A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Hotmail Spam



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old October 15th 18, 04:00 PM posted to alt.windows7.general
David E. Ross[_2_]
external usenet poster
 
Posts: 1,035
Default Hotmail Spam

I received spam with "From" and "Return-Path" header fields indicating
the same hotmail.com address. I saved the source file, showing all the
HTML mark-up and the header block. I sent an E-mail with a complaint to
containing the source file as an attachment and
citing the sender's IP address.

I got a bounce message from Microsoft that said my complaint E-mail
could not be delivered because of the following reason:
The recipient has exceeded their limit for the number of messages they can receive per hour.


Why would Microsoft put a limit on its own abuse-report E-mail address?
Does this not indicate Microsoft has a serious problem with being used
for spam?

--
David E. Ross
http://www.rossde.com

Too often, Twitter is a source of verbal vomit. Examples include Donald
Trump, Roseanne Barr, and Elon Musk.
Ads
  #2  
Old October 15th 18, 05:49 PM posted to alt.windows7.general
Big Al[_5_]
external usenet poster
 
Posts: 1,588
Default Hotmail Spam

On 10/15/2018 11:00 AM, David E. Ross wrote:
I received spam with "From" and "Return-Path" header fields indicating
the same hotmail.com address. I saved the source file, showing all the
HTML mark-up and the header block. I sent an E-mail with a complaint to
containing the source file as an attachment and
citing the sender's IP address.

I got a bounce message from Microsoft that said my complaint E-mail
could not be delivered because of the following reason:
The recipient has exceeded their limit for the number of messages they can receive per hour.


Why would Microsoft put a limit on its own abuse-report E-mail address?
Does this not indicate Microsoft has a serious problem with being used
for spam?

Kinda like David said but...

I think it's like when we have a power outage and call the power company
around here. As soon as I give my street name, they stop me and say
they know about the outage. Indicating that I'm probably the 50th
person complaining. Of course this is a phone call and a person is
answering.

I can understand the flood of email from the world into Microsoft abuse
mail box. I can understand them wanting to limit it. There is only
so much you can read per hour.


  #3  
Old October 15th 18, 07:23 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Hotmail Spam

David E. Ross wrote:

I received spam with "From" and "Return-Path" header fields indicating
the same hotmail.com address. I saved the source file, showing all the
HTML mark-up and the header block. I sent an E-mail with a complaint to
containing the source file as an attachment and
citing the sender's IP address.


The From header contains whatever the sender's wants to specify in their
*client*. It is NOT added by the sending mail *server* for the account
through which a message was sent. Spammers and even you can configure
their local e-mail clients to specify whatever the sender wants in the
From header. The From header is *NOT* where you check to see from where
a spam originated.

The Return-Path header is supposed to be prepended by the SMTP server;
however, clients can add it. Whether the server overwrites an existing
Return-Path header depends on the server's setup. There are spammers
that operate their own SMTP server or use spam-friendly or even spam-
assisting e-mail services. This is not your SMTP server getting the
envelope to determine a valid Return-Path header. This is the sending
SMTP server (or the sender's client) adding that header. You may even
see two Return-Path headers: one added by the sending mail server and
another added by the spammer's client. I would only give some credence
to the Return-Path header if none of the other headers look suspect.

Because the Return-Path is to where bounces are sent, and since
companies want to collate all bounces into aggregate data for analysis,
the Return-Path and From may not align. In fact, there are e-mail
services that let the sender specify what to put in the Return-Path
header. If it were a spammer, they could make the Return-Path header
align to their faked From header.

https://www.sparkpost.com/resources/...ath-explained/

You need to trace through the Received headers. Each one get prepended
to a message by each SMTP server through which the message was passed.
The topmost Received header will be the last one (for your server). The
first one will be for the sender's server. However, it is possible to
add fake Received headers at the client end, so you need to understand
how to trace through Received headers to make sure you don't get misled
by a spammer's or scammer's bogus ones.


I got a bounce message from Microsoft that said my complaint E-mail
could not be delivered because of the following reason:
The recipient has exceeded their limit for the number of messages they can receive per hour.


Why would Microsoft put a limit on its own abuse-report E-mail address?
Does this not indicate Microsoft has a serious problem with being used
for spam?


The spam reporting e-mail address reported by abuse.net is not always
correct, so they resort to doling out standard left tokens (usernames)
for the domain, like abuse@domain and postmaster@domain.

https://docs.microsoft.com/en-us/off...t-for-analysis

If you are using Microsoft's e-mail service then use their standard
scheme to report spam: use their webmail client to move an undetected
spam into your Junk folder (select the spam, click Junk). That records
[your vote on] the e-mail as spam to Microsoft. Rather than waste
manpower in analyzing individual submissions, Microsoft wants users to
vote on what is spam. Moving to junk adds your vote.

Also, @microsoft.com is not a valid abuse reporting domain. I don't
remember that it ever was. When reporting spam which is an *e-mail*
issue, you submit your report to . That's probably for
reporting spam that you received elsewhere (a non-Microsoft account)
that originated from a Hotmail/Outlook.com sender.

