Need Help reporting spam originating from OUTLOOK.COM (hotmail) via Outlook Macro

[Sven Golly]

I've been using a macro to report spam directly from Outlook 2019 for the past few years and it works well EXCEPT when the spam originates from Outlook.com. For some reason, SpamCop says headers not provided even though the macro goes to the original message headers, pulls them out and recombines them with the message text. This works for 99 out of 100 reports.

Here's the macro:

 

Sub ForwardSpam()
    Dim olItem As Outlook.MailItem, olMsg As Outlook.MailItem
    Dim strHeader As String
    Dim strFWHeader As String
    Dim strNote As String
    Dim oAccount As Outlook.Account
    
    
    For Each olItem In Application.ActiveExplorer.Selection
        strHeader = GetInetHeaders(olItem)
    strNote = ""
        For Each oAccount In Application.Session.Accounts
            If oAccount = "geldner@gmail.com" Then
            Set olMsg = olItem.Forward
            With olMsg
                .To = "submit.<my reporting address>@spam.spamcop.net"
                .BodyFormat = olFormatPlain
                .Body = strNote & vbCrLf & vbCrLf & strHeader & vbCrLf & vbCrLf & olItem.Body
                .SendUsingAccount = oAccount
            .Display ' change to .send when satisfied
       End With
       End If
    Next
    olItem.Delete
  Next
    Set olMsg = Nothing
End Sub

Function GetInetHeaders(olkMsg As Outlook.MailItem) As String
    ' Purpose: Returns the internet headers of a message.'
    ' Written: 4/28/2009'
    ' Author:  BlueDevilFan'
    ' //techniclee.wordpress.com/
    ' Outlook: 2007'
    Const PR_TRANSPORT_MESSAGE_HEADERS = "http://schemas.microsoft.com/mapi/proptag/0x007D001E"
    Dim olkPA As Outlook.PropertyAccessor
    Set olkPA = olkMsg.PropertyAccessor
    GetInetHeaders = olkPA.GetProperty(PR_TRANSPORT_MESSAGE_HEADERS)
    Set olkPA = Nothing
End Function

Here's the spam report that doesn't work. Note that if I cut & paste the headers from the message properties Box into the SpamCop submission form and likewise the message body, it works there. So perhaps something is amiss the way the macro assembles the two parts into a single message.

CLICK 'BACK' BUTTON TO RETURN TO SPAMCOP
################################################################################
Return-Path: <luna-s@hire-unicorns.com>
Delivered-To: me@mydomain.com
Received: from rpcluster03.reliabledns.org
	by rpcluster03.reliabledns.org with LMTP
	id ELYgD4NyVmUtZAkAezToQA
	(envelope-from <luna-s@hire-unicorns.com>)
	for <xxx@xxxxx.xxx.com>; Thu, 16 Nov 2023 12:50:27 -0700
Return-path: <luna-s@hire-unicorns.com>
Envelope-to: xxx@xxxxxx.xxx
Delivery-date: Thu, 16 Nov 2023 12:50:27 -0700
Received: from mail-co1nam11on2128.outbound.protection.outlook.com
([40.107.220.128]:29606 helo=NAM11-CO1-obe.outbound.protection.outlook.com)
	by rpcluster03.reliabledns.org with esmtps  (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96.2)
	(envelope-from <luna-s@hire-unicorns.com>)
	id 1r3iNb-002eqv-38
	for xxx@xxxxxx.xxx;
	Thu, 16 Nov 2023 12:50:27 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 
b=mnWnSrbpU7rgj5+kN2p4uFMLVlLtbhvkNq1IKZQbQqa+hLMFn4xJ/0UbizRYquxqPfPDbe8aax
tjkKiEg5m0O0ogseQVi5u4feVkreJPIcaU6+KbBwWIIubJpRrMs9lXkndsBIDaheMytSWKVaeojm
kLIUb4jQrcBAacXQpVSlzxpflTO+LidxQ/0djVwbL1T5Zs3d1w0RweioNncCYmLaYRjWaXrH1T3a
f3jN+FhdVx7qzxydIdwbBlvuNC5xLUHTrFmflX3OWu1sGFQMzfzVDoRNeHdI91AjUmmQBiK0i+Dp
2TyEEWTgebwnwWWoLBnd+fbUygOw/+aq5bsPSzeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=microsoft.com;
 s=arcselector9901;
 
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiS
pam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchang
e-AntiSpam-MessageData-1;
 bh=ieragtnyApyGRHuj4GYIHx8gVnjaEAXWs0khb2ylCyY=;
 
b=W7vATfhmjlrO4zE+y+Q3RGYSEtpKD9WdFt8Ypcs+M1ccy9FEJBo3oMzUW7rIshh3M88SHCd9Iv
BytqDKwosnoTzuOLwrJ0otfUwWSk680qva9tQYuuH0Er1oCO3NqmkavBkQTkYY2qzIi+/NHIG/8u
Hb5wsp4oRmTAFEjndjWCH52w4dD7rJ3D6xIX0YJvIXd5wtRSXAX/Cqw5jPYchjBO/CaJMDrBvy4A
+63y9s7M2h+SXem7IKFArAhO2iriN0vbYbHdv4pIGgudvLF2DAKyL6qmpL0PfK4L12nV2F5xHH+P
ZBGKCNJ2ELAr7JUYaNpUHIMoEt888lsywZiSfcbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=hire-unicorns.com; dmarc=pass action=none
 header.from=hire-unicorns.com; dkim=pass header.d=hire-unicorns.com;
arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hire-unicorns.com;
 s=selector1;
 
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-Sende
rADCheck;
 bh=ieragtnyApyGRHuj4GYIHx8gVnjaEAXWs0khb2ylCyY=;
 
b=ICyzb7SijlRal8ddqZDy2O3HJHtWqJIYAw+5/nc8EMlyKHWVufZflvIT8+JyRkXRfnh3pTQrZA
RVq8OvE64nEaSA6o9EMCxtc70SBxtkg3i1yzlpdlqYnVUrxdMP51+qPp6FI2GDSriFG013BspQAZ
8F8kEeZoFO9/K9+IZ7whQEvLbjhq437qvLjfEoWtLd//vFfk1YTCFhKlsKZVdO1lFjIsmYt/qjYE
A0ejOqEq68ShVAnfwhN5zKQKP/CFR6PGbe1Oj2hjhoO1iKHIQJtZH1xJ0vfBsmgzPQ6tcUGPExG8
DLmlRD6Jx428W0ma3QMWnfSrsXbEYa9MeLaIFMeg==
Received: from MN2PR07MB7870.namprd07.prod.outlook.com
(2603:10b6:208:185::29)
 by PH7PR07MB9562.namprd07.prod.outlook.com (2603:10b6:510:205::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.18; Thu, 16 Nov
 2023 19:49:41 +0000
Received: from MN2PR07MB7870.namprd07.prod.outlook.com
 ([fe80::69c2:7aa7:6ae0:a7a0]) by MN2PR07MB7870.namprd07.prod.outlook.com
 ([fe80::69c2:7aa7:6ae0:a7a0%3]) with mapi id 15.20.7002.021; Thu, 16 Nov
2023
 19:49:41 +0000
From: Luna Sanford <luna-s@hire-unicorns.com>
To: xxxx <xxx@xxx.com>
Subject: Re: Latam Engineers for XXX
Thread-Topic: Latam Engineers for XXX
Thread-Index: AQHaE0zgwrbRLITqxkupz/kaqyXwrLB9ZXpy
Date: Thu, 16 Nov 2023 19:49:41 +0000
Message-ID: <170016417845.501.9068474388601301836@e6d465b78a02>
References: <169956238615.524.11954748674328018115@175d9957b182>
In-Reply-To: <169956238615.524.11954748674328018115@175d9957b182>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=hire-unicorns.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR07MB7870:EE_|PH7PR07MB9562:EE_
x-ms-office365-filtering-correlation-id:
c1ca99b2-4815-4cbe-762b-08dbe6dd2cd2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
 
R8LtZXumO3WbsN5Kg0/KI76TLFCeLJf8DyXn0IVqc/ixZAe7tgiRqhY491p9GLbUtqvqPU3Vw7Z1
z4qhX0SMmF0YMMvbYmHt6QYnkaKyREdQ8Xyc6SheC8IosKi0ffhaSOB6pn5nvXvJIGF43i1hxLkd
lURE32PWGBkueFDJhVIufO2sqxrWX0M7OFEKgDU5UBIPcFBE/vMW1wSCjrd9bVWu6Yz5TNfand31
g8Xs/ROtRS9CeQBKpau7xUWRmzqL6+ha1lTZBTjAFJD3Rztv4QO+RlvT2w+SCfK1w5IAGuhhAN6r
NxqfvU++G4+aFbjanWc/TkT/RqEmpxSfa6rx+CzNQqodK8dGvtk8YvGh33dZeJlFSj4gS9IKsoUe
Vxvwl9dMMoKTHenkYx9fWTIzG3XcIvtir0uX84b+YmeYl8sDRYH9Fmgztj098OgM+inOxvKWROEs
ONMfGI9mvjnnrdkMHdl1ZcDPpcziABTT89Z5OLjTj37S843wiZsh90YlTm1MMxVh64agTdTE1M9b
LO5vUS5UB8PhUBZT/kW5dUSJa/5YcA/ftS8R4hd4ETo/7AIEK0R526EmLWaa6X5GLZarS3FiFc++
A9GLHJAPV6vTAefeSyqaitO74MDQL+sKE7tcKzbHthZMwC6niqia+LcGOTBzSdXgub9lSK0ywbpa
LNCYfaGnT/ueqy3YEsUpkNpF/G5gN//6kVvXK7JB8g==
x-forefront-antispam-report:
 
