Need more headers, particularly NetworkMessageId or CorrelationId.
Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ? -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of postfix--- via mailop Sent: Monday, August 25, 2025 10:20 AM To: mailop@mailop.org Subject: [EXTERNAL] [mailop] How to filter efficiently spam originating from a Microsoft customer? Message was more targeted than most spam and content does not provide sufficient elements to discern from ham. Somewhat redacted headers below. Is there a way to determine which of the bazillion of Microsoft's account is behind this, and send their stuff to /dev/null? Return-Path: <monica.techtre...@outlook.com<mailto:monica.techtre...@outlook.com>> Delivered-To: <ME> Received: from MYSERVER by MYSERVER (Dovecot) with LMTP id rt67FKiUrGh+FQAAdV3MIg for <ME>; Mon, 25 Aug 2025 12:51:52 -0400 Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=52.103.74.56; helo=sevp216cu002.outbound.protection.outlook.com; envelope-from=monica.techtre...@outlook.com<mailto:envelope-from=monica.techtre...@outlook.com>; receiver=ME Authentication-Results: MYSERVER; dkim=pass reason="2048-bit key; unprotected key" header.d=outlook.com header.i=@outlook.com<mailto:header.i=@outlook.com> header.b=QTQB8Mph; dkim-adsp=pass; dkim-atps=neutral Received: from SEVP216CU002.outbound.protection.outlook.com (mail-koreacentralazolkn19012056.outbound.protection.outlook.com [52.103.74.56]) by MYSERVER (Postfix) with ESMTPS id B51EAC01DB for <ME>; Mon, 25 Aug 2025 12:51:51 -0400 (EDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IVv40SsdpHyaxeUTM8/T+0wMcj98NL+REx8vEAclmiEaNOrA0u+x0vpLdGxASTHLu1UDXA2bGH30ODTcEG47bCOrp0fDlI2nBHpTqZV1x/uXWNsZ5E9vo8edGHQpMZ2aKPpGLmFamq2u25H2AGYrtoeGRbPSdsHo7ingwL0qSn0U/NCoS+YRkiHrH6bK58ftj9eNyVHOKl37F5A6vfqM2L5VJq6KrmTnhq87ciX6VdDLGgkvOFIeXN29K+AfhwtBWz8m3SeE+4Zo0yFIBsqtGpAjDYAw1Ypz7ygAzZT+3dZcDiI1aIQz613as/3xZbhNyGyL/pfqU/4Bkd0ZjJMofQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5sKIVu+aW1R/piBe99jAIDL9aeUgcez16hysYLoLk9Q=; b=BAh8HL8ByOT2+rJXyLDa1n8EtgnDCpjcQU2TKElpv32qZhVtc91b0x/3UuT9H3D2OnCb+CXUfYxGmpPFnW2VLIt+imuVeubVUlkaLv+uKAOugIFeeP27EQj6Kx56vBA/fD+xiD0hRE8fKhadV5Udgaztkz6o1V7ztkVSm3tbhAqYJYXiyw8GsUi+OcT5B0+LBgN7jjEBfggpQWnK6TdstHkj8GjDppfj5JD9gFmPlE+CEAcPGw7DKickJ6T0ug6cf0D2eFEh62BLPcdjZWVtr9NozcGG1EWsi7t/nsmoQAFxTAJickSMmOC7UOHu8vH/nKaOv9WUiQxJ5aEwGzh0IA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5sKIVu+aW1R/piBe99jAIDL9aeUgcez16hysYLoLk9Q=; b=QTQB8MphyBcUvx8JnsKTagHDEyzyrGxw3Wj8hz9v6T+KVp7+ZYdCJYdg8YKDDh3YkJIOghEs+dLhTuqoUrkhjNui/dsV0dG0WjV54lW7FVNykI5AjyzHHDWXCQB5GbwsFUpyD1X91XnQnqjJimtmUeXcV8laktqcmz1Us9eaib1m5NXg/jJzhfHEB9CJkpwwG6RWgluGD0JXg5+N974Mu5PlfZpoHVaxXnzAWNHjcaFEWQkNrOJFkBo9EPkZfUuJ8nKGYXkqx5swPBvncdeInUl1YLZ6tYmIiU5zPPSUtYo/7AVTbjhJXw9UV5qanb+O7CxdV2cXwyBFnUUyUanrUg== Received: from SE1P216MB2057.KORP216.PROD.OUTLOOK.COM (2603:1096:101:159::6) by PU4P216MB1834.KORP216.PROD.OUTLOOK.COM (2603:1096:301:108::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.13; Mon, 25 Aug 2025 16:52:34 +0000 Received: from SE1P216MB2057.KORP216.PROD.OUTLOOK.COM ([fe80::cd68:19c:a5c3:a23b]) by SE1P216MB2057.KORP216.PROD.OUTLOOK.COM ([fe80::cd68:19c:a5c3:a23b%5]) with mapi id 15.20.9073.010; Mon, 25 Aug 2025 16:52:34 +0000 From: "Monica R. cooper" <monica.techtre...@outlook.com<mailto:monica.techtre...@outlook.com>> To: ME Subject: Verified Canadian Attorneys Thread-Topic: Verified Canadian Attorn _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop&data=05%7C02%7Cmichael.wise%40microsoft.com%7Ccaa4571c372447d0ef3d08dde3fcdb21%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638917397337667741%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=050GlTAtrHgptOL%2FceqG%2FbdUEizh1eWOUVlmz61d7Kw%3D&reserved=0<https://list.mailop.org/listinfo/mailop>
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
