I guess the informal 411 on these types of spam is just that - Spam has many shapes and sizes. It used to come in a blue can and confuse us, cook it? eat it? open the can then eat it? what to do...
Well conventional spam has taken a turn for the worse. While still utterly useless and confusional, it now comes from various manufacturers. Many of them are not legit senders, and send from either spoofed emails off of their own mail servers, hacked mail servers, or typically using open mail relays.
My experience with them is that they have an automated scanning 'robot' or set of scripts that attempt to permeate a certain range of host IP's (computers with IP addressses, preferably servers is what they are looking for) and probe for open ports that will support their remailing needs. From there they establish if they can send junk to this server and what does it do? if it doesen't kick it back or refuse their message - then they assume its delivery-capable and forwarding their messages.
Since it has no requirement with who can connect to it, it is considered 'open' and when its open - it's like that chick you took to the prom that passed out in the limo on the way home from the beach at 4am and you'e still wasted..ok bad analogy/disregard. Anyways, if its open to unrestricted source address and will accept anyones email - then that means hayday for the spammers. They typically take a list of valid emails as their 'from' and then blast their spam messages at the server with these 'from' addresses. I'll go into how they get these email addresses later, but if you have someone you know that cc's Forwards to their address book at a time, you can start by thanking them.
Anyways - so blam, the compromised server gets this shitload of messages with fake 'from' addys, and zillions of contrived/assumed valid 'to' addresss. Most of the time it is just a dictionary of names/usernames/whatever with @gazillionsofregistereddomains.com attached.
The whore server thinks their valid messages since whoever set it up is a lackey, and bang = you've got spam.
You get even more spam when you click on that link that says 'unsubscribe me' too. Best bet for this kind of cheese is mailwasher (www.firetrust.com
). Conq. showed me this about ?4? years ago and I've been a devout user (when applicable) since. It doesen't kill everything - but it gets smart after awhile.
This is just one way it happens, there are a few others, and of course variants of all that cross-pollinate with the others, its really a mess - which is why no one wanted to answer you
So to answer your question - you can't 'block sender' because in some cases - they will enter no valid 'from' address (like [email protected]
or something bizarre, that Oexp just doesen't recognize) just a TO...if the mail relay allows it - and off it goes. So when there isn't a valid 'from' in the header, MS can't interpret it.