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR07MB787
0.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(6019001)(7916004)(3
9860400002)(376002)(346002)(396003)(366004)(136003)(269900001)(2309220517990
03)(64100799003)(1800799009)(451199024)(186009)(6486002)(55236004)(8936002)(
6506007)(8676002)(478600001)(66476007)(6916009)(64756008)(76116006)(66946007
)(316002)(71200400001)(86362001)(66556008)(66446008)(83380400001)(26005)(651
2007)(9686003)(2906002)(5660300002)(41300700001)(38100700002)(122000001)(337
16001)(38070700009)(166002)(335405007)(130860200001)(13018025007);DIR:OUT;SF
P:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
 =?Windows-1252?Q?14y/w3rdAxUWC+z8h/ES1Gk6Eib2mZ435Zt1zsvdOFTs3QeEAHvvEaJ3?=
 =?Windows-1252?Q?U/Bt42aXN3ymcYehekPM/wGoaR1wkMCTP/jHx+UDRJTjnQmSj5BDeH2h?=
 =?Windows-1252?Q?pzKyUuPijZ0e0KYE1q2vkQcUAqULPHGpNRB0PWrfH0WcSAAwwInUD8BD?=
 =?Windows-1252?Q?h+AsETzbZsdxon4xn27+9F/zqPS083gEJwRgYhoGH7p3EQBdOwSTdpgq?=
 =?Windows-1252?Q?M/9oWvZ0RbuhfJY7lY8Kj1CGIBeESVyEp+zo3NHfGM/jndTiG3Uaik9W?=
 =?Windows-1252?Q?SiyVieWn5Eez+ggG6Tm+YEKW9l1CmDwgg9Weooo7XNuMSzo6J0qJ4sy8?=
 =?Windows-1252?Q?pt63uutddLUuAizlIPystAHLNI6MCRQ0nAg7w1JCdKEC5eTOiR0cKiI5?=
 =?Windows-1252?Q?5L/TZJmiL83Ti6+k1/TBAtqymExotuMLUHO9yhZxb2Fe4mtLk+CH7ZXt?=
 =?Windows-1252?Q?BRIUS2iA+Pfm+Rm3amEgeEqDQGkCWS46C6eqIpmoTTnivFXdwbyf+A5K?=
 =?Windows-1252?Q?NSX6u6aDoufCcgGw4ujcdKbRWrYCY3if/QJ96or4MvGbfdnbqeYioWxF?=
 =?Windows-1252?Q?gPGb4Rlj4mq0SQlHP6qjGkM+nlUKxAvfClxXi3vQX9WNstFIPrx78g1R?=
 =?Windows-1252?Q?CNnN9oWskJh4u7T8CgId7jM/+73ji6yApzCdk/hlYSQ8jN8KDfyjqU4W?=
 =?Windows-1252?Q?uBkqv4AJTi4Q2B1oY66XSo/tZ5MPOsPtpu7tAjvja5d4N0D0Iv5E65F/?=
 =?Windows-1252?Q?xI3bKHmNNU0BxVdFdoBH+9L8acNecO8KwmK4qN/sj1TA0FQ67dzsCX/E?=
 =?Windows-1252?Q?wjWrB0JKutQyQGcNgCKIBgpcDcac5qwT/7bDcvvSSCYcMqKAIJJ9IAhV?=
 =?Windows-1252?Q?6fTNhyuYH7MVnclj4I8E/6LuNzpQMQA+XBXt65wz0qkVEdb0cawSYwIB?=
 =?Windows-1252?Q?YBQj8eBp1RlRgC5nUSu6wMZucHqvsQpMtPUDiQmHJF+zD/CxRslHD1gi?=
 =?Windows-1252?Q?iH5kAMzxIHMALiYFRkI+/Ekkl5HICpXE5OtWG2ynGxbewEkZx6E0UKnr?=
 =?Windows-1252?Q?9051g+uzTkMku48vsIquFy1byKNL+JwABfnUlDEyn6D3/kD8jjV6MKYK?=
 =?Windows-1252?Q?so+sUtx4zcenlg5NU6jF9R1HBq1/U2bYemOaTshfc6cZpe+bYd/tmKs1?=
 =?Windows-1252?Q?tBa6qDS3Gh2fZ0MK4pr0asUIBRCDx/fiQOzgsxpJcgtLxD/QB7TBMUl6?=
 =?Windows-1252?Q?+YCBdvdDiHKEJWXYrEJeDg6VptJM1Tu20uoTsQKr6vgmQgsHsJof19E4?=
 =?Windows-1252?Q?STgr9hP10St6dXkkwZGnbTIPjqjnjaOLR/NJ4J0I9vhoO0fAe5tQmmZR?=
 =?Windows-1252?Q?QDoHEL6KfC5m7x2NK2en0vWyY84q4HTqtOlb0G//7XND8QxcJcqkFUtu?=
 =?Windows-1252?Q?U/fmkXDE6WZOD8cTc5i+7ic0VUf1RtwmYfRdTwdpDJgWkItr81vjExK6?=
 =?Windows-1252?Q?nYASx0jJM3aKqkttwnfUpWQmcZTnPNPHM1sOVx0NgXNlqbKFKFdrGcot?=
 =?Windows-1252?Q?Wv0BsiUbwIT9oa9547x65AA1GUT3y+EX6e2bBWxcyMY9AYTqJv20bJLG?=
 =?Windows-1252?Q?wvJx/EnPqBsb1X2wLx+SyuMZVf/mjbfc74M6xBD+uR2d6zf8ai4xSTuO?=
 =?Windows-1252?Q?uJWGr/9iIS4mrIV+/0rcTjYKwKqpjHfo?=
Content-Type: multipart/alternative;
	boundary="_000_1700164178455019068474388601301836e6d465b78a02_"
MIME-Version: 1.0
X-OriginatorOrg: hire-unicorns.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource:
MN2PR07MB7870.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
c1ca99b2-4815-4cbe-762b-08dbe6dd2cd2
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2023 19:49:41.7102
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c9eedad5-d719-4b86-a087-a09032005ffb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname:
UkgYrUQudYIL53tHkdKEuflbGhtLpJRrAvjmFsa0n/se0oBDYLCGYJt+72Hi+DhPq62rrBSS11CW
okQmphGIsZF39eyS5y1QADyOpcRdc3Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR07MB9562
X-spam-Status: No, score=0.6
X-spam-Score: 6
X-spam-Bar: /
X-Ham-Report: spam detection software, running on the system
"rpcluster03.reliabledns.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  XXX, I'd like to mention that we work on a result basis.
So
    there are no payments done until we find the perfect candidates you're
looking
    for. Our talent pool has extensive experience working for companies such
   as Uber, WeWork, MercadoLibre, Nubank, and more. 
 Content analysis details:   (0.6 points, 10.0 required)
  pts rule name              description
 ---- ----------------------
--------------------------------------------------
  0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                             [score: 0.4996]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
signature
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
  0.0 LOTS_OF_MONEY          Huge... sums of money
X-spam-Flag: NO



