On Mon, Sep 14, 2015 at 12:00 PM, Michael Peddemors <mich...@linuxmagic.com> wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage from > the servers called.. > > mail-pu1apc01hn0200.outbound.protection.outlook.com > > And over the last week, those numbers substantially increased.. > > However, while caught by our filtering systems, you have to look at some > simple obvious issues.. > > (Maybe someone can explain how this traffic is relayed, and why it is so > hard to stop at the source?) > > Return-Path: <> > > ^^^^ (We wrote a 'fake bounce' rule specifically for > protection.outlook.com servers) > Much of the spam shows up with no Return-Path, I am sure that can be > prevented, no? > > Delivered-To: mich...@linuxmagic.com > Received: (qmail 29387 invoked from network); 14 Sep 2015 17:13:15 -0000 > Received: from mail-pu1apc01hn0200.outbound.protection.outlook.com (HELO > APC01-PU1-obe.outbound.protection.outlook.com) (104.47.126.200) > by be.cityemail.com with SMTP > (e1fa336e-5b03-11e5-8599-5bc0ef165c91); Mon, 14 Sep 2015 10:13:15 > -0700 > Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>; > > ^^^^^ Could this be a clue? No Sender IP? No MailFrom? > the HELO hostname does not have an SPF record: https://dmarcian.com/spf-survey/APC01-PU1-obe.outbound.protection.outlook.com cf http://trac.tools.ietf.org/html/rfc7208#section-10.1.3 > > Received: from [106.223.20.123] (106.223.20.123) by > SG2PR0201MB0984.apcprd02.prod.outlook.com (10.162.202.155) with Microsoft > SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 17:13:03 +0000 > Content-Type: multipart/alternative; boundary="===============0365285247==" > MIME-Version: 1.0 > Subject: I Have An Urgent Matter To Discuss With You > To: recipie...@wizard.ca > From: v...@wizard.ca, hol...@wizard.ca, k...@wizard.ca > > ^^^^ None of the above exist of course.. actually sent to different > addresses > > Date: Mon, 14 Sep 2015 22:42:56 +0530 > Reply-To: <verahollinkv...@gmail.com> > > ^^^^^ Isn't this suspicious? > > seems someone can get outlook.com to do some backscatter or inject a fake bounce and have it routed by outlook.com ?
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
