Slashdot Mirror
80% Of Incoming E-mail At Hotmail Is Spam
The Llama King writes: "According to this AP story at The Houston Chronicle, 80 percent of the e-mail that makes its way into Hotmail's user inboxes is spam. And that does not include the UCE caught by Hotmail's filters. This is the first of a three-part series the Associated Press is doing on spam."
Most people use their Hotmail account to sign up for newsletters, do posts to news servers, give it out to people they only just met 2 minutes ago..
Of course most of it is spam. That's not Hotmail's fault.
Most spam is the result of an account owner's own actions (direct and indirect).
Other spam is just broad coverage, i.e. people sending to aaaaa1@hot/mail.com aaaaa2@hot/mail.com aaaaa1hot/mail.com and so forth.
I hardly have any spam on Hotmail, the spam I do get I mostly get from auto-forwarded e-mails to an address I had 2 years ago.
Only 80%? Much lower than I suspected. There was one day I recieved 1075 spams from the same source. I kept a screen-grab as proof. ~grumble-bloody-grumble-hotmail-mutter-complain~ G
"Proudly Posting Without Reading The Article"
Because we are superior linux userz who never touch a hotmail account, due to its association with the evil empire. This is just another M$ marketing ploy. Did you Bill Gates name backwards spells 666?
Judging from my inbox it seems that 80% of outgoing email at hotmail is spam.
Where's that mentioned in the article?
------
Cost effective attractiveness
Still, there is promised security of the MS passport system etc. In this case it looks like more like a spam enhancement system. since this is supposed to be something to verify your login across the net. This means that most email addresses there have been preverified by MS as being valid.
a gift to spammers everywhere.
"It is a greater offense to steal men's labor, than their clothes"
water is wet...
linux is more stable than Windows...
France surrenders...
Not only that. Since Hotmail implemented one-click filtering, spammers have been using to: and cc: instead of bcc: so the commercial messages you have requested get throught into your mailbox. Annoying as hell. One reason I went over to Yahoo. Later I changed to spamcop, since yahoo aka large-intrusive-popup-ad-parlour sucks :-)
No, spam does not have to work because there's so much of it. What does work is selling harvested email addresses to assholes.
I quite like getting Cindy's email.
Makes me feel good.
It's pretty much the most interesting thing that happens in my day.
hmmm.. I think I need a new job.
~the keyboard is mightier than the pen.
Finally, a well-written article that highlights the downside of spam.
...)
Yeah, we all know that email is a "powerful new marketing tool", but few have written about how much negative impact it has to the economy and our everyday lives.
I have an email address that I've never given out, and 90% of the messages I receive are spam. The email address on this posting ONLY receives spam... mostly in some funky character set that I can't bother to being to read. This address gets about 40 a day (and likely more after this posting).
So, industry self-regulation? Well that doesn't seem to work - and it didn't work with Enron (or WoldCom or Andersen or
So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.
They passed laws to control the misuse of FAX machines... and although not perfect, they do help. Then again, how many people do you know that have a fax machine at home? Betcha most people have unplugged theirs due to FAX Spam.
to anybody that has a hotmail account? My account has been unusable for the last three years or so du to the huge volume of spam.
And its not always due to the actions of the account "owner", you must have forgotten about Outlook Express giving out your email address to any websie that asks for it. That hole was open for what, like a year, before it was patched.
Time is an illusion. Lunchtime doubly so. ~ Douglas Adams
I conducted a test about a month ago: I opened a hotmail account, disabling all the ads in the options and never used or gave that address to anyone. Two weeks later, the inbox was flooded with over 70 spam e-mails...
They should rename the service "junkmail"...
Cheers,
max
That 100% of email outgoing from Hotmail is SPAM.
Considering Micro$oft sells your address with nanoseconds of signing up, who is surprised? There are numerous mentions of this in previous comments to /. stories involving Hotmail. The most telling of these are the ones that claim the address was never given out, and still had SPAM within minutes.
A window with Hotmail open and indeed nothing but junk-mail.
Another window open with Slashdot and this article.
The funny thing about it is that normally those two windows side by side look like a total mis-match. They do so now but the actual content is uncomfortably the same...
---
Karma? What's that again?
One thing I always wondered is why providers of free web-based email accounts haven't started mining their users' inboxes/outboxes for more addresses.
For instance, I've got a nice spam-free email account w/ my ISP, but all my friends have accounts with shady-web-based-email-company.com. If I send them (or if they send me) messages, is my pristine address now at risk because it's now in their in/out boxes? Technically, this type of collection would seem trivial to implement.
I'm not sure if the big guys (Hotmail, Yahoo) sell even their registered addresses (I could be wrong), but does anyone have a report of a web-based email service engaging in this kind of practice?
This article itself is pure spam . . It contains information we allready knew about, and it contains a commercial for Associated Press. If slashdot had a block article button, I would have pressed it.
All these things are pretty standard these days, but webmail providers (not just hotmail) don't actually seem to bother. Remember, the more times you check your inbox, the more ads they have viewed.
I set up a Hotmail account on Sep 10, 2001. I needed to get a couple small files for a job, and since I had a cable modem I didn't have any internet access unless I was home. (Dial-up is so much more convenient in that regard...) Until that point, it was a small point of pride that I had not succumbed to Passport and all its' evil empire connotations. (So much for that...)
We soon realized there were more than a couple small files missing, so they FedEx'd a CD from Massachusetts to South Carolina. While I waited for the truck, I was reading /. -- and learned right here of the terrorist attacks. I ended up staring at CNN for an hour before the package came and I went to work.
