I wrote this procmail recipe following an email exchange with a very helpful Hotmail employee; unfortunately I forget his name. Apparently, all "real" Hotmail email has an "X-Originating-IP:" header line attached to it. But almost all of the spammers forging Hotmail email don't add this line! So just add this to your .procmailrc:

# Legitimate Hotmail mail always includes an X-Originating-IP: line in the 
# header; filter on it to kill million$ of $ex $pam$! 
:0 H: 
* ^(From|X-From-Line|Return-Path):.*hotmail\.com 
* !^X-Originating-IP: 

Log in or register to write something here or to contact authors.