Re: [mailop] How to identify source of email sent via Google?

[Angelo Giuffrida via mailop]

I find it rich that Michael is in here throwing stones... can't exactly
throw stones when you live in a glass house there big Mikey!

Cheers, Angelo.

On Fri, Jul 19, 2019 at 3:38 PM Jesper Sörtoft via mailop 
wrote:

> On 2019-07-18 21:06, Steven Champeon via mailop wrote:
>
> > Bwahahahahahahahahahahaha.
> >
> > Yeah, whatever. I've had rulesets that block webmail-injected 419/AFF
> > scams for over a decade and Google is among the few who I still get them
> > from because I can't tell if the IP is in West Africa thanks to this
> > idiotic "policy". It's just stupid.
>
> Just out of curiosity, does anyone know if Google has anyone employed to
> work with abuse? At all?
>
> I've been receiving the same Nigerian spam mail from the same 2-3 Gmail
> accounts for... 5? years now. It's been reported over and over again -
> hundreds of times by now. First reported the (according to google)
> "proper" way through "I would like to report a Gmail user who has sent
> messages that violate..." for a few years. Nothing happened, spamming
> from the same gmail accounts continued. Then in the past year I've just
> been forwarding it to ab...@gmail.com, but it seems like there's nobody
> there either - script or human. The spamming continues.
>
> The easy and sane way is to handle this is to just silently delete these
> mails, but I find it annoying that Google thinks they're big enough to
> ignore abuse and spam from their servers (while they on the other hand
> can block whatever for whatever unknown reason, since they are google).
> And it's even more annoying that they're probably right.
>
>
> / J
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to identify source of email sent via Google?

[Jesper Sörtoft via mailop]

On 2019-07-18 21:06, Steven Champeon via mailop wrote:


Bwahahahahahahahahahahaha.

Yeah, whatever. I've had rulesets that block webmail-injected 419/AFF
scams for over a decade and Google is among the few who I still get them
from because I can't tell if the IP is in West Africa thanks to this
idiotic "policy". It's just stupid.


Just out of curiosity, does anyone know if Google has anyone employed to 
work with abuse? At all?


I've been receiving the same Nigerian spam mail from the same 2-3 Gmail 
accounts for... 5? years now. It's been reported over and over again - 
hundreds of times by now. First reported the (according to google) 
"proper" way through "I would like to report a Gmail user who has sent 
messages that violate..." for a few years. Nothing happened, spamming 
from the same gmail accounts continued. Then in the past year I've just 
been forwarding it to ab...@gmail.com, but it seems like there's nobody 
there either - script or human. The spamming continues.


The easy and sane way is to handle this is to just silently delete these 
mails, but I find it annoying that Google thinks they're big enough to 
ignore abuse and spam from their servers (while they on the other hand 
can block whatever for whatever unknown reason, since they are google). 
And it's even more annoying that they're probably right.



/ J


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Michael Wise via mailop]

Talos Rep is ... mostly dark.
Which means various other rep services might have ... things lurking just under 
the surface.

https://talosintelligence.com/reputation_center/lookup?search=212.115.96.0%2F24

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?

From: mailop  On Behalf Of Support 3Hound via mailop
Sent: Thursday, July 18, 2019 3:14 PM
To: mailop@mailop.org
Subject: Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

Hi Michael,  thank you for your answer.
Sure, the first pool we are warming up is the range from 212.115.96.5 to  
212.115.96.36.
In this range the only IP with a correct reputation is 212.115.96.31, you can 
just compare the result of 212.115.96.30 and 212.115.96.31 to see the 
differences.
They are on the same pool so they has the same history of sent e-mail.

Other ranges was having a similar behaviour but we stopped them so they 
actually loose the reputation.

Any help is appreciated.
Stefano


Il 18/07/2019 20.55, Michael Wise via mailop ha scritto:

Can you share the IP (range) so we can maybe give some opinions on what the 
issue might be?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool
 ?

