You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2007/01/01 13:43:55 UTC

FP on FORGED_HOTMAIL_RCVD2 Email from hotmail ABUSE forged helo?

You would think a company like Microsoft who want to help stop spam (by
2003) would at least follow some of the RFC's they require hotmail to
use.

Like, at least NOT FORGING their FQDN for HELO.  
(and, is FORGED_HOTMAIL_RCVD2 obsolete by now?

Yes, this is an email I received, an auto'goaway' from an email sent to
abuse@hotmail.com

It DID come from hotmail, so why is it 'forged_hotmail_rcvd'?


Microsoft Mail Internet Headers Version 2.0
	FORGED_HOTMAIL_RCVD2=1.162, FORGED_RCVD_HELO=0.135, L_P0F_W=1.1,
	SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.997]
X-Amavis-OS-Fingerprint: Windows 2000 SP4, XP SP1+ (firewall!),
(distance 15,
	link: ethernet/modem), [65.54.241.50]
Received: from BAY0-XMR-007.phx.gbl (bay0-xmr-007.hotmail.com
[65.54.241.50])
	by 0.mail.spammertrap.net (Postfix) with ESMTP id 61D9A17017
	for <sc...@secnap.net>; Mon,  1 Jan 2007 07:36:54 -0500
(EST)
Received: from mail pickup service by BAY0-XMR-007.phx.gbl with
Microsoft SMTPSVC;
	 Mon, 1 Jan 2007 04:37:29 -0800
To: scheidell@secnap.net
From: MSN Hotmail <ab...@hotmail.com>
Subject: [SPAM]FW: [SPAM]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-transfer-encoding: 8bit
References: <B3...@secnap2.secnap.com>
Message-ID: <BA...@BAY0-XMR-007.phx.gbl>
X-OriginalArrivalTime: 01 Jan 2007 12:37:29.0677 (UTC)
FILETIME=[99CE57D0:01C72DA1]
Date: 1 Jan 2007 04:37:29 -0800



-- 
Michael Scheidell, CTO
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts:
http://www.secnap.com/news