More on Hotmail and Personal AddressesUpdate 6 Oct 2005: The original of the WHOIS record quoted below names an innocent third party whose identity has been stolen by a person or persons unknown and used in a fraudulent domain registration. All personally identifiable information in this post has therefore been removed. Further brief discussion of this is here.
This post itself will stand as it records an important issue - the abuse of MSN/Hotmail Personal Addresses for fraudulent purposes.
Gentle reader - do me a favour and blog this if you can - I can't think of any other way to raise the profile of this rampant and unchecked abuse of a respected (ha!) network.
Wake up Microsoft - this will not do!
Following the reimplementation of my shiny new enhanced rules on our pristine D7 Domino Directory, I created a new rule:
When HELO contains hotmail.com AND Internet Domain does not contain hotmail.com move to Database spamtrap.nsf
This came out of a lengthy thread here the other day on the subject of Hotmail abuse. For non-Domino readers, "Internet Domain" in the context of Domino mail rules refers to the domain part of the RFC822 "From" field.
And what do we have sitting in the trap this morning?
Received: from hotmail.com ([65.54.186.68])
by my.domino.host (Lotus Domino Release 7.0)
with ESMTP id 2005090823492935-383 ;
Thu, 8 Sep 2005 23:49:29 +0100
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Thu, 8 Sep 2005 15:49:12 -0700
Message-ID: <BAY16-F189B08395A1A9A10D8D7C8FD990[at]phx.gbl>
Received: from 192.116.94.171 by by16fd.bay16.hotmail.msn.com with HTTP;
Thu, 08 Sep 2005 22:49:11 GMT
X-Originating-IP: [192.116.94.171]
X-Originating-Email: [uklottery_winners[at]uknational-lott0.com]
X-Sender: uklottery_winners[at]uknational-lott0.com
From: "U.k National Lottery Co-ordinator" <uklottery_winners[at]uknational-lott0.com>
Subject: (U.K NATIONAL LOTTERY) WINNERS NOTIFICATION!!!
Date: Thu, 08 Sep 2005 22:49:11 +0000
Mime-Version: 1.0
X-OriginalArrivalTime: 08 Sep 2005 22:49:12.0304 (UTC) FILETIME=[87FEC700:01C5B4C7]
Content-Type: text/html; format=flowedThe originating IP belongs to Gilat Satcom in Israel. The domain uknational-lott0.com (yes, that is a numeric zero, not an O) has registration details:
> whois -h whois.crsnic.net uknational-lott0.com ... Redirecting to MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE whois -h whois.melbourneit.com uknational-lott0.com ... Domain Name.......... uknational-lott0.com Creation Date........ 2005-08-19 Registration Date.... 2005-08-19 Expiry Date.......... 2006-08-19 Organisation Name.... [Removed - Probably bogus] Organisation Address. [Removed - Probably bogus] Organisation Address. Organisation Address. [Removed - Probably bogus] Organisation Address. [Removed - Probably bogus] Organisation Address. [Removed - Probably bogus] Organisation Address. [Removed - Probably bogus] Admin Name........... [Removed - Probably bogus] Admin Address........ [Removed - Probably bogus] Admin Address........ Admin Address........ [Removed - Probably bogus] Admin Address........ [Removed - Probably bogus] Admin Address........ [Removed - Probably bogus] Admin Address........ [Removed - Probably bogus] Admin Email.......... lotto_notification[at]uknational-lott0.com Admin Phone.......... +1.[Removed - Probably bogus] Admin Fax............ Tech Name............ MSN NOC Tech Address......... One Microsoft Way Tech Address......... Tech Address......... Redmond Tech Address......... 98052 Tech Address......... WA Tech Address......... UNITED STATES Tech Email........... MSN-PA-TECH[at]msn.com Tech Phone........... +1.4258828080 Tech Fax............. Name Server.......... pdomns1.msn.com Name Server.......... pdomns2.msn.com
Yes, it's a Microsoft "Personal Address" - again!
Interestingly, it appears to be possible to get one of these Personal Addresses using the services of a variety of different registrars but name servers are always pdomns1.msn.com and pdomns2.msn.com and MX is always pamx1.hotmail.com.
Oh, and Microsoft ignores the abuse complaints.
See also:
An open letter to the Hotmail abuse department
Category: Spam miscellany
Technorati: Spam miscellany
Unable to post a comment? Please read this for a possible explanation...
- 
