Plusnet
Friday 19th March 2010Login | Register | Help
Home » Forum » Usergroup Discussion » IronPort and Email Platform Development » Still recieving alot of spam :(
Pages: [1]

Still recieving alot of spam :(

« on 02/02/2009, 09:58 »
We was quite lucky on with the Positini system, it pretty much removed 99% of our spam with no false positives.

I believe we've been moved over to the Iron Port and we are still getting a large amont of spam. Is anyone able to look at this header and possibly suggest why it may have came through?

Quote
Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.1]) by MYDOMAINwith Microsoft SMTPSVC(6.0.3790.3959);
    Mon, 2 Feb 2009 09:53:07 +0000
Return-path: <grahmameed59626@hotmail.com>
Envelope-to: adam.venn@MYDOMAIN
Delivery-date: Mon, 02 Feb 2009 09:50:16 +0000
Received: from [212.159.7.102] (helo=mx.pcl-ipin03.plus.net)
     by fhw-inmx22 with esmtp (PlusNet MXCore v2.00) id 1LTvRX-0005FG-LU
     for adam.venn@MYDOMAIN; Mon, 02 Feb 2009 09:50:15 +0000
Authentication-Results: mx.pcl-ipin03.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="grahmameed59626@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: Pass identity=mailfrom; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="grahmameed59626@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="postmaster@blu0-omc4-s30.blu0.hotmail.com";
  x-conformance=sidf_compatible
X-Group: Quarantine
X-SBRS: 4.5
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArAFADVQhklBN2+pkWdsb2JhbACCRSyEA4MJihoBAQEBCQsKBxEDpgGCE4sjhBQGg24
X-IronPort-AV: E=McAfee;i="5300,2777,5513"; a="28412282"
X-IronPort-AV: E=Sophos;i="4.37,364,1231113600";
   d="scan'208,217";a="28412282"
Received: from blu0-omc4-s30.blu0.hotmail.com ([65.55.111.169])
  by mx.pcl-ipin03.plus.net with ESMTP; 02 Feb 2009 09:50:15 +0000
Received: from BLU132-W46 ([65.55.111.137]) by blu0-omc4-s30.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
    Mon, 2 Feb 2009 01:50:14 -0800
Message-ID: <BLU132-W462DE7B8E581953C6CC98CE8C50@phx.gbl>
Content-Type: multipart/alternative;
   boundary="_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_"
X-Originating-IP: [58.8.155.103]
From: Grahm Ameed <GrahmAmeed59626@hotmail.com>
Sender: <grahmameed59626@hotmail.com>
To: <brad@diverseholdings.com>, <abproductions21@hotmail.com>,
   <librahere@aol.com>
CC: <patrick@uptonpr.powernet.co.uk>, <awiswell@hotmail.com>
Date: Mon, 2 Feb 2009 01:50:14 -0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Feb 2009 09:50:14.0827 (UTC) FILETIME=[A5C0FFB0:01C9851B]
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Happy
X-EsetId: 3F974225D2CA363368D4

--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable


--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_--

The email contains the following text:

Quote

CANADIAN drugs...the only route to purchase


Please Click here

« Last Edit: 02/02/2009, 11:13 by Adam1V »

Logged
« Reply #1 on 02/02/2009, 10:34 »
you have left your domain on show
Free-online member since 15 Dec 1998
You dont have to be mad to understand what PN are up to, but it helps
Logged
  • spraxyt
  • Usergroup Member
  • *
  • Posts: 2177
  • View Profile
« Reply #2 on 02/02/2009, 14:41 »
The senders (in Asia) have defeated whatever checks Hotmail do to sign up an account and get the message through the Hotmail system; consequently IronPort correctly regards it as arriving from a mailserver with "good" reputation - so accepted it.

That leaves only content filtering and whilest it looks like spam to a human, the spammer's efforts managed to fool the scanner (and Hotmail's too assuming they check outgoing mail). Hopefully Hotmail will have blocked that route now but I guess the spammers won that round. Sad
Logged
Pages: [1]
Home » Forum » Usergroup Discussion » IronPort and Email Platform Development » Still recieving alot of spam :(
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites