If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Hotmail Spam
I received spam with "From" and "Return-Path" header fields indicating
the same hotmail.com address. I saved the source file, showing all the HTML mark-up and the header block. I sent an E-mail with a complaint to containing the source file as an attachment and citing the sender's IP address. I got a bounce message from Microsoft that said my complaint E-mail could not be delivered because of the following reason: The recipient has exceeded their limit for the number of messages they can receive per hour. Why would Microsoft put a limit on its own abuse-report E-mail address? Does this not indicate Microsoft has a serious problem with being used for spam? -- David E. Ross http://www.rossde.com Too often, Twitter is a source of verbal vomit. Examples include Donald Trump, Roseanne Barr, and Elon Musk. |
Ads |
#2
|
|||
|
|||
Hotmail Spam
On 10/15/2018 11:00 AM, David E. Ross wrote:
I received spam with "From" and "Return-Path" header fields indicating the same hotmail.com address. I saved the source file, showing all the HTML mark-up and the header block. I sent an E-mail with a complaint to containing the source file as an attachment and citing the sender's IP address. I got a bounce message from Microsoft that said my complaint E-mail could not be delivered because of the following reason: The recipient has exceeded their limit for the number of messages they can receive per hour. Why would Microsoft put a limit on its own abuse-report E-mail address? Does this not indicate Microsoft has a serious problem with being used for spam? Kinda like David said but... I think it's like when we have a power outage and call the power company around here. As soon as I give my street name, they stop me and say they know about the outage. Indicating that I'm probably the 50th person complaining. Of course this is a phone call and a person is answering. I can understand the flood of email from the world into Microsoft abuse mail box. I can understand them wanting to limit it. There is only so much you can read per hour. |
#3
|
|||
|
|||
Hotmail Spam
David E. Ross wrote:
I received spam with "From" and "Return-Path" header fields indicating the same hotmail.com address. I saved the source file, showing all the HTML mark-up and the header block. I sent an E-mail with a complaint to containing the source file as an attachment and citing the sender's IP address. The From header contains whatever the sender's wants to specify in their *client*. It is NOT added by the sending mail *server* for the account through which a message was sent. Spammers and even you can configure their local e-mail clients to specify whatever the sender wants in the From header. The From header is *NOT* where you check to see from where a spam originated. The Return-Path header is supposed to be prepended by the SMTP server; however, clients can add it. Whether the server overwrites an existing Return-Path header depends on the server's setup. There are spammers that operate their own SMTP server or use spam-friendly or even spam- assisting e-mail services. This is not your SMTP server getting the envelope to determine a valid Return-Path header. This is the sending SMTP server (or the sender's client) adding that header. You may even see two Return-Path headers: one added by the sending mail server and another added by the spammer's client. I would only give some credence to the Return-Path header if none of the other headers look suspect. Because the Return-Path is to where bounces are sent, and since companies want to collate all bounces into aggregate data for analysis, the Return-Path and From may not align. In fact, there are e-mail services that let the sender specify what to put in the Return-Path header. If it were a spammer, they could make the Return-Path header align to their faked From header. https://www.sparkpost.com/resources/...ath-explained/ You need to trace through the Received headers. Each one get prepended to a message by each SMTP server through which the message was passed. The topmost Received header will be the last one (for your server). The first one will be for the sender's server. However, it is possible to add fake Received headers at the client end, so you need to understand how to trace through Received headers to make sure you don't get misled by a spammer's or scammer's bogus ones. I got a bounce message from Microsoft that said my complaint E-mail could not be delivered because of the following reason: The recipient has exceeded their limit for the number of messages they can receive per hour. Why would Microsoft put a limit on its own abuse-report E-mail address? Does this not indicate Microsoft has a serious problem with being used for spam? The spam reporting e-mail address reported by abuse.net is not always correct, so they resort to doling out standard left tokens (usernames) for the domain, like abuse@domain and postmaster@domain. https://docs.microsoft.com/en-us/off...t-for-analysis If you are using Microsoft's e-mail service then use their standard scheme to report spam: use their webmail client to move an undetected spam into your Junk folder (select the spam, click Junk). That records [your vote on] the e-mail as spam to Microsoft. Rather than waste manpower in analyzing individual submissions, Microsoft wants users to vote on what is spam. Moving to junk adds your vote. Also, @microsoft.com is not a valid abuse reporting domain. I don't remember that it ever was. When reporting spam which is an *e-mail* issue, you submit your report to . That's probably for reporting spam that you received elsewhere (a non-Microsoft account) that originated from a Hotmail/Outlook.com sender. Currently I cannot connect to www.abuse.net to see what registered abuse desk address is recorded there. If it comes back up or you can connect, enter , , or whatever e-mail address from where you think the spam originated. See if comes up or some other abuse@otherdomain comes up. I also tried the Abuse lookup at https://www.dnsstuff.com/tools and entered "hotmail.com". They say is where to send spam reports, so try that one. https://www.talosintelligence.com/re...nter/email_rep While the above site indicates there has been a small drop in global spam volume, you can select different time ranges to see how much it bounces around. For the spam you received today, no way to know what is today's spam volume until tomorrow. |
#4
|
|||
|
|||
Hotmail Spam
On 10/15/2018 11:23 AM, VanguardLH wrote:
David E. Ross wrote: I received spam with "From" and "Return-Path" header fields indicating the same hotmail.com address. I saved the source file, showing all the HTML mark-up and the header block. I sent an E-mail with a complaint to containing the source file as an attachment and citing the sender's IP address. The From header contains whatever the sender's wants to specify in their *client*. It is NOT added by the sending mail *server* for the account through which a message was sent. Spammers and even you can configure their local e-mail clients to specify whatever the sender wants in the From header. The From header is *NOT* where you check to see from where a spam originated. The Return-Path header is supposed to be prepended by the SMTP server; however, clients can add it. Whether the server overwrites an existing Return-Path header depends on the server's setup. There are spammers that operate their own SMTP server or use spam-friendly or even spam- assisting e-mail services. This is not your SMTP server getting the envelope to determine a valid Return-Path header. This is the sending SMTP server (or the sender's client) adding that header. You may even see two Return-Path headers: one added by the sending mail server and another added by the spammer's client. I would only give some credence to the Return-Path header if none of the other headers look suspect. Because the Return-Path is to where bounces are sent, and since companies want to collate all bounces into aggregate data for analysis, the Return-Path and From may not align. In fact, there are e-mail services that let the sender specify what to put in the Return-Path header. If it were a spammer, they could make the Return-Path header align to their faked From header. https://www.sparkpost.com/resources/...ath-explained/ You need to trace through the Received headers. Each one get prepended to a message by each SMTP server through which the message was passed. The topmost Received header will be the last one (for your server). The first one will be for the sender's server. However, it is possible to add fake Received headers at the client end, so you need to understand how to trace through Received headers to make sure you don't get misled by a spammer's or scammer's bogus ones. I got a bounce message from Microsoft that said my complaint E-mail could not be delivered because of the following reason: The recipient has exceeded their limit for the number of messages they can receive per hour. Why would Microsoft put a limit on its own abuse-report E-mail address? Does this not indicate Microsoft has a serious problem with being used for spam? The spam reporting e-mail address reported by abuse.net is not always correct, so they resort to doling out standard left tokens (usernames) for the domain, like abuse@domain and postmaster@domain. https://docs.microsoft.com/en-us/off...t-for-analysis If you are using Microsoft's e-mail service then use their standard scheme to report spam: use their webmail client to move an undetected spam into your Junk folder (select the spam, click Junk). That records [your vote on] the e-mail as spam to Microsoft. Rather than waste manpower in analyzing individual submissions, Microsoft wants users to vote on what is spam. Moving to junk adds your vote. Also, @microsoft.com is not a valid abuse reporting domain. I don't remember that it ever was. When reporting spam which is an *e-mail* issue, you submit your report to . That's probably for reporting spam that you received elsewhere (a non-Microsoft account) that originated from a Hotmail/Outlook.com sender. Currently I cannot connect to www.abuse.net to see what registered abuse desk address is recorded there. If it comes back up or you can connect, enter , , or whatever e-mail address from where you think the spam originated. See if comes up or some other abuse@otherdomain comes up. I also tried the Abuse lookup at https://www.dnsstuff.com/tools and entered "hotmail.com". They say is where to send spam reports, so try that one. https://www.talosintelligence.com/re...nter/email_rep While the above site indicates there has been a small drop in global spam volume, you can select different time ranges to see how much it bounces around. For the spam you received today, no way to know what is today's spam volume until tomorrow. I tracked the spam to Microsoft by looking at the Received header fields in the header block. My ISP's E-mail server received the spam from IP address 40.92.255.64, which is owned by Microsoft. -- David E. Ross http://www.rossde.com Too often, Twitter is a source of verbal vomit. Examples include Donald Trump, Roseanne Barr, and Elon Musk. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|