From: mailop  On 
Behalf Of Support 3Hound via mailop
Sent: Thursday, July 18, 2019 7:30 AM
To: mailop@mailop.org
Subject: [mailop] Crazy Sender-score value of 0 instead of 96-98

Hi,
I installed a new instance of my e-mail platform for a customer of my company 
but a very strange things happens during the warm up of the new sending IPs.
Quite all the IPs (Assigned us directly from the RIPE) got a sender score of 0 
instead of the usual 96 -> 98 range.
Fortunately, few of them are on 97 as expected.
No blacklist have been achieved and no bad indicators are present after a 
couple of months of consistent sending.
We are correctly deactivating permanent bounce and feedback loops as well.
The 97 score IPs has the real sender domain linked to the IPs on senderscore 
(as it happens usually).
The 0 score IPs hasn't any sender domain linked, in some cases they have the 
platform domain as unique sender linked (that is not a sender in any way and is 
not used as any sender in the e-mail sent, nor in return-path).

Every sending host/IP is sending mail  from 5 well known sender in a round 
robin schedule (so they should achieve quite all the same reputation but it 
doesn't happens) actually the rate is the same and it's quite low (7,5k/IP/day).
Every IP/host is a clone VM so thgey are exactly the same except for IP and 
host name;  every host has the same DNS/PTR/SPF/MX configuration.
Every sender sign the e-mail with his DKIM and has the Sender-ID (SPF) record 
over the sender domain.

The deliverability cut off is from 90% of the 98score to the 30% of the 0 score 
and they are sending exactly the same things/amount/databases.

Anyone experienced this kind of issue?
Can someone share any sender-score contact on order to verify this issue with 
them?

Thank you guys!
Stefano



___

mailop mailing list

mailop@mailop.org

https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Support 3Hound via mailop]

Hi Michael,  thank you for your answer.
Sure, the first pool we are warming up is the range from 212.115.96.5 
to  212.115.96.36.
In this range the only IP with a correct reputation is 212.115.96.31, 
you can just compare the result of 212.115.96.30 and 212.115.96.31 to 
see the differences.

They are on the same pool so they has the same history of sent e-mail.

Other ranges was having a similar behaviour but we stopped them so they 
actually loose the reputation.


Any help is appreciated.
Stefano



Il 18/07/2019 20.55, Michael Wise via mailop ha scritto:


Can you share the IP (range) so we can maybe give some opinions on 
what the issue might be?


Aloha,

Michael.

--

*Michael J Wise*
MicrosoftCorporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Got the Junk Mail Reporting Tool 
?


*From:*mailop  *On Behalf Of *Support 
3Hound via mailop

*Sent:* Thursday, July 18, 2019 7:30 AM
*To:* mailop@mailop.org
*Subject:* [mailop] Crazy Sender-score value of 0 instead of 96-98

Hi,
I installed a new instance of my e-mail platform for a customer of my 
company but a very strange things happens during the warm up of the 
new sending IPs.
Quite all the IPs (Assigned us directly from the RIPE) got a sender 
score of 0 instead of the usual 96 -> 98 range.

Fortunately, few of them are on 97 as expected.
No blacklist have been achieved and no bad indicators are present 
after a couple of months of consistent sending.

We are correctly deactivating permanent bounce and feedback loops as well.
The 97 score IPs has the real sender domain linked to the IPs on 
senderscore (as it happens usually).
The 0 score IPs hasn't any sender domain linked, in some cases they 
have the platform domain as unique sender linked (that is not a sender 
in any way and is not used as any sender in the e-mail sent, nor in 
return-path).


Every sending host/IP is sending mail  from 5 well known sender in a 
round robin schedule (so they should achieve quite all the same 
reputation but it doesn't happens) actually the rate is the same and 
it's quite low (7,5k/IP/day).
Every IP/host is a clone VM so thgey are exactly the same except for 
IP and host name;  every host has the same DNS/PTR/SPF/MX configuration.
Every sender sign the e-mail with his DKIM and has the Sender-ID (SPF) 
record over the sender domain.


The deliverability cut off is from 90% of the 98score to the 30% of 
the 0 score and they are sending exactly the same things/amount/databases.


Anyone experienced this kind of issue?
Can someone share any sender-score contact on order to verify this 
issue with them?


Thank you guys!
Stefano


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Anne P. Mitchell, Esq. via mailop]

Relatedly, do we have any idea what is going to happen with SenderScore now 
that they have been acquired by Validity, and 200 RP employees have been laid 
off?

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to identify source of email sent via Google?

