Snowbat

Problem with Hotmail/Outlook.com parsing

3 posts in this topic

For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here?

Two days ago, I deleted and reran mailhosts for this service but the problem persists.

 

https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz
https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z
https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz
https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z
https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z
https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z
https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az
https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz
https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez
https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az
https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z
https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z
https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z
https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z
https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z
https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz
https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z
https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z
https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z
https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z
https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez
https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z
https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z
https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z
https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z
https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z
https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz
https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz
https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z
https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z
https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z
https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz

Share this post


Link to post
Share on other sites

Anyone got any more ideas on this?  It is a big problem to me - I can no longer use spamcop to report originating email domains.  Not at all.

Every mail to my hotmail is being parsed as if it were coming from hotmail.

I have also deleted and re-run mailhosts, but the problem remains.

For each email it is using the *.prod.protection.outlook.com address (eg Received: from DB5EUR03HT094.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::15) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM) and this IPv6 address links back to report_spam@hotmail.  But further down the message source the real originating domain is revealed (eg Received: from unfructify.channelarea.com ([89.191.226.17]) by SNT004-MC4F23.hotmail.com).  In this example I want to send my report to this "channelarea.com" address, but I can't.

Could this be be something to do with them using an IPv6 "outlook" address instead of the IPv4 hotmail address to which mailhost is set?  My email domain is Hotmail, so that's all I can do to run mailhosts.

I've no doubt this is to do with a change Hotmail have put in place to protect their service and/or introduce IPv6 and/or merge more closely with Outlook.  But what do I need to do to get spamcop to recognise the real source, and not the Outlook IPv6 through which the message has passed?  Otherwise I can only use spamcop to report links within the emails, and not the source of those emails themselves.

eg https://www.spamcop.net/sc?id=z6385911404zca09268f3113b1f740d7c4c4950a45a4z

Share this post


Link to post
Share on other sites

I've found that by deleting all the "Received: from *outlook*" and "Received: from *hotmail*" lines, spamcop is once again able to process the headers correctly and send the spam report to the correct originating IP.  This should only be a temporary workaround though.  Spamcop should be able to cope with these headers, so I still need to know if I need to do anything for it to "learn" about these new headers.

For example, without the strikethrough lines, the following report (somewhat shortened for brevity) is now sent to 5.186.115.108 (abuse@fibia.dk)

Received: from VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::31) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM...
Received: from VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com
 (10.152.18.58) by VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com
 (10.152.19.102)...

Authentication-Results: spf=none (sender IP is 5.186.115.108)
 smtp.mailfrom=preparationresources.io; hotmail.com; dkim=none (message not
 signed) header.d=none;hotmail.com; dmarc=none action=none
 header.from=preparationresources.io;
Received-SPF: None (protection.outlook.com: preparationresources.io does not
 designate permitted sender hosts)
Received: from SNT004-MC2F10.hotmail.com (10.152.18.53) by
 VE1EUR03FT010.mail.protection.outlook.com (10.152.18.113)...

X-IncomingTopHeaderMarker: OriginalChecksum:E3D3E6A...
Received: from preparationresources.io ([5.186.115.108]) by SNT004-MC2F10.hotmail.com...
Received: from unknown (72.171.122.200)
    by smtp.endend.nl with LOCAL...
Received: from group21.345mail.com ([76.122.78.195]) by smtp.endend.nl with LOCAL...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now