Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

Massive spam from

Daniel Nashed – 15 February 2022 17:39:16
This is bugging me for a couple of days.

The messages are coming from many different hosted domains with valid SPF record pointing to

v=spf1 -all

The content is really bad SPAM in my case. And my AntiSpam settings are not preventing them to come in, because most of the elements in those mails are OK.
Beside the content itself ...

I will probably change some key words and I also noticed that all those mails have no Mailer set. But this is also true for other e-mail I receive.

It is even worse! The messages are properly DKIM singed by Microsoft.

Grey listing and other techniques will not help. The mails are properly send and will be resent if delayed.

Asking someone at Microsoft will probably not help. I am not even sure they would take my call or read my mail.

I can't block completely. That's an issue with a large provider...

So I am looking into options monitoring my SMTP traffic very carefully ..

Is anyone else seeing spam like this?
Does your antispam catch it?

-- Daniel

Received: from ([])
         by (HCL Domino Release 12.0.1)
         with ESMTP id 2022021517062021-365 ;
         Tue, 15 Feb 2022 17:06:20 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;;
ARC-Authentication-Results: i=1; 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-campussek-onmicrosoft-com;

Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=XXX;
Received: from ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:4b::11)
by GVAP278MB0469.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:3e::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Tue, 15 Feb
2022 16:06:19 +0000
Received: from ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
([fe80::142:5a2f:da74:9a98]) by ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
([fe80::142:5a2f:da74:9a98%9]) with mapi id 15.20.4975.019; Tue, 15 Feb 2022
16:06:19 +0000
Message-ID: <05d06c383308ddd6f0d56337c3159f94b4765e63@XXX>
From: XXX
Subject: Die bequemste Dating-Site
Date: Tue, 15 Feb 2022 19:03:52 +0300
X-ClientProxiedBy: FR0P281CA0059.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:49::7) To ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
Return-Path: xxxxx
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0fe21474-6dec-4fc0-4abf-08d9f09cc43c
X-MS-TrafficTypeDiagnostic: GVAP278MB0469:EE_
X-MS-Oob-TLC-OOBClassifiers: OLM:136;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;


1Beat  15.02.2022 23:17:19  Massive spam from

Hello Daniel

TrendMicro ScanMail for Notes filters them all.


2Manfred W.  16.02.2022 8:48:49  Massive spam from

64 of them in the last 7 days. Proofpoint blocks them all.

3Oliver Regelmann  16.02.2022 9:24:36  Massive spam from

None here at all. Neither in the quarantine nor within the few that came through our spam filter.

4Jason Ferber  17.02.2022 12:43:33  Massive spam from


I have been having this exact issue for Months and sadly our organization has decided to become an O365 shop. So I guess we will be in the same Microsoft bucket... I will miss HCL...

5Bob Voith  18.02.2022 7:49:41  Massive spam from

Hi Daniel,

I do have some of them too, and I am a huge fan of SpamGeek. I filter most of them out with bad subjects and bad words. Some slip through.

6Andreas  20.02.2022 3:04:10  Massive spam from

Hello Daniel,

having the same issue unfortunately, loads of spam mails starting about a week ago.

Coming from many different hosted exchange/o365 customers.

i already gave the Microsoft servers a 3 points malus in spamassassing but even that isn't enough for many of the spam mails.



7Andreas  21.02.2022 0:46:29  Massive spam from

Me again:

maybe i managed to handle it for now by adding body filter rules which match the domains that are in the body using the schema which i can't post here due to comment-spam-filtering.

8BobVoith  23.02.2022 20:46:47  Massive spam from

Just an update - The amount of has increased dramatically today from

9Kai G├╝lzau  12.06.2022 11:29:45  Massive spam from

are there some good SpamAssassin rules to block this?

10Will  07.08.2022 11:38:09  Massive spam from

I have been getting the same issues in the past 3 months. Currently I penalise email coming from outlook and reverse the score for domains that we know use them. Luckily not that many domains in our correspondence are with MS.

11Carolyn  06.09.2023 7:32:08  Massive spam from

I just received one allegedly from the hospital where I was recently a patient. The sender was using Outlook and I use Gmail. It passed Google inspection and my trusted anti virus app, but I could tell something was odd.

12Carolyn  06.09.2023 7:35:36  Massive spam from

OOPS. Another email from the source was legit.



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]