Jump to content

Spamcop doesn't parse the spam links


Recommended Posts

Hi Klappa,

I can try to explain what’s happening here:

In the topmost (last) Received: line 

Received: from CO1NAM04HT207.eop-NAM04.prod.protection.outlook.com
 (2603:10a6:4:2b::32) by DB4PR03MB524.eurprd03.prod.outlook.com with HTTPS via
 DB6PR0801CA0064.EURPRD08.PROD.OUTLOOK.COM; Tue, 2 Oct 2018 00:49:39 +0000

notice the address 2603:10a6:4:2b::32

which is a valid assigned IPv6 address belonging to M$.

The next Received: line

Received: from CO1NAM04FT010.eop-NAM04.prod.protection.outlook.com
 ( by CO1NAM04HT207.eop-NAM04.prod.protection.outlook.com
 ( with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Tue, 2
 Oct 2018 00:49:37 +0000

appears to come from IP address, which is a private network address, so it is not trusted.

The following (preceding) Received: line

Received: from sfac11.wysweb.com.au ( by
 CO1NAM04FT010.mail.protection.outlook.com ( with Microsoft SMTP
 Server id 15.20.1185.13 via Frontend Transport; Tue, 2 Oct 2018 00:49:36

which actually contains the spamming IP address could already have been forged by the untrusted host mentioned above.

The problem is that M$/Hotmail/Outlook breaks the chain causing SpamCop to report the wrong address.

This is not SpamCop‘s fault, but M$’s.

Link to comment
Share on other sites

56 minutes ago, klappa said:

problem but lately Spamcop is having problem to parse the links in spam

The links in the body of spam are the lowest priority task for the parser.  If you look at the "Statistics" tab  you will see thy are processing ~5 spam/second on average.  If you submit spam at times of high load, parsing the links in the body of your spam may not be done to avoid falling behind on the higher priority task.

Its an old reference but reminds me of "Lucy on the candy assembly line" from I Love Lucy ~ years ago (B/W TV) but a classic!

Link to comment
Share on other sites


Same thing here for month, now... ?

I mainly receive spam on my hotmail address, and every time I submit a spam, I now get something similar :

Parsing header:
host 2603:10a6:3:e5:0:0:0:21 (getting name) no name
0: Received: from AM5EUR03HT212.eop-EUR03.prod.protection.outlook.com (2603:10a6:3:e5::21) by HE1P190MB0284.EURP190.PROD.OUTLOOK.COM with HTTPS via HE1PR0902CA0011.EURPRD09.PROD.OUTLOOK.COM; Wed, 3 Oct 2018 09:06:23 +0000
No unique hostname found for source: 2603:10a6:3:e5:0:0:0:21
Hotmail/MSN received mail from sending system 2603:10a6:3:e5:0:0:0:21

1: Received: from AM5EUR03FT042.eop-EUR03.prod.protection.outlook.com ( by AM5EUR03HT212.eop-EUR03.prod.protection.outlook.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1185.13; Wed, 3 Oct 2018 09:06:22 +0000
Internal handoff or trivial forgery

2: Received: from 99h37.org ( by AM5EUR03FT042.mail.protection.outlook.com ( with Microsoft SMTP Server id 15.20.1185.13 via Frontend Transport; Wed, 3 Oct 2018 09:06:21 +0000
No unique hostname found for source:
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

So, every report is send to " report_spam@hotmail.com " witch is completely useless.

Link to comment
Share on other sites

as i mentioned, it's M$'s (microsoft's) fault because they break the chain.

I do agree, that it is pointless to report your own email provider instead of the source, but there's nothing we mere "customers/end-users" can do if the big wigs don't want to play along.


Link to comment
Share on other sites

  • 2 weeks later...

Okay, so the proper procedure for Hotmail and other Micro$oft accounts is to uncheck the report about the sending address and just report any spamvertised links?

Or would it be better to flood Micro$oft with as many spam reports as possible? Maybe with a note saying what the problem is?

Also, since this seems to be a universal problem, wouldn't it be a good idea to add it to the MailHosts and Reporting forums' pinned info? (I didn't see it on either one, but I didn't look carefully, either, he said sheepishly.)


Link to comment
Share on other sites

I suspect that something similar to what others have reported for Gmail is happening. The workaround I generally use is similar to the Gmail workaround, commenting out the first Received line encountered as you scroll down the message source.

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...