The scam of the day seems to be fake billing notices from USPS. I have usps.com added to the strict SPF list. Still they are getting through. I'm slowly getting ASSP setup right, but I'm still missing something.
I ran the header through the ASSP analyzer, and it didn't find a reason to block this email! Even though the source IP is from India. I've posted the header below, along with the result of mail analyzer. Can someone tell me what isn't right here? Thanks •ISP/Secondary Header:'Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.ca (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Thu, 29 Mar 2012 08:50:11 -0400 Received: from smtp2.netdorm.com ([67.214.161.138<javascript:void(0);>] helo=smtp2.netdorm.com) by spamfilter.mydomain.ca with ESMTP (2.1.1); 29 Mar 2012 08:50:09 -0400 Received: from usps.com ([180.242.19.177<javascript:void(0);>]) by smtp2.netdorm.com' •Switched to ISP/Secondary IP: '180.242.19.177<javascript:void(0);>' using enhanced Originated IP detection •detected IP's on the mail routing way: 205.98.168.86<javascript:void(0);>(no PTR) •detected source IP: 205.98.168.86<javascript:void(0);> sender and reply addresses: MAIL FROM: usps_shipping_supp...@usps.com<javascript:void(0);> From: usps_shipping_supp...@usps.com<javascript:void(0);> recipient addresses: To: bbbb@mydomain<mailto:bbbb@mydomain> , To: support-902813001@mydomain<mailto:support-902813001@mydomain> Feature Matching: • Strict SPF RE<http://mail.ocg.ca:55555/#strictSPFRe>: '@usps.com'<javascript:void(0);> • matching strictSPFRe(file:files/strictspf.txt[line 17]<javascript:void(0);>): '@usps.com'<javascript:void(0);> • SPF-check returned OK for 180.242.19.177<javascript:void(0);> -> usps_shipping_supp...@usps.com<javascript:void(0);>, smtp2.netdorm.com • URIBL check<http://mail.ocg.ca:55555/#ValidateURIBL>: 'OK' • Valid Format of HELO<http://mail.ocg.ca:55555/#DoValidFormatHelo>: 'smtp2.netdorm.com' • 205.98.168.86<javascript:void(0);> is in RBLCache: inserted as ok at 2012-03-29 08:50:12 • 180.242.19.177<javascript:void(0);> is in RBLCache: inserted as ok at 2012-03-29 08:50:12 • domain usps.com has valid MXA record: gk-e-mail.srvs.usps.gov 56.0.101.24<javascript:void(0);> • 180.242.19.0<javascript:void(0);> has a Griplist value of 0.8 ------------------------------------------------------- Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.ca (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Thu, 29 Mar 2012 08:50:11 -0400 Received: from smtp2.netdorm.com ([67.214.161.138] helo=smtp2.netdorm.com) by spamfilter.mydomain.ca with ESMTP (2.1.1); 29 Mar 2012 08:50:09 -0400 Received: from usps.com ([180.242.19.177]) by smtp2.netdorm.com (8.13.8/8.13.8) with ESMTP id q2TCn0RU029941; Thu, 29 Mar 2012 08:49:01 -0400 Received: from [205.98.168.86] (account usps_shipping_supp...@usps.com<mailto:usps_shipping_supp...@usps.com> HELO tredhgmrqaila.arrftxp.org) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 652540171 for b...@mydomain.ca<mailto:b...@mydomain.ca>; Thu, 29 Mar 2012 19:49:00 +0700 From: Antoine Dixon <usps_shipping_supp...@usps.com<mailto:usps_shipping_supp...@usps.com>> To: <b...@mydomain.ca<mailto:b...@mydomain.ca>>, <support-590281...@mydomain.ca<mailto:support-590281...@mydomain.ca>> Subject: USPS postage invoice. Date: Thu, 29 Mar 2012 19:49:00 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_zywqbuhmyi_09_24_45" X-Priority: 3 X-Mailer: gaxgrvvx.47 Message-ID: <5436580620.ygm3njlr771...@iqiyvkiyaejo.wgnnsq.org<mailto:5436580620.ygm3njlr771...@iqiyvkiyaejo.wgnnsq.org>> X-Assp-Version: 2.1.1(11364) on spamfilter.mydomain.ca X-Assp-Re-SPFstrict: @usps.com X-Assp-Received-SPF: softfail (cache) ip=67.214.161.138 mailfrom=usps_shipping_supp...@usps.com<mailto:mailfrom=usps_shipping_supp...@usps.com> helo=smtp2.netdorm.com X-Assp-Message/IP-Score: 10 (SPF softfail) X-Assp-ID: spamfilter.mydomain.ca m1-25410-77425 X-Assp-Detected-RIP: 205.98.168.86, 180.242.19.177 X-Assp-Source-IP: 205.98.168.86 X-Assp-Envelope-From: usps_shipping_supp...@usps.com<mailto:usps_shipping_supp...@usps.com> X-Assp-Intended-For: support-9028104...@mydomain.ca<mailto:support-9028104...@mydomain.ca> Return-Path: usps_shipping_supp...@usps.com<mailto:usps_shipping_supp...@usps.com> ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
