The format is always the same:
1. They use an inline image of text (so email body text cannot be scanned for spam content). How can I spam block this?
2. They always use the SAME From: and To: (MAIL FROM/return path is NOT local, though)
3. Subject line is always the username part of email address (the user being sent to)
Code: Select all
-> From: <someone@mydomain.com>
-> To: someone@mydomain.com
-> Subject: someone
-> Mail From/Return Path/X-Envelope-Sender: someone-else@3rdpartydomain.com
Code: Select all
Received-SPF: pass (mydomain.com: domain of 100pceffective.com designates 5.77.56.20 as permitted sender)
client-ip=5.77.56.20
Received: from www.100pceffective.com ([5.77.56.20]) by mydomain.com with
MailEnable ESMTPS (version=TLS1 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256); Wed, 15 May 2019 06:43:18 +0000
Received: from [a96.sub16.net78.udm.net] (a96.sub16.net78.udm.net [78.85.16.96]) by www.100pceffective.com with SMTP;
Wed, 15 May 2019 07:24:30 +0100
Feedback-ID: dibfz8o7tboyh3190560e6jn5g2vxse1x75ggcvyc4ixhmg:none:tyzuzln
List-Unsubscribe:
<https://100pceffective.com/unsubscribe/fu/98041/gzow8qpksppw8js3u45rw5cnclk8xdpeuawkn527d8qzmu5qgq7ma9t3yx8oqcpl/647176637>
List-Help: <mailto:abuse@100pceffective.com>
Date: Wed, 15 May 2019 08:24:50 +0200
X-Priority: Critical
Message-ID: <p2jzqpbsngsg7ao$ijb3dd07secof5n$rba5f@f6wykjdlrfil>
X-Sender-Info: <peter.sammons@100pceffective.com>
To: user1@mydomain.com
Content-Type: multipart/related;
boundary="3E9E4386CCAAF-23783AD11D0E-17ABE5EF4D2-02667A1FC-18A525BFF4422AE6"
MIME-Version: 1.0
Subject: user1
From: <user1@mydomain.com>
X-ME-CountryOrigin: GB
X-Envelope-Sender: peter.sammons@100pceffective.com
X-ME-Bayesian: 40.000000
Return-Path: <peter.sammons@100pceffective.com>
Code: Select all
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 220 mydomain.com ESMTP MailEnable Service, Version: 10.20--10.20 ready at 05/15/19 06:43:16 94 0
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 EHLO EHLO www.100pceffective.com 250-mydomain.com [5.77.56.20], this server offers 7 extensions 269 29
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 STARTTLS 24 10
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 STARTTLS STARTTLS 24 10
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 EHLO EHLO www.100pceffective.com 250-mydomain.com [5.77.56.20], this server offers 6 extensions 161 29
05/15/19 06:43:17 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 MAIL MAIL FROM:<peter.sammons@100pceffective.com> SIZE=243626 250 Requested mail action okay, completed 43 58
05/15/19 06:43:18 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 RCPT RCPT TO:<user1@mydomain.com> 250 Requested mail action okay, completed 43 34
05/15/19 06:43:18 SMTP-IN 9CFCA5BD09AC4ED3A072AE994D61BB54.MAI 2036 5.77.56.20 DATA DATA 354 Start mail input; end with <CRLF>.<CRLF> 46 6
05/15/19 06:43:19 SMTP-IN ABEBD9C02FD04ACF9BE3AC128C01B426.MAI 2036 5.77.56.20 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6
Code: Select all
2019-05-15 06:43:17 5.77.56.20 SMTP-IN - 10.148.127.237 2036 EHLO EHLO+www.100pceffective.com 250-mydomain.com+[5.77.56.20],+this+server+offers+7+extensions mydomain-MAIL 269 29 -
2019-05-15 06:43:17 5.77.56.20 SMTP-IN - 10.148.127.237 2036 STARTTLS STARTTLS - mydomain-MAIL 24 10 -
2019-05-15 06:43:17 5.77.56.20 SMTP-IN - 10.148.127.237 2036 EHLO EHLO+www.100pceffective.com 250-mydomain.com+[5.77.56.20],+this+server+offers+6+extensions mydomain-MAIL 161 29 -
2019-05-15 06:43:17 5.77.56.20 SMTP-IN - 10.148.127.237 2036 MAIL MAIL+FROM:<peter.sammons@100pceffective.com>+SIZE=243626 250+Requested+mail+action+okay,+completed mydomain-MAIL 43 58 -
2019-05-15 06:43:18 5.77.56.20 SMTP-IN mydomain.com 10.148.127.237 2036 RCPT RCPT+TO:<user1@mydomain.com> 250+Requested+mail+action+okay,+completed mydomain-MAIL 43 34 -
2019-05-15 06:43:18 5.77.56.20 SMTP-IN mydomain.com 10.148.127.237 2036 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> mydomain-MAIL 46 6 -
2019-05-15 06:43:19 5.77.56.20 SMTP-IN mydomain.com 10.148.127.237 2036 DATA DATA 354+Start+mail+input;+end+with+<CRLF>.<CRLF> mydomain-MAIL 43 243582 -
2019-05-15 06:43:19 5.77.56.20 SMTP-IN - 10.148.127.237 2036 QUIT QUIT 221+Service+closing+TLS+SSL+transmission+session mydomain-MAIL 50 6 -
Please let me know why these emails are still getting through to our users.