Problem with Hotmail/ parsing

3 posts in this topic

For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here?

Two days ago, I deleted and reran mailhosts for this service but the problem persists.

Share this post

Link to post
Share on other sites

Anyone got any more ideas on this?  It is a big problem to me - I can no longer use spamcop to report originating email domains.  Not at all.

Every mail to my hotmail is being parsed as if it were coming from hotmail.

I have also deleted and re-run mailhosts, but the problem remains.

For each email it is using the * address (eg Received: from
 (2603:10a6:203:51::15) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM) and this IPv6 address links back to report_spam@hotmail.  But further down the message source the real originating domain is revealed (eg Received: from ([]) by  In this example I want to send my report to this "" address, but I can't.

Could this be be something to do with them using an IPv6 "outlook" address instead of the IPv4 hotmail address to which mailhost is set?  My email domain is Hotmail, so that's all I can do to run mailhosts.

I've no doubt this is to do with a change Hotmail have put in place to protect their service and/or introduce IPv6 and/or merge more closely with Outlook.  But what do I need to do to get spamcop to recognise the real source, and not the Outlook IPv6 through which the message has passed?  Otherwise I can only use spamcop to report links within the emails, and not the source of those emails themselves.


Share this post

Link to post
Share on other sites

I've found that by deleting all the "Received: from *outlook*" and "Received: from *hotmail*" lines, spamcop is once again able to process the headers correctly and send the spam report to the correct originating IP.  This should only be a temporary workaround though.  Spamcop should be able to cope with these headers, so I still need to know if I need to do anything for it to "learn" about these new headers.

For example, without the strikethrough lines, the following report (somewhat shortened for brevity) is now sent to (

Received: from
 (2603:10a6:203:51::31) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM...
Received: from
 ( by

Authentication-Results: spf=none (sender IP is;; dkim=none (message not
 signed) header.d=none;; dmarc=none action=none;
Received-SPF: None ( does not
 designate permitted sender hosts)
Received: from ( by (

X-IncomingTopHeaderMarker: OriginalChecksum:E3D3E6A...
Received: from ([]) by
Received: from unknown (
    by with LOCAL...
Received: from ([]) by with LOCAL...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now