Jump to content

Problem with Hotmail/Outlook.com parsing


Snowbat

Recommended Posts

For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here?

Two days ago, I deleted and reran mailhosts for this service but the problem persists.

 

https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz
https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z
https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz
https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z
https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z
https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z
https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az
https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz
https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez
https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az
https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z
https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z
https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z
https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z
https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z
https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz
https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z
https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z
https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z
https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z
https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez
https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z
https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z
https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z
https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z
https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z
https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz
https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz
https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z
https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z
https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z
https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz

Link to comment
Share on other sites

  • 1 month later...

Anyone got any more ideas on this?  It is a big problem to me - I can no longer use spamcop to report originating email domains.  Not at all.

Every mail to my hotmail is being parsed as if it were coming from hotmail.

I have also deleted and re-run mailhosts, but the problem remains.

For each email it is using the *.prod.protection.outlook.com address (eg Received: from DB5EUR03HT094.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::15) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM) and this IPv6 address links back to report_spam@hotmail.  But further down the message source the real originating domain is revealed (eg Received: from unfructify.channelarea.com ([89.191.226.17]) by SNT004-MC4F23.hotmail.com).  In this example I want to send my report to this "channelarea.com" address, but I can't.

Could this be be something to do with them using an IPv6 "outlook" address instead of the IPv4 hotmail address to which mailhost is set?  My email domain is Hotmail, so that's all I can do to run mailhosts.

I've no doubt this is to do with a change Hotmail have put in place to protect their service and/or introduce IPv6 and/or merge more closely with Outlook.  But what do I need to do to get spamcop to recognise the real source, and not the Outlook IPv6 through which the message has passed?  Otherwise I can only use spamcop to report links within the emails, and not the source of those emails themselves.

eg https://www.spamcop.net/sc?id=z6385911404zca09268f3113b1f740d7c4c4950a45a4z

Link to comment
Share on other sites

I've found that by deleting all the "Received: from *outlook*" and "Received: from *hotmail*" lines, spamcop is once again able to process the headers correctly and send the spam report to the correct originating IP.  This should only be a temporary workaround though.  Spamcop should be able to cope with these headers, so I still need to know if I need to do anything for it to "learn" about these new headers.

For example, without the strikethrough lines, the following report (somewhat shortened for brevity) is now sent to 5.186.115.108 (abuse@fibia.dk)

Received: from VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::31) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM...
Received: from VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com
 (10.152.18.58) by VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com
 (10.152.19.102)...

Authentication-Results: spf=none (sender IP is 5.186.115.108)
 smtp.mailfrom=preparationresources.io; hotmail.com; dkim=none (message not
 signed) header.d=none;hotmail.com; dmarc=none action=none
 header.from=preparationresources.io;
Received-SPF: None (protection.outlook.com: preparationresources.io does not
 designate permitted sender hosts)
Received: from SNT004-MC2F10.hotmail.com (10.152.18.53) by
 VE1EUR03FT010.mail.protection.outlook.com (10.152.18.113)...

X-IncomingTopHeaderMarker: OriginalChecksum:E3D3E6A...
Received: from preparationresources.io ([5.186.115.108]) by SNT004-MC2F10.hotmail.com...
Received: from unknown (72.171.122.200)
    by smtp.endend.nl with LOCAL...
Received: from group21.345mail.com ([76.122.78.195]) by smtp.endend.nl with LOCAL...

Link to comment
Share on other sites

  • 4 months later...

Hotmail has changed again.  I now have to remove only the top two header "sections", which normally is about 7 lines, for it to work.  The third section has changed or disappeared.  But if you don't do this, it does indeed report it to hotmail which is useless.

Surely spamcop are planning a workaround because without it, it Spamcop is incompatible with hotmail/Outlook/live mail and has been for months.

Hello SpamCop?.

Link to comment
Share on other sites

3 hours ago, Mr_Wizard said:

I have the same problem. SpamCop always wants to report spam sent to my Hotmail account to Hotmail itself. I'll try this workaround next time, but is there anyone from SpamCop who can comment?

Have you checked the configuration of your Mailhost?

Link to comment
Share on other sites

"the configuration of your mailhost"??!!  What mailhost?

It is outlook.com, including hotmail.com and outlook.com plus others.  There is no "configuration"; it is what it is.  You click on the corner of the message and say "Show Original" and the output of that is what you paste into SpamCop.  Outlook recently changed the contents of this, presumably because of the way mail routes through their internal systems, possibly between hotmail and outlook domains.  Now, everything apparently comes "from" outlook, which is nonsense.  Strip that part out, and it finally "sees" the correct source.