Not a very auspicious start...
That hotmail account was spam-free for a month or so... I never used it other than to give the address to one person. I know for an absolute fact she didn't give it out or sell it or whatnot.
Let's see now... I haven't checked it in 2 days, so I wonder how much crap is in there?
- 73 Messages -- all spam, of course
- 362 KB
I don't know why I don't just let the account expire... morbid curiosity, perhaps?"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
And we all know that. Technical solutions will curb spam. Solutions for users and consumers like Brightmail ans spamcop are steps in the right direction.
Now if only all the mail server admins (corporate and private) of the world get their collective brains together and start blocking all the spame using any combination and permutation of RBL possible, spam might not make it into our mailboxes.
SPEWS blocks ISPs. I like that. I don't receive crap from certain domains anymore since using SPEWS. I also don't accept mail from hotmai, yahoo, lycos, and many other free web-based email services except from whitelisted users.
At work I get about 15-20 spam emails daily from an old work email address when the company changed named two years ago. If only the HMFIC of email would block off that domain i'd receive none. Laws won't help in this case because the email server is located in another country. Only a technical solution.
I'm so sick of spam I run my own mail servers and filter the crap out of all mail. I receive on average 1 spam per week in my inbox. All the rest gets rejected or filtered into a spam filter that i oly perue occasionally, but I don't see it in my inbox.
Keep going SPEWS - it's a great system.
That number seems a little low...I have somewhere in the range of 50 to 75 emails come in per day to my hotmail account, and it's all spam.
Probably because I use my hotmail account for anything that appears on the web, and never my real email address.
I guess if you include the number of people who actually use a hotmail account for their real email, that number still sounds about right.
Jeremy Baumgartner
maybe thats why i abandoned MicroSnot Windoze and M$N SnotMail years ago...
Gravital.net email - Web+SSL/IMAP+SSL/POP3 25MB Quota, Only $3/month
Bill,
Scott and Larry said you would like to know about this.
Are you tired of churning Hotmail accounts due to spam? Have you ever found yourself wondering if others have inside tips that are holding your back?
Wonder no more. I have the answer. Move Hotmail to Debian Linux, type 'apt-get install spamassassin razor' and your problems will be solved.
Send your credit card details now to pay for my $0.02 worth.
Patrick
1000s Warcraft Gold while you sleep
Should you expect any less spam in the United States of Advertising?
Granted, a lot of spam gets through on guesswork (such as every common permutation of John Smith @ hotmail.com) but you have to wonder if something odd is going within the company when (as a test) you register ibtgsrq at hotmail dot com and within two weeks it starts receiving the usual fake degrees, penis enlargment and general porn stuff.
subnote: ibtgsrq stands for I Bet This Gets Spam Real Quick - and it did.
Avantslash - View Slashdot cleanly on your mobile phone.
Recently, I ran a script against the mail server logs, testing what email addresses receive how much mail. And I was quite surprised to find a large number of hits for mailboxes that don't exist. For example: ... ...
8 - diane@domain.com
2 - diane1@domain.com
2 - diane2@domain.com
2 - diane3@domain.com
2 - diane4@domain.com
2 - diane5@domain.com
And also, such classics as jsmith@domain.com (and all numbers attached.)
Obviously, they can't afford to do this all of the time, but do it once, and use web bugs to track who opens the message, and boom. Instant verified email addresses.
One of the better articles I've seen on how to stop spam covers Social and technical measures (Google cache), by Richard Jones - using Google because that site isn't reachable right now. It doesn't have all the answers, but has some very good ideas. Most importantly, they can be implemented by ISPs without legislation, important though that is in the medium term.
I think a combination of strong filtering, strong terms of service (e.g. take credit card numbers of those who sign up for email service, and have an automatic and substantial fine for abuse), and legislation could really help. Spammers moving offshore actually makes filtering easier, for those people who don't do a lot of business with China at any rate...
One key point is that spam-filtering should be controllable by the individual, to allow people to make sure they receive email that might look like spam (e.g. most commercial newsletters) and server-based so that nobody needs to download spam over slow dialup or mobile wireless connections. SpamAssassin is the best tool I've found so far.
.. that slashdot sells your email accounts
80% Of Outgoing E-mail at Hotmail is Spam!
thanks for your valuable insight..... may I call you Casper the racist Whitey ?
- HeXa
Since I have a mail server set up for my vanity domain, I switched for a while to giving out unique mail userbnames to websites, etc.
Over a year ago, I started forwarding webmillion@[mydomain] to postmaster@webmillion.com, because I was getting several spams a day to that account, and it was pretty clearly their fault.
Last month, I was cleaning up my rules, and decided to remove that rule, thinking that the problem had passed. Wrong! Within an hour I had 4 mails. So the forward went back on.
Oddly enough, Webmillion never contacted me about the fact that I was forwarding buckets of spam to them; I guess they are used to it because of the harvesting they apparently do, and just ignore that account.
If everyone on Slashdot started asking sites like these about their harvesting practices, or simply forwarded the crap mail back to them, they would inevitably find the parctice more costly than beneficial to the bottom line.
Get off my launchpad!
For example I am using a free-email server based in germany, which has tough law on sharing private data. This means that if they sold my adress or personal data they would be open to jail/fine (that is unless they made a sneaky EULA asking me to agree them sell my data to use the service, but mouth-to-hear gossip would quickly put them out of client).
Bottom line : I don't thrust *any* firms, server, or people based on countries where law on data sharing aren't clear or inexistent. This is why I like French and german law on private data sharing. Now this may change in the future under pressure from corporation...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
So what does MS do to solve the problem? Punish the users. Make the mail account smaller. Disable POP access. Post your user information to "affiliates". Nag you to death about your account being to big.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
Damn, my wife is going to so dissappointed.
But seriously, this is why I have a hotmail account, so when I sign up to different sites all the spam that inevitably flows will go to that account and not clutter up my real box.
"I think China is good place to be," Ralsky said. "You don't get the same kind of grief."
Obviously he would prefer to live in a non-democratic country and keep on spamming (read. annoying) people. Rather then try to provide a valuable service to the general populous.
As well, Ralsky is right, you don't get the same kind of grief, you get worse. But, that's the attitude of a con artist, no true intelligence or consideration for anyone else. I say, send the spammers to China. Hell, I'll pay for their plane ticket even.
~ kjrose
WTF?? You been smokin that crack pipe already?
Stay negative.
Set Junk Mail Filter to "high" and Junk Mail Deletion to "automatic"
And block as many domains as you can in the block sender list. Every time you receive a new piece of junk add its domain to the blocked list if possible.
I just tried this recently and the spam I had to review went down from a 100 per day to about 10 per day which is much more manageable.
Of course the spammers will probably get more sophisticated and we'll just have to think of something else.
The only reason all cover-ups appear to fail is that you never hear about the ones that succeed.
I have other disposable webmail accounts (e.g. yahoo) and they get nowhere near as much as spam as the hotmail one which I decided finally to let overflow and die. The reason is hotmail DOESN'T CARE. They just want you to look at their banner ads.
Going from FreeBSD to Windows then to Linux is going downhill.
Best to go back to what worked...FreeBSD.
I missed the spam about Brittany's orgy
Could someone sign me up? I think she'll dig my 12" penis and maybe my large breasts too.
I'll be back from Nigeria later this week, hope I don't miss it.
Is a system of micropayments for email, implemented everywhere, say a nickel per email. You and I can afford to give friends some virtual cash. For a spammer, the numbers will add up.
I think we all knew this at least subconsciously didn't we?
Why exactly this is a YRO article? Do people with free e-mail accounts have the "right" to never receive from any recipient besides their friends? Is /. defending the rights of spammers to flood Hotmail? I'm confused about exactly what rights are at stake here...
That hotmail would have *effective* spam filtering.
It seems like it would really save them money on server load & bandwidth right?
If its such a simple thing, why doesn't it happen?
I would venture to guess that transporting spam worldwide requires more resources than hosting the accounts at Hotmail. Is Hotmail just a way for MSN to bleed it's competitors dry? Maybe AOL, Earthlink and others should sue M$ for the headaches that Hotmail causes. All this spam is a thinly veiled DoS attack. Was the expense of spam transport part of what bled Worldcom dry?
I'd like to hear what part of my monthly connect fee is related to spam delivery.
Any ISP's willing to give some percentage numbers on spam expense?
This has been said for months, but it's obvious why the spam gets through: because Microsoft lets it get through.
If you don't check your Hotmail account for a few weeks, spam will surely push you over the 80% mailbox size limit... and suddenly you get an email from Microsoft telling you that you've nearly reached your limit, and you should upgrade for only $x a month.
Also, don't they also have an advanced spam filter for paid accounts?
Er, no.. I doubt anyone actually uses the hotmail service to send spam.
Now, its a good bet that many spammers put fake "@hotmail.com" From: headers in their messages, which is an entirely different thing altogether..
That's what it looks like in my inbox.
Actually, I use a yahoo.com account for my junk, since their spam filters are better.
Since I still have a Windows machine, I have Outlook Express installed and check my Hotmail through that, usually.
What's really stupid, IMHO, is that the best way to prevent excess spam is to block the domains, which I can do through the Hotmail web site, but not via Outlook Express.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
As soon as a filter picks up a message as spam, the originating server should be probed to see if it's an open relay, and added to a blacklist network if it is. More agressive, probe every server that connects! (Hey, there's less than 2^32 of them :-)
This way a spammer would only be able to relay _one_ message onto hotmail, and if they do the must expect the server to get blacklisted everywhere within hours.
Instead of defining spam, hotmail could define spam combating.
Belief is the currency of delusion.
lets see here, each account is allowed 2 mb, so we could say 80% of 2 mb is 1.6 mb
saying there's only 10 million users on Hotmail, thats 16 terabytes of spam, which in my accounts, tend to fill every day so i'll say around 16 TB a day. At Compusa I can get 100 GB drives for about $200, so thats $32000 a day of wasted storage. Most of us know that that is usually not permanent over the course of time, but we could say that it is because Hotmail doesn't know what you want to keep and don't want to keep. So $32000 a day over a year would be $11.86 million on wasted storage. Its one of those few times I just might encourage Micro$ofts lawyers to find a way to handle this in a sensible manner, without of course infringing on free speech.
Jesus saves souls and redeems them for valuable cash prizes
Less spam would mean that fewer Exchange Server licenses and MSCEs (to install patches to crufty code) would be required worldwide.
Same thing goes for Outlook exploits.
Here's the business model:
Let's milk some rattlesnakes to make snake bite kits, then release all the snakes.
Snake Bite Kits right here. Step right up folks, you gotta have your Snake Bite Kit. Get it right here. We sell it to you now. Step right up. Snake Bite Kit SP2 is safer for you. Get your new Snake Bite Kit right here. Don't wait to be safe. Buy your Snake Bite Kit now.
A friend of mine is using MSN (but please don't hold that against him). In order for me to send him messages, I had to download the MSN Messenger client, and then sign up for a hotmail account. As soon as I had it all set up and running, a little window popped up saying I had 327 messages. How the heck did I get so many pieces of spam when I just opened my account?!? I would have to wonder if either a) microsoft is working with the spammers, bombarding the hotmail user, or b) there's a serious security hole in their mail services (hard to believe, I know). Worse, I had a legitimate email account in my own domain, that is now nothing but spam. I've told friends not to use this address, because there is so much noise (about 45 messages a day, where maybe once a month I get a real email). Part of this is from the US Congress and their "f*ck the citizen" opt-out policy. My wife actually believed those lines in spam email that said "click here to opt-out". But instead of being removed, most of these links only confirm your email address is valid, so it can be sold as a confirmed email address. This just goes to show why 'opt-out' does not work (unless you're a spammer!). What I would like to see, is a fee for sending email (go ahead and gasp here). Let's say your ISP lets you send to 50 (or any set number) addresses a month for free, and charges for each additional address beyond that number. For most users, things would seem pretty normal, but for those spammers, suddenly there's a cost involved! I'm not pretending that this would wipe out spam - but I think it would at least give them a little pause before blanket emailing the entire network! Or how about this - start calling spam a form of digital terrorism!
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
To all the people whining about how crappy hotmail is:
.cn and .tw originating domains was a good one. :)
Read aloud:
"It's a free service, I get what I paid for".
If you want good quality webmail/email, hook up with an ISP who delivers that webmail/email for you. Yes, that probably will cost you money, but the last time I checked, my groceries weren't free either.
If you're dutch or from belgium: check out XS4all. This ISP has webmail, plus they have an antispam service, which lets you create a shadow mailbox which is used to dump the spam in (i.e.: you can check it if the filters have moved some mail as spam but it is legitimate). The filters use all blacklists available and some other sophisticated mailfilters. I received 25 spammails per day or so on my account there, and after I applied the filters this dropped down to 0.0. Especially the filters to block
Never underestimate the relief of true separation of Religion and State.
At least they are paying for the long distance phone call when they send me FAX spam.
What's the percentage on outgoing mail that's spam? I seemingly get the majority of my spam from hotmail or yahoo mail. Wish they'd implement a filter on that.
Get Vipul's Razor[1], Pyzor[2] or DCC[3]. *They actually work*.
Done! Finished! No more spam!. Spammers are no more! And stop whining about bloody getting spam for Christ's sake!
[1] http://razor.sourceforge.net/ and http://www.cloudmark.com/ for Lookout.
[2] http://pyzor.sourceforge.net/
[3] http://www.rhyolite.com/anti-spam/dcc/
Government of the people, by corporate executives, for corporate profits.
hotmails servers allow spammers to verify email addresses. so spammers use a program to verify every abc123 combo up to like 12 chars. Yahoo etc does NOT allow you to verify email addresses via their servers.. this cuts down on a lot of the spam.
What was your username again? -BOFH
I've had an account with Hotmail that I created in November 2001 for the express purpose of trapping spam. To this date, I have yet to receive a single spam to that account, aside from the regular hotmail notices.
I have never displayed the address on it's own in public, so maybe that's part of the problem. It can be viewed on the web page I created for this trap test , but nowhere else.
Hmm, now that I mention this page, two of the links seem to be down... looks like I have a bit of editing to do.
Come to the University of Mars! Classes starting soon!
I don't quite understant why people use hotmail. There are plenty of other free email services out there. Even if you use Yahoomail, I'm sure you'd get less spam. Searching on google, I can find plenty of free email accounts. Some of them are even POP3 accounts so you can use your own client. Why would anyone in their right mind use and stick with hotmail?
It was a joke. ;p
I created a couple of throw-away hotmail accounts before my current long vacation, as something to hand out to people I really don't want to know after we say goodbye.
There were of the form (slightly changed to protect the poor accounts)
qris9.4food772a@hotmail.com and
3metre3e4w.pa7@hotmail.com
not the kind of addresses a script could guess by incrementing numbers. I carefully un-checked all the "please let M$ partners spam me" boxes as well. For the first 2 weeks after creating these accounts, not a single message came in. Then they both started getting occasional spam, obviously targeted.
A couple of weeks ago I handed out the first address to a number of people while in Spain, and then checked it regularly from cybercafes around Portugal. Within days it was getting 3-10 portuguese language spams per day. Now it gets about 20 spams per day in various languages, but the second account is still only getting 2-3 per day.
Strange.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I get more action since I lost 30 lbs in 2 months
'little elvis' grew by 3 inches!
and if it wasnt for on line viagra and ancient herbal extracts, poor elvis would be too tired
i'm now making 2000 a month licking envelopes
which helps on the payments to my recent low interest mortgages and credit cards
woo hoo, keep it coming!
I have a hotmail email address that I don't give out to anyone except my friends. Well so far, after a year of usage I've received less than ten spams.
I also have another hotmail address that I use for absolutely everything, from registering to websites to putting it in my website, etc. Last time I checked I had 470 spams within a month.
... with the bath water is one of the problems in fighting spam.
I use Mail Washer as a pre-processor for my email accounts. It has now turned out to take more time to weed out legitimate messages.
