epgeek Posted August 27, 2008 Share Posted August 27, 2008 I seem to be getting a lot of phishing spam with a return address back to "phishing scam"[at]live.com ... When I try to report the scam to abuse[at]live.com I get back "mailbox unavailable". The same reply comes back when I try to send to info[at]live.com ... I understand that Microsoft is offering these "free mailboxes" , but they are not supporting any address to report back spams and scams.? That would seem to be an open invitation to the most vile kind of phishing scam. It would appear that Microsoft is grossly irresponsible, if not criminally irresponsible? Link to comment Share on other sites More sharing options...
rconner Posted August 27, 2008 Share Posted August 27, 2008 I seem to be getting a lot of phishing spam with a return address back to "phishing scam"[at]live.com ... When I try to report the scam to abuse[at]live.com I get back "mailbox unavailable". (...) It would appear that Microsoft is grossly irresponsible, if not criminally irresponsible?It might appear that way, but in reality it probably isn't. The problem is that spammers (and phishers) simply forge the return addresses in their messages. These are not the proper return addresses for the phishers who sent you the mail (and worse, they may belong to innocent parties who would be the ones getting any replies you might send to them). Furthermore, the fact that these addresses are "[at]live.com" does not mean that the messages were sent through live.com facilities, or had any contact whatsoever with live.com. More than likely what live.com is telling you with "mailbox unavailable" is that these addresses don't exist at live.com (i.e., because they were made up out of whole cloth by the phisher). Here's a page that might be of use: http://www.rickconner.net/spamweb/notmyaddress.html If you want to report such a message, you need to find out the IP address from which it was sent, and report the abuse of that address (and not the return e-mail address) to the provider responsible for the address. For this task, you need to pore over the headers of the message yourself, or else submit the message through the SpamCop parser (I assume you are registered with SC for this purpose); this will prepare accurate reports for you to file if you wish. -- rick Link to comment Share on other sites More sharing options...
Telarin Posted August 27, 2008 Share Posted August 27, 2008 Rick, I believe he means that abuse[at]live.com is undeliverable. To answer your question, epgeek, yes, not providing these RFC required role addresses is grossly irresponsible on Microsoft's part. It has been my experience that most mail providers don't seem to care if their free mailboxes are used as a drop for scam and phishing emails. I assume that is what you meant. You received a typical scam/phishing email with a note not to reply, but to instead send email correspendence to scammer[at]live.com? Link to comment Share on other sites More sharing options...
rconner Posted August 27, 2008 Share Posted August 27, 2008 Rick, I believe he means that abuse[at]live.com is undeliverable.Yes, that occurred to me, but I'd already done too many edits for grammar to change this. I agree that the failure to use the proper role address is a bad idea; I suppose that MS wants to deflect a lot of pointless reports, instead requiring the complainers to do a proper WHOIS lookup. For the record: rconner$ whois -h whois.abuse.net live.com abuse[at]hotmail.com (for live.com) report_spam[at]hotmail.com (for live.com) -- rick Link to comment Share on other sites More sharing options...
Farelf Posted August 27, 2008 Share Posted August 27, 2008 ...For the record: rconner$ whois -h whois.abuse.net live.com abuse[at]hotmail.com (for live.com) report_spam[at]hotmail.com (for live.com) Or for those preferring the web-based interface: http://www.abuse.net/ -> http://www.abuse.net/lookup.phtml?domain=live.com [on edit] Not to mention the SC members page (the all-in-one paste-in submission form). spammer[at]live.com (using '[at]') -> Parsing input: spammer[at]live.com 65.54.244.8 is an MX ( 5 ) for live.com Routing details for 65.54.244.8 [refresh/show] Cached whois for 65.54.244.8 : abuse[at]microsoft.com abuse[at]hotmail.com redirects to report_spam[at]hotmail.com Using best contacts report_spam[at]hotmail.com ... No, no, this is not a new feature - it's a very old one. And no, adding spamvertized eMail addresses to the standard reports won't be happening (already tried, back in the dreamtime, with unhappy results by all accounts). But the tool is there to find the reporting address in support of a manual report about the 'payload' eMail address used in phishing, advance fee scams, etc. - or the adventurous combination of the two, like this one: http://www.spamcop.net/sc?id=z2193493578z0...577cad07a9f8e1z Following sent to network-abuse[at]cc.yahoo-inc.com in consequence of that one: Dear Sirs, The following phish and/or advance fee scam received at this address appears to use the eMail address woode.charles[at]yahoo.com as a mailbox in the execution of criminal activity. Please investigate and enforce your AUP/TOS/CRA as appropriate. ------------------------------Original message------------------------------ ... Various statutory authorities and anti-phishing organizations could be added to the addressing - What other sites should I visit to help learn about, fight, handle spam? Link to comment Share on other sites More sharing options...
btech Posted August 28, 2008 Share Posted August 28, 2008 What's weird is how SC will sometimes pick up the hand-off IPs on 419 scams and other times it won't. I find that scammers from Gmail addresses only resolve to Gmail, but there's usually 2 more IPs in there. Link to comment Share on other sites More sharing options...
rconner Posted August 28, 2008 Share Posted August 28, 2008 What's weird is how SC will sometimes pick up the hand-off IPs on 419 scams and other times it won't. I find that scammers from Gmail addresses only resolve to Gmail, but there's usually 2 more IPs in there. If I recall from previous posts here, Gmail does some internal relaying of outgoing mail among unrouteable IP addresses (172.*, I think). That might be why SpamCop can't track them all the way back within Google space. My ISP used to relay incoming mail in this fashion, I think this was quite the rage a couple years back (one reason why we had to start doing Mail Host Configuration in SC). Also, the terminology is beginning to spin out of control on me here -- the original poster mentioned "phishing" mail, which to me is when the scammer tries to pretend to be your bank. To me, "419" is the usual african loot type scam. The difference is crucial, of course: in the former case, the return address is an irrelevant detail, while in the latter, the scammer MUST supply a working reply address (often in the body of the message, not in the From: field). Obviously, you'd want to report the latter kinds of addresses, and certainly if they are hotmail/live.com/msn.com or whatever. -- rick Link to comment Share on other sites More sharing options...
btech Posted August 28, 2008 Share Posted August 28, 2008 Oh, I know.. I was talking about the 419s... I get at least 50 a day. Link to comment Share on other sites More sharing options...
Miss Betsy Posted August 29, 2008 Share Posted August 29, 2008 I hope the OP understands that if the scam email (phish or 419) seems to come from an address [at] one of the free email services, it is forged. The only way to know what abuse address to use is to find the IP address it actually came from. Spamcop parser usually picks the correct abuse address for the correct IP address. OTOH, if there is an email address within the body of the spam, that, if you are gullible, you will respond to hoping either to correct a mistake (phish) or help someone out and you get a piece of the action (419), that's another story. Spamcop does not attempt any longer to offer abuse addresses for those email addresses within the spam body in the regular parse. You can get information by entering just the address, but no report is sent. Usually, the free email services are very prompt to shut down an email address that is used within the body of the spam as a 'drop box' (in technical language) or at least, that's what they say they do. And, from anecdotal evidence, Hotmail does shut down first and investigate later. Who knows why MS changed their abuse address? At any rate, they have and the new one has been around a long time. Miss Betsy Link to comment Share on other sites More sharing options...
epgeek Posted August 29, 2008 Author Share Posted August 29, 2008 Rick, I believe he means that abuse[at]live.com is undeliverable. To answer your question, epgeek, yes, not providing these RFC required role addresses is grossly irresponsible on Microsoft's part. It has been my experience that most mail providers don't seem to care if their free mailboxes are used as a drop for scam and phishing emails. I assume that is what you meant. You received a typical scam/phishing email with a note not to reply, but to instead send email correspendence to scammer[at]live.com? In my original post I was referring to the "respond to address" that was contained within the body of the email as opposed to the "return address" on the email, which I assumed to be bogus. When I tried to send all relevant info to abuse[at]live.com (including Internet Header, body, attached copy of the original, etc.) I received the dreaded mailbox not found. It took some tracking on my part to find that I could forward this info to abuse[at]hotmail.com and that Microsoft was responsible. Stupid me, I would of thought that mighty and righteous Microsoft would have kept this up to date?? Also I was referring to a "419" scam which I guess wrongly assumed was just another form of phishing scam. I just received a couple more of these emails today offering free money if I would respond to somecrook[at]live.com ... I also get these scams from gmail, yahoo, etc. but these others all seem to support an abuse address. Link to comment Share on other sites More sharing options...
