We’re seeing a huge recurrence of spam thats been getting through our spam filters., all coming from @live.com addresses.
\nI hadn’t seen any personally until one of our clients brought up the fact that she was receiving 20-30 sex related spam a day, all coming from Random name @live.com addresses.<\/p>\n
A check of the logs showed that we’ve received at least 100,000 of these spam mails over the last month that have gotten through to our users.
\nThis is something I’d obviously like to remedy.\u00a0 Not receiving, processing, or storing that much spam free’s up the servers for other things.<\/p>\n
As the number of valid addresses using @live.com accounts appears to be minimal (I could only see a handful of legitimate users sending from that domain), I have taken the decision to block any email from the @live.com domain until Microsoft can resolve their spam issues.<\/p>\n
If you do have clients using @live.com addresses, you will be able to send email to them, but not receive from them.
\nWe apologize for the inconvenience, but unfortunately there is no other solution that easily mitigates the issue, other than completely blocking them.<\/p>\n
For a more technical explanation of whats happening, read below:
\n
\nThis is a header from a sample spam email from a live.com address.
\nAs you can see below, the header shows that it passes an SPF check – meaning that the sending email server was verified to be a microsoft one.
\nThat means that the sender also passes our greylist and SPF checks, as Hotmail is a valid sender (for most of the time!).<\/p>\n
Return-Path: <lourdesuxanbirr1980@live.com>
\nDelivered-To: XXXX
\nReceived: (qmail 3070 invoked from network); 20 Apr 2009 11:53:37 +0800
\nDomainKey-Status: no signature
\nReceived: from blu0-omc2-s16.blu0.hotmail.com (65.55.111.91)
\nby mail.computersolutions.cn with SMTP; 20 Apr 2009 11:53:37 +0800
\nReceived-SPF: pass (mail.computersolutions.cn: SPF record at spf-a.hotmail.com designates 65.55.111.91 as permitted sender)
\nReceived: from BLU128-W5 ([65.55.111.72]) by blu0-omc2-s16.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
\nSun, 19 Apr 2009 20:54:11 -0700
\nMessage-ID: <BLU128-W51B2E2DECCF46C5980E74DC760@phx.gbl>
\nReturn-Path: lourdesuxanbirr1980@live.com
\nX-Originating-IP: [201.150.66.6]
\nFrom: Lourdes Browne <Lourdesuxanbirr1980@live.com>
\nSender: <lourdesuxanbirr1980@live.com>
\nTo: XXXXX
\nSubject: Hi! This is Muriel. Young girls in action with animals.
\nDate: Mon, 20 Apr 2009 03:54:11 +0000
\nImportance: Normal
\nContent-Type: text\/plain; charset=”iso-8859-1″
\nContent-Transfer-Encoding: quoted-printable
\nMIME-Version: 1.0
\nX-OriginalArrivalTime: 20 Apr 2009 03:54:11.0766 (UTC) FILETIME=[AA2F5560:01C9C16B]<\/p><\/blockquote>\nAs the sender is a legitimate hotmail \/ live account “lourdesuxanbirr1980@live.com” (albeit a garbage generated name), its probable that the sender is generated from a script.<\/p>\n
A check on google reveals that the live.com captcha system has been cracked, and is being abused by botnets to send spam.<\/p>\n