I am getting a growing amount of spam that Spamcop does not appear to be able to process. Here is an example:
Return-Path: <bounce@facebook.com>
Delivered-To: nxxxxxx-sinet:ca-x
X-Envelope-To: x
Received: from nxxxxxx.mail.pairserver.com [216.146.195.93]
by aws.sinet.ca with IMAP (fetchmail-6.3.17)
for <x> (single-drop); Fri, 12 Apr 2019 19:10:05 -0400 (EDT)
Received: (qmail 55752 invoked from network); 12 Apr 2019 10:53:51 -0000
Received: from localhost (HELO mta.mail1.g20.pair.com) (127.0.0.1)
by localhost with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 12 Apr 2019 10:53:51 -0000
Received: from localhost (localhost [127.0.0.1])
by mta.mail1.g20.pair.com (Postfix) with SMTP id 64B5CB816D
for <x>; Fri, 12 Apr 2019 04:53:51 -0600 (MDT)
X-Virus-Check-By: mail1.g20.pair.com
Received: from localhost (localhost [127.0.0.1])
by mta.mail1.g20.pair.com (Postfix) with SMTP id E5FB9B8167
for <x>; Fri, 12 Apr 2019 04:53:50 -0600 (MDT)
Received-SPF: fail (facebook.com ... _spf.facebook.com: Sender is not authorized by default to use 'bounce@facebook.com' in 'mfrom' identity (mechanism '-all' matched)) receiver=mail1.g20.pair.com; identity=mailfrom; envelope-from="bounce@facebook.com"; helo=mx-out.facebook.com; client-ip=85.119.146.106
Received: from mx-out.facebook.com (unknown [85.119.146.106])
by mta.mail1.g20.pair.com (Postfix) with ESMTP
for <x>; Fri, 12 Apr 2019 04:53:49 -0600 (MDT)
Received: from localhost (127.0.0.1) by .tFPOSZzTeEdkt6@facebook.com id FlkmbeavpeML for <x>; Fri, 12 Apr 2019 10:34:40 +0200 (envelope-from <contact@facebook.com>)
From: Loblaw Companies Limited <CADB@facebook.com>
Content-Type: text/html
References: x
Message-ID: <Flkm____________________QAeQ@mail.facebook.com>
Reply-To: x
To: x
List-ID: 4SnNh9SKemslH4Awfatr
Subject: Checkout // Confirmation needed
Date: Fri, 12 Apr 2019 10:34:40 +0200
View entire message
Parsing header:
Reading from the bottom, my interpretation is that the mail was accepted by a mail gateway at 85.119.146.106 that claims to be mx-out.facebook.com, which forwarded the mail to the pair.com mail gateway that I use. However, 85.119.146.106 does not have a reverse DNS entry, and is definitely not associated with mx-out.facebook.com. Since Spamcop cannot figure out where to send the abuse report, it stops.
It looks like the root cause is that pair.com is not following mail gateway 'best practices' by accepting email from a mail gateway that does not have a reverse DNS entry. Am I on the right track?
Thanks, Norbert