EstherD Posted March 23, 2019 Share Posted March 23, 2019 Sometime in the past week Apple / iCloud made a significant, probably permanent, change to the format of the headers generated by their mailservers. Consequently, messages no longer parse correctly. Here's an example: https://www.spamcop.net/sc?id=z6532255867z0d3753ed97e2c960ff2fa2e6c4de3abez Can anything be done to remedy this problem? Link to comment Share on other sites More sharing options...
MIG Posted March 23, 2019 Share Posted March 23, 2019 Hey Esther, No immediate solutions (from me) but a couple of questions to try to troubleshoot/help: Do you have a SC URL from before, i.e. when 🍎/iCloud spam did parse successfully? If yes please post back. Do you have MailHosts configured? If yes, were they configured before or after the 🍎/iCloud change? I don't use any 🍎products, so this may appear a dumb question, but, are there any forums where 🍎 users are discussing the 🍎/iCloud change? Could you PM me a spam email raw source data, i.e, data has not been parsed, please? (PM rather than posting here just to keep the Forum tidy😊 ) Just a note for PM/raw source data, unfortunately text files can't be uploaded [insert other media] option, Messenger only accepts images😐 ------------------------------------------------------------------------------------ Specific to the URL you posted: https://www.spamcop.net/sc?id=z6532255867z0d3753ed97e2c960ff2fa2e6c4de3abez Using VirusTotal, the embedded links resolve to: https://www.virustotal.com/gui/url/eb4e808099dbb174ad1bd8b75503ade1757dadf6bc63a15be8625b71bfd1cc21/details 50.56.10.103: AS 19994 (Rackspace Hosting) & https://www.virustotal.com/gui/url/0efed899e2c44d6bc8f624d822587033029b6badd5ceabb5c1d28f76fa939c22/detection 54.175.63.211: AS 14618 (Amazon.com, Inc.) Not suggesting you go thru the laborious process of disassembling each scummy spam email but just as information for this particular spam😊 Thanks & cheers! Link to comment Share on other sites More sharing options...
EstherD Posted March 23, 2019 Author Share Posted March 23, 2019 13 hours ago, MIG said: No immediate solutions (from me) but a couple of questions to try to troubleshoot/help: Do you have a SC URL from before, i.e. when 🍎/iCloud spam did parse successfully? Yes. I've been successfully submitting spam from that email acct for years. Until this week. Here's a recent example of a good parse: https://www.spamcop.net/sc?id=z6530672892z4c7f3ceb0ef8bac0115a080c8071850fz 13 hours ago, MIG said: Do you have MailHosts configured? If yes, were they configured before or after the 🍎/iCloud change? Yes. Have several mailhosts configured. All were configured several years ago. Only receiving spam on the Apple acct currently, so it's the ONLY one that's been exercised recently. Thought about deleting / reconfiguring the Apple mailhost entry, but decided against, because that particular mailhost entry had to be "hand-crafted" by SpamCop in order to work correctly. Know we're NOT supposed to alter the email in any way, but I decided to try deleting the wacko headers and resubmitting. Msg parses and reports seem reasonable: https://www.spamcop.net/sc?id=z6532443911zae1d5cd307cf1798d33f14830ad6975az Don't get many spams on that Apple acct. Only a couple a week. So maybe I'll just clean 'em a bit up before I submit 'em. Oh, and FWIW... The transition, if there is one, is apparently not complete. I have several other Apple / iCloud email accts. Msgs received on those accts do NOT have those wacko headers (yet). Alternatively, it may be because the acct with the odd headers is really old -- a user@mac.com acct. Link to comment Share on other sites More sharing options...
MIG Posted March 24, 2019 Share Posted March 24, 2019 Hey Esther, Thanks! Re: MailHosts: wise move not to change. Re: really old -- a user@mac.com acct - is it possible 🍎/iCloud are changing something about those accounts (for all users) rather than "format of headers generated by their mailservers" ? Re: not modifying spam: deleting wacko headers, imo it's better to present something to SCParser that it understands & generates a result rather than not. Cheers! Link to comment Share on other sites More sharing options...
spamuout Posted April 6, 2019 Share Posted April 6, 2019 I'm having same problem with Apple mail. It gives me errors and no date. It was just working a few weeks ago. Link to comment Share on other sites More sharing options...
MIG Posted April 6, 2019 Share Posted April 6, 2019 Hey Spamout, May we have a SpamCop Tracking URL please? Cheers! Link to comment Share on other sites More sharing options...
spamuout Posted April 11, 2019 Share Posted April 11, 2019 not for sure what your asking for? Is it my report or my unique submission number? SpamCop.net.pdf Link to comment Share on other sites More sharing options...
