[Mimedefang] Issues with hotmail.com
Philip Prindeville
philipp_subx at redfish-solutions.com
Fri Jan 27 20:27:18 EST 2006
I've noticed that I've been getting email lately that looks like:
Return-Path: <eurowinerloto2006 at msn.com>
Received: from omc1-s35.bay6.hotmail.com (omc1-s35.bay6.hotmail.com [65.54.248.237])
by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id k0REdJbh004285
for <philipp at redfish-solutions.com>; Fri, 27 Jan 2006 07:39:20 -0700
Received: from hotmail.com ([65.54.173.11]) by omc1-s35.bay6.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
Fri, 27 Jan 2006 06:39:19 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Fri, 27 Jan 2006 06:39:18 -0800
Message-ID: <BAY5-F117EE07C8A40CACEE12114B3140 at phx.gbl>
Received: from 81.202.24.35 by by5fd.bay5.hotmail.msn.com with HTTP;
Fri, 27 Jan 2006 14:39:18 GMT
X-Originating-IP: [81.202.24.35]
X-Originating-Email: [eurowinerloto2006 at msn.com]
X-Sender: eurowinerloto2006 at msn.com
From: "azita zaden" <eurowinerloto2006 at msn.com>
Bcc:
Subject: congratulations!!! your e-mail has won a lottery prize.
Date: Fri, 27 Jan 2006 14:39:18 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
X-OriginalArrivalTime: 27 Jan 2006 14:39:18.0837 (UTC) FILETIME=[745E6650:01C6234F]
and I was wondering about this.
My theory is that the Hotmail mailer receives the email, decides that it
already
has an X-Originating-IP: line, and doesn't add one.
The problem is this: when you then go to report this spammer to Hotmail by
forwarding the mail to then, their software looks at the
X-Originating-IP: address,
decides it isn't one of their networks, and sends back an automatic
reply saying:
> Unfortunately, in order to process your request, Hotmail Support
needs a valid MSN/Hotmail hosted account.
and your complaint never gets handled. The spammer then continues to spam
with impunity.
So... Couple of questions.
Anyone have a hotmail.com account that they can test my theory with?
All they
need to do is post this list from their email account with a forged
X-Originating-IP:
line in the message.
And secondly... Anyone have (1) a MdF filter to use against this? And
(2) a
set of SpamAssassin settings that they are especially happy with?
Thanks,
-Philip
More information about the MIMEDefang
mailing list