Good Evening,
Just recently, over the past few weeks, I'm starting to get spam that isn't being detected by MWP. I check my mail, delete unwanted mail and report spam to Spamcop and then allow the remaining messages to open in Outlook and Voila' there is is, a stinking spam email.
The latest one was this evening and I thought someone might like to look at the headers to see if there is anything obvious that might be cloaking the spam from MWP:
Return-Path: <bounce-mc.us16_76066146.6857-<removed>.au@mail78.suw11.mcdlv.net>
Received: from extmail.bigpond.com ([10.10.26.4])
by viclafep36p-svc.bpe.nexus.telstra.com.au with ESMTP
id <20170606085933.CWIL32239.viclafep36p-svc.bpe.nexus.telstra.com.au@extmail.bigpond.com>
for <removed>; Tue, 6 Jun 2017 18:59:33 +1000
X-RG-Spam: Unknown
X-Junkmail-Premium-Raw: score=13/80,refid=2.7.2:2017.6.6.75417:17:13.576,ip=198.2.190.78,rules=DKIM_SIGNATURE,
__SUBJ_ALPHA_END, __PHISH_SUBJ_PHRASE4, __HAS_FROM, __HAS_REPLYTO,
__TO_MALFORMED_2, __TO_NO_NAME, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER,
__HAS_LIST_ID, __HAS_LIST_UNSUBSCRIBE, __CT, __CTYPE_HTML, __CTYPE_IS_HTML,
__CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC,
__REPLYTO_SAMEAS_FROM, __UTF8_SUBJ, __REPLYTO_SAMEAS_FROM_DOMAIN,
__CP_MEDIA_BODY, __CP_NAME_BODY, __STOCK_PHRASE_7, SUPERLONG_LINE,
__URI_IN_BODY, __URI_NOT_IMG, __HTML_BOLD, __STYLE_RATWARE,
__STYLE_RATWARE_NEG, __HTML_TAG_CENTER, __STYLE_TAG, __HAS_HTML,
__HTML_TAG_TABLE, BODY_SIZE_10000_PLUS, BODYTEXTH_SIZE_3000_MORE,
__MIME_TEXT_H1, __MIME_HTML, __MIME_HTML_ONLY, __TAG_EXISTS_HTML,
__PHISH_HTML_TITLE, SXL_IP_TFX_ESG[78.190.2.198.fur], HTML_90_100,
HTML_95_100, HTML_98_100, __HAS_LIST_HEADER, __LEGIT_LIST_HEADER,
BULK_EMAIL_SENDER, LEGITIMATE_SIGNS, UTF8_SUBJ_OBFU, NO_URI_FOUND,
NO_CTA_URI_FOUND, CTYPE_JUST_HTML, __URI_NO_PATH, __MIME_TEXT_H,
REPLYTO_SAMEAS_FROM, NO_URI_HTTPS, URI_WITH_PATH_ONLY, STYLE_RATWARE_REF,
__DQ_NEG_IP, __DQ_NEG_HEUR
Received: from mail78.suw11.mcdlv.net (198.2.190.78) by extmail.bigpond.com (9.0.019.16-1)
id 59109E8814C6BA52 for <removed>; Tue, 6 Jun 2017 18:59:33 +1000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail78.suw11.mcdlv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:Sender:
Content-Type:Content-Transfer-Encoding;
i=Jewel=3Djrocher.com@mail78.suw11.mcdlv.net;
bh=EtmumjISaGAiXT6CmQhL6nfBIsc=;
b=Yi/SEq5ILRXzlMYX2tNrVKVl+K9jIbBh4PTk3kSOPVXKbpHslLmtaPxLX1yunvmwGMBBYlMC/Mp/
/9yQaI43+nSIUjNOdmsmN6M5ZGc63KvpjxuYtxFL4jQEPyt46ipl8jDmYUVZgHsbMICcXyU9iunv
rD4bnVoEnJBWVQinv9E=
Received: from (127.0.0.1) by mail78.suw11.mcdlv.net id h6pnf82akec0 for <removed>; Tue, 6 Jun 2017 08:57:32 +0000 (envelope-from <bounce-mc.us16_76066146.6857-<removed>@mail78.suw11.mcdlv.net>)
Subject: =?utf-8?Q?We=20reviewed=20your=20Aldi=20account=20Michaell=2C=20action=20=20required?=
From: =?utf-8?Q?Aldi=20Survey?= <Jewel@jrocher.com>
Reply-To: =?utf-8?Q?Aldi=20Survey?= <Jewel@jrocher.com>
To: <removed>
Date: Tue, 6 Jun 2017 08:57:32 +0000
Message-ID: <65193e6ce1c9d50a23fbabda9.0b6e435efd.20170606085652.61d415c0f1.2d9e05ac@mail78.suw11.mcdlv.net>
X-Mailer: MailChimp Mailer - **CID61d415c0f10b6e435efd**
X-Campaign: mailchimp65193e6ce1c9d50a23fbabda9.61d415c0f1
X-campaignid: mailchimp65193e6ce1c9d50a23fbabda9.61d415c0f1
X-Report-Abuse: Please report abuse for this campaign here: http://www.mailchimp.com/abuse/abuse.ph ... 0b6e435efd
X-MC-User: 65193e6ce1c9d50a23fbabda9
Feedback-ID: 76066146:76066146.6857:us16:mc
List-ID: 65193e6ce1c9d50a23fbabda9mc list <65193e6ce1c9d50a23fbabda9.5209.list-id.mcsv.net>
X-Accounttype: pd
List-Unsubscribe: <http://jrocher.us16.list-manage1.com/un ... 61d415c0f1>, <mailto:unsubscribe-mc.us16_65193e6ce1c9d50a23fbabda9.61d415c0f1-0b6e435efd@mailin1.us2.mcsv.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Sender: "Aldi Survey" <Jewel=jrocher.com@mail78.suw11.mcdlv.net>
