Jump to content

Hotmail not enforcing spammers?


Wunder
 Share

Recommended Posts

For almost a year now have I on a daily basis received multiple spams originating from the hotmail servers (according to SC).

I have reported hundreds of these but they keep coming. They are all very similar, so you'd think the abuse-people at hotmail by now should have identified the spammer/spammers and taken action, but all reporting seems to be in vain.

Listed is a typical example of one of these spams (actual TO adress is not mine but I munged it anyway, if maybe some spammers read the forum...):

From - Mon Jul 07 10:01:01 2008

X-Account-Key: account2

X-UIDL: 15417

X-Mozilla-Status: 1001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:

Return-Path: <helendbycvexd[at]hotmail.com>

Received: from eu1081f.lyceu.net (eu1081m.lyceu.net [172.18.200.174])

by eu1055m.lyceu.net (Postfix) with ESMTP id BACB677CF3;

Sun, 6 Jul 2008 21:37:34 +0200 (CEST)

Received: from blu0-omc4-s22.blu0.hotmail.com (localhost.localdomain [65.55.111.161])

by eu1081f.lyceu.net (Postfix) with ESMTP id 1EC5012B772;

Sun, 6 Jul 2008 21:37:34 +0200 (CEST)

Received: from 65.55.111.161/32:31485 (from=<helendbycvexd[at]hotmail.com>;helo=blu0-omc4-s22.blu0.hotmail.com)

by eXpurgate V2.0.6.1, id=150420::080706213729-78521080-1C01C727

for <9 recipients>; Sun, 06 Jul 2008 21:37:29 +0200

Received: from BLU137-W30 ([65.55.111.135]) by blu0-omc4-s22.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

Sun, 6 Jul 2008 12:37:28 -0700

Message-ID: <BLU137-W30FC5906FAEF71F47BFB6DB6950[at]phx.gbl>

Content-Type: multipart/alternative;

boundary="_38cdac90-af99-402a-a4b9-034c3fd99f8d_"

X-Originating-IP: [82.105.73.36]

From: Helen Wilson <helendbycvexd[at]hotmail.com>

To: <XXXXXXX[at]home.se>

Subject: Men Health Pharmacy. Visa and Mastercard

Date: Sun, 6 Jul 2008 19:37:28 +0000

Importance: High

MIME-Version: 1.0

X-OriginalArrivalTime: 06 Jul 2008 19:37:28.0791 (UTC) FILETIME=[b9ABFE70:01C8DF9F]

X-purgate: This mail is considered clean

X-purgate: clean

X-purgate-type: clean

X-purgate-Ad: Checked for spam by eleven - eXpurgate www.eXpurgate.net

X-purgate-ID: 150420::080706213729-78521080-1C01C727/0-0/0-1

X-purgate-size: 1391/118

--_38cdac90-af99-402a-a4b9-034c3fd99f8d_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

=0A=

...

E=

--_38cdac90-af99-402a-a4b9-034c3fd99f8d_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

<html>

...

</html>=

--_38cdac90-af99-402a-a4b9-034c3fd99f8d_--

Moderator edit: Removed body of spam

Link to comment
Share on other sites

For almost a year now have I on a daily basis received multiple spams originating from the hotmail servers (according to SC).

I have reported hundreds of these but they keep coming. They are all very similar, so you'd think the abuse-people at hotmail by now should have identified the spammer/spammers and taken action, but all reporting seems to be in vain.

Listed is a typical example of one of these spams (actual TO adress is not mine but I munged it anyway, if maybe some spammers read the forum...):

For a number of years now, it has been posted, suggested, asked, advised, hinted, stated, etc. that this kind of post/query would provide a Tracking URL, rather then the problematic attempt at posting yet another frigging spam e-mail that everyone sees too many of in their own Inboxes, yet every time this comes up and the multiple references to the various How to ask a question .. links and entries get pointed out, some people get all excited about the wrong thing.

