cancel
Showing results for 
Search instead for 
Did you mean: 

Still recieving alot of spam :(

Adam1V
Grafter
Posts: 223
Registered: 31-07-2007

Still recieving alot of spam :(

We was quite lucky on with the Positini system, it pretty much removed 99% of our spam with no false positives.
I believe we've been moved over to the Iron Port and we are still getting a large amont of spam. Is anyone able to look at this header and possibly suggest why it may have came through?
Quote
Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([192.168.1.1]) by MYDOMAINwith Microsoft SMTPSVC(6.0.3790.3959);
Mon, 2 Feb 2009 09:53:07 +0000
Return-path: <grahmameed59626@hotmail.com>
Envelope-to: adam.venn@MYDOMAIN
Delivery-date: Mon, 02 Feb 2009 09:50:16 +0000
Received: from [212.159.7.102] (helo=mx.pcl-ipin03.plus.net)
  by fhw-inmx22 with esmtp (PlusNet MXCore v2.00) id 1LTvRX-0005FG-LU
  for adam.venn@MYDOMAIN; Mon, 02 Feb 2009 09:50:15 +0000
Authentication-Results: mx.pcl-ipin03.plus.net; dkim=neutral (message not signed) header.i=none
Received-SPF: None identity=pra; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="grahmameed59626@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: Pass identity=mailfrom; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="grahmameed59626@hotmail.com";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=65.55.111.169;
  receiver=mx.pcl-ipin03.plus.net;
  envelope-from="grahmameed59626@hotmail.com";
  x-sender="postmaster@blu0-omc4-s30.blu0.hotmail.com";
  x-conformance=sidf_compatible
X-Group: Quarantine
X-SBRS: 4.5
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArAFADVQhklBN2+pkWdsb2JhbACCRSyEA4MJihoBAQEBCQsKBxEDpgGCE4sjhBQGg24
X-IronPort-AV: E=McAfee;i="5300,2777,5513"; a="28412282"
X-IronPort-AV: E=Sophos;i="4.37,364,1231113600";
   d="scan'208,217";a="28412282"
Received: from blu0-omc4-s30.blu0.hotmail.com ([65.55.111.169])
  by mx.pcl-ipin03.plus.net with ESMTP; 02 Feb 2009 09:50:15 +0000
Received: from BLU132-W46 ([65.55.111.137]) by blu0-omc4-s30.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 2 Feb 2009 01:50:14 -0800
Message-ID: <BLU132-W462DE7B8E581953C6CC98CE8C50@phx.gbl>
Content-Type: multipart/alternative;
boundary="_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_"
X-Originating-IP: [58.8.155.103]
From: Grahm Ameed <GrahmAmeed59626@hotmail.com>
Sender: <grahmameed59626@hotmail.com>
To: <brad@diverseholdings.com>, <abproductions21@hotmail.com>,
<librahere@aol.com>
CC: <patrick@uptonpr.powernet.co.uk>, <awiswell@hotmail.com>
Date: Mon, 2 Feb 2009 01:50:14 -0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Feb 2009 09:50:14.0827 (UTC) FILETIME=[A5C0FFB0:01C9851B]
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Happy
X-EsetId: 3F974225D2CA363368D4
--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

--_1ad984e6-d3d2-4c91-b4f8-2c14cf55eaf1_--

The email contains the following text:
Quote

CANADIAN drugs...the only route to purchase

Please Click here

2 REPLIES
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Still recieving alot of spam :(

you have left your domain on show
Superuser
Superuser
Posts: 8,885
Thanks: 413
Fixes: 36
Registered: 06-04-2007

Re: Still recieving alot of spam :(

The senders (in Asia) have defeated whatever checks Hotmail do to sign up an account and get the message through the Hotmail system; consequently IronPort correctly regards it as arriving from a mailserver with "good" reputation - so accepted it.
That leaves only content filtering and whilest it looks like spam to a human, the spammer's efforts managed to fool the scanner (and Hotmail's too assuming they check outgoing mail). Hopefully Hotmail will have blocked that route now but I guess the spammers won that round. Sad
David