Now, on that basis, what "configuration" do you think we should be "checking" or tweaking?  Because when you say "check" I was kind of assuming you'd give some advice on what to check and what to change, because I wouldn't have a single clue what configuration could be changed to fix this.

However, I'm assuming that as I don't have a mailhost, as outlook.com handles all that for me, we need spamcop to find the correct part of the headings for us without having to do some manual filtering all the time.  Hotmail and outlook.com are pretty big and we won't change the way they configure things.  So either spamcop adjusts for them, or spamcop can't help a large percentage of the webmail users out there.

Link to comment
Share on other sites

If your provider changes some of its "behind the scenes" stuff, it will be a good idea to log in to your spamcop reporting account, click on the "mailhosts" menu tab, scroll down the page, click on the "add new hosts" link, follow the instructions, and, hey, presto, things should be sweet.

Link to comment
Share on other sites

Before this thread spirals off into never-never land:

I was responding to Mr_Wizard.  A miss-configured SC Mailhost is a common issue when the parser identifies your ISP as the source of spam.

The configuration stability of free email servers (gmail, outlook, hotmail, etc) is sufficient for the general user.  However, more advanced email users may have problems when the servers are reconfigured "behind the scenes" without notice to the users.  Mavdo, you have reported the effect of some of those changes here.

In response to Mr_Wizard's first post I suggested the most common solution to the problem he reported. If that does not resolve his problem, with more information/examples hopefully other suggestions will resolve the problems he is having.

Link to comment
Share on other sites

Understood, and thanks for the suggestion, but I really think that Mr_Wizard is experiencing exactly the same problem as me, and mailhosts isn't the answer.

From a selfish point of view, and being the OP, mailhost reconfiguration doesn't resolve my issue, and I strongly suspect it doesn't resolve the issue for anyone who uses outlook.com.  I also use spamcop for gmail and a personal webserver, and they work great, and I do occassionally reconfigure these too.  It's just outlook.com that gives me problems, yet no one has suggested a solution (except for my workaround).

So with me re-asking for a resolution to the outlook.com header issue, I don't think this a "spiral into never-never land".  In fact I think it is exaclty the point of my original question.

Link to comment
Share on other sites

 

On 13/11/2017 at 6:36 PM, Lking said:

Have you checked the configuration of your Mailhost?

Hello. Yes, when I first noticed the problem a few months back, I deleted my Hotmail address from SpamCop's mailhosts and reran the setup steps. It didn't fix the problem, but in case something's changed I've just done it again. Will see what happens. I note that of the servers listed by SpamCop, two of the mx*. addresses were unticked by default, though the instructions indicated that ticking everything would increase accuracy so I've done that. Interestingly, I've only received four "account configuration email" messages from SpamCop, though it said it would send five.

I'm a little surprised more users aren't jumping in on the conversation - does that mean everyone else can successfully submit spams received to Hotmail addresses, and we're the only ones experiencing the issue; or no-one else is actually trying this? I barely use it myself these days (was amused to find it had sent all notifications from this thread straight to Junk.)

Edited by Mr_Wizard
Link to comment
Share on other sites

  • 3 months later...

I notice now that just about all emails received from Hotmail have different IPV6 addresses, usually on the very first line of the headers. I've done the mailhost several times, and logged several different IPV6 (internal Hotmail servers) addresses. Any new spam reports, odds are high that it will still get flagged by spamcop as sourced by Hotmail, which is incorrect, because the IPV6 is different again. I usually delete just the first line, the one with the IPV6 address, and from that point, spamcop seems to parse ok most of the time.

The issue is that Hotmail has hundreds, if not thousands, of IPV6 addresses used by their mail servers, and spamcop cannot know all of them. Doing the mailhosts process over and over every time is a huge waste of time because one just gets another spam routed via some different Hotmail server.

The problem comes about of course, because Hotmail (live.com) is converting to IPV6. It will be hard to keep track of all this stuff. I just wonder how many IPV6 they actually use...

Do we have to keep doing the mailhost process over and over? Is there some other solution like a different submit form that we flag as having come from Hotmail in the first place?

Link to comment
Share on other sites

  • 1 year later...
  • 1 month later...

thanks for the tip on the mail host config. Hotmail seems to work after the first spam i submitted (lets hope they keep working).

 

It did ask me to do all of my email addresses, but the netzero one wouldn't work at all. I resubmitted it via email. Hopefully someone else can figure it out. Also I have a ton of gmail accounts, is one gmail mail host config file adequate or do I really need to do each and every one of them?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...