XXX, I'd like to mention that we work on a result basis.
 
So there are no payments done until we find the perfect candidates you're
looking for.
 
Our talent pool has extensive experience working for companies such as Uber,
WeWork, MercadoLibre, Nubank, and more.
 
The typical salary of a Senior Engineer (+5 years of experience) is $50,000
annually.
 
Is it worth a chat to explore this?

Luna
If you have received this message in error, please notify the sender
<http://12.213.192.35.bc.googleusercontent.com/733d4ba2741768ec2ac88af8cbe26
96b>  immediately so that we can ensure such a mistake does not occur in the
future.
On Thu, 9 November 2023 8:39pm <luna-s@hire-unicorns.com
<mailto:luna-s@hire-unicorns.com> > wrote: 
Hey XXX, I'm Luna from Hire Unicorns.
 
Hiring Software Engineers in the USA is typically a time-consuming and
expensive challenge. Talent is short and salaries are through the roof. Have
you considered expanding your talent pool overseas?
 
We help startups and SMBs hire elite Engineers based in South America. The
region has 6+ hours of overlapping with the USA and up to 70% savings in
salary costs.
 
Our expertise spans from java scri_pt and Kotlin to Machine Learning and
Blockchain. Keen to know if a conversation is worth it.

Best,
Luna Sanford
Business Development Manager @ Hire Unicorns
If you have received this message in error, please notify the sender
<http://12.213.192.35.bc.googleusercontent.com/7db647422dc6731fae8fe710c9448
877>  immediately so that we can ensure such a mistake does not occur in the
future.

 

[RobiBue]

that header looks wrong to me:

1. lines 12 and 14 seem to be without a space at the start of the line.
2. and then line 21 seems like an empty line which causes the next part to become the body....
3. followed by many more empty lines....

maybe one or more of those is your problem...

(my 2cents)