I've noticed that I've been getting email lately that looks like:
Return-Path: <[EMAIL PROTECTED]>
Received: from omc1-s35.bay6.hotmail.com (omc1-s35.bay6.hotmail.com
[65.54.248.237])
by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id k0REdJbh004285
for <[EMAIL PROTECTED]>; Fri, 27 Jan 2006 07:39:20 -0700
Received: from hotmail.com ([65.54.173.11]) by omc1-s35.bay6.hotmail.com with
Microsoft SMTPSVC(6.0.3790.211);
Fri, 27 Jan 2006 06:39:19 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Fri, 27 Jan 2006 06:39:18 -0800
Message-ID: <[EMAIL PROTECTED]>
Received: from 81.202.24.35 by by5fd.bay5.hotmail.msn.com with HTTP;
Fri, 27 Jan 2006 14:39:18 GMT
X-Originating-IP: [81.202.24.35]
X-Originating-Email: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
From: "azita zaden" <[EMAIL PROTECTED]>
Bcc:
Subject: congratulations!!! your e-mail has won a lottery prize.
Date: Fri, 27 Jan 2006 14:39:18 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
X-OriginalArrivalTime: 27 Jan 2006 14:39:18.0837 (UTC)
FILETIME=[745E6650:01C6234F]
and I was wondering about this.
My theory is that the Hotmail mailer receives the email, decides that it
already
has an X-Originating-IP: line, and doesn't add one.
The problem is this: when you then go to report this spammer to Hotmail by
forwarding the mail to then, their software looks at the
X-Originating-IP: address,
decides it isn't one of their networks, and sends back an automatic
reply saying:
> Unfortunately, in order to process your request, Hotmail Support
needs a valid MSN/Hotmail hosted account.
and your complaint never gets handled. The spammer then continues to spam
with impunity.
So... Couple of questions.
Anyone have a hotmail.com account that they can test my theory with?
All they
need to do is post this list from their email account with a forged
X-Originating-IP:
line in the message.
And secondly... Anyone have (1) a MdF filter to use against this? And
(2) a
set of SpamAssassin settings that they are especially happy with?
Thanks,
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang