Cutsnake88 Posted March 27, 2017 Share Posted March 27, 2017 I do a few reports a day. My email comes in through Outlook365 Exchange and I generally report messages that hit my quarantine. Just in the past few days, about half of the messages I report to Spamcop come back saying that the report will go to Hotmail, when the sender is clearly someone else. Below is a screenshot. Looking at the header, the email is clearly coming from Sendgrid. I haven't change the way I'm reporting, and report using the full (huge) Outlook365 Exchange headers. What's going on? Link to comment Share on other sites More sharing options...
Lking Posted March 27, 2017 Share Posted March 27, 2017 https://www.spamcop.net/sc?id=z6365955700z76292dfde07e1d1d20f190a3456f09f4z The Tracking URI from above so others can see what the parser did, and why report was sent to hotmail. Quote 3: Received: from ME1AUS01FT007.eop-AUS01.prod.protection.outlook.com (2a01:111:f400:7eb4::204) by ME1PR01CA0078.outlook.office365.com (2603:10c6:200:18::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.14 via Frontend Transport; Mon, 27 Mar 2017 10:46:29 +0000 Hostname verified: mail-me1aus01lp0204.outbound.protection.outlook.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Tracking message source: 2603:10c6:200:18:0:0:0:11: Routing details for 2603:10c6:200:18:0:0:0:11[refresh/show] Cached whois for 2603:10c6:200:18:0:0:0:11 : abuse@microsoft.com abuse@hotmail.com redirects to report_spam@hotmail.com Using best contacts report_spam@hotmail.com This post does not provide a suggested correction to the abuse@ address for this IP so moved up a level Link to comment Share on other sites More sharing options...
Cutsnake88 Posted March 27, 2017 Author Share Posted March 27, 2017 The email headers don't look at ALL like a forgery. I've attached a PDF of the top part of the (munged) headers, with the very obvious Sendgrid stuff highlighted. This is the kind of headers (with a bunch of other X- lines below this) that Outlook365 Exchange always has, and up until the past few days, they've all parsed fine. Now, some parse perfectly, others do what this one has done. Spamcop - sendgrid.pdf Link to comment Share on other sites More sharing options...
Lking Posted March 28, 2017 Share Posted March 28, 2017 1. the link you provided is not accessible to anyone except you. 2. The Tracking URL in my post, copied from your original post, gives everyone access to the munged spam, and the information the parser provided. Link to comment Share on other sites More sharing options...
Cutsnake88 Posted March 28, 2017 Author Share Posted March 28, 2017 Thanks. Obviously, I didn't know that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.