Why can't Hotmail tell the difference between spoof and real emails from a domain (such as blizzard.com)? I get swamped with phishing emails from "blizzard.com" so I put it on my blacklist but then I can't get legitimate emails.
Is there no information in the headers that can be used to definitively determine where the email came from?
Best Answer
SMTP is designed to allow any host relay messages originally sent by another host. For example, I could run a SMTP server for my own domain, but configure server B to accept mail whenever my server is down and forward it later to its destination.
Every hop, including the sender (whether legitimate or not), can add any header they wish; for example, a secretary can put the boss' address in
From
. And so can a spammer. It's not uncommon to see spam with spoofedReceived
orDate
headers too.SPF was created to allow a domain's owner to specify which servers are allowed to send messages claiming to be from that domain.
blizzard.com
has a SPF record, but either Hotmail does not check it at all or ignores the "reject" rule. Or the fake mail is being sent from an allowed host.Some mail servers (especially the big ones, such as Gmail or Yahoo! Mail) attach a DKIM digital signature to all outgoing messages. However, while this can prove that a message is legitimate, it does absolutely nothing to detect fake messages, because the recipient just does not know whether DKIM was disabled intentionally or not.
There exist ways to digitally sign single messages – PGP and S/MIME – but they, like DKIM, are equally useless against spam.