[Mimedefang] Issues with hotmail.com

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Jan 27 20:27:18 EST 2006 

I've noticed that I've been getting email lately that looks like:

Return-Path: <eurowinerloto2006 at msn.com>

Received: from omc1-s35.bay6.hotmail.com (omc1-s35.bay6.hotmail.com [65.54.248.237])

    by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id k0REdJbh004285

    for <philipp at redfish-solutions.com>; Fri, 27 Jan 2006 07:39:20 -0700

Received: from hotmail.com ([65.54.173.11]) by omc1-s35.bay6.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);

     Fri, 27 Jan 2006 06:39:19 -0800

Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;

     Fri, 27 Jan 2006 06:39:18 -0800

Message-ID: <BAY5-F117EE07C8A40CACEE12114B3140 at phx.gbl>

Received: from 81.202.24.35 by by5fd.bay5.hotmail.msn.com with HTTP;

    Fri, 27 Jan 2006 14:39:18 GMT

X-Originating-IP: [81.202.24.35]

X-Originating-Email: [eurowinerloto2006 at msn.com]

X-Sender: eurowinerloto2006 at msn.com

From: "azita zaden" <eurowinerloto2006 at msn.com>

Bcc:

Subject: congratulations!!! your e-mail has won a lottery prize.

Date: Fri, 27 Jan 2006 14:39:18 +0000

Mime-Version: 1.0

Content-Type: text/plain; charset=iso-8859-1; format=flowed

X-OriginalArrivalTime: 27 Jan 2006 14:39:18.0837 (UTC) FILETIME=[745E6650:01C6234F]



and I was wondering about this.

My theory is that the Hotmail mailer receives the email, decides that it 
already
has an X-Originating-IP: line, and doesn't add one.

The problem is this:  when you then go to report this spammer to Hotmail by
forwarding the mail to then, their software looks at the 
X-Originating-IP: address,
decides it isn't one of their networks, and sends back an automatic 
reply saying:

 > Unfortunately, in order to process your request, Hotmail Support 
needs a valid MSN/Hotmail hosted account.

and your complaint never gets handled.  The spammer then continues to spam
with impunity.

So...  Couple of questions.

Anyone have a hotmail.com account that they can test my theory with?  
All they
need to do is post this list from their email account with a forged 
X-Originating-IP:
line in the message.

And secondly...  Anyone have (1) a MdF filter to use against this?  And 
(2) a
set of SpamAssassin settings that they are especially happy with?

Thanks,

-Philip

More information about the MIMEDefang mailing list