How to stop "hotmail" spam in my inbox?

Traintracks

Registered
May 2, 2020
2
0
1
Belmont, California
cPanel Access Level
Website Owner
For the past several week, I have been getting a lot of spam with .hotmail.com return addresses. I don't know how to configure SpamAssassin to stop it. I have many email addresses and domains blacklisted in SpamAssassin (for example, *@domain.com and *.*@domain.com), and that usually stops spam from domains I don't want to receive email from. But it doesn't stop THESE, even though I have blacklisted *@hotmail.com and *.*@hotmail.com! Obviously these emails are not really coming from hotmail.

Here are two examples of the raw headers from these spam emails (I changed the name of my domain to "mysite.com" for this posting). I included the full headers so that you guys can look them over and perhaps find some commonality that would enable me to configure SpamAssassin to stop this. I would really appreciate some suggestions. Please remember that I am a novice at this, so if you have suggestions, please give me detailed instructions. Thank you so much!!!


Example 1:

Code:
Return-Path: <[email protected]>

Delivered-To: [email protected]

Received: from brian.securedserverspace.com

    by brian.securedserverspace.com with LMTP

    id iNjmK2mTrV4rrSsAFzcLkA

    (envelope-from <[email protected]>)

    for <[email protected]>; Sat, 02 May 2020 10:36:09 -0500

Return-path: <[email protected]>

Envelope-to: [email protected]

Delivery-date: Sat, 02 May 2020 10:36:09 -0500

Received: from mail-oln040092253030.outbound.protection.outlook.com ([40.92.253.30]:37576 helo=APC01-SG2-obe.outbound.protection.outlook.com)

    by brian.securedserverspace.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    (Exim 4.93)

    (envelope-from <[email protected]>)

    id 1jUuBU-00C3NC-JR

    for [email protected]; Sat, 02 May 2020 10:36:09 -0500

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=gy3TAzKhVtDYPM091f+ImDb5QcVxACjoyN82WqlMYKdgjvXpF5asTQYMR9r5juZUKLjZpxZk6bcvNgjp12Npbu5/3+uVPGR/Yusj74+f8iIbaOcaObgwji3zrS8YcOvhjbI6AIOgPderp9+lql2RoAkBIq3RhQjRqlGRew4qwePdL1w57RECPpGjeCu24MGpCqlLsnwjyoE5v5+SADgvOwStZTUSk/Y4C0CSKqqe/uUM7pw+2DroV6evbXbpfA6Ig1Gbrzc3EbPs8yIV6UnvH0vleN8TNax07xwoO6xpuAVgHz0AWQfhM0NO/wVs8CVMQv0Qbp6JJNKDACTkWt8x4w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=qMhwqDi0A9Hu7+5Fs95Tq/Am06XOrQsZhDqq13gG0X4=;

b=JJiivwFj3WiWwvZD8+quAF4SWmosaYlj3dLAHOWlEhMwpNvufxkXJSnn76rRpl2BPHb7HpJWDXBVBZNe+3LHiqwQbC7/byo/QvClGMGkLsvSZKtIwoINulfRHhIqb8Z8CVJQO6zwFpPxBNg3vFvjI9DZqUCgi1nDZMrTAv+5SMftCJk2LiKXpoHfBYXyJbDnN9Z1k3ciQceE/BhYJXa0QfWI0Pf8v6Jc+9YuwZ90I4c+OqJ99Zf3Nc6Rn+44Kx94JkgkH060zfKMd75Uxj+1jb1LvBe5Z4Ny3NKHUZl/XAvSeuSf7CtuRVEjF6YAE+8Ma78Q279Uexeq+I70bsUa6Q==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=qMhwqDi0A9Hu7+5Fs95Tq/Am06XOrQsZhDqq13gG0X4=;

b=F8A+EMIe+CdADkjVJsy/AKyupeMPi7Ntt5qCbUqsQflJaggkPxCmTSqIUtTXoMaGO6haJYubDwDuMfmuKaGIlDyOmvuRDeDS9+2bDZUC2SyFMwQYsJ8yH0Gu1H0Jxiz+g0kYwrm6VtSpAVzXBoMNewWGdjeAiziM4BFSByikgevXkMg7PnE4a1PMXBAQILGReyIkE4QS1V16SvfU2TIaqEiDdRQJmv0HlJkV6DlYUNbE+QC93WnvB1OLVWjmQYFxybhEhxLbF7DvdJGmQxWfQtTQ/Vyz9nZ/tGBD8IuPgJuvo8Hd5qXuUEF2cSWPL1TRz0vbOcb+zz9fLcsjqxSIGQ==