Farelf Posted August 29, 2008 Share Posted August 29, 2008 ...It took some tracking on my part to find that I could forward this info to abuse[at]hotmail.com and that Microsoft was responsible. Stupid me, I would of thought that mighty and righteous Microsoft would have kept this up to date?? ...The bigger they are, the less they seem to feel bound by rules. Anyway, three tools pointed to above all show report_spam[at]hotmail.com for live.com abuse and, sure, abuse[at]hotmail.com should be OK too. Or at least not reject. Link to comment Share on other sites More sharing options...
jongrose Posted November 10, 2008 Share Posted November 10, 2008 It appears that report_spam[at]hotmail.com is now bouncing my reports of 419/lotto email reports. They are now filtering that address to prevent spam (?![at]). Here is the report URL http://www.spamcop.net/sc?id=z2402230779ze...aaccde7bb89198z This is the 2nd bounce I have gotten from this address w/in a couple weeks, so I know it is not an error/coincidence. I'm not sure if they have any alternative reporting addresses. Return-Path: <spamcop[at]devnull.spamcop.net> Delivered-To: spamcop-net-XXXX[at]spamcop.net Received: (qmail 3014 invoked from network); 10 Nov 2008 10:34:29 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: X-spam-Status: hits=-96.3 tests=CONFIRMED_FORGED,LOTTERY_PH_004470, SARE_FRAUD_X3,USER_IN_WHITELIST_TO version=3.2.4 Received: from unknown (192.168.1.88) by filter7.cesmail.net with QMQP; 10 Nov 2008 10:34:29 -0000 Received: from sc-smtp4-bulkmx.soma.ironport.com (204.15.82.126) by mxin1.cesmail.net with SMTP; 10 Nov 2008 10:33:42 -0000 Received: from sc-app2.spamcop.net ([204.15.82.21]) by sc-smtp-vip.soma.ironport.com with SMTP; 10 Nov 2008 02:34:28 -0800 X-SpamCop-Reply-Ids: 3663211778 X-Spamcop-Return-Path: <MAILER-DAEMON> Received: from sc-smtp4-bulkmx.soma.ironport.com (sc-smtp4-bulkmx.soma.ironport.com [204.15.82.126]) by sc-app2.soma.ironport.com (Postfix) with ESMTP id 850251C300B for <3663211778[at]reports.spamcop.net>; Mon, 10 Nov 2008 02:33:39 -0800 (PST) Received: from bay0-xmr-011.hotmail.com (HELO BAY0-XMR-011.phx.gbl) ([65.54.241.163]) by vmx2.spamcop.net with ESMTP; 10 Nov 2008 02:33:39 -0800 From: postmaster[at]BAY0-XMR-011.phx.gbl To: 3663211778[at]reports.spamcop.net Date: Mon, 10 Nov 2008 02:33:39 -0800 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx" X-DSNContext: 7ce717b1 - 1196 - 00000002 - 00000000 Message-ID: <fyz5b6KZm00000690[at]BAY0-XMR-011.phx.gbl> Subject: Delivery Status Notification (Failure) X-SpamCop-Checked: 204.15.82.126 204.15.82.21 65.54.241.163 This is a MIME-formatted message. Portions of this message may be unreadable without a MIME-capable mail program. --9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx Content-Type: text/plain; charset=unicode-1-1-utf-7 This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com --9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx Content-Type: message/delivery-status Reporting-MTA: dns;BAY0-XMR-011.phx.gbl Received-From-MTA: dns;BAY0-XMR-011.phx.gbl Arrival-Date: Mon, 10 Nov 2008 02:33:33 -0800 Final-Recipient: rfc822;HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com Action: failed Status: 5.7.1 Diagnostic-Code: smtp;550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (131.107.115.214). Reasons for rejection may be: obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.> --9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx Content-Type: message/rfc822 Received: from mail pickup service by BAY0-XMR-011.phx.gbl with Microsoft SMTPSVC; Mon, 10 Nov 2008 02:33:33 -0800 X-Message-Status: n:0 X-SID-PRA: Jonathan <3663211778[at]reports.spamcop.net> X-SID-Result: Pass X-Message-Info: 6sSXyD95QpU7Q6ojyRNIJvEVhlMWO5aw1wNOU8Wnw8+atKVZoWaaI2/atCdxu9d6u8NyL8XYRESn968Okz07Epl4zD0v8LDk Received: from sc-smtp1-bulkmx.soma.ironport.com ([204.15.82.123]) by bay0-mc1-f23.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 10 Nov 2008 02:33:33 -0800 Received: from 204-15-82-98.ironport.com (HELO sc-app11.spamcop.net) ([204.15.82.98]) by sc-smtp-vip.soma.ironport.com with SMTP; 10 Nov 2008 02:33:33 -0800 Received: from [66.139.199.209] by spamcop.net with HTTP; Mon, 10 Nov 2008 10:33:33 GMT From: "Jonathan" <3663211778[at]reports.spamcop.net> To: report_spam[at]hotmail.com Subject: [spamCop (Forwarded spam) id:3663211778]YOU HAVE BEEN AWARDED Precedence: list Message-ID: <rid_3663211778[at]msgid.spamcop.net> Date: 9 Nov 2008 23:10:09 -0000 X-SpamCop-sourceip: 146.229.5.58 X-Mailer: http://www.spamcop.net/ v2 Return-Path: 3663211778.1df848bb[at]bounces.spamcop.net X-OriginalArrivalTime: 10 Nov 2008 10:33:33.0713 (UTC) FILETIME=[C81C8810:01C9431F] [ SpamCop V2 ] This message is brief for your comfort. Please use links below for details. User-targeted report, see notes, if any. http://www.spamcop.net/w3m?i=z3663211778z1...2c85027673e720z [ Comments from recipient regarding Forwarded spam ] > Hello, the user sending this lotto/419 spam is using a Live email address (bmwgroup023[at]live.com) as a contact address. Please close this users account to prevent individuals from falling prey to this scam. Thank you. [ Offending message ] Return-Path: <info[at]bmw.co.uk> Delivered-To: x Received: (qmail 17319 invoked from network); 9 Nov 2008 23:12:00 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade5 X-spam-Level: ***** X-spam-Status: hits=5.4 tests=LOTTERY_PH_004470,MISSING_HEADERS,SUBJ_ALL_CAPS version=3.2.4 Received: from unknown (192.168.1.86) by blade5.cesmail.net with QMQP; 9 Nov 2008 23:12:00 -0000 Received: from email.uah.edu (146.229.5.58) by mxin2.cesmail.net with SMTP; 9 Nov 2008 23:10:09 -0000 Received: from chargermail.uah.edu (chargermail.uah.edu [146.229.5.82]) (authenticated bits=0) by email.uah.edu (8.13.8/8.13.8) with ESMTP id mA9M5vAZ022685; Sun, 9 Nov 2008 16:05:57 -0600 (CST) Received: from 75-3.vgccl.net ([41.220.75.3]) (SquirrelMail authenticated user obriens) by chargermail.uah.edu with HTTP; Sun, 9 Nov 2008 16:06:13 -0600 (CST) Message-ID: <2913_____________________________rrel[at]chargermail.uah.edu> Date: Sun, 9 Nov 2008 16:06:13 -0600 (CST) Subject: YOU HAVE BEEN AWARDED From: =?iso-8859-1?Q?BMW=AE_Company_Awards?= <info[at]bmw.co.uk> Reply-To: bmwgroup023[at]live.com User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Scanned-By: MIMEDefang 2.51 on 146.229.5.58 X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=5 BMW� HQ Germany Plant:Heidemannstr. 164 DE-80939 MUNCHEN Germany. From:THE BMW� (UK) Ltd Registered Office: Ellesfield Avenue, Bracknell, Berkshire, RG12 8TA. United Kingdom. Congratulations, The Board of Directors,Members of staff and the International Awareness Promotion Department of the BMW Automobile Company, Wishes to congratulate you on your success as one of our TEN(10) STAR PRIZE WINNER in this year's BMW Automobile International Awareness Promotion (IAP) held on Friday 7th of November,2008 in Berkshire. This makes you the proud owner of a brand new BMW 7 Series,730d Sports Saloon car and a cash prize of 750,000.00 GBPs (Seven Hundred and Fifty Thousand Great British pounds). In order to redeem your prizes contact Mr.Thomas Peters R ,Bmw Claims Manager of the Claims Department with the verification form below duely Filled and sent through email to: Mr.Thomas Peters R, DIRECT EMAIL:bmwgroup023[at]live.com Tel:+44(0) 7031925534. VERIFICATION FORM: 1.)Full Name: 2.)Current Address: 3.)Country: 4.)Age: 5.)Sex: 6.)Occupation: 7.)Phone Number: 8.)REFERENCE NUMBER:BMW:25515500DS --9B095B5ADSN=_01C94079B06EA4120000079ABAY0?XMR?011.phx-- Link to comment Share on other sites More sharing options...
Farelf Posted November 10, 2008 Share Posted November 10, 2008 It appears that report_spam[at]hotmail.com is now bouncing my reports of 419/lotto email reports. They are now filtering that address to prevent spam (?![at]). ... I'm not sure if they have any alternative reporting addresses.Aagh! Yes, always has been difficult to get them to take responsibility for enforcing their own AUP/TOS/CRA. http://hexillion.com/asp/samples/ValidateEmail.asp Address parts local part: bmwgroup023 domain: live.com extra text: MX records preference exchange IP address (if included) 5 mx4.hotmail.com [65.54.244.104] 5 mx1.hotmail.com [65.54.244.8] 5 mx2.hotmail.com [65.54.245.40] 5 mx3.hotmail.com [65.54.245.72] SMTP session [Contacting mx4.hotmail.com [65.54.244.104]...] [Connected] 220 bay0-mc4-f18.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Mon, 10 Nov 2008 06:30:46 -0800 EHLO hexillion.com 250-bay0-mc4-f18.bay0.hotmail.com (3.7.0.89) Hello [70.84.211.98] 250-SIZE 29696000 250-PIPELINING 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-AUTH LOGIN 250-AUTH=LOGIN 250 OK NOOP *** See <http://www.hexillion.com/MailAdmin/> for an explanation of this session 250 OK NOOP *** HexValidEmail COM 1.4.12 <5c31a8fa73d35685c3baa1e0430da151bdc52a85> 250 OK RSET 250 Resetting MAIL FROM:<HexValidEmail[at]hexillion.com> 250 HexValidEmail[at]hexillion.com....Sender OK RCPT TO:<hextest6818[at]live.com> 550 Requested action not taken: mailbox unavailable RCPT TO:<bmwgroup023[at]live.com> 250 bmwgroup023[at]live.com RSET 554 Transaction failed QUIT So, 'drop box' still 'live', 'scuse the pun. Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Steve>whosip 65.54.244.232 WHOIS Source: ARIN IP Address: 65.54.244.232 Country: USA - Washington Network Name: MICROSOFT-1BLK Owner Name: Microsoft Corp From IP: 65.52.0.0 To IP: 65.55.255.255 Allocated: Yes Contact Name: Microsoft Corp Address: One Microsoft Way, Redmond Email: iprrms[at]microsoft.com Abuse Email: abuse[at]msn.com Phone: +1-425-882-8080 Fax: C:\Documents and Settings\Steve> So, ARIN record says abuse[at]msn.com FWIW (probably very little - they can't even get their 'stern warning' right. you may have noticed: "220 ... Violations will result in use of equipment located in California and other states. ..." Whiskey Tango Foxtrot? - as we used to ask. Oh yes - hextest on abuse[at]msn.com says it is accepted, for whatever that is worth. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 10, 2008 Share Posted November 10, 2008 they can't even get their 'stern warning' right. you may have noticed: "220 ... Violations will result in use of equipment located in California and other states. ..." Whiskey Tango Foxtrot? - as we used to ask. Sounds like a remote DOS attack. You violate their rules and they will begin using machines in CA and other states Link to comment Share on other sites More sharing options...
Farelf Posted November 10, 2008 Share Posted November 10, 2008 Sounds like a remote DOS attack. You violate their rules and they will begin using machines in CA and other states Nothing is inconceivable - that may be right. Link to comment Share on other sites More sharing options...
Farelf Posted November 10, 2008 Share Posted November 10, 2008 And, noting once more 66389[/snapback], feeding the drop box address into the parser produces two abuse-handler addresses: http://www.spamcop.net/sc?track=bmwgroup023%40live.com Parsing input: bmwgroup023[at]live.com Reporting addresses: abuse[at]msn.com report_spam[at]msn.com Maybe they will reject on 'spam content' too - nothing about M$ should surprise. But, more addresses to try. Link to comment Share on other sites More sharing options...
neviller Posted November 13, 2008 Share Posted November 13, 2008 For months, I have been reporting spams with live.com (etc) reply-to addresses to report_spam[at]live.com or, as appropriate, Report_spam[at]hotmail.com or report_spam[at]msn.com. I just used to get an auto-acknowledgement. However, since 29 October I receive 2 emails each time: one acknowledgment and one rejection. I don't know which to believe. The acknowledgement says: Thank you for reporting spam to the MSN Hotmail Support Team. This is an auto-generated response to inform you that we have received your submission. MSN Hotmail makes ongoing efforts to stop spam. Appropriate actions will be taken. Please note that you will not receive a reply if you respond directly to this message. Report_spam[at]hotmail.com and report_spam[at]msn.com are accounts set up specifically to process spam reports and punish spammers. This account is NOT intended for reporting of other forms of abusive e-mails. If you have received an abusive e-mail which falls under but is not limited to the below categories, please resubmit your report to abuse[at]hotmail.com or abuse[at]msn.com depending on the spammer’s domain (MSN or Hotmail). Abusive e-mail includes but is not limited to: • Child exploitation/pornography threats • Harassment • Impersonation of an institution (such as a bank or government agency or charity), also known as Phishing • Issues relating to account credentials being compromised (hacked) Then the rejection notice say: This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com Reporting-MTA: dns;BAY0-XMR-004.phx.gbl Received-From-MTA: dns;BAY0-XMR-004.phx.gbl Arrival-Date: Wed, 12 Nov 2008 23:49:03 -0800 Final-Recipient: rfc822;HOTML.FREE.WW.00.EN.MSF.SEA.AU.T01.ABU.00.EM[at]css.one.microsoft.com Action: failed Status: 5.7.1 Diagnostic-Code: smtp;550 5.7.1 <Your e-mail was rejected by an anti-spam content filter on gateway (131.107.115.214). Reasons for rejection may be: obscene language, graphics, or spam-like characteristics. Removing these may let the e-mail through the filter.> I tried re-submitting and deleting the spam indicators set by my ISP in the headers, and even "Dear Sir/Madam" from the text of the spam, but I still get a rejection notice as well as an acknowledgement. Link to comment Share on other sites More sharing options...
turetzsr Posted November 14, 2008 Share Posted November 14, 2008 <snip> I receive 2 emails each time: one acknowledgment and one rejection. I don't know which to believe. <snip> ...Not being an expert, I'm taking a guess here: the Microsoft incoming e-mail system is first seeing your e-mail coming into their system, then generating an acknowledgement, then filtering your e-mail and rejecting it as "spammy" and sending you the rejection notice. My tentative conclusion would be that it is not getting to the appropriate party and that you should therefore seek an alternate mode of communication. ...Good luck! Link to comment Share on other sites More sharing options...
Devilwolf Posted November 17, 2008 Share Posted November 17, 2008 I've been getting a ton of African/UK/ChiCom 419 and lottery spam that wants me to email all my banking and personal info to a msn, live, or hotmail acct, and I often get those bounces also. One alternate if you just want to be snarky... file a compliant with the Washington State DA against M$ for false advertising - they advertise they don't support spam - but they refuse to take complaints about the spammers.... Fax a copy of your complaint to their corporate lawyer I find it really annoying when ISP put spam filters on their spam reporting addresses. So is most of your phishing spam being sent thru godaddy's email servers? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.