klappa Posted October 2, 2018 Posted October 2, 2018 I don't know if it's a new problem but lately Spamcop is having problem to parse the links in spam even though there are several of them. Here's an example https://www.spamcop.net/sc?id=z6490190910z2e032a89ce43df58c2d4299d8e6679c7z Can somebody explain this? I do pay for the service and it doesn't seem to work properly when it should.
RobiBue Posted October 2, 2018 Posted October 2, 2018 Hi Klappa, I can try to explain what’s happening here: In the topmost (last) Received: line Received: from CO1NAM04HT207.eop-NAM04.prod.protection.outlook.com (2603:10a6:4:2b::32) by DB4PR03MB524.eurprd03.prod.outlook.com with HTTPS via DB6PR0801CA0064.EURPRD08.PROD.OUTLOOK.COM; Tue, 2 Oct 2018 00:49:39 +0000 notice the address 2603:10a6:4:2b::32 which is a valid assigned IPv6 address belonging to M$. The next Received: line Received: from CO1NAM04FT010.eop-NAM04.prod.protection.outlook.com (10.152.90.52) by CO1NAM04HT207.eop-NAM04.prod.protection.outlook.com (10.152.91.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Tue, 2 Oct 2018 00:49:37 +0000 appears to come from IP address 10.152.90.52, which is a private network address, so it is not trusted. The following (preceding) Received: line Received: from sfac11.wysweb.com.au (101.0.109.195) by CO1NAM04FT010.mail.protection.outlook.com (10.152.90.150) with Microsoft SMTP Server id 15.20.1185.13 via Frontend Transport; Tue, 2 Oct 2018 00:49:36 +0000 which actually contains the spamming IP address 101.0.109.195 could already have been forged by the untrusted host mentioned above. The problem is that M$/Hotmail/Outlook breaks the chain causing SpamCop to report the wrong address. This is not SpamCop‘s fault, but M$’s.
Lking Posted October 2, 2018 Posted October 2, 2018 56 minutes ago, klappa said: problem but lately Spamcop is having problem to parse the links in spam The links in the body of spam are the lowest priority task for the parser. If you look at the "Statistics" tab you will see thy are processing ~5 spam/second on average. If you submit spam at times of high load, parsing the links in the body of your spam may not be done to avoid falling behind on the higher priority task. Its an old reference but reminds me of "Lucy on the candy assembly line" from I Love Lucy ~ years ago (B/W TV) but a classic!
Schtronck Posted October 3, 2018 Posted October 3, 2018 Hi, Same thing here for month, now... ? I mainly receive spam on my hotmail address, and every time I submit a spam, I now get something similar : Parsing header: host 2603:10a6:3:e5:0:0:0:21 (getting name) no name 0: Received: from AM5EUR03HT212.eop-EUR03.prod.protection.outlook.com (2603:10a6:3:e5::21) by HE1P190MB0284.EURP190.PROD.OUTLOOK.COM with HTTPS via HE1PR0902CA0011.EURPRD09.PROD.OUTLOOK.COM; Wed, 3 Oct 2018 09:06:23 +0000 No unique hostname found for source: 2603:10a6:3:e5:0:0:0:21 Hotmail/MSN received mail from sending system 2603:10a6:3:e5:0:0:0:21 1: Received: from AM5EUR03FT042.eop-EUR03.prod.protection.outlook.com (10.152.16.52) by AM5EUR03HT212.eop-EUR03.prod.protection.outlook.com (10.152.17.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Wed, 3 Oct 2018 09:06:22 +0000 Internal handoff or trivial forgery 2: Received: from 99h37.org (117.97.128.120) by AM5EUR03FT042.mail.protection.outlook.com (10.152.17.168) with Microsoft SMTP Server id 15.20.1185.13 via Frontend Transport; Wed, 3 Oct 2018 09:06:21 +0000 No unique hostname found for source: 117.97.128.120 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. So, every report is send to " report_spam@hotmail.com " witch is completely useless.
RobiBue Posted October 3, 2018 Posted October 3, 2018 as i mentioned, it's M$'s (microsoft's) fault because they break the chain. I do agree, that it is pointless to report your own email provider instead of the source, but there's nothing we mere "customers/end-users" can do if the big wigs don't want to play along.
MyNameHere Posted October 16, 2018 Posted October 16, 2018 Okay, so the proper procedure for Hotmail and other Micro$oft accounts is to uncheck the report about the sending address and just report any spamvertised links? Or would it be better to flood Micro$oft with as many spam reports as possible? Maybe with a note saying what the problem is? Also, since this seems to be a universal problem, wouldn't it be a good idea to add it to the MailHosts and Reporting forums' pinned info? (I didn't see it on either one, but I didn't look carefully, either, he said sheepishly.)
lisati Posted October 16, 2018 Posted October 16, 2018 I suspect that something similar to what others have reported for Gmail is happening. The workaround I generally use is similar to the Gmail workaround, commenting out the first Received line encountered as you scroll down the message source.
MyNameHere Posted October 17, 2018 Posted October 17, 2018 Hmmm... in most cases, the first Received line is just the first line, right? That does seem to work. Interesting. Thanks!
MyNameHere Posted October 17, 2018 Posted October 17, 2018 Hmmm... in most cases, the first Received line is just the first line, right? Thanks!
MyNameHere Posted November 20, 2018 Posted November 20, 2018 Update: For several weeks, I have been stripping off the first Received line from my Hotmail spam and including it in the "Additional notes" box. It looks like the proper sender is now being reported. Bonus: My incoming spam count has gone 'way down. Might or might not be related.
MyNameHere Posted November 20, 2018 Posted November 20, 2018 Update: For several weeks, I have been stripping off the first Received line from my Hotmail spam and including it in the "Additional notes" box. It looks like the proper sender is now being reported. Bonus: My incoming spam count has gone 'way down. Might or might not be related.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.