3090 (UTC) 
X-MS-Exchange-CrossTenant-fromentityheader: Internet 
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa 
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2APC01HT036 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com;       s=4d515a; 
t=1469018735;       bh=MMnQHYeUFNWwudWIAavgegpFrEt0m+r48PCFmA2unTc=; 
       h=From:Subject:Date:Message-id:Content-type:MIME-version:To; 
       b=rg+b/lwF0snU6UPwk2GaXM9aR7NwM6CgaNbUpLb2J9q/zg4FywzopEKKjrppz7wqn 
TDOzkVNakoxYIpPULIRzjFt8ex3Vv6I+bkZqUOrC057BXsqPfzzMv9v+sj3oP0qQWJ 
98iSVknhNhHXOS0hvVZlm7gPpqiE8+Aq/ie3fiieRgzsySsnOlc5lkYmXZZ42T8KKV 
TEHtP1GtgLgmaQTNvbEqA6Bp7+EDhM77CP4CDcNg+HOxby++/CQUp7eDGTvIR5LHUg 
7PT7cMNw9gxCaOKYhK6en16KGAMYCPJcfB44zIbsDM+KK51pvdFc18EpPMHNCXQCVh 
nzCG3r8IP7iew== 

--_000_HK2PR02MB0737A0FCE9E6B1639C704B1AE5080HK2PR02MB0737apcp_ 
Content-Type: text/plain; charset="iso-8859-1" 
Content-Transfer-Encoding: quoted-printable 

Hello, 
I am Business Executive with an Indian Based Web Design and Development Org= 
anization. 
A Website determines the brand of a firm in Online World. Today many compan= 
ies in your business domain are using lot of interactive and user friendly = 
tools to grab maximum eyeballs thus enhancing their online business and pre= 
sence. The structure of your site's content, intuitive navigation, and visu= 
ally inviting design elements, all combine to create a winning design. 

We have been providing web design services for the past 9 years and all our= 
websites are designed and developed with a special focus on increasing con= 
versions and enhancing the customer experience. 
We provide back end Web Development support to a number of agencies and hav= 
e expertise in: 
* Developing highly effective corporate websites, flash designs, E- Commerc= 
e/Online Web Stores to name a few. 
* PhP, MySql, .NET, Joomla, WordPress, Perl, Druple, ASP, JSP, HTML. 
* Design - Flash, Photoshop, Corel. 
* ECommerce - OS Commerce, Zen Cart, Virtue Mart, Pay Pal , FedEx and any c= 
heckout payment gateway systems. 
Let me know if you have any requirement or want a fresh look and increasing= 
sales so that we will be able to provide you further solution as per your = 
requirements. 
Looking forward to your reply. 
Thanks 
Raju Rawat 



Sent from Outlook<http://aka.ms/weboutlook> 


.

Share this post


Link to post
Share on other sites

Have you updated you MailHost sense you started forwarding your email through the iCloud?

It would be much more informative if you would include an example of the spam using the Tracking URL instead of the spam its self.  That way the rest of us could see what the parser did instead of guessing based on your interpretation and/or going through the header by hand.  (To say nothing of making this tread much shorter to scroll through).

Share this post


Link to post
Share on other sites

 "www.spamcop.net/mcgi?action=gettrack&reportid=6496679638"  is the report id. This is only visible by you

www.spamcop.net/sc?id=.... The second you provided is the Tracking URL ~~ thanks

I would continue to report to abuse[at]apple.com.  Looks to me like the spam comes from inside apple, though not sure much will happen.

The second report is being sent to the ISP of a link included in the body of the spam.  Well actually the host of the "unsubscribe" link.

Share this post


Link to post
Share on other sites

Ok. I have my personal domains email forwarding to icloud via improvmx and then icloud forwarding to gmail. I'm not sure if the reports to Apple will accomplish. For the time being I'll continue processing the reports and sending them to Apple as well as other ISPs involved.

Share this post


Link to post
Share on other sites

If you "own" the email address where forwarding is activated, you might want to add both it and the email address where the forwarded emails are being received to your mailhosts and see if that helps alleviate the problem.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×