x-mcda: FALSE
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Antivirus: AVG for E-mail 2016.0.8013 [4776/14538]
X-AVG-ID: ID5BDA235B-6396C7F3
X-Antispam: NO; Spamcatcher 8.0.3. Score 2
X-AVG-Antispam-Info: 1,-9,0,0ee21c5fdfdc315d,d41d8cd98f00b204,
jewel@jrocher.com,removed,
RULES_HIT:41:46:72:150:152:327:355:375:379:474:527:541:908:960:962:967:973:978:983:988:989:997:1021:1029:1202:1208:1224:1260:1261:1263:1311:1313:1345:1381:1430:1431:1432:1433:1434:1436:1437:1513:1515:1516:1517:1521:1571:1588:1589:1592:1593:1594:1605:1676:1730:1747:1777:1792:1801:2198:2199:2393:2525:2527:2528:2539:2543:2553:2560:2568:2610:2633:2682:2685:2859:2890:2933:2937:2939:2942:2945:2947:2951:2954:3000:3022:3138:3139:3140:3141:3142:3148:3865:3866:3867:3868:3870:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4042:4361:4384:4605:5007:6096:6117:6261:6653:6669:6701:6702:7278:7688:7875:7904:8599:8603:8828:8957:8987:9010:9025:9059:9149:9163:9388:9392:9411:9416:9908:10004:10346:10919:10954:11656:11658:11984:12043:12114:12438:12555:12663:12764:12956:12958:12959:12973:13025:13141:13230:13255:14096:14196:14493:14698:14699:14700:14701:15000:20000:21080:21325:21433:21450:21451:21524:21627:30001:30003:30054:30059:30067:30070:30090,
0,
RBL:198.2.190.78:@jrocher.com:<removed>.lbl8.mailshell.net-64.201.201.201 62.6.0.32,
CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,
SPF:fs,MSBL:0,DNSBL:jrocher.com-dnsbl7.mailshell.net-127.0.0.192,
Custom_rules:0:1:0,LFtime:233,LUA_SUMMARY:luares:0(NONE),phish:0(50),heur:0,
mlist:0,htext:0,stock:0,
domtxt:0
Got me totally bewildered which at my age is not surprising.
Cheers
Wal
Spam not being detected
- rusticdog
- Firetrust Monkey
Post
Re: Spam not being detected
I just edited your post to remove your email address.
I assume too your giving these emails the Thumbs Down, to train them as Spam before you delete, or are you not seeing these emails in MailWasher ?
I assume too your giving these emails the Thumbs Down, to train them as Spam before you delete, or are you not seeing these emails in MailWasher ?
- TrustFire
- βeta Tester
- Location: 127.0.0.1
Post
However, in that split moment that it takes for the second action — a spam (or even valid) mail could arrive on the Inbox and get pulled, by Outlook (or, any e-mail client.)
The key is to ensure that the time period in between these two actions is minimized as much as possible — one handy tip is to enable the Launch after Wash Mail feature, in MailWasher:—
[/center]
ps:-
Re: Spam not being detected
wally3178 wrote:I check my mail, delete unwanted mail and report spam to Spamcop and then <snip>
As Users of MailWasher, these are 2 different actions which we perform on a regular basis.wally3178 wrote:<snip> allow the remaining messages to open in Outlook and Voila' there is is, a stinking spam email.
However, in that split moment that it takes for the second action — a spam (or even valid) mail could arrive on the Inbox and get pulled, by Outlook (or, any e-mail client.)
The key is to ensure that the time period in between these two actions is minimized as much as possible — one handy tip is to enable the Launch after Wash Mail feature, in MailWasher:—
[/center]
ps:-
- Despite the above time-reduction there is still a very remote possibility of a mail (spam or otherwise) to slip-in.
MailWasher Pro (βeta) | Windows 11 Enterprise LTSC (22H2) | The Bat! Professional (βeta) | Windows 10 Firewall Control (βeta) | ESET Endpoint Antivirus (βeta) | nVIDIA GeForce (GTX 1060) | WebView2 Runtime (118.0.2088.61) | .NET Framework (4.8.1)
- TrustFire
- βeta Tester
- Location: 127.0.0.1
Post
Re: Spam not being detected
Hmmm — that was quick.
