Jump to content

Problem with Hotmail/Outlook.com parsing


Recommended Posts

For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here?

Two days ago, I deleted and reran mailhosts for this service but the problem persists.



Link to comment
Share on other sites

  • 1 month later...

Anyone got any more ideas on this?  It is a big problem to me - I can no longer use spamcop to report originating email domains.  Not at all.

Every mail to my hotmail is being parsed as if it were coming from hotmail.

I have also deleted and re-run mailhosts, but the problem remains.

For each email it is using the *.prod.protection.outlook.com address (eg Received: from DB5EUR03HT094.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::15) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM) and this IPv6 address links back to report_spam@hotmail.  But further down the message source the real originating domain is revealed (eg Received: from unfructify.channelarea.com ([]) by SNT004-MC4F23.hotmail.com).  In this example I want to send my report to this "channelarea.com" address, but I can't.

Could this be be something to do with them using an IPv6 "outlook" address instead of the IPv4 hotmail address to which mailhost is set?  My email domain is Hotmail, so that's all I can do to run mailhosts.

I've no doubt this is to do with a change Hotmail have put in place to protect their service and/or introduce IPv6 and/or merge more closely with Outlook.  But what do I need to do to get spamcop to recognise the real source, and not the Outlook IPv6 through which the message has passed?  Otherwise I can only use spamcop to report links within the emails, and not the source of those emails themselves.

eg https://www.spamcop.net/sc?id=z6385911404zca09268f3113b1f740d7c4c4950a45a4z

Link to comment
Share on other sites

I've found that by deleting all the "Received: from *outlook*" and "Received: from *hotmail*" lines, spamcop is once again able to process the headers correctly and send the spam report to the correct originating IP.  This should only be a temporary workaround though.  Spamcop should be able to cope with these headers, so I still need to know if I need to do anything for it to "learn" about these new headers.

For example, without the strikethrough lines, the following report (somewhat shortened for brevity) is now sent to (abuse@fibia.dk)

Received: from VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:51::31) by AM5P192MB0210.EURP192.PROD.OUTLOOK.COM...
Received: from VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com
 ( by VE1EUR03HT037.eop-EUR03.prod.protection.outlook.com

Authentication-Results: spf=none (sender IP is
 smtp.mailfrom=preparationresources.io; hotmail.com; dkim=none (message not
 signed) header.d=none;hotmail.com; dmarc=none action=none
Received-SPF: None (protection.outlook.com: preparationresources.io does not
 designate permitted sender hosts)
Received: from SNT004-MC2F10.hotmail.com ( by
 VE1EUR03FT010.mail.protection.outlook.com (

X-IncomingTopHeaderMarker: OriginalChecksum:E3D3E6A...
Received: from preparationresources.io ([]) by SNT004-MC2F10.hotmail.com...
Received: from unknown (
    by smtp.endend.nl with LOCAL...
Received: from group21.345mail.com ([]) by smtp.endend.nl with LOCAL...

Link to comment
Share on other sites

  • 4 months later...

Hotmail has changed again.  I now have to remove only the top two header "sections", which normally is about 7 lines, for it to work.  The third section has changed or disappeared.  But if you don't do this, it does indeed report it to hotmail which is useless.

Surely spamcop are planning a workaround because without it, it Spamcop is incompatible with hotmail/Outlook/live mail and has been for months.

Hello SpamCop?.

Link to comment
Share on other sites

3 hours ago, Mr_Wizard said:

I have the same problem. SpamCop always wants to report spam sent to my Hotmail account to Hotmail itself. I'll try this workaround next time, but is there anyone from SpamCop who can comment?

Have you checked the configuration of your Mailhost?

Link to comment
Share on other sites

"the configuration of your mailhost"??!!  What mailhost?

It is outlook.com, including hotmail.com and outlook.com plus others.  There is no "configuration"; it is what it is.  You click on the corner of the message and say "Show Original" and the output of that is what you paste into SpamCop.  Outlook recently changed the contents of this, presumably because of the way mail routes through their internal systems, possibly between hotmail and outlook domains.  Now, everything apparently comes "from" outlook, which is nonsense.  Strip that part out, and it finally "sees" the correct source.

Now, on that basis, what "configuration" do you think we should be "checking" or tweaking?  Because when you say "check" I was kind of assuming you'd give some advice on what to check and what to change, because I wouldn't have a single clue what configuration could be changed to fix this.

However, I'm assuming that as I don't have a mailhost, as outlook.com handles all that for me, we need spamcop to find the correct part of the headings for us without having to do some manual filtering all the time.  Hotmail and outlook.com are pretty big and we won't change the way they configure things.  So either spamcop adjusts for them, or spamcop can't help a large percentage of the webmail users out there.

Link to comment
Share on other sites

If your provider changes some of its "behind the scenes" stuff, it will be a good idea to log in to your spamcop reporting account, click on the "mailhosts" menu tab, scroll down the page, click on the "add new hosts" link, follow the instructions, and, hey, presto, things should be sweet.

Link to comment
Share on other sites

Before this thread spirals off into never-never land:

I was responding to Mr_Wizard.  A miss-configured SC Mailhost is a common issue when the parser identifies your ISP as the source of spam.

The configuration stability of free email servers (gmail, outlook, hotmail, etc) is sufficient for the general user.  However, more advanced email users may have problems when the servers are reconfigured "behind the scenes" without notice to the users.  Mavdo, you have reported the effect of some of those changes here.

In response to Mr_Wizard's first post I suggested the most common solution to the problem he reported. If that does not resolve his problem, with more information/examples hopefully other suggestions will resolve the problems he is having.

Link to comment
Share on other sites

Understood, and thanks for the suggestion, but I really think that Mr_Wizard is experiencing exactly the same problem as me, and mailhosts isn't the answer.

From a selfish point of view, and being the OP, mailhost reconfiguration doesn't resolve my issue, and I strongly suspect it doesn't resolve the issue for anyone who uses outlook.com.  I also use spamcop for gmail and a personal webserver, and they work great, and I do occassionally reconfigure these too.  It's just outlook.com that gives me problems, yet no one has suggested a solution (except for my workaround).

So with me re-asking for a resolution to the outlook.com header issue, I don't think this a "spiral into never-never land".  In fact I think it is exaclty the point of my original question.

Link to comment
Share on other sites


On 13/11/2017 at 6:36 PM, Lking said:

Have you checked the configuration of your Mailhost?

Hello. Yes, when I first noticed the problem a few months back, I deleted my Hotmail address from SpamCop's mailhosts and reran the setup steps. It didn't fix the problem, but in case something's changed I've just done it again. Will see what happens. I note that of the servers listed by SpamCop, two of the mx*. addresses were unticked by default, though the instructions indicated that ticking everything would increase accuracy so I've done that. Interestingly, I've only received four "account configuration email" messages from SpamCop, though it said it would send five.

I'm a little surprised more users aren't jumping in on the conversation - does that mean everyone else can successfully submit spams received to Hotmail addresses, and we're the only ones experiencing the issue; or no-one else is actually trying this? I barely use it myself these days (was amused to find it had sent all notifications from this thread straight to Junk.)

Edited by Mr_Wizard
Link to comment
Share on other sites

  • 3 months later...

I notice now that just about all emails received from Hotmail have different IPV6 addresses, usually on the very first line of the headers. I've done the mailhost several times, and logged several different IPV6 (internal Hotmail servers) addresses. Any new spam reports, odds are high that it will still get flagged by spamcop as sourced by Hotmail, which is incorrect, because the IPV6 is different again. I usually delete just the first line, the one with the IPV6 address, and from that point, spamcop seems to parse ok most of the time.

The issue is that Hotmail has hundreds, if not thousands, of IPV6 addresses used by their mail servers, and spamcop cannot know all of them. Doing the mailhosts process over and over every time is a huge waste of time because one just gets another spam routed via some different Hotmail server.

The problem comes about of course, because Hotmail (live.com) is converting to IPV6. It will be hard to keep track of all this stuff. I just wonder how many IPV6 they actually use...

Do we have to keep doing the mailhost process over and over? Is there some other solution like a different submit form that we flag as having come from Hotmail in the first place?

Link to comment
Share on other sites

  • 1 year later...
  • 1 month later...

thanks for the tip on the mail host config. Hotmail seems to work after the first spam i submitted (lets hope they keep working).


It did ask me to do all of my email addresses, but the netzero one wouldn't work at all. I resubmitted it via email. Hopefully someone else can figure it out. Also I have a ton of gmail accounts, is one gmail mail host config file adequate or do I really need to do each and every one of them?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...