Spammers are exploiting a little known vulnerability in Microsoft's Hotmail service to send more junk mail automatically.

According to an advisory posted last weekend by Chip Rosenthal, of US systems developer Unicom, spammers have cracked the Distributed Authoring and Versioning (WebDav) interface which is used to send email to the Hotmail servers.

Although Rosenthal concedes that the small amount of spam coming through with a Dav message header suggests that only a few spammers have exploited the vulnerability, he believes that it is only a matter of time before others catch on.

"Hotmail has always been a problematic spam source," he said. "The saving grace has been that the spam had to be transmitted manually through a web form, so the send rate was limited by how fast the spammer could cut and paste."

But with the WebDav interface, spammers can script a junk mail run automatically and increase the amount of spam they can send out.

"Microsoft is allowing anybody to relay email - with forged headers, no less! - through the Hotmail servers," said Rosenthal.

The software giant has taken steps since evidence of the WebDav flaw first appeared in March.

It has limited the number of email addresses a user can target to 100 in any 24-hour period, and has upgraded Hotmail with extra anti-spam tools.

But Rosenthal warned that as more spammers learn of the vulnerability the deluge of spam will increase.

Microsoft was contacted but unable to comment.