[Mimedefang] Issues with hotmail.com

Fri, 27 Jan 2006 17:37:45 -0800 

I've noticed that I've been getting email lately that looks like:

Return-Path: <[EMAIL PROTECTED]>

Received: from omc1-s35.bay6.hotmail.com (omc1-s35.bay6.hotmail.com 
[65.54.248.237])

   by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id k0REdJbh004285

   for <[EMAIL PROTECTED]>; Fri, 27 Jan 2006 07:39:20 -0700

Received: from hotmail.com ([65.54.173.11]) by omc1-s35.bay6.hotmail.com with 
Microsoft SMTPSVC(6.0.3790.211);

    Fri, 27 Jan 2006 06:39:19 -0800

Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;

    Fri, 27 Jan 2006 06:39:18 -0800

Message-ID: <[EMAIL PROTECTED]>

Received: from 81.202.24.35 by by5fd.bay5.hotmail.msn.com with HTTP;

   Fri, 27 Jan 2006 14:39:18 GMT

X-Originating-IP: [81.202.24.35]

X-Originating-Email: [EMAIL PROTECTED]

X-Sender: [EMAIL PROTECTED]

From: "azita zaden" <[EMAIL PROTECTED]>

Bcc:

Subject: congratulations!!! your e-mail has won a lottery prize.

Date: Fri, 27 Jan 2006 14:39:18 +0000

Mime-Version: 1.0

Content-Type: text/plain; charset=iso-8859-1; format=flowed

X-OriginalArrivalTime: 27 Jan 2006 14:39:18.0837 (UTC) 
FILETIME=[745E6650:01C6234F]



and I was wondering about this.
My theory is that the Hotmail mailer receives the email, decides that it already 
has an X-Originating-IP: line, and doesn't add one.

The problem is this:  when you then go to report this spammer to Hotmail by
forwarding the mail to then, their software looks at the X-Originating-IP: address, decides it isn't one of their networks, and sends back an automatic reply saying:
> Unfortunately, in order to process your request, Hotmail Support needs a valid MSN/Hotmail hosted account. 

and your complaint never gets handled.  The spammer then continues to spam
with impunity.

So...  Couple of questions.
Anyone have a hotmail.com account that they can test my theory with? All they need to do is post this list from their email account with a forged X-Originating-IP: 
line in the message.
And secondly... Anyone have (1) a MdF filter to use against this? And (2) a 
set of SpamAssassin settings that they are especially happy with?

Thanks,

-Philip

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to