So, unlike most people, I receive very little spam. I am careful about where my email address is listed, and therefore receive virtually no spam. However, I received a spam email today. Let's talk about it. See comments in red.
Return-Path: <email@example.com> Tall tell sign that this is spam. A hotmail account is a perfect way to mask your true identity, and therefore counts negatively towards the spam score.
Received: (qmail 24192 invoked by uid 78); 24 Apr 2006 09:45:32 -0000
Received: from unknown (HELO ns-mr11.netsolmail.com) (220.127.116.11) by 10.49.37.11 with SMTP; 24 Apr 2006 09:45:32 -0000
Received: from hotmail.com (bay23-f10.bay23.hotmail.com [18.104.22.168]) by ns-mr11.netsolmail.com (8.13.6/8.13.6) with ESMTP id k3O9jWLk008495 for <--------->; Mon, 24 Apr 2006 05:45:32 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 24 Apr 2006 02:45:00 -0700Message-ID: <BAY23-F104315454E70A409B46FB9B0BE0@phx.gbl>
Received: from 22.214.171.124 by by23fd.bay23.hotmail.msn.com with HTTP; Mon, 24 Apr 2006 09:44:48 GMT But wait, could it be? Is this a hotmail server?
From: "willico willi" <firstname.lastname@example.org>
Subject: urgent plea for assistance It sounds urgent! Most people don't urgently plea, but we'll let that slide.
Date: Mon, 24 Apr 2006 09:44:48 +0000
Mime-Version: 1.0Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 24 Apr 2006 09:45:00.0737 (UTC) FILETIME=[C1426B10:01C66783]
... This is starting to look like every other piece of Nigerian spam I've received.
Well, without investigating further about whether hotmail pick ups you ip address when sending out email from their network, I can't comment about whether the email went through hotmail's servers, or whether the email was sent by forging headers.
The IP address 126.96.36.199 does not appear to be a hotmail IP, so if hotmail doesn't pickup the sender's ip address, then this definetly forged.
However, if hotmail does pickup the ip address of the sender, then the sender could be some guy in South Africa sending out email through hotmail.
Regardless of what happens, this emphasizes the importance of having the technology in place to detect these guys before this spam gets into the inbox. Also, reactive technology that can detect this crap and then delete all of the previously sent out email from this spammer would be helpful. Something that I think is great about the new landsapce of email is that emails do not need to be detected as spam right away. It's hard to determine if some emails are spam immediately, so taking some reactive measures after the spammer has been identified would mitigate this problem.
Of course, some email programs are real-time, and therefore making reactive decisions will not work, but ISPs where the email is stored at the same location as the anti-spam software(i.e. Aol, Hotmail, Yahoo, Gmail, etc), this will eventually be possible. This could help in the fight against spam, and only server-side email hosting solutions will be able to provide this service (unless an email add-on is created for outlook/etc).
This is probably a very arduous request however because of the sheer volume of email that large email servers receive. I think there is a middle ground somewhere. We'll just have to think, as an anti-spam community, about where that middle ground lies technologically. Maybe alternative approaches would be effective? I'd be interested to hear anyone's comments on this important issue.