Received: from PU1APC01FT055.eop-APC01.prod.protection.outlook.com

(2a01:111:e400:7ebe::49) by

PU1APC01HT087.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebe::376)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19; Sat, 2 May

2020 15:34:00 +0000

Received: from HK0PR01MB2897.apcprd01.prod.exchangelabs.com

(2a01:111:e400:7ebe::47) by PU1APC01FT055.mail.protection.outlook.com

(2a01:111:e400:7ebe::362) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19 via Frontend

Transport; Sat, 2 May 2020 15:34:00 +0000

Received: from HK0PR01MB2897.apcprd01.prod.exchangelabs.com

([fe80::4dae:72e3:41c3:f0ff]) by HK0PR01MB2897.apcprd01.prod.exchangelabs.com

([fe80::4dae:72e3:41c3:f0ff%6]) with mapi id 15.20.2937.037; Sat, 2 May 2020

15:33:59 +0000

From: Jasmine Dumbleton <[email protected]>

To: (a large bunch of email addresses here)



Subject: 8 Tiens W appelez-moi Eleanor

Thread-Topic: 8 Tiens W appelez-moi Eleanor

Thread-Index: AQHWIJcXSkh07NrdPUi1t2krrXYYXg==

Date: Sat, 2 May 2020 15:33:59 +0000

Message-ID:

<[email protected]od.exchangelabs.com>

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

x-incomingtopheadermarker:

OriginalChecksum:73B6740F1FE9CC8CA94D1D24085E5E70B3321B7D2AAEBCADF750D02D26B62FE4;UpperCasedChecksum:CC83FDB515A534EDB8FB0F6ED99E5E5466787FC47F51D22B1C0850E97F243D59;SizeAsReceived:32605;Count:42

x-tmn: [5jR5TRqDXBow1iI4ATZnohGg0OJt7ElX]

x-ms-publictraffictype: Email

x-incomingheadercount: 42

x-eopattributedmessage: 0

x-ms-office365-filtering-correlation-id: d7f66242-b14a-4639-adce-08d7eeae3bfc

x-ms-exchange-slblob-mailprops:

dDsUU7XmuOOF6Ud+eNTYmUxNCTJ2VYogY/n4NJtAvvmdLRU0WnGUikHv61KxtKeLlPMT1abvPM23MNacVzWRsK25yfIz9nzOr6BQ3h6aYI1FE8Yzt70CY3Uuhj3w/Tkks22+vn4VlqoJzjiHWpWB6pVDdO1x21+/w5ZGgpynSnAv4+6drFuj75EYV2Wh+y4pWHGBKmeSsDYD8cV5P/58sVtC+jf+fA1PwnevyHu4uHNjXppW5ISdmG99jOxZCpmLD/DicXG06BoWpEnJE5ku3a088jbZZaDxCSNnD/7E7RYWiHAPxkALVklWkglYX+4TYicy4Xd1t9T4Qfeq5QIuJwYMxJ5/BdDEtZzASsT7FFNPmMQhsrWZPYU+fFkiMl8jfEXzfaPahYSJB1OS9E/r0g2/VMjZBn3aeevwC3kYs09S48PFKR5VaR+8BUgq6COMscE9wE2PmvnAUs9BGakR6q13rITLSf8anebghOmZ6DrQISPbsZJZC2/B1AlV6oPaEywoQkwApVr5yrlOtnX1IaRTU/NVu+QFoG6cod3Oz5c0GhGUbRw4yv2LAYeCcUpbMaXLvv/lKBytAGl9LVsPzUM2rSdLj6Dl3P7/hJ3Y3Og=

x-ms-traffictypediagnostic: PU1APC01HT087:

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

l7GjYFLOmvhsjNnc1ZSF4w5Rb2v8j44dIuenPot4VtZ98EfQlwxfJsBonIXylmbk5wTy+ed1wXXG4db3+YIHDxr8U4n6rCtv+uPf8VzpYl6kOV8aIKbDwMAA07gj4rEZ5KJChrv4yElOVy3ImrxAX5GAdofIyNlWJdcpM4CzN/GM+rfkmP6ZQKUtebcO16PPT7J5XOVxWT1W1h270AQIq6C5rhEDpRg5rBHKHSjD6DiHSlhDrcT/zDAUkui/atGg

