Jump to content

Unable to submit spam: "This header is incomplete. Please supply full headers of the spam.. etc"


MIG

Recommended Posts

Quote

Received: from BY2NAM03FT017.eop-NAM03.prod.protection.outlook.com

 (10.152.84.51) by BY2NAM03HT190.eop-NAM03.prod.protection.outlook.com

 (10.152.85.197) with Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1294.14; Thu, 1 Nov

 2018 01:20:11 +0000

Authentication-Results: spf=pass (sender IP is 91.234.35.85)

In the copy of the spam you reported notice all the blank lines.  According to the email standard, the "Header" portion of the email ends with the first blank line.  Therefore, as reported the parser thinks the header ended after the first line and that "(10.152.84.51) by BY2NAM03HT190.eop-NAM03.prod.protection.outlook.com" is part of the body of the email.

This problem is caused by the outlook web application or how you retrieved the email.

Link to comment
Share on other sites

Hello LKing,

thanks for the appraisal & guidance.

Re: retrieving the source, I used the same method I've been using since joining SC  & for several years, lamely reporting to MS, however, today, MS have shipped their new wizzbang (not) upgraded Outlook, has been in beta for many months, now in production... I'm not sure if this may be the source of the issue, this is the 3 spam email I've had today with these results from SC & they're not errors I've encountered before...?

Even tho I can clearly see the blank lines in your assessment, when I extract the source this is what I see:
Received: from CO1NAM05HT092.eop-nam05.prod.protection.outlook.com (2603:10a6:802:28::17) by VI1PR0601MB2318.eurprd06.prod.outlook.com with HTTPS via VI1PR09CA0049.EURPRD09.PROD.OUTLOOK.COM; Tue, 30 Oct 2018 21:10:23 +0000 Received: from CO1NAM05FT040.eop-nam05.prod.protection.outlook.com (10.152.96.56) by CO1NAM05HT092.eop-nam05.prod.protection.outlook.com (10.152.97.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1294.4; Tue, 30 Oct 2018 21:10:21 +0000 Authentication-Results: spf=none (sender IP is 201.157.183.34) smtp.mailfrom=pharmacy.can; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=none action=none header.from=pharmacy.can; Received-SPF: None (protection.outlook.com: pharmacy.can does not designate permitted sender hosts) Received: from pharmacy.can (201.157.183.34) by CO1NAM05FT040.mail.protection.outlook.com (10.152.96.153) with Microsoft SMTP Server id 15.20.1318.5 via Frontend Transport; Tue, 30 Oct 2018 21:10:18 +0000 X-IncomingTopHeaderMarker:

Truncated - I've read your advice to not fill up the Forum with spam source files :)

The only thing I can thing to do is test extracting it with the mail app rather than the mail via browser & see if I get a different result.

 

Link to comment
Share on other sites

Hmmm, well accessing the "source" via OL 2016 application only provides [Internet Headers] up to MIME-Version: 1.0, too easy i thought, I'll merge both "sources, result:

https://www.spamcop.net/sc?id=z6497304898z7fabab608a9bb85e2813e9a087b130fbz

No body text provided, check format of submission. spam must have body text.

??

Back to reading " SpamCop Parsing and Reporting Service : (Category)How do I get my email program to reveal the full, unmodified email?"?

If anyone has any information please it will be gratefully received?

 

 

 

Link to comment
Share on other sites

Microsoft Outlook (all versions) Outlook does not properly forward mail with the headers and message body intact. It is not possible to use SpamCop's email submission system with Outlook unless you use one of the below add-on programs or similar macro.

This is not making sense, up until today I've successfully submitted spam received by https://outlook.live.com/mail/ have always been able to extract source & no issues with formatting, empty spaces, nor have I had to use add-on programmes/macros... ?

This doco - https://www.spamcop.net/fom-serve/cache/122.html - Microsoft Outlook (all versions) doesn't seem to cover OL Live or OL 2016 app...

Tad confused...

 

Link to comment
Share on other sites

Many times, pasting the spam into a blank notepad first, will take care of those empty lines or will show that there are empty lines. Usually this happens when there is a carriage return (cr) and a line feed (lf) like in unix (cr/lf) and microsoft (cr) receives it...