More and more of my legitimate email from distro lists I have subscribed to from cNet, Woody's Windows Watch and even obscure lists such as Amusing Facts Daily now show up in the ORBD and other spam lists it consults.
For instance, just coming back from vacation I had 1200 messages across five accounts. 70% were tagged as spam from a spam list. 20% of those were legitimate distro lists.
The independent spam lists do a good job of catching most of the spam, but it also catches too many legitimate lists. I try to send an email to the list admin letting them know, but typically they respond that it's not worth the effort trying to get off the lists.
I've gone through a something just like it where I was Mudrered Electronically by my ISP.
This site talks about what happens when a legitimate company gets on the list.
Do you actually know the identity of the person spamming you?
The laws should require that ISPs provide you with any and all contact information for the person assigned the IP address from where the spam originated (provided that you can provide reasonable proof that the headers are legit). I'm sick of complaining to ISPs and having them say "pay $150 to get a subpeona and then we'll tell you who spammed you -- *if* we even know."
The point of the article is not that we the first adopters are incapable of dealing with the flood of spam. (we set up our own server, install complex filters, use long email adresses) Myself I get exactly 2 spam in the last two years. Both send to a catchall account at work.
What the author seems to be mostly worried about is that new users may not be capable or even willing to deal with it. Why should you're mother have to install a checker, keep up-to-date on a list just to get you're email when you are coming to visit?
An earlier article here showed that in one state it is now going to be very expensive, this is like that real battles that had to be fought against junkmail, or earlier people putting up rogue signs and posters. But in all these previous battles there was on the other end a real brick and mortar business that could be visited by the legal system. With spam this seems not to be the case anymore and they are getting away with things that no normal advertising company would be allowed and creating a very real burden on a large group of consumers, while at the same time providing very little work or taxes in return.
It is time for the goverments to step in. They did so before to protect the consumer from being swamped and they should do so now. Not for the people at /. who are smart enough to work around it, but for the billions who are not.
This law should not just protect the current form of email spam, it should also work against things like unsolicited SMS spam. Perhaps if these laws where in place all those who mentioned that they only used hotmail for dubious sites would no longer feel the need.
Flames to ddpv@hotmail.com please :P
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Greg Egan is an author, programmer, and scientist.
:)
In one of his short stories, he mentions having a setup where a whitelist of people you know are allowed to send you email for free, and anything else requires a minimum payment (which can be set from 0 to as high as you want). Tired of spam? I wouldn't be, for 25 cents a spam. That'd pad my bank account nicely.
How could it be done? There are already proposed extentsions to the SMTP command set so that clients and servers could agree on an amount and pass a token to each other (be sure you're using a TLS aware MTA, like Postfix), and it could be verified by both sides with the 3rd-party escrow server (which manages the money). Paypal is the only current online money system with enough momentum to make this work well for everyone, but maybe another one will come up
Either way, it makes it easy to stop spam by removing the one thing that spammers like -- the cheapness. Only people who want spam (haha), or people who don't live in the 21st-century (MTA wise) will have to deal with the 20th century scourge known as spam.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I figure I get 10-15 spam mails a day. I delete those right away, it take about 10 seconds of work everyday. BUT, sometimes an important mail is "stuck" in-between a large blob of spam and gets deleted too, that's why Spam is bad, very bad.
I think a new email system is needed, not to replace but complement the present. A system that is opt-in based, encrypted and where you always know who sent the email and which server that user is located.
If we stay with the current system without doing anything e-mail will get more and more pointless in the coming years, it will just be filled with spam and virus. It will be no point keeping it, so we might just go back to fax/snail-mail and possible keep IM.
http://www.intellipool.se/ - Intellipool Network Monitor
I rarely get email spam to my Yahoo email address.
Yahoo filters out 99.9% of spam.
Hotmail does not appear to filter anything.
Why the difference?
Yahoo has better spam filters.
hrrmmm.... interesting. Over the last 6 months I noted that most of my spam was coming from hotmail accounts...at least it's costing someone a fortune in bandwidth. The only reason I havent firewalled hotmail out completely is because some family members use it.
C|N>K
First the spammed the hotmail users, but I didn't have a hotmail account so I did nothing, then they started spamming yahoo mail but since I didn't have a yahoo account I did nothing. Then they started spamming the large providers but since I owned my own domain I did nothing. Then spam started coming in from China and Taiwan but since I didn't know anyone from there I just blocked it. Then the spammers got more sophisticated and got around my filters on my mailbox, then I asked what I was supposed to do about all this spam, and I figured out nobody knew exactly what to do.
To dismiss hotmail users as whiners is to ignore that they're just a couple years ahead of the curve in receiving spam.
I've used a free email service for over two years and have NEVER received spam. I'm sure it's partially because it's less well known than hotmail but also because the have a serious commitment to blocking all spam and pursuing action against incoming and outgoing spam.
From the Myrealbox No Spam Policy:
"Spam is no good.
Don't do it.
It causes bad karma and cancer (and perhaps some other diseases).
Yes, this is true.
No, it's not a joke.
Oh, and spammers rot in hell."
"For each violation of the no spam policy, users will be fined ten dollars ($10 USD) for EACH E-mail sent. This damages provision does not preclude Novell from seeking other damages as well."
They give you IMAP, POP in addition to a nice webmail interface. I'm assuming they'll start charging for at some point but this is a good example of how it is possible to block spam if the service provider is committed.