Lking Posted April 11, 2019 Share Posted April 11, 2019 Link to comment Share on other sites More sharing options...
EstherD Posted April 12, 2019 Author Share Posted April 12, 2019 The following describes a work-around for this problem. I have used this work-around successfully on a dozen or so spams in the last couple of weeks. If the headers of your message look like this: Quote Return-path: <20190412000116f1682b64baaa49869433642b1800p0na-C3CRFRL7C3K9W9@bounces.amazon.com> Original-recipient: rfc822;somebody@mac.com Received: from pv35p18im-ztdg05100301 by mr91p58ic-ztfb07091201 (mailgateway 1906B51) with SMTP id e384028e-b221-45a5-bf13-3e7067afacb5 for <somebody@mac.com>; Fri, 12 Apr 2019 00:01:20 GMT Received: from 17.133.188.54 by 17.133.188.28 (mailnotify 1906B26:21:10:00:01:20:8B) X-Apple-MoveToFolder: INBOX (31) uid 60280 user somebody modseq 0 X-Apple-Action: MOVE_TO_FOLDER/INBOX X-Apple-UUID: e384028e-b221-45a5-bf13-3e7067afacb5 Received: from a15-18.smtp-out.amazonses.com (a15-18.smtp-out.amazonses.com [54.240.15.18]) by st11p00im-smtpin033.me.com (Postfix) with ESMTPS id 81517580040 for <somebody@mac.com>; Fri, 12 Apr 2019 00:01:17 +0000 (UTC) Then MODIFY the headers BEFORE you submit the spam, by DELETING the FIRST TWO "Received from" header lines, so the headers like this: Quote Return-path: <20190412000116f1682b64baaa49869433642b1800p0na-C3CRFRL7C3K9W9@bounces.amazon.com> Original-recipient: rfc822;somebody@mac.com X-Apple-MoveToFolder: INBOX (31) uid 60280 user somebody modseq 0 X-Apple-Action: MOVE_TO_FOLDER/INBOX X-Apple-UUID: e384028e-b221-45a5-bf13-3e7067afacb5 Received: from a15-18.smtp-out.amazonses.com (a15-18.smtp-out.amazonses.com [54.240.15.18]) by st11p00im-smtpin033.me.com (Postfix) with ESMTPS id 81517580040 for <somebody@mac.com>; Fri, 12 Apr 2019 00:01:17 +0000 (UTC) FWIW, this problem seems ONLY to affect the headers on my user@mac.com emails. My user@me.com emails still have headers that can be parsed correctly w/o ANY modifications. HTH... -- EstherD Link to comment Share on other sites More sharing options...
spamuout Posted April 12, 2019 Share Posted April 12, 2019 that seems to help. Thanks to EstherD Now Since my Mac account and Me account is same maybe I need to check mail on the Me Account. Spamuout Link to comment Share on other sites More sharing options...
EstherD Posted April 12, 2019 Author Share Posted April 12, 2019 2 hours ago, spamuout said: Now Since my Mac account and Me account is same maybe I need to check mail on the Me Account. No, that won't help. You must have been an early adopter of Apple mail. Therefore, like me, you have an old user@mac.com acct. Because of the way Apple has transitioned those old accts over the years, an old user@mac.com acct can also receive email for user@me.com and user@icloud.com. However, not everyone using Apple mail has an old user@mac.com acct. Those who joined later got an acct that only receives mail for user@me.com and user@icloud.com. And those who joined later still got an acct that only receives mail for user@icloud.com. None of those more-recently registered accts can receive mail for user@mac.com. It's the fact that you have an old user@mac.com acct that seems to be causing the problem, not how you are accessing your acct. The funny new headers seem to appear only for users who have one of those old user@mac.com accts. And it doesn't matter which of the three valid forms of AppleID you use to access the msgs. You will still get the weird new headers. However, if you had one of the newer accts that only receive email for user@me.com or user@icloud.com, and cannot receive email for user@mac.com, then you would not have this problem. At least, that's how it appears to me. I have both types of accts: an old some_name@mac.com acct and a separate, newer another_name@me.com acct, which cannot receive email for another_name@mac.com. The weird new headers appear only on my old some_name@mac.com acct. They do not appear on my newer another_name@me.com acct. At least, not yet. Link to comment Share on other sites More sharing options...
spamuout Posted April 12, 2019 Share Posted April 12, 2019 Well thanks EsterD. Make since but also shows the snap fool we get when they change things around. Yes I'm an old timer had an email 345278@168.192.1.234 at onetime. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.