[Steven Champeon via mailop]

on Thu, Jul 18, 2019 at 06:27:37PM +, Michael Wise via mailop wrote:
> The doctrine seems to be that they're sufficiently on the ball that
> they can handle all abuse issues internally, and thus, they hide that
> information, since it could be used to, for instance, launch a DDOS
> attach against the user's "Home" IP infrastructure.

Bwahahahahahahahahahahaha.

Yeah, whatever. I've had rulesets that block webmail-injected 419/AFF
scams for over a decade and Google is among the few who I still get them
from because I can't tell if the IP is in West Africa thanks to this
idiotic "policy". It's just stupid.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
Internet security and antispam hostname intelligence: http://enemieslist.com/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Michael Wise via mailop]

Can you share the IP (range) so we can maybe give some opinions on what the 
issue might be?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?

From: mailop  On Behalf Of Support 3Hound via mailop
Sent: Thursday, July 18, 2019 7:30 AM
To: mailop@mailop.org
Subject: [mailop] Crazy Sender-score value of 0 instead of 96-98

Hi,
I installed a new instance of my e-mail platform for a customer of my company 
but a very strange things happens during the warm up of the new sending IPs.
Quite all the IPs (Assigned us directly from the RIPE) got a sender score of 0 
instead of the usual 96 -> 98 range.
Fortunately, few of them are on 97 as expected.
No blacklist have been achieved and no bad indicators are present after a 
couple of months of consistent sending.
We are correctly deactivating permanent bounce and feedback loops as well.
The 97 score IPs has the real sender domain linked to the IPs on senderscore 
(as it happens usually).
The 0 score IPs hasn't any sender domain linked, in some cases they have the 
platform domain as unique sender linked (that is not a sender in any way and is 
not used as any sender in the e-mail sent, nor in return-path).

Every sending host/IP is sending mail  from 5 well known sender in a round 
robin schedule (so they should achieve quite all the same reputation but it 
doesn't happens) actually the rate is the same and it's quite low (7,5k/IP/day).
Every IP/host is a clone VM so thgey are exactly the same except for IP and 
host name;  every host has the same DNS/PTR/SPF/MX configuration.
Every sender sign the e-mail with his DKIM and has the Sender-ID (SPF) record 
over the sender domain.

The deliverability cut off is from 90% of the 98score to the 30% of the 0 score 
and they are sending exactly the same things/amount/databases.

Anyone experienced this kind of issue?
Can someone share any sender-score contact on order to verify this issue with 
them?

Thank you guys!
Stefano
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to identify source of email sent via Google?

[Michael Wise via mailop]

Yeah.

This.



The doctrine seems to be that they're sufficiently on the ball that they can 
handle all abuse issues internally, and thus, they hide that information, since 
it could be used to, for instance, launch a DDOS attach against the user's 
"Home" IP infrastructure.



They might have a point, but given the ease at which people can sign up for a 
new (and abusive) account these days, I tend to give it serious side-eye.

There’s also the ease at which some miscreants can abuse just about any service 
on day 0. ☹

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?



-Original Message-
From: mailop  On Behalf Of Grant Taylor via mailop
Sent: Thursday, July 18, 2019 9:34 AM
To: mailop@mailop.org
Subject: Re: [mailop] How to identify source of email sent via Google?



On 7/18/19 4:08 AM, Benoit Panizzon via mailop wrote:

> Hi List



Hi,



> Unfortunately with emails sent over Gmail, there are no more IP source

> before the Google IP Address, so I started wondering if there is any

> other way to find an unique source in the Gmail Headers:



I will be quite surprised if there is any information leak that provides what 
you want.



Google tends to go out of their way to hide what you're asking for.



There's also a real chance that there is no information for what you want.  
I.e. someone composed the message in the web interface or something else that 
submitted the email to Google via something other than SMTP.  Google's SMTP 
servers would be the first SMTP servers in the message chain.



Good luck.  I would not hold my breath.







--

Grant. . . .

unix || die


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to identify source of email sent via Google?

[Grant Taylor via mailop]

On 7/18/19 4:08 AM, Benoit Panizzon via mailop wrote:

Hi List


Hi,


Unfortunately with emails sent over Gmail, there are no more IP source
before the Google IP Address, so I started wondering if there is any
other way to find an unique source in the Gmail Headers:


I will be quite surprised if there is any information leak that provides 
what you want.


Google tends to go out of their way to hide what you're asking for.

There's also a real chance that there is no information for what you 
want.  I.e. someone composed the message in the web interface or 
something else that submitted the email to Google via something other 
than SMTP.  Google's SMTP servers would be the first SMTP servers in the 
message chain.


Good luck.  I would not hold my breath.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Crazy Sender-score value of 0 instead of 96-98

[Support 3Hound via mailop]

Hi,
I installed a new instance of my e-mail platform for a customer of my 
company but a very strange things happens during the warm up of the new 
sending IPs.
Quite all the IPs (Assigned us directly from the RIPE) got a sender 
score of 0 instead of the usual 96 -> 98 range.

Fortunately, few of them are on 97 as expected.
No blacklist have been achieved and no bad indicators are present after 
a couple of months of consistent sending.

We are correctly deactivating permanent bounce and feedback loops as well.
The 97 score IPs has the real sender domain linked to the IPs on 
senderscore (as it happens usually).
The 0 score IPs hasn't any sender domain linked, in some cases they have 
the platform domain as unique sender linked (that is not a sender in any 
way and is not used as any sender in the e-mail sent, nor in return-path).


Every sending host/IP is sending mail  from 5 well known sender in a 
round robin schedule (so they should achieve quite all the same 
reputation but it doesn't happens) actually the rate is the same and 
it's quite low (7,5k/IP/day).
Every IP/host is a clone VM so thgey are exactly the same except for IP 
and host name;  every host has the same DNS/PTR/SPF/MX configuration.
Every sender sign the e-mail with his DKIM and has the Sender-ID (SPF) 
record over the sender domain.


The deliverability cut off is from 90% of the 98score to the 30% of the 
0 score and they are sending exactly the same things/amount/databases.


Anyone experienced this kind of issue?
Can someone share any sender-score contact on order to verify this issue 
with them?


Thank you guys!
Stefano
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lost GPT Ownership

[Tracey Crawford via mailop]

I actually looked at that and it would require me to add another
verification record.  It also looks like Console is for websites and my
domain is for email only but I could give it a try.

Thank you for the suggestion and I will let you know if it works.
Tracey Crawford
Lead Deliverability Analyst, SparkPost


On Thu, Jul 18, 2019 at 6:11 AM  wrote:

> Send mailop mailing list submissions to
> mailop@mailop.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> or, via email, send a message with subject or body 'help' to
> mailop-requ...@mailop.org
>
> You can reach the person managing the list at
> mailop-ow...@mailop.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mailop digest..."
>
>
> Today's Topics:
>
>1. A contact from Cox needed (Vytis Marciulionis)
>2. Lost GPT Ownership (Tracey Crawford)
>3. Re: Lost GPT Ownership (Ken O'Driscoll)
>4. How to identify source of email sent via Google? (Benoit Panizzon)
>
>
> --
>
> Message: 1
> Date: Wed, 17 Jul 2019 12:54:07 +
> From: Vytis Marciulionis 
> To: "mailop@mailop.org" 
> Subject: [mailop] A contact from Cox needed
> Message-ID:
> <
> vi1pr0401mb2654ff06961f511af68c3b5e87...@vi1pr0401mb2654.eurprd04.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello everyone,
>
> In hope to get assistance from a person at Cox I am reviving this thread.
> As Andy was experiencing that before, we also see repetitive CXCNCT errors.
> https://www.cox.com/residential/support/email-error-codes.html says that
> they support up to 10 concurrent connections and we have max-connect-limit
> 8 set as default on our PMTA configuration. We also lowered max connection
> limit to 4 just for cox.net mailboxes, yet that does not seem to change
> anything at all.
>
> Out of 470k attempts in last 24 hours to send mails 455k were rejected as
> tq errors with CXCNCT as the reason and 6.4k were transient/deferred with
> CXMXRT as the reason. Out of 470k attempts 8.5k mails were delivered and
> 221 bounced.
>
> We could really use some help off-list as none of our attempts to contact
> in the last week got us a reply or fix. Thanks in advance!
>
>
>
> Best regards,
>
> Vytis
>
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20190717/874e9187/attachment-0001.html
> >
>
> --
>
> Message: 2
> Date: Wed, 17 Jul 2019 09:02:17 -0400
> From: Tracey Crawford 
> To: mailop@mailop.org
> Subject: [mailop] Lost GPT Ownership
> Message-ID:
>  itty5kwb4...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> One of our clients lost owner privileges to one of their domains in Google
> Postmaster Tools.  Does anyone know how we can recover ownership to the
> domain?  They have read access, but that does not allow them to manage the
> domain.  We've tried deleting the domain and re-adding, but that does not
> give us a new verification record and therefore, We still only have read
> access.
>
> Thank you,
> Tracey Crawford
> Lead Deliverability Analyst, SparkPost
>
>
> On Tue, Jul 16, 2019 at 7:02 AM  wrote:
>
> > Send mailop mailing list submissions to
> > mailop@mailop.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > or, via email, send a message with subject or body 'help' to
> > mailop-requ...@mailop.org
> >
> > You can reach the person managing the list at
> > mailop-ow...@mailop.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of mailop digest..."
> >
> >
> > Today's Topics:
> >
> >1. Re: Libero postmaster (Tracey Crawford)
> >
> >
> > --
> >
> > Message: 1
> > Date: Mon, 15 Jul 2019 08:25:51 -0400
> > From: Tracey Crawford 
> > To: mailop@mailop.org
> > Subject: Re: [mailop] Libero postmaster
> > Message-ID:
> > <
> > cabs6auzdwny-_63-cwvn8ipdaqgwnsva_6xfaydghcktuy_...@mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > I would be interested in a Postmaster contact as well.
> >
> >
> > Tracey Crawford
> > Lead Deliverability Analyst, SparkPost
> >
> >
> > On Sun, Jul 14, 2019 at 7:02 AM  wrote:
> >
> > > Send mailop mailing list submissions to
> > > mailop@mailop.org
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > > or, via email, send a message with subject or body 'help' to
> > > mailop-requ...@mailop.org
> > >
> > > You can reach the person managing the list at
> > > mailop-ow.

