Jump to content
jdseymour

Office365 hosted email always reports to the same place

Recommended Posts

This has been a problem for me for months now - possibly every since we switched our mail hosting to Office 365.

Every time I report a spam that came through Office 365, Spamcop identifies an IPv6 address as the source and wants to send the report to "report_spam@hotmail.com".  I've seen other reports on this forum about similar problems.

As far as I can tell, my mailhost is set up properly.

Is there a workaround or solution to this problem?

Thanks.

Share this post


Link to post
Share on other sites

A tracking URL would help others see the problem and what the parser is doing with your submission.

Share this post


Link to post
Share on other sites

Unfortunately that is a spam Report id not a Tracking URL The rest of us can not see the data. Tracking URL should look like:

Quote

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6460902591ze58866bb7d3b017ceab1bc1dc060e36az

 

Share this post


Link to post
Share on other sites

Yes, I have mailhosts configured.  The relevant one shows in my list as "Hotmail/MSN".

When I first discovered this problem, I deleted that configuration and re-created it.  But the problem remained.

 

Share this post


Link to post
Share on other sites

For those playing along at home...

I found a workaround to this issue - though it's not 100% kosher.

If I trim out the two or three "Received" lines at the top of these messages, Spamcop will parse it properly.

The problem appears to be that Microsoft adds some Received lines with IPv6 headers - but the chain doesn't add up.  Specifically, in a message received this morning, the Received lines show the following paths:

Quote

MWHPR14MB1597.namprd14.prod.outlook.com (2603:10b6:300:ae::25) -> CY4PR14MB1590.namprd14.prod.outlook.com
CY1PR14CA0018.namprd14.prod.outlook.com (2a01:111:e400:5282::28) -> MWHPR14MB1597.namprd14.prod.outlook.com (2603:10b6:300:b4::23)
CO1NAM03FT006.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::208) -> CY1PR14CA0018.outlook.office365.com (2a01:111:e400:5282::28)
edm.speechuuspeech.info (150.109.43.48) -> CO1NAM03FT006.mail.protection.outlook.com (10.152.80.75)

 

As you can see, the top line doesn't have an IP address and doesn't link with the second line.  If I trim just the one line out, though, it still fails and wants to report to hotmail.  I need to trim the first two (or three) lines to get a good parse.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×