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:HK0PR01MB2897.apcprd01.prod.exchangelabs.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;

x-ms-exchange-antispam-messagedata:

hKFtpHRSLvvFMIFZa2N/GchV1MQ62t8AVh0AGQYLQ+045jK6lVgMoD3UUOEIeaarTPZJYunSQ2aw5zzjd1WybuYStgyZLLtMSBtCXIOYlghD6+gVr7JwvjM49HWUHSd6zzmUoaiOGXmaoAN1Mw2jig==

x-ms-exchange-transport-forked: True

Content-Type: multipart/mixed;

    boundary="_004_HK0PR01MB28970718F9E9F986E94B2C22F9A80HK0PR01MB2897apcp_"

MIME-Version: 1.0

X-OriginatorOrg: hotmail.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: d7f66242-b14a-4639-adce-08d7eeae3bfc

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-originalarrivaltime: 02 May 2020 15:33:59.1321

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Internet

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT087



--_004_HK0PR01MB28970718F9E9F986E94B2C22F9A80HK0PR01MB2897apcp_

Content-Type: multipart/alternative;

    boundary="_000_HK0PR01MB28970718F9E9F986E94B2C22F9A80HK0PR01MB2897apcp_"
Example 2:

Code:
Return-Path: <[email protected]>

Delivered-To: [email protected]

Received: from brian.securedserverspace.com

    by brian.securedserverspace.com with LMTP

    id xXkhEoHjq15BXSYAFzcLkA

    (envelope-from <[email protected]>)

    for <[email protected]>; Fri, 01 May 2020 03:53:21 -0500

Return-path: <[email protected]>

Envelope-to: [email protected]

Delivery-date: Fri, 01 May 2020 03:53:21 -0500

Received: from mail-oln040092254066.outbound.protection.outlook.com ([40.92.254.66]:25695 helo=APC01-PU1-obe.outbound.protection.outlook.com)

    by brian.securedserverspace.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    (Exim 4.93)

    (envelope-from <[email protected]>)

    id 1jURQ8-00AXnJ-Bk

    for [email protected]; Fri, 01 May 2020 03:53:21 -0500

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=eM2aluEcK3GXdMS/PTRpFKEZGtuH49xwmlokEBaikqP3sYeY8wU+HjaR4XPvIvuEjVMFfc52mV7JivCgQrvN7PVGBX4kCXnWsepRMNN1XtkmZPwCuL/QKcdyEYJgwb4Kvg20tJ0wyek1fVgFez3jgtzqwayfVKcikJNH7aRbdmZ+D9uYWL7T/hsJfN9rKbqJZC8SdCNZqo0O3W9xa2sxFVJmmRmu2WE06r/UoFRcDnDfdSubfA4bmQQHzLpKvopql/POl23/8EeEsxw74APUfVcxYLJCcqW8c4+Hj4YhnntQKuO82z4g/54ufWNTzR7vbOmOoOW06C1DqxWE4thpiA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=BpHJOdr5I+V42UFfGoKA1/6JpY45qOgZcSZ+Pll9tBE=;

b=YSNtGr5Fr/bUPk1C5+jmYhyYG1Hqh8SHjhoBg5Kl++xq8ZIFZ6MVN9ahGKSUDxB6gI3TnEWNRgZ3vTG0ky9doEm7SHeQHcUTMiEp8d+P/jtLVIMk6Ha8rfJsA655G9cRtTk1g+YstteeXBOp0HpkSohpcxWbXUhpYkx9v80sC0+zBpni9mc9iNUoawHuVQB0TNxjN+F12q9QKQUW14fQYNqQJslZS8sEOisPTKpUILVToLYmEUyyOurA0PEYHM5cukFnViRkhrT5vlxq0rc/BozHXYQnRwkqvyPiJ4YkK4U38BW5iLO3sjMZLT7883kNZwwm3/AGiH79IHWKxLOUMQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=BpHJOdr5I+V42UFfGoKA1/6JpY45qOgZcSZ+Pll9tBE=;

