nh905 Posted April 13, 2019 Share Posted April 13, 2019 I am getting a growing amount of spam that Spamcop does not appear to be able to process. Here is an example: Return-Path: <firstname.lastname@example.org> Delivered-To: nxxxxxx-sinet:ca-x X-Envelope-To: x Received: from nxxxxxx.mail.pairserver.com [126.96.36.199] by aws.sinet.ca with IMAP (fetchmail-6.3.17) for <x> (single-drop); Fri, 12 Apr 2019 19:10:05 -0400 (EDT) Received: (qmail 55752 invoked from network); 12 Apr 2019 10:53:51 -0000 Received: from localhost (HELO mta.mail1.g20.pair.com) (127.0.0.1) by localhost with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 12 Apr 2019 10:53:51 -0000 Received: from localhost (localhost [127.0.0.1]) by mta.mail1.g20.pair.com (Postfix) with SMTP id 64B5CB816D for <x>; Fri, 12 Apr 2019 04:53:51 -0600 (MDT) X-Virus-Check-By: mail1.g20.pair.com Received: from localhost (localhost [127.0.0.1]) by mta.mail1.g20.pair.com (Postfix) with SMTP id E5FB9B8167 for <x>; Fri, 12 Apr 2019 04:53:50 -0600 (MDT) Received-SPF: fail (facebook.com ... _spf.facebook.com: Sender is not authorized by default to use 'email@example.com' in 'mfrom' identity (mechanism '-all' matched)) receiver=mail1.g20.pair.com; identity=mailfrom; envelope-from="firstname.lastname@example.org"; helo=mx-out.facebook.com; client-ip=188.8.131.52 Received: from mx-out.facebook.com (unknown [184.108.40.206]) by mta.mail1.g20.pair.com (Postfix) with ESMTP for <x>; Fri, 12 Apr 2019 04:53:49 -0600 (MDT) Received: from localhost (127.0.0.1) by .tFPOSZzTeEdkt6@facebook.com id FlkmbeavpeML for <x>; Fri, 12 Apr 2019 10:34:40 +0200 (envelope-from <email@example.com>) From: Loblaw Companies Limited <CADB@facebook.com> Content-Type: text/html References: x Message-ID: <Flkm____________________QAeQ@mail.facebook.com> Reply-To: x To: x List-ID: 4SnNh9SKemslH4Awfatr Subject: Checkout // Confirmation needed Date: Fri, 12 Apr 2019 10:34:40 +0200 View entire message Parsing header: Reading from the bottom, my interpretation is that the mail was accepted by a mail gateway at 220.127.116.11 that claims to be mx-out.facebook.com, which forwarded the mail to the pair.com mail gateway that I use. However, 18.104.22.168 does not have a reverse DNS entry, and is definitely not associated with mx-out.facebook.com. Since Spamcop cannot figure out where to send the abuse report, it stops. It looks like the root cause is that pair.com is not following mail gateway 'best practices' by accepting email from a mail gateway that does not have a reverse DNS entry. Am I on the right track? Thanks, Norbert Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.