MailWasher Pro (βeta) | Windows 11 Enterprise LTSC (22H2) | The Bat! Professional (βeta) | Windows 10 Firewall Control (βeta) | ESET Endpoint Antivirus (βeta) | nVIDIA GeForce (GTX 1060) | WebView2 Runtime (118.0.2088.61) | .NET Framework (4.8.1)
- wally3178
- Travelling Tuatara
- Location: Australia
Post
Thank you for the edit
Cheers,
Wal
Re: Spam not being detected
Rusticdog, you're right, I'm definitely not seeing these emails in MWP so I can't give them the thumbs down. I had two more this morning.rusticdog wrote:I just edited your post to remove your email address.
I assume too your giving these emails the Thumbs Down, to train them as Spam before you delete, or are you not seeing these emails in MailWasher ?
Thank you for the edit
Cheers,
Wal
At my age, sex is like playing pool with a piece of rope
- rusticdog
- Firetrust Monkey
Post
Re: Spam not being detected
TrustFire could be right about the timing.
I assume too these emails in Outlook are coming into the Inbox folder, not some other Junk/Bulk email folder ?
I assume too these emails in Outlook are coming into the Inbox folder, not some other Junk/Bulk email folder ?
- wally3178
- Travelling Tuatara
- Location: Australia
Post
As for timing, I don't believe that to be the case. Why? I hear you ask. Well, I also check my email on my iOS devices using a rather outstanding app called Airmail and it shows the spam in question. Not being able to report spam from my iPhone or iPad I go to my desktop and use MWP, and would you believe it, the spam isn't there with all the other email but as soon as I open Outlook it downloads. Fortunately I can still report it manually but that takes time and sometimes I don't have the time to spare. The spam is always citing 'Aldi' in the subject field, either offering me money or a ridiculous discount.
Cheers,
Wal
Re: Spam not being detected
Yes, straight into the inbox folder.rusticdog wrote:TrustFire could be right about the timing.
I assume too these emails in Outlook are coming into the Inbox folder, not some other Junk/Bulk email folder ?
As for timing, I don't believe that to be the case. Why? I hear you ask. Well, I also check my email on my iOS devices using a rather outstanding app called Airmail and it shows the spam in question. Not being able to report spam from my iPhone or iPad I go to my desktop and use MWP, and would you believe it, the spam isn't there with all the other email but as soon as I open Outlook it downloads. Fortunately I can still report it manually but that takes time and sometimes I don't have the time to spare. The spam is always citing 'Aldi' in the subject field, either offering me money or a ridiculous discount.
Cheers,
Wal
At my age, sex is like playing pool with a piece of rope
- rusticdog
- Firetrust Monkey
Post
Re: Spam not being detected
OK, next time it happens can you send me some logs. If you go Help >> Send Support Logs >> enter a brief note like 'aldi email not loading' >> in the Ticket Number field enter chris >> Send Logs.
Thanks
Thanks
- wally3178
- Travelling Tuatara
- Location: Australia
Post
Wal
Re: Spam not being detected
Thanks Squire, I'll do that.rusticdog wrote:OK, next time it happens can you send me some logs. If you go Help >> Send Support Logs >> enter a brief note like 'aldi email not loading' >> in the Ticket Number field enter chris >> Send Logs.
Thanks
Wal
At my age, sex is like playing pool with a piece of rope
- rusticdog
- Firetrust Monkey
Post
Re: Spam not being detected
OK, just got the logs. Nothing unusual that I can see. Can you enable Protocol Logging under the Help menu, for when it happens again (please send more logs) it will give some more data to look at.
Do you still have a copy of the email in your Trash/Outlook. If possible I'd like to have a quick look at the full source, if you right click the message and select Options >> Message Source. If you can copy/paste that into a text file and email it to me at forum@firetrust.com
Unrelated, but you want to remove a mis-configured DNSBL server. Under Settings >> Spam Tools >> Origin of Spam >> remove the ACMA record, as they do not have a IP address checking service.
Cheers
Do you still have a copy of the email in your Trash/Outlook. If possible I'd like to have a quick look at the full source, if you right click the message and select Options >> Message Source. If you can copy/paste that into a text file and email it to me at forum@firetrust.com
Unrelated, but you want to remove a mis-configured DNSBL server. Under Settings >> Spam Tools >> Origin of Spam >> remove the ACMA record, as they do not have a IP address checking service.
Cheers
- wally3178
- Travelling Tuatara
- Location: Australia
Post
Re: Spam not being detected
Thanks Rusticdog, I've enable protocol logging and removed ACMA.
Unfortunately, I deleted the emails but I think I can recover the header information from Spamcop, I'll try.
Cheers,
Wal
Unfortunately, I deleted the emails but I think I can recover the header information from Spamcop, I'll try.
Cheers,
Wal
At my age, sex is like playing pool with a piece of rope