b=Q5NAXh/Xfs5XrQIjuJ+YCuyZa79mfUUkCClyHz3R9ILf83Jq3ZNQmig/PEbH6BD5b+R54ZPoUJpkmAO7a+cY5wy6NDBA/Riuk+YZEM8KvIblqK3wIO1XCL0CpeFIPYUZZzvdk+19R71AcpaCsOhfGPZstBCsTTWyCjGSx+97+rmxpvoft/xqR/4ud6SMaXu5Zh29JiOkm7TYMLWzVNhAmNDwQy7BzrEq9Xl2IC1SA5p36wX1KuhlABF6Q+4KPZzFgKe4IPMjEt0RyqbZ+smUt6yyKT5Ojr29an5xABkstbmdUPBwOHaLOtAM8r1TZ635S5sko64v0mKx6zAazTm/wg==

Received: from SG2APC01FT112.eop-APC01.prod.protection.outlook.com

(2a01:111:e400:7ebd::4e) by

SG2APC01HT073.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebd::262)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.24; Fri, 1 May

2020 08:50:51 +0000

Received: from PS1PR0601MB3788.apcprd06.prod.outlook.com

(2a01:111:e400:7ebd::4e) by SG2APC01FT112.mail.protection.outlook.com

(2a01:111:e400:7ebd::201) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19 via Frontend

Transport; Fri, 1 May 2020 08:50:50 +0000

Received: from PS1PR0601MB3788.apcprd06.prod.outlook.com

([fe80::7d06:5bf6:8df:e37e]) by PS1PR0601MB3788.apcprd06.prod.outlook.com

([fe80::7d06:5bf6:8df:e37e%4]) with mapi id 15.20.2937.028; Fri, 1 May 2020

08:50:50 +0000

From: Stella Lemm <[email protected]>

To: (large bunch of email addresses here)



Subject: =?Windows-1252?Q?F_Guten_Tag_f=FCr_Sie_00_mein_name_ist_Marian?=

Thread-Topic: =?Windows-1252?Q?F_Guten_Tag_f=FCr_Sie_00_mein_name_ist_Marian?=

Thread-Index: AQHWH5WReAgetXMdfUSaqWcDhrVvAw==

Date: Fri, 1 May 2020 08:50:50 +0000

Message-ID:

<[email protected]6.prod.outlook.com>

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

x-incomingtopheadermarker:

OriginalChecksum:E0B6BFF6F08BEBC9E821C1841B56B63210F201E573FB5DE10221CFC465EEE361;UpperCasedChecksum:DCB7A106C0A28405430AF4E5FD113877FC6AAB86BB3B0621145D7D64552BEFC6;SizeAsReceived:32018;Count:42

x-tmn: [vyQ7LNgZbp+l5egqVsT7fpHoZJKveYsn]

x-ms-publictraffictype: Email

x-incomingheadercount: 42

x-eopattributedmessage: 0

x-ms-office365-filtering-correlation-id: 9cbd6727-8858-461a-9c82-08d7edacbfcc

x-ms-exchange-slblob-mailprops:

d6LuQ8FBiBzqt8NnE9jaZIlIAY1FOZQO4YwHNX1uC6RIDlbMg5XJ7RO+DQmR2kexlLgWEUcFPW9MHJdXyrY3c0FnigxHniHnCy2vOLWAIwGd9/Fewe6SJOm+m3MzytkjSprDUxINCDOnBwfa404a/DwdBpZ71gLyeyNTBFYwhpJ4Hrrgl3v5LSzOFyAARfbKP4Z48pGrEMo9mUabHLk53ZQGeIzUSn28yMvCae5xnDPYGmDm1Y8j68hImPJwPn5qfDMhbTRQcBS+GrrviAC9Cez37q9mRCLc+++O75MfT2FtWRsbvjDR/Nk/rv59fptJoLrCjMYw0XVo/OSEmLrhphE1mOFrdwZOLaP7E5t6avJ4t6AZ5ZEPhoknBwGgwg+7Ss3e4IMp91Lw3Y+VewicYS2r9SxiyKySlkyTlkKLpS+S/CHlqXEpmjE5PjR1lSjQ93zKFuPZCkcOzCU8kB+00IAs8S0ebtHkzctxeDLbti1JLZBJKhvcyiD2+9aLHEbrvlbNm1CQPYS5Pq971BUv5fBQJGVEZGJVdmG60rYw2uZyDX7oWsrcEd9vU/zuiFjMVapTMz+fDc7FfPtS8hijIsa3U4YNmHT+4098sJjNfh2BSZVhXVMfzpOCDdsrX4kE6Baw1726ZmCVgk6ly+KRUzVUiORg+jFr0UNcsv7DlwLj5zrt8wWb2eRrd7DWLyOrCuf9zWZoE6XhoLHNIwCJdKGm38XJ3QDkTW4JId1g3Wm8YQSIlnKlLMlyOv5fZFXsKsOIJdkAY5wfx4jrMh0xtCt363i79Hk5ofPTLeASSV0q9TzFKsukgGP0iw0Kee1I

x-ms-traffictypediagnostic: SG2APC01HT073:

x-microsoft-antispam: BCL:0;

x-microsoft-antispam-message-info:

tXMDfzgx6Jl6u+FSqsSJd+h+858A2YpLPGSST1RIXMYXAU57AhU4plQ1aZ1TVmYdCOAloQk5ZMrEKe7Yb7M3RrnQerw8kJ6BqXDYM8tekLevwbNSxHUC5E9o7fkbbAjBmHRB1xfWThXhrpHc+Ra3CDH+ipWMtJ0qFOianKE4wReE2IxQSgHTrRo5xE7eii3hVZWi/Mh2JfcV8t3Bk6D9NlTjcoa9+Ew6jOKxl/JGw0xwpEBlqaM7pFDA6NC3QK/8

x-forefront-antispam-report:

CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:PS1PR0601MB3788.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;

x-ms-exchange-antispam-messagedata:

vx4GeAslALsJF+kgjFRmquV7XlGAHSsUTCkIHRQLcVw1SQHN0Q165pvfruMBarOprGdjYs4TPJOfSwUoAXeYONJe4uqNOnzevELeX49LjLMHTtyFV5pRsrcNbLaw/+xYeBU6mcGkCUs4F2aSE6SZww==

x-ms-exchange-transport-forked: True

Content-Type: multipart/mixed;

    boundary="_004_PS1PR0601MB37886D35F56CBAA483467B9EBDAB0PS1PR0601MB3788_"

MIME-Version: 1.0

X-OriginatorOrg: hotmail.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 9cbd6727-8858-461a-9c82-08d7edacbfcc

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2020 08:50:50.1661

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Internet

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2APC01HT073



--_004_PS1PR0601MB37886D35F56CBAA483467B9EBDAB0PS1PR0601MB3788_

Content-Type: multipart/alternative;

    boundary="_000_PS1PR0601MB37886D35F56CBAA483467B9EBDAB0PS1PR0601MB3788_"



--_000_PS1PR0601MB37886D35F56CBAA483467B9EBDAB0PS1PR0601MB3788_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
They're all from the same Received From: address - you could add that domain or email address to SpamAssassin's blacklist to immediately stop getting those. But, I don't show SpamAssassin headers on these emails, just exchange headers. So it would seem you're bypassing SpamAssassin entirely?
 

Traintracks

Registered
May 2, 2020
2
0
1
Belmont, California
cPanel Access Level
Website Owner
If you're talking about "Received From brian.securedserverspace.com," that is my host's server.

When you say that I don't show SpamAssassin headers on those emails, what do you mean? These are the headers of the emails. It looks like they are totally bypassing SpamAssassin's filters. (Please bear with me; I'm relatively new to this).
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Ok, it seems as though your email is received through Exchange, so you're getting your email on outlook365 or a similar service, correct?

As for spamassassin, when you receive mail that is being scanned by spamassassin it has specific headers that show what spamassassin scored the email as. For example:

Code:
X-Spam-Status: No, score=-0.5
X-Spam-Score: -4
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server.myhostname.us",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  some advertising email 
    UNSUBSCRIBE | CHANGE EMAIL ADDRESS WEBSITE, OFFERS & SOCIAL MEDIA CHANNELS
    R [...]
 Content analysis details:   (-0.5 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: neolane.net]
 -2.0 RCVD_IN_RP_SAFE        RBL: Sender in ReturnPath Safe - Contact
                             [email protected]
                             [Return Path SenderScore Safe List (formerly]
                     [Habeas Safelist) - <http://www.senderscorecertified.com>]
  1.5 SUBJ_BUY               Subject line starts with Buy or Buying
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or
                             Formatted Colors in HTML
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
X-Spam-Flag: NO
This is missing from your emails - this is present on any email that SpamAssassin scans.