Link to comment
Share on other sites

10 hours ago, ANGEL said:

Re: retrieving the source, I used the same method I've been using since joining SC  & for several years, lamely reporting to MS, however, today, MS have shipped their new wizzbang (not) upgraded Outlook,

"today, MS have shipped their new..." and you have identified the cause of the problem.  A solution/work-around is an other matter.  When you find a solution, please post here for other Outlook user.

Link to comment
Share on other sites

 


RobiBue, Thanks for replying, unfortunately copy to txt file was not making any difference.. That's why this was driving me  kinda nuts!
LKing, thank you for the "Outlook Beta in production" affirmation.

The solution I used was:

> scummy, phishing spam email:
1. Extract source.
2. Remove 1st "Received:  from...." statement. 
3. Copy from: 2nd "Received:from..." to "MIME-Version:..."
> https://www.spamcop.net/
4. Paste output to: "Paste headers and optionally mime separators in first box"

> scummy, phishing spam email:
5. Copy everything remaining after "MIME-Version:..."

> https://www.spamcop.net/
6. Paste output to: "Paste decoded email body in second box:"
7. Select "Process spam"

8. Write furious email to MS & post commentary to the "UserVoice Forum" >  https://outlook.uservoice.com/, [select whichever platform you use] knowing full well they'll ignore it.

9. Make a cuppa & pat the dog, not necessarily in that order.

On the subject of new "Outlook/beta", the root cause of "Unable to submit spam: "This header is incomplete. Please supply full headers of the spam.. etc", there are other changes to how https://outlook.live.com/mail/ "email source data" is accessed, I'll add these shortly...

Edited by MIG
Link to comment
Share on other sites

Hmmm, good news & bad news...

  • Every spam I've attempted to submit today, using the method above, has resulted in various errors:
  • This header is incomplete.
  • No source IP address found
  • No blank line delineating headers from body - abort
  • Probably not full headers

https://www.spamcop.net/sc?id=z6497458241zb5d9f857204219152e648a2d4b551788z
https://www.spamcop.net/sc?id=z6497459993z09d158e422fd007e21fc6c936ac40470z
https://www.spamcop.net/sc?id=z6497470557zf4f929417b14cbed5c9cd04f012742d0z
https://www.spamcop.net/sc?id=z6497480011z38c3d94e5effec3db9f81475b1620e57z
https://www.spamcop.net/sc?id=z6497480619za1aa66a059cecea76feb30bae49f9691z

{Side note to admins, In my efforts to sort this I think I've duplicated 1 spam submission, apologies!}

However, when I accessed Outlook livemail via [ https://outlook.live.com/owa/?path=/classic ], not only was I able to extract the source data without trouble, I was also successful submitting a scummy spam email to Spamcop.

I don't know what changed between last night & today, I'm not techie enough to work out what dark road MS have gone down but the end result is MS is making it harder for spam fighters and easier for spammers.

You may think, no problems, we'll all just use: [ https://outlook.live.com/owa/?path=/classic ], sadly OL LiveMail Classic has a pending death date, which leads me to ponder, surely there is/are "someone/s" out there, who have enough clout to engage with MS, enlighten them & if they remain dumbly determined not to modify/enhance OL_New_web_Mail [https://login.live.com/login.srf?wa=wsignin1 etc] beat some sense into them...?

This is what they say:

"Outlook Engineering is updating Outlook.com on the web. The new Mail experience is the result of a long-running Beta and feedback from millions of Outlook.com customers..."

Just like the feedback MS received about 1809 Fall update, which they ignored, only to have the 1809 update screw squillions of MS Customers files, computers, etc. etc.... And MS finding themselves in the embarrassing position of having to pull 1809. Never mind all the angry customers... I digress, however, dog is particularly pissed as I've spent so much time trying to work out what the bloody hell is going on!

Spamcop Big Team, do you have a MS portal/ear that will listen to commonsense?

No-one is asking for OL-New-web-Mail not to be implemented, just asking for some mods so uncorrupted source data can be extracted.

Any thoughts? Input?

 

 

 

Edited by MIG
typo
Link to comment
Share on other sites

MIG you are yet to get a properly formatted email source.

The first example above again has blank lines between each line of the header.  Therefore the parser "sees" a one line header

Examples 2-4 have NO blank line so the parser "sees" everything as part of the header.

The 5th, last example include unrelated text before the header

Quote

Your photo takes first place

This message was identified as spam. We'll delete it after 10 days. It's not spam | Show blocked content
Google Photos Service <hardyl@spiegelhoffs.com>
Fri 02-November-2018, 10:08
	Google Photos
Your photo takes first place.

1 albums, 8 photos
How to get free Google Photos space easily and quickly
...

This too causes a parser error.  Take a look at this example to see what your submission should look like.

click on "View entire message"  You will notice there is no text before the "X-Account-Key: account6" 

and there are no blank lines until after the last line in the header "X-Brightmail-Tracker: AAAACjNUGYwK/wXvMwHI9DL/zqAy/6ZEMv/QcjMCDGIy/+wiMwGw0jMCDG4="

When you figure out how get that out of Outlook you will be golden.

Link to comment
Share on other sites

Hey Lking, I'm a little confused again; all the fails were when I extracted source via "new-web-OL-mail", however, when I extracted exactly the same spam emails via "OL-Classic", all spam emails submitted successfully to Spamcop...

So, my previous "steps I used" worked last night but not today, that's why I forced the web mail to OL-Classic, tested the extract source, post to Spamcop, no problems...

Am I missing something? At this point I'd do anything to be golden, it is my birthday after all?

Link to comment
Share on other sites

After re-reading your last post Lking, I re-read https://www.spamcop.net/fom-serve/cache/368.html, & decided, based on that info & what you've written the "successful" submissions (I thought) must not be successful, therefore, I decided to forward a spam email via  submit.xxxxxxxxxx@spam.spamcop.net - result: [SpamCop encountered errors while saving spam for processing:SpamCop could not find your spam message in this email]

When I look at the submission it sure as hell looks like a whole lot of spam to me....:huh:

I don't know what I don't know:(

xxxx = unique id

 

Edited by MIG
typo
Link to comment
Share on other sites

MIG I do not use Outlook so am working on memory.  As I remember Outlook does not Forward-as-attachment email including all the email including header in the correct format.

Sounds to me like MicroSoft has really s****ed the pooch this time.  I suggest following the links you referenced above and let MS know.

I understand all the reasons NOT to change email applications, but that is something to consider.

Link to comment
Share on other sites

Lking, you've made my day! Here I was thinking you could see/do stuff that I had yet to learn... So you are saying, even using OL-Classic, the "extract" of source data is not formatted/formatting correctly for SpamCop...?

 

Edited by MIG
Typo
Link to comment
Share on other sites

:lol::lol:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

A sample of mindless MS response:

"This is Joan, I am one of the Supervisors. Outlook Engineering is updating Outlook.com on the web. The new Mail experience is the result of a long-running Beta and feedback from millions of Outlook.com customers. Although, there is no option to permanently return to the previous version, you can use the Classic version for the time being. I am always on your side to help. Best Regards, Joan, Outlook.com Support"

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Re: changing mail apps, I do use others, don't get any spam to report/hunt down & destroy:ph34r:

 

Link to comment
Share on other sites

Totally off topic, but reminded me of an old joke.

The pilot was lost in the fog. Finely saw a tall building sticking up above the fog.  Circling the building he got someone’s attention and using charades style sign language ask “Where am I?” and got the reply “In an airplane.”  The pilot made a left turn, heading west and soon found the Seattle airport.

After landing the co-pilot ask the pilot how he found the airport “The answer you got was intuitively obvious and of no value!?”  The pilot said “Yes of course.  So I knew we were circling the Microsoft building in Redmond, WA and were talking to one of their “Help” authors.

Link to comment
Share on other sites

On 11/2/2018 at 11:13 AM, Lking said:

MIG I do not use Outlook so am working on memory.  As I remember Outlook does not Forward-as-attachment email including all the email including header in the correct format.

Lking, you are correct about the forward-as-attachment.

MIG, the only way I have been able to forward-as-attachment is to create a new email, then drag the spam message from my inbox and drop onto the new email I previously created.

Now that I said it out loud, maybe someone will try to change it so it no longer works.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...