Currently I cannot connect to
www.abuse.net to see what registered abuse
desk address is recorded there. If it comes back up or you can connect,
enter , , or whatever e-mail address
from where you think the spam originated. See if

comes up or some other abuse@otherdomain comes up.

I also tried the Abuse lookup at
https://www.dnsstuff.com/tools and
entered "hotmail.com". They say is where to send spam
reports, so try that one.

https://www.talosintelligence.com/re...nter/email_rep

While the above site indicates there has been a small drop in global
spam volume, you can select different time ranges to see how much it
bounces around. For the spam you received today, no way to know what is
today's spam volume until tomorrow.
  #4  
Old October 16th 18, 12:21 AM posted to alt.windows7.general
David E. Ross[_2_]
external usenet poster
 
Posts: 1,035
Default Hotmail Spam

On 10/15/2018 11:23 AM, VanguardLH wrote:
David E. Ross wrote:

I received spam with "From" and "Return-Path" header fields indicating
the same hotmail.com address. I saved the source file, showing all the
HTML mark-up and the header block. I sent an E-mail with a complaint to
containing the source file as an attachment and
citing the sender's IP address.


The From header contains whatever the sender's wants to specify in their
*client*. It is NOT added by the sending mail *server* for the account
through which a message was sent. Spammers and even you can configure
their local e-mail clients to specify whatever the sender wants in the
From header. The From header is *NOT* where you check to see from where
a spam originated.

The Return-Path header is supposed to be prepended by the SMTP server;
however, clients can add it. Whether the server overwrites an existing
Return-Path header depends on the server's setup. There are spammers
that operate their own SMTP server or use spam-friendly or even spam-
assisting e-mail services. This is not your SMTP server getting the
envelope to determine a valid Return-Path header. This is the sending
SMTP server (or the sender's client) adding that header. You may even
see two Return-Path headers: one added by the sending mail server and
another added by the spammer's client. I would only give some credence
to the Return-Path header if none of the other headers look suspect.

Because the Return-Path is to where bounces are sent, and since
companies want to collate all bounces into aggregate data for analysis,
the Return-Path and From may not align. In fact, there are e-mail
services that let the sender specify what to put in the Return-Path
header. If it were a spammer, they could make the Return-Path header
align to their faked From header.

https://www.sparkpost.com/resources/...ath-explained/

You need to trace through the Received headers. Each one get prepended
to a message by each SMTP server through which the message was passed.
The topmost Received header will be the last one (for your server). The
first one will be for the sender's server. However, it is possible to
add fake Received headers at the client end, so you need to understand
how to trace through Received headers to make sure you don't get misled
by a spammer's or scammer's bogus ones.


I got a bounce message from Microsoft that said my complaint E-mail
could not be delivered because of the following reason:
The recipient has exceeded their limit for the number of messages they can receive per hour.


Why would Microsoft put a limit on its own abuse-report E-mail address?
Does this not indicate Microsoft has a serious problem with being used
for spam?


The spam reporting e-mail address reported by abuse.net is not always
correct, so they resort to doling out standard left tokens (usernames)
for the domain, like abuse@domain and postmaster@domain.

https://docs.microsoft.com/en-us/off...t-for-analysis

If you are using Microsoft's e-mail service then use their standard
scheme to report spam: use their webmail client to move an undetected
spam into your Junk folder (select the spam, click Junk). That records
[your vote on] the e-mail as spam to Microsoft. Rather than waste
manpower in analyzing individual submissions, Microsoft wants users to
vote on what is spam. Moving to junk adds your vote.

Also, @microsoft.com is not a valid abuse reporting domain. I don't
remember that it ever was. When reporting spam which is an *e-mail*
issue, you submit your report to . That's probably for
reporting spam that you received elsewhere (a non-Microsoft account)
that originated from a Hotmail/Outlook.com sender.

Currently I cannot connect to
www.abuse.net to see what registered abuse
desk address is recorded there. If it comes back up or you can connect,
enter , , or whatever e-mail address
from where you think the spam originated. See if

comes up or some other abuse@otherdomain comes up.

I also tried the Abuse lookup at
https://www.dnsstuff.com/tools and
entered "hotmail.com". They say is where to send spam
reports, so try that one.

https://www.talosintelligence.com/re...nter/email_rep

While the above site indicates there has been a small drop in global
spam volume, you can select different time ranges to see how much it
bounces around. For the spam you received today, no way to know what is
today's spam volume until tomorrow.


I tracked the spam to Microsoft by looking at the Received header fields
in the header block. My ISP's E-mail server received the spam from IP
address 40.92.255.64, which is owned by Microsoft.

--
David E. Ross
http://www.rossde.com

Too often, Twitter is a source of verbal vomit. Examples include Donald
Trump, Roseanne Barr, and Elon Musk.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 08:26 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.