.jpg.e175c90cdd2cf2938cfdc6d56ee7c9d1.jpg)
MIG
-
Posts
353 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by MIG
-
-
Hi Lisati, I've not tried the method you've suggested (but I'd like too), looking at recent spam source data, there's 2 or more "Received" lines: do you change only the first "Received" to "X-Received" or ?
And, I've read (SC Faq & SCF) to not modify source data, how does this guidance fit with changing "X-Received" etc... ?
Thanks in advance☺️
-
Hey klappa, I absolutely agree , I may not have communicated clearly, my experience prior to using SC, years using MS "mark as junk, phishing spam & or blocking" resulted in an increase in spam😬 >> Stumbled upon SC, started using, almost every parsed report resulted in: Report to: abuseATmicrosoft.com🤬, (sorry I previously said abuseAThotmail.com) until the "Quote ... Unquote" process was explained, I refined my submissions, ever since I get "truer" (is that even a word?) results..
If I use your original https://www.spamcop.net/sc?id=z6499645284z69efc272a2d2f2b47876f5ca99aa42ddz & don't remove the first "Received: from DM3NAM03HT165.eop-NAM03.prod.protection.outlook.com.... etc, etc....+0000" I get "Report to: "abuseATmicrosoft.com", however, removing 1st "Received: from..." results in Report to: mail-abuseATcert.br & abuseATlocaweb.com.br
-
Hello klappa - re [Why does all my spam from my Outlook e-mail report to Microsoft when parsing it with Spamcop?]
I've had the following explained to me:
Quote "A couple of years ago Hotmail had to give up two /16 networks they were
using (33,554,432 IP addresses) as they were not assigned to them.
Microsoft had to quickly reconfigure their network and used IPv6 to do so.
Unfortunately when doing so, they did not do it carefully and make sure
they had full name resolution through out the network, where the forward
and reverse dns on each server matches. This means we can't trust their
headers and will often take them as the source of the spam.
All is not lost though, as Hotmail's parsing engines when they receive
the report does pass through the report to the right party. It also
helps Hotmail block new spam from that source.
Microsoft is working on resolving the issue, but it is a couple of
hundred thousand servers. They have told us though the fix is measured
in years, not weeks or months." UnquoteThis information allowed me to get my head around why the repetitive "report_spam@hotmail.com" was happening. And, to get a more accurate & true report from SpamCop I implemented ( as other SCF members have recommended, & I think the SC help doco also, suggests this method) Remove the first [Received: from blah-blah-blah.prod.protection.outlook.com (2603:xxc6:xx0:xx::36) before submitting to SC for parsing.
Re [But if you have to do that it's (SC) broken]
Technically, this is my opinion, SC is not broken, given the MS/Outlook/Hotmail Ipv4/Ipv6 mess, I think it's more that MS/OL/HM is broken & there's no point SC fixing their service to accommodate the mess.
Also, there's lots of broken things in this world, however, they still work to some degree, that being the case, are better than nothing.
I know for myself, after 15 years of faithfully marking all HM phishing emails as [block] & or [phishing] and not seeing any reduction in the emails, in fact, sometimes there was an substantial increase, to the point where I thought someone on the MS/OL/HM inside was a spammer or was facilitating spammers; a month ago, I found SpamCop, started using it and now, hand on heart, today was the first time in 7 days a spam email was received.
So for me, using SC & using the workaround, removing the first "received" line is a small price to pay.
-
, 
would like to see it too....
-
Hey Petzl, decided to use some existing scummy spam:
2603:10a6:6:43::31 is not a hostname
Routing details for 2603:10a6:6:43::31
[refresh/show] Cached whois for 2603:10a6:6:43::31 : abuse@microsoft.com
abuse@hotmail.com redirects to report_spam@hotmail.com
Using best contacts report_spam@hotmail.comParsing input: 2603:10a6:6:2b::192603:10a6:6:2b::19 is not a hostname
Routing details for 2603:10a6:6:2b::19
[refresh/show] Cached whois for 2603:10a6:6:2b::19 : abuse@microsoft.com
abuse@hotmail.com redirects to report_spam@hotmail.com
Using best contacts report_spam@hotmail.com(Which we already know & we know why MS is so stuffed up with the whole spam issue, & we use the "eliminate 1st "Received: etc..") I've checked another 15 spam emails, none seem to have more than 1 IPV6 - am I using the wrong info?