My hotucemail address is only 4 characters. This means that very close to 100% is spam. We have all known this for some time now, but its nice to get the attention of someone who can do something about it.
"Failure of Windows operating systems is extremely rare. If it happens, it is usually due to operating system file c
To avoid spam via Hotmail, for example, one can
add, after his/her name, a few randoms chars and numbers.
Works like a charm for me. Got several Hotmail accounts with almost zero spam.
Of couse one should also avoid writing this email
address AS IS on various sites.
AC4jDD9s
Spam Detective can work with Hotmail accounts. What other programs can?
I pledge allegiance to the flag...
of the Corporate States of America...
If MS would lobby the government for anti-spam laws, maybe things would improve. Spam is costing them money and every reasonably intelligent person hates it. It could be MS's gift to the world.
.mkt email address. Make violating the law have a penalty of 10 years in prison and $10K fine per offense (after a warning). While we're at it, require all porn sites to use a .xxx domain. Make it part of the law that ISPs can not block .mkt or .xxx with out the customer REQUESTING it. NO one has a right to make a living in any manner they want, so any spammers that would bitch can go to hell.
One idea would be all marketting emails would have to come from a
Sorry for ranting, preaching to the choir, dreaming of the imposible, etc.
I recently created a hotmail account for my sister. I was very careful to check that we didnt sign up for any news letters. I made sure that the address would not be included in any of microsofts web directories. The email address is not a word or a name. Yet within hours the spam started to pour in. She gets about 10 spam mail a day now for viagra, penis enlargement pills, life insurance... wtf?
Ive had a yahoo mail account for 3 years and can go an entire week without getting any spam. WTF is wrong with hotmail? It seems they are selling users email addresses.
I've had that happen a few years ago. I traveled to a part of the US that I'd never been to before and used Hotmail to keep up on email. Within a couple of days, I was getting spam targeted for businesses in that area. This surprised me because I didn't even know what the URL's were for the businesses in that area. The people I was sending and receiving emails from also started to receive the same spam. The only explanation was that someone in that area (an ISP?) was sniffing email addresses and then selling them.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
My wife, for example, created a Hotmail account, even though she already has her own email address with my ISP. The only reason she created the additional Hotmail account is to serve as a junk box. Many web sites that you don't really trust ask for your email address so they can send you a login/password to use their message forum or what-have-you. Why give them your primary email address, and risk them reselling it (or endlessly spamming you themselves)? She can just use the Hotmail account whenever she's not sure about the people on the other end.
How much of the spam in there is actually Hotmail's own fault? Who knows.... We don't really care either. She just deletes everything in it, each time she signs on, after retreiving anything of value buried in all the junk.
Back home (in Italy), I got lots of viruses from Mexico (obviously the PCs in the cafes got infected by Nimda, CodeRed, Klez and friends). A few months later I also noticed an increase in spam-mails from all over the world.
For me it's clear: viruses also spread your e-mail addresses a lot, and finally your address ends up in some spammers database.
Spammers obviously use *any conceivable method* to harvest addresses.
(Mr Rogers voice) Can you say "irony", kids? Sure, I knew you could.
That's better than my account is doing right now. Of course, I don't get much email as I don't really use it for correspondance. This goes to show just how useless email is slowly becoming for anything worthwhile. It may very well be that in the near future we will need to design a new spamproof (or at least spam resistant) mail protocol to prevent this problem.
-Restil
Play with my webcams and lights here
Honestly, if 90% of your new messages received are spam and this is with an email address you never gave out - you have issues with your particular ISP.
I, for example, have an account with Southwestern Bell, and last time I checked - they don't even have any spam filtering in place on their end.
I try not to give this address out, but I have accidently posted a message once or twice to Usenet with my real email address in it. (This was due to freshly re-installing my OS and applications, and forgetting to change a couple defaults before I posted.)
Even having done this, I only get 2 to 4 emails per day of spam. I receive quite a bit of email each day, too - so this isn't a bad ratio at all, IMHO.
Every time I've had real problems with spam on an email account, I can trace it back to something stupid I did myself. (Most often, it had to do with leaving it up on a web site for a long time, under one of those "click here to email me" links.) Those email harvesting bots will eventually find it and add it to spam lists if you do that.
For what it's worth, legislation rarely solves problems. Our knee-jerk reaction of "there oughta be a law!" every time we're upset usually causes our country more long-term harm than good.
I will say, however, that laws have been in place for quite a long time that may already apply to spam email. I just saw a Supreme Court ruling yesterday, while perusing a list of older "free speech/free press related" rulings. It basically stated that anyone receiving an article in the mail that they consider to be offensive or obscene (and the receiver can make this determination on their own) can legally ask the post office to block any further articles from that recipient. As you also pointed out, there are laws in place governing unsolicited fax transmissions.
We may not really need any *additional* laws to handle the problem.... only the courts interpreting existing laws in such a way that they cover electronic mail as well.
Many of you have mentioned temporary address. There is a free serivce that will give you a temporary address... www.spammmotel.com very cool.
Kind thoughts do not change the world
The Chronicle is the scourage of our city. There must be another paper with a better article.
I'm curious who the people are who actually send all this spam. Has anyone talked to a spammer, and asked them why they do what they do? Furthermore, what are the demographics of the spamming population--are spammers old, young, people with day jobs looking for extra cash, etc.? What makes a good man turn into such a monster?
One of my hotmails is used for some registration sites, like a spam magnet address. 99% is spam there. On the others I have no spam at all, but that's only thanks to me blocking everything that is not explicitly allowed.
Will work for bandwidth
My brother says his Hotmail account can fill up in a day or two., thus bouncing all the mail I'd send.
Hotmail users must *really* use their email. At least 95% of my email is spam, so that means the average hotmail user receives 4 times as much legitimate mail. Either that or Microsoft has some spam filters in place, which we all know is bogus.
I use SpamCop, which is quite effective. Once in a while I look at the queue of messages that SpamCop has decided are spam. About a thousand messages a week are rejected. Sometimes I hit the "report them all to their ISP" button, but usually I just let the stuff scroll off after 3 days.
A lot of you are asking, why Hotmail? Why not use some other free email service. Well the answer for me, and probably a lot of their user base, is that you have to use it for Passport. Since Passport is incorporated into nearly all of their web pages and services, it is necessary to have an address for this purpose. For instance, if I need to communicate with a family member on MS Messenger, even if I'm using Trillian or something, I have to have a Passport account to login and use the service. Same with games on the Zone. I quit using that site because they forced passport on users, but I bet many people still use it.
I am currently getting around 75 spam messages a day to my Hotmail. Since I don't use that address for regular correspondence, just Passport, I just decided that perhaps its possible to get around the spam by setting my junk mail filter to exclusive, and then not adding anyone to my list of contacts. Sure I'll still get the MS crap about upgrading my account and stuff, but it should be so much better.
Is anyone else doing this? Does it work?
Most people would die sooner than think; in fact, they do.
80% into Hotmil is spam
90% of the mail FORM hotmail is spam...
and MS owns a copyright on it all (read the agreement)
http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com
http://slashdot.org/article.pl?sid=02/05/16/233821 2&mode=thread&tid=109
that says it all.
now how bout someone researches how addresses that MS DOESNT have control over get spam,.. thats the real mystery.
Strange. My email address is of the form firstname_lastname@hotmail.com, and about 30% of the mail that I receive is spam (and I don't get very much mail anyway, only two a day). I have occasionally given my address out (don't EVER sign up for GreetingWishes, they make up half my spam and are hard to block). Half of that gets filtered, although I do have to check my junk box once a week. Occasional real announcements (mailed to a hundred or so other people) have gotten junked.
I hereby place the above post in the public domain.
Actually, if encryption and signing of e-mail ever becomes widely used, the biggest problem it will curtail is spamming. Suppose you filter out all mail that is not encrypted and signed with a DSS non-canned-prime public key or RSA key of at least 2048 bits. Such keys take a while (half-hour perhaps) to generate, so blocking them (using p or n in the key, ignoring g and g^a or e, which are can be regenerated in seconds) should be fairly effective. You couldn't forge the header as easily either. And it's not like we're going to fill up the huge keyspaces any time soon even if they are bulk-generated by spammers. Furthermore, people couldn't plug in random addresses (because they have to look up the public key too), and for every person they spam, they have to wait some fraction of a second for encrypt. It doesn't make any difference unless you send off 50 thousand mails a day.
I hereby place the above post in the public domain.
As the article points out, spammers will simply change addresses and continue business. This is why I favor the death pentalty: No recidivism.
The problem with putting someone in jail is that they will simply return to their old practices when they are released.
The evidence is very strong that executed murderers, for instance, have a very low rates of recidivism.
The only thing I would request is: Please don't procecute spammers with the death penalty in California or one of the other wimpy states.
Additionally, for major providers like AT&T, Hotmail, etc, they'll take every single username that they know of at hotmail, and try it at AT&T, and see what bounces.
Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.
Why does no one think of this?
For example, if a big email provider does sell account names, they could make even more $$ if they look up the addressbooks of each user. Then they would have access to > 20x the number of accounts that they could sell, most of which would not be their own users.
This raises another problem. The idea of opting-in, is okay ONLY if you submitted the info to the other party AND they inform you of their practices. In the scenario above, just SENDING AN EMAIL to an acccount of this big email provider may (in their warped thinking) be construed as opting-in to their marketting. The filtering that the company can use is their OWN USERS (you) when filtering out the spam and storing (on their servers) the 'friendly' email addresses.
The companies can be doing this and honestly say that they don't read your emails. You're the one opting-in your friend's email addresses through your provider's opt-in (save address) form! If you're really nuts about this, good luck trying to get friends to stop this practice.
Also, there are those that save more than just the names and accounts. They give you the opportunity to store your friend's info. Hotmail asks for the following:
- Quickname
- First, last names
- Email addresses: personal, work, other
- Phone #s: personal, business, mobile, pager, fax, other
- snail mail: personal, business
- birthday
- website
The potential is there, and unless you have lazy or paranoid friends, then that personal info about you is stored somewhere, available to the highest bidder. Basically, once companies realize this potential (if they haven't already), no one is safe.This is not my sig.
Apple heavily advertised a super spam filter in the version of Mail that comes with Jaguar. Does anyone out there know how good it actually is?
I hereby place the above post in the public domain.
I've gotten so fed up with Hotmail letting through 100 spams a day and then locking out my account that I decided to switch. I looked at upgrading my yahoo account to one of their for-pay services and just found it a bit too pricey and inflexible. So I started looking around for web based email providers, and found fastmail.fm
The domain sounds weird, but it is a web based email provider written by geeks for geeks. I paid $20 for a premium account after one day of using their free service. IMAP/POP/SMTP access, spam protection, virus protection, a really cool 'bounce' feature, 50 MB inbox, and a great 'Sieve' based filter system (you actually code rules in a pseudo-language designed solely for mail filtering), and you can receive email at anyaddress@youraccount.fastmail.fm. The interface is simple, fast, HTML only (with lightweight style sheets) and I've yet to see it go down or lose an email.
Not a single spam yet. Additionally, I use the anyaddress@ feature to provide better tracking in the event of spam. I gave slashdot the address slashdot@myaccount.fastmail.fm - so that if slashdot ever sells out (heaven forbid) I can just block that address in my ruleset.
Anyway, your mileage may very, but there are much better providers out there - there is no reason to stick with hotmail.
-josh
This means that it actually has nothing to do with hotmail, or microsoft, other than spammers assume (correctly in most cases) that mail admins won't block the entire hotmail.com domain as SPAM.
Don't get me wrong, I'm not defending anyone here, I'm just saying, be clear on what the problem is, and who the bad guy is before getting out the pitchforks and torches.
just my .02 cents (US)
It is designed to block legit mail as colateral dammage. Use DUL, monkeys, and relays, but anything else blocks too much legit email to be used be a large provider.
Michael Loves Me!
Dude, I would KILL for only 80% spam. I get a real email about once every 2 months and around 100 spam every day.
I'm so lonely.
I'm in rather a different position. I've had edey@hotmail.com since, well let's just say the front page proudly annouced they'd hit 10,000 users. It's the only email account I've had through a big chunk of highschool, university & a couple years there after. In short I've had this spam trap for a loooong time, and most of the people I converse with no it. It's easy to remember, it doesn't have any stupid numbers in it, it's known - but it get's about 150 spams a day. Maintenance is a giant pain because if I leave it for more then about 36 hours it fills up. I do, now, run an imap server on one of my boxes here, but I hate to rely on it completely incase my ISP decides to enforce their TOS. So I keep the hotmail account and daydream about dumping it for good.
"Sanity is not statistical", George Orwell, "1984"
Comment removed based on user account deletion
Believe it or not, I recently got a piece of spam that was an advertisement for McAfee SpamKiller. Talk about irony.
And the other 19.9% is e-mail with virii !!
Well, duuuh. What do people actually think that Hotmail, Mail, Excite, Go or other accounts are for? If you get on the Internet, you go through an ISP, which provides an email account, sometimes up to 5. That's where you get your real mail. For public exposure (signing on to news sites, etc.) email, get a Hotmail account, and just let it fill up with junk. I see it as getting a benefit from the Microsoft tax.
... forums like Slashdot, Kuro5hin, and Fsckedcompany; sending rebuttals to online news journalists; and mailing webmasters/programmers about their sites/programs.
Hotmail:
more spam-prone exposures, like logins to pr0n sites, yowza.
Go and Excite:
miscellaneous uses that I haven't thought of yet.
... you will just be using your own bandwidth to fill up your own hard disks.
Suckers.
Here's my strategy. My ISP: 1 email account; personal use (friends and associates). Mail(.com): identifying myself in public commentary
Thus, my ISP email is utterly clean of spam. My Mail(.com) account gets a couple pieces of spam a week, with some replies from journalists, webmasters and programmers; I logon to Mail(.com) once a week to delete some spam and find some replies. My Hotmail account is a windswept and dusty wasteland of spam, getting 2-6 pieces of spam a day, and has some notices from the sites I subscribe to; I logon to Hotmail every 1 to 4 weeks to delete essentially everything, which is dozens of spam mails. The Go and Excite accounts are still being evaluated for their usefulness; I just login once a month to keep 'em active.
So, thank you Microsoft for providing me a spam filter. Go ahead and even sell the list of your Hotmail clients
[also misbehaves on Kuro5hin as Peahippo]
The Linux web browser Galeon has support for removing popup ads that works perfectly. You can also disable java and javascript if you so desire.
Another usefull feature, is the ability to have it identify ittself as MSIE to webservers. Hotmail doesn't like non-MSIE users changing passwords.
I run my own mailserver, and I have yet to recieve a single piece of spam on it.
You can't judge a book by the way it wears its hair.
Serve Microsoft Right! They REFUSED to use RBL!!!!
In fact their lawyers threatened threatened to sue RBL once years ago when hotmail was a legitimate source of much spam.
inbound hotmail = spam
I say 95%, not 80%
I've been using this procmail script that works flawlessly. It's very simple and I can't remember the last time I got spam. It works much better than trying to catch spam based on headers and key words in the subject. Basically, it implements an accept list, so that only users that respond to an auto-reply will be added to the list and thereby get their message through. Simple and effective.
many of those soulutions have been CRAPPILY PROGRAMMED AND ARE DEFECTIVE.
Unless antispam technologies are written by people with high IQs and know technology well, then they are prone to being total shit.
Even if they are fixed now, I will never forgive or forget their bugs.
They erroneously flagged relay-mailers when infact the relay mailers could not REALLY be used to send a single mail unless the IP used as sender was used to successfully log in and check mail 20 seconds earlier.
So if you wonder why people distruct some of your anti-spam lists that are not based on spam but based on stupid programming and tools that crashed LOTUS servers, then I say too bad.
people should learn to think and code before running off the mouth.
some of those shitty tools flag all dialup ip block ranges used by earthlink customers.... DIALUP!!!!!!
a dialup customer powerless except to infuriate an anti-spam fascist. with a couple tricks directed at one lone nut.
so the zealots decide to black list millions of customers of earthlink?