Me, at present, am wondering just how much of your post I should end up deleting .. are you actually just trying to sneak in a bump-up on the seach engine results of the spamvertised URL????? You mention only one item being munged, yet there would appear to be several items changed within the alleged header provided in your 'sample' ..... Therefore the question must be asked .. just how much of your sample is actually a valid representation of your alleged spam, how much has actually been altered, why should your alleged results be believed, etc.????

Later edit: it appears one of the Moderators had some of the same reaction and had deleted the definitely un-needed body of the sample spam while I was typing the above .. a thanks offered to that Moderator.

Link to comment
Share on other sites

Later edit: it appears one of the Moderators had some of the same reaction and had already deleted the definitely un-needed body of the sample spam while I was typing the above .. a thanks offered to that Moderator.

After my edit, was working on a post only to see you working away on one, so figured we would be duplicating effort.

Link to comment
Share on other sites

For a number of years now, it has been posted, suggested, asked, advised, hinted, stated, etc. that this kind of post/query would provide a Tracking URL, rather then the problematic attempt at posting yet another frigging spam e-mail that everyone sees too many of in their own Inboxes, yet every time this comes up and the multiple references to the various How to ask a question .. links and entries get pointed out, some people get all excited about the wrong thing.
Sorry about it. I know how frustrating it is when newbies don't bother reading stickys, how-tos or doing a search before posting a question which has probably already been answered 40 million times before.

That is why I've spent several months effortlessly reporting this spammer, hoping to avoid posting here in the first place, but as Hotmail does not seem to do anything about it I felt that I wanted to know if maybe there is some other way to handle this.

So, I went through the stickys and the how-tos and the searches and the blablas and everything else, but nowhere did I find any reference to what to do in case the originating ISP/network does not take action... That is the reason I started this thread.

Me, at present, am wondering just how much of your post I should end up deleting .. are you actually just trying to sneak in a bump-up on the seach engine results of the spamvertised URL?????
No, I felt that an example of the spam would make it easier for a reader to learn what it was about.
You mention only one item being munged, yet there would appear to be several items changed within the alleged header provided in your 'sample' ..... Therefore the question must be asked .. just how much of your sample is actually a valid representation of your alleged spam, how much has actually been altered, why should your alleged results be believed, etc.????
Only the TO adress has been munged by me. The rest is as the spam appears viewing "Message Source" in Thunderbird.

So is there any other way to describe the problem?

Should I paste a copy of a Spamcop page with the processed spam?

Anyway, here is a tracking URL:

http://www.spamcop.net/sc?id=z2051374060ze...9546ae1ce3e534z

It is not from the same spam as in my first post, but from the same spammer.

Link to comment
Share on other sites

This sample is a bit more "normal" in that many (~10) reports have been filed today. The other IP only had 1 report per day for each of the 90 days it had a report.

SpamCop has no way to force an ISP to take any action. You may want to try sending a manual report to: abuse[at]hotmail.com. Sometimes manual reports hold more water than automated ones.

What actions are YOU using to limit the numbers of spam you receive? Does your server use any of the blocklists available? Do you run your own server?

Link to comment
Share on other sites

I am not sure I completely understand about how hotmail is reported, but I think that it is the IP address that is listed as sending to the hotmail server, not the actual hotmail servers. For server admins, that keeps the spam out without blocking any legitimate email from hotmail accounts. Gmail had all kinds of problems (maybe still do) because they wouldn't reveal the IP address that was using the gmail account.

As a hotmail user, I know they are diligent about excessive numbers of email sent. I suppose that, like rotating websites, spammers can just sign up for multiple hotmail accounts keeping under the radar for numbers of spam sent and who cares if hotmail does zap an account? Just keep signing up. For the really lucrative phishing and 419 type scams, it is worth it to spend the time signing up, sending a few email at a time, moving on to another email address.

Both Wazoo and I can testify that if hotmail gets a whiff of spam, they will cancel accounts even when there is no solid reason. Wazoo never got his account back; I managed to get them to admit they had made a mistake.

The spam wars are always ebbing and flowing as spammers find a new trick and then the server admins find ways to block them. hotmail will find a way to stop them - which will make email delivery more problematic for the rest of us of hotmail users and eventually for users of other email services.