-
Thanks Petzl! You've given me another thing to test out, now I just have to wait till I get some spam - never thought I'd be saying that!
-
petzl ( I always go to type pretzel!😁et all - not sure if this information will be of any use..., a SC admin advised:
" A couple of years ago Hotmail had to give up two /16 networks they were
using (33,554,432 IP addresses) as they were not assigned to them.
Microsoft had to quickly reconfigure their network and used IPv6 to do so.
Unfortunately when doing so, they did not do it carefully and make sure
they had full name resolution through out the network, where the forward
and reverse dns on each server matches. This means we can't trust their
headers and will often take them as the source of the spam.
All is not lost though, as Hotmail's parsing engines when they receive
the report does pass through the report to the right party. It also
helps Hotmail block new spam from that source.
Microsoft is working on resolving the issue, but it is a couple of
hundred thousand servers. They have told us though the fix is measured
in years, not weeks or months."On that basis I continue to to always "send" any parsed results that are directed to MSOL, if only to "let them know they have work to do.
On a completely separate subject & everybody probably knows this, but, for newbies like me, I found adding my email address to [https://www.spamcop.net/mcgi?action=prefmenu] > Preferences > Personal copies of outgoing reports, has saved me mega work, I was always forgetting to take note of TRACKING URL, which made life difficult when I needed to submit an issue to the SCF. Now I get all SC reports, any followup is a breeze.
Since starting using SC, spam has gone from 10/20 daily to 1 o 2 every other day...
SC
-
Goodluck for the future GnarlyMarley!
-
Excellent DisplayName, thanks for posting. Not really my tip but I'll take acknowledgment
-
DN, here's the link where SC BIG team members give the real reasons for not posting spam full source data [ http://forum.spamcop.net/topic/27950-reporting-not-working-mainbody/ ], it's a good read
-
Hi GnaarlyMarly, thanks, however, hmmm, I'm not so attached to OL to much around installing OL2010/2003, in fact, I'm close to giving OL the boot. I don't get spam with (Seamonkey/Gmail/Yahoo), generally I muck around with OL to burn as many spammers as possible, but, dog says I'd be better off spending time with her, she's never wrong
-
, let us know how it goes & just a little fyi, the SC Forum "Big Team" encourage us to not post full spam data in the forum, they prefer the link that's generated when a spam is processed, even if the parsing spits out errors, still post the link with whatever the issue is that's causing us to report/request help. I think, from memory, filling up the forum with full spam source data hurts their eyes or maybe it's their scrolling finger gets tired
-
Hi GnarlyMarly, using web Outlook Mail - no go, using Outlook 2016 app/windows - no go, using (MS) Mail and Calendar, no go. Process: create email, select spam mail (to drag & drop) - immediately closes the draft email - none of these allow "drag & drop", having said that I'm not sure I'm using the same " outlook windows application " you've referred to; which "outlook windows application" specifically are you referring to?
Re "started using program called fetchmail over imap and a perl scri_pt to embed the email into an attachment", cor!
-
Hi, Display Name, not sure if this will help, (someone here & maybe doco) suggested removing from the 1st [ Received: from DM5PR19MB1033.namprd19.prod.outlook.com (2603:10b6:3:ef::17) by
DM5PR19MB1034.namprd19.prod.outlook.com with HTTPS via
DM5PR04CA0055.NAMPRD04.PROD.OUTLOOK.COM; Thu, 8 Nov 2018 14:05:18 +0000]however, I notice the spam msg you're querying has 3 [Received: from etc]
I removed the first 2 [Received: from etc] & submitted to spamcop - https://www.spamcop.net/sc?id=z6499543863za669acef9883e3921fd95624a079faefz, if it was submitted within the timeframe it would have been directed to abuse@zohocorp.com
-
Hello Gnarlymarley, well you said it loud enough for me to hear
Re your method, are you speaking about https://outlook.live.com/mail/ or app based Outlook mail?
I've just tried via web based mail, not possible.
Will try app based & update...
Cheers.
-
& I'm deeply grateful for that, your help & input has been invaluable?
-
Laughing! Too true! & [a tall building sticking up above the fag] really? Is that old Irish?
Back to the serious topic, struggling to comprehend Ms would enable spammers..
