Reading time 3
SEO Money Back Guarantee - SPAM
Here is a SPAM message that I received recently. I have seen more and more spammers using Outlook.com for their spamming needs. But why is that?
- It is not very feasible to block *@outlook.com from sending to an email server. I can block raajanraj47657@outlook.com and I have, but he can still send emails to my server from one of the other 399 aliases he can use.
- It is not very feasible to block the Outlook.com subnets from sending to an email server
- Microsoft has very robust ARC (Authenticated Received Chain), DMARC (Domain-based Message Authentication, Reporting & Conformance), DKIM (DomainKeys Identified Mail), and SFP (Sender Policy Framework) policies in place which help the spammy message sneak through
- It is actually relatively inexpensive (you can pick up M365 for 12 months for around $100 USD)
- Message limits are through the roof for most M365 setups
- Most M365 setups offer around 400 mailbox aliases for a user
Those are just a few reasons why Spammers and Scammers choose/ Below are the headers for the above message. The key thing I notice is the large size of the headers themselves. The other thing I noticed about this email, was there isn’t a link/attachment, I guess they want me to reply to them directly.
Return-Path: <raajanraj47657@outlook.com>
Delivered-To: averagejoe@averagejoeweekly.com
Received: from mail.averagejoeweekly.com
by mail.averagejoeweekly.com with LMTP
id yEP/F11zVGH1bAAANJBo7Q
(envelope-from <raajanraj47657@outlook.com>)
for <averagejoe@averagejoeweekly.com>; Wed, 29 Sep 2021 10:08:29 -0400
Return-path: <raajanraj47657@outlook.com>
Envelope-to: averagejoe@averagejoeweekly.com
Delivery-date: Wed, 29 Sep 2021 10:08:29 -0400
Received: from mail-oln040092254032.outbound.protection.outlook.com ([40.92.254.32] helo=APC01-PU1-obe.outbound.protection.outlook.com)
by mail.averagejoeweekly.com with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(Exim 4.94.2)
(envelope-from <raajanraj47657@outlook.com>)
id 1mVaFz-0007u0-Jb
for averagejoe@averagejoeweekly.com; Wed, 29 Sep 2021 10:08:24 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=RXMTUHjjNfE4QLf3te9npr/QcQpSvSmEKOrin+JDIKGhETjDTSwEkcxD25GyMQf9Usg+HnyFpbxw6x3pJSQhUGAjEhyFYM5TIS0WBo52lGFXxEvUDffh2xrYZ92YG5At3xI7oTjmrtKXkRZ7L+u4F98oNYCGJiueVJEhVw3W6d4Niyj4tww1YJa0ZoIcOdkIEwacny1Z0VWeRj0R2BIEoONk0S4MhaL9oTF6Q1Lr47/n1avxLX/i4PFsVyVVspXRIYAH5TAQsxIkZTVr9rgzd9GXjOQaiXF3D7NtUHRLbrLxVWjA25IhuUueoDwYwWuGXNXEf78k2HFyMg1EifvSIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=yUV0clRY3IveOKbbvLf2zI2aFIV6MuNzrjefverTGH0=;
b=OnXa8xzUb33FUQh6MG9Z5H1S7XI1HdxUoVsFYWIa/zeTfp9aQi5zsIOrEfeLBPwneki9+ofK9p66StQps1WwSWC+ewXc4YT+9MdlDEaeCWfxUeKTVjseElqdIpoUiKQbtiqLWittktI95jHCUFYCBEWxPhpndEEwj4/5GIFpQVnCaaULvev5sLSto05DlXsW80g2IRcc/9DntaV3W/qNoZdXdM1jISvNVnBCugycjQIqj+c+8ncqyB6FbLdp0UwVjblJOFlstLK0CnttcDXC4tOltBRRMhvX6H4EJsw3EhLFM2X+hx3i5D5taz8mnKXgyKJexZYewz/wKrPPsw/jAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yUV0clRY3IveOKbbvLf2zI2aFIV6MuNzrjefverTGH0=;
b=pCdE6AsK7id7ihRnXo4iBFsXLoORraPRKAl1IfCzfcxVNa4+ntpR8zrA+Pl9dR3DEFrcm437ltLlsiRMIwuD1dsonqSrViLm9rV9GnxXX72tUBHsCdg6iFGFmGtqmiIWs0O+ZOy7iCFYIcoaw4266ai6ZJ9+E6VWXtBiLgnr83WUX00Vga3QdJ+gar55VpTtjeLYx2YeWuxEPe4a9QvJemIqXfrQWYQncBQ/dqD89n/c3hnK9r17igFKje9pZQt1iNMANOeHg+A79UIJOVhxpoyUyPSYKLrv04UbJ2Wip3EXAb9MTNfSav36XEkUsAEWk1zAwJ9vOtLljxULcyTy1g==
Received: from PU1PR06MB2342.apcprd06.prod.outlook.com (2603:1096:803:3b::19)
by PS2PR06MB3335.apcprd06.prod.outlook.com (2603:1096:300:62::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Wed, 29 Sep
2021 14:07:47 +0000
Received: from PU1PR06MB2342.apcprd06.prod.outlook.com
([fe80::c9b0:ab83:ac6b:ace1]) by PU1PR06MB2342.apcprd06.prod.outlook.com
([fe80::c9b0:ab83:ac6b:ace1%7]) with mapi id 15.20.4544.022; Wed, 29 Sep 2021
14:07:47 +0000
From: Raajan Raj <raajanraj47657@outlook.com>
Subject: SEO Money Back Guarantee ___
Thread-Topic: SEO Money Back Guarantee ___
Thread-Index: AQHXtTtZkpPikJhtZES5WTVMLtwnPg==
Date: Wed, 29 Sep 2021 14:07:47 +0000
Message-ID:
<PU1PR06MB2342BC1BE4C597CB98CC5EAC85A99@PU1PR06MB2342.apcprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 0c48fa37-65ba-2c71-0957-a580cc652c6b
x-tmn: [AhIU0mE4Td7U20PADPesMs1F2ewKNZm5]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d98c3c17-3547-44ab-21c4-08d9835283f3
x-ms-exchange-slblob-mailprops:
/ntUcd07daef1Xk8W+xj5K7BuzAb1K5tpk7HGBIHAYYwHAWPOoOqxGxZdjOPXB5ac4fhS+z+FetuYfaU1WdTw4JrQ1mwdrT94NmXEOreOrjyhz9NQnXyPsZ0IePxxbclEqYzqTYoNE3AWo3WBYnolkqTUJy61goDCWBHG5/7um3MA4CkunpBHbNaBoDhK0zn3MYd7oXgyLWq2Z4tjmJubO/qCXhHRo9g74VhQWS5yBhWMW88WwtIWJJD3DWAqezf57l1odKeR+w6OBaN++EzED/qpk+26wYh1rMz5cVZcnv9o/R9rweXd94bDz2hGi78C74fsEY/ACdv7p/LVLWr96zzUDlrT3a85gjycVALDmkaKfQ/Fpg9Mr3ErIh094Eq9ZhOKNuZbnk7+nKvjZsH0rj8NYILVpsz+kYncFe1CcN/eHC2fI7V7qF9KEFSyzSFI73xaa5YLPES2ZRdrgpMZ0RgS3OTnUpwoy35yuzjsNmuA4AiaYS+rLkCRWlRsSInwskPYPLAEYunx3fIzgXbNiGq+ceR2D3ltNnq3iv5tpyFjs1E4OKk57EL4FIe9NIqvUgl4lFLPmSbGhY5f9SrQYYh70EgybEboyiTB0uHoZLHaT7xcYyeLvP5UdKtwqOWdOHqRAagq+rBdgJsSlYALIrHYzVIEOH0Ii9VxsrPeZTCopJdPLYXIj68iles+w6nsQigWdXuGYhuNPWM9NslDEANsGIPtzzt
x-ms-traffictypediagnostic: PS2PR06MB3335:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
MO/rUQWPixW9n7u3PgmJOSNTWVSn+7U4Bm/j6Q9TK+JByg/lWVmJPO2+dFzrekx9IJpanpD+GCJ8/iXgfX2JEZ12jryml4uDaEbOoMK9D9n2UtbGdxA4N/lO6QtQiJBNATTxxecp3qw2ZUw4DJy1SXQNNqKA2kekInLToJq6LpFAGR8xCJ4i+ryrz7SAS1vsKqe6XE/+AVyPltQ2+cL0WLVs5sBylIBdEimBxp3cxIEAdSvK6wcjAa3JSyAP9oNhxH5izpPdRni+8NlWKeePefSzzZ9Tz+GD/m9jOcgxiHi2LJHo2TSDels2wLwxUriUa6nW2XwOSsgf3H+lapPQBVu34MMQhjVRIpGvtYg6p7Lo3XdnRCjp50gzsr0TtTlg3mYlM8N+OQFthQpiWFVesTMQNJuK0mHaB/91UiPFN4dMrimfIvhneqp0F09I9zfY
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
maiMw5rXBgD3BftRnG0t2EMcZSwnq68CMEsXAp0q4sujxH+JFBWd8WBjobwvkeHeD07RZPJj3MwRpt8TcpF3eUqTiECuQGsCuC8+NM78AikExffGXCMS9Hed/7AuxB1fJy3sge/ZXZ6Fqk/Tifsz9w==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative;
boundary=”_000_PU1PR06MB2342BC1BE4C597CB98CC5EAC85A99PU1PR06MB2342apcp_”
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PU1PR06MB2342.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d98c3c17-3547-44ab-21c4-08d9835283f3
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2021 14:07:47.2392
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS2PR06MB3335
X-AverageJoeWeekly-MailScanner-Information: Please contact the ISP for more information
X-AverageJoeWeekly-MailScanner-ID: 1mVaFz-0007u0-Jb
X-AverageJoeWeekly-MailScanner: Found to be clean
X-AverageJoeWeekly-MailScanner-SpamCheck: not spam,
SpamAssassin (not cached, score=-4.748, required 4,
autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10,
DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00,
HTML_MESSAGE 0.00, MISSING_HEADERS 1.02, MONEY_BACK 1.23,
RCVD_IN_DNSWL_HI -5.00, RCVD_IN_MSPIKE_H2 -0.00, SPF_HELO_PASS -0.00,
SPF_PASS -0.00)
X-AverageJoeWeekly-MailScanner-From: raajanraj47657@outlook.com
X-Spam-Status: No
My servers MailScanner software’s analysis is below