There is nothing to do when the ISP/abuse desk doesn't take action except block that IP address. Many server admins, in my experience, don't particularly care who blocks what as long as their mail servers are clean and not blocked. They don't make any attempt to stop spam from any IP address that is not a mail server and their argument is that they prevent spam with the use of blocklists so why doesn't everyone else?

passive-aggressive just doesn't work on the internet; assertive and non-controlling attitudes pay off.

Miss Betsy

Link to comment
Share on other sites

...There is nothing to do when the ISP/abuse desk doesn't take action except block that IP address. Many server admins, in my experience, don't particularly care who blocks what as long as their mail servers are clean and not blocked. They don't make any attempt to stop spam from any IP address that is not a mail server and their argument is that they prevent spam with the use of blocklists so why doesn't everyone else?...
What an unkind soul might characterize as "sweeping it under the carpet." Well, that *sort of* works. Until the carpet meets the ceiling.
Link to comment
Share on other sites

Except in both of these, the source appears to be internal on the hotmail network...or they have changed their header formats

A number of hours ago, before I had to leave the house, this is where I was at. The sample headers provided thus far by the Topic starter really look nothing like the headers I can generate via test e-mails generated at that time. However, I'm using U.S. HotMail servers and I'm guessing that Wunder/spammer is using Euro HotMail servers. For more 'confusion' in the samples provided, I've not seen this "eXpurgate" stuff before, so am also not able to determine just how much the headers have been manipulated by this alleged tool.

For example, just who/what/where did the "for <9 recipients>;" get inserted? There aren't 9 recipients showing in the To: line, there is no CC: line, not really sure how a BCC: data content would be translated into this header string.

The parser 'ignores' several header lines, I'm not all that impressed by some of the other lines, some of the handoffs seem a bit 'forced .... but again, there may be a difference with the Euro servers, or the "eXpurgate" thing may realy be whacking some of the header data.

So, I went through the stickys and the how-tos and the searches and the blablas and everything else, but nowhere did I find any reference to what to do in case the originating ISP/network does not take action... That is the reason I started this thread.

And there is where I started out on the whole wrong track. You chose to start this Topic in the Forum Section titled and defined as; SpamCop Reporting Help

A forum to help users with reporting spam using the SpamCop Parsing and Reporting Service. Questions about the SpamCop Email System and/or Accounts should be directed to the SpamCop Email System & Accounts Forum. Questions about "your e-mail Blocked by SpamCop" should be directed to the SpamCop Blocklist Help Forum. Etc. etc., etc.

I initially was looking for a "problem with Reporting" ... that's where I had issues with the sample data provided .... Technically, this Topic isn't about a Reporting problem at all, it's a complaint about an ISP/Host that doesn't seem to get excited aboutr receiving Reports. With this post, this Topic is being moved to the Lounge area.

Link to comment
Share on other sites

I've noticed when I report spam manually to Hotmail that microsoft has made it more difficult to report spam. You can't use "abuse[at]hotmail.com" you have to use report_spam[at]hotmail.com, this address then forwards to another address at microsoft.com, and this address often bounces.

spam market places like Getafreelancer have tons of ads for people selling 100k's of hacked hotmail accts.

Link to comment
Share on other sites

Sorry about it. I know how frustrating it is when newbies don't bother reading stickys, how-tos or doing a search before posting a question which has probably already been answered 40 million times before.

<snip>

...Thank you for your understanding response, in contrast to the many angry responses that such replies from Wazoo often generate! :) <g>
So, I went through the stickys and the how-tos and the searches and the blablas and everything else, but nowhere did I find any reference to what to do in case the originating ISP/network does not take action... That is the reason I started this thread.
...And starting this thread was not the subject of Wazoo's objection; rather, it was that you failed to notice the request that one not post spam examples but, instead, post the tracking URL....
Anyway, here is a tracking URL:

<snip>

...Which lesson you clearly did learn on your second pass -- thank you! :) <g>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...