-
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A sample of mindless MS response:
"This is Joan, I am one of the Supervisors. Outlook Engineering is updating Outlook.com on the web. The new Mail experience is the result of a long-running Beta and feedback from millions of Outlook.com customers. Although, there is no option to permanently return to the previous version, you can use the Classic version for the time being. I am always on your side to help. Best Regards, Joan, Outlook.com Support"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Re: changing mail apps, I do use others, don't get any spam to report/hunt down & destroy
-
Re, let MS know, I have, via direct contact & UV Forum, there's only so much slamming my head into a brick wall that I can tolerate.
-
Lking, you've made my day! Here I was thinking you could see/do stuff that I had yet to learn... So you are saying, even using OL-Classic, the "extract" of source data is not formatted/formatting correctly for SpamCop...?
-
After re-reading your last post Lking, I re-read https://www.spamcop.net/fom-serve/cache/368.html, & decided, based on that info & what you've written the "successful" submissions (I thought) must not be successful, therefore, I decided to forward a spam email via submit.xxxxxxxxxx@spam.spamcop.net - result: [SpamCop encountered errors while saving spam for processing:SpamCop could not find your spam message in this email]
When I look at the submission it sure as hell looks like a whole lot of spam to me....
I don't know what I don't know
xxxx = unique id
-
Me again Lking - http://forum.spamcop.net/topic/28485-new-outlook-update/ sounds same/similar.... sadly
-
Hey Lking, I'm a little confused again; all the fails were when I extracted source via "new-web-OL-mail", however, when I extracted exactly the same spam emails via "OL-Classic", all spam emails submitted successfully to Spamcop...
So, my previous "steps I used" worked last night but not today, that's why I forced the web mail to OL-Classic, tested the extract source, post to Spamcop, no problems...
Am I missing something? At this point I'd do anything to be golden, it is my birthday after all?
-
Hmmm, good news & bad news...
- Every spam I've attempted to submit today, using the method above, has resulted in various errors:
- This header is incomplete.
- No source IP address found
- No blank line delineating headers from body - abort
- Probably not full headers
https://www.spamcop.net/sc?id=z6497458241zb5d9f857204219152e648a2d4b551788z
https://www.spamcop.net/sc?id=z6497459993z09d158e422fd007e21fc6c936ac40470z
https://www.spamcop.net/sc?id=z6497470557zf4f929417b14cbed5c9cd04f012742d0z
https://www.spamcop.net/sc?id=z6497480011z38c3d94e5effec3db9f81475b1620e57z
https://www.spamcop.net/sc?id=z6497480619za1aa66a059cecea76feb30bae49f9691z{Side note to admins, In my efforts to sort this I think I've duplicated 1 spam submission, apologies!}
However, when I accessed Outlook livemail via [ https://outlook.live.com/owa/?path=/classic ], not only was I able to extract the source data without trouble, I was also successful submitting a scummy spam email to Spamcop.
I don't know what changed between last night & today, I'm not techie enough to work out what dark road MS have gone down but the end result is MS is making it harder for spam fighters and easier for spammers.
You may think, no problems, we'll all just use: [ https://outlook.live.com/owa/?path=/classic ], sadly OL LiveMail Classic has a pending death date, which leads me to ponder, surely there is/are "someone/s" out there, who have enough clout to engage with MS, enlighten them & if they remain dumbly determined not to modify/enhance OL_New_web_Mail [https://login.live.com/login.srf?wa=wsignin1 etc] beat some sense into them...?
This is what they say:
"Outlook Engineering is updating Outlook.com on the web. The new Mail experience is the result of a long-running Beta and feedback from millions of Outlook.com customers..."
Just like the feedback MS received about 1809 Fall update, which they ignored, only to have the 1809 update screw squillions of MS Customers files, computers, etc. etc.... And MS finding themselves in the embarrassing position of having to pull 1809. Never mind all the angry customers... I digress, however, dog is particularly pissed as I've spent so much time trying to work out what the bloody hell is going on!
Spamcop Big Team, do you have a MS portal/ear that will listen to commonsense?
No-one is asking for OL-New-web-Mail not to be implemented, just asking for some mods so uncorrupted source data can be extracted.
Any thoughts? Input?
, 
would like to see it too....
Goodluck for the future GnarlyMarley!
Any point in reporting spam from AMAZONAWS?
in SpamCop Lounge
Posted
I still get abuse#amazonaws.com@devnull.spamcop.net; so, I submit via SC & manually forward all spam email to ec2-abuseATamazonDOTcom
Amazon are very responsive to this method.