[mailop] Proofpoint Contact

[Jessica Kaplan via mailop]

Hi,

Any contacts at Proofpoint who can help with identifying a cause for shared
IP blocks? Last week I reached out using the form on the website and to
postmaster directly with info but have not received a response. If anyone
has another suggestion I would greatly appreciate it.

To be clear, I am not looking for a quick delist. If we have a problem more
than what we've already identified and solved we would really like to
figure out what it is to prevent it from moving forward.

Thank you,

*Jessica Kaplan*Senior Email Abuse & Compliance Analyst
[image: SharpSpring Marketing Automation] 
E: jessica.kap...@sharpspring.com W: www.sharpspring.com
  
 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] How to identify source of email sent via Google?

[Benoit Panizzon via mailop]

Hi List

Operating the SWINOG Blacklist and Spamtraps, I notice quite some spam
originating from Google IPv6 Ranges (yes, trying to catching up
whitelisting them, which is not easy with their constant morphing).

Usually the Received: Line parser skips a line indicating a whitelisted
souce IP.

Unfortunately with emails sent over Gmail, there are no more IP source
before the Google IP Address, so I started wondering if there is any
other way to find an unique source in the Gmail Headers:

Like for example trying to base64 decode such strings:

X-Gm-Message-State: APjAAAULgJIbXPmiYeO34K1oPDHCszLRsTEIWu44mCUMhwcvNI2FSw2C
13E/GzFi+GzlVSKPy4cBzQaU513ns+TJSg1RReBoON3S

=> does not decode to human readable string. Or is this not base64?

X-Google-Smtp-Source: 
APXvYqxVPTn6xkps+03MiBFtpaU14OeJ20XxcX1Q6Tdg7/H8nOZpNx6gGMtNRggJ6WXmISfZ4L2aqtsCyvqjsMYyO+4=

=> does not decode to human readable string, but that header sounds very 
promising.

X-Received: by 2002:a54:4694:: with SMTP id k20mr20471032oic.136.1563371906203;
 Wed, 17 Jul 2019 06:58:26 -0700 (PDT)

IPv6 mapped IPv4 address from RFC1918. What about the ID? Could hat be
used to match and block the source?

Received: from 776393159873 named unknown by gmailapi.google.com with
 HTTPREST; Wed, 17 Jul 2019 06:58:24 -0700

Well, could 776393159873 be some kind of encoded source IP? Or just a
unique token for the origin IP which could be used to match spam from
this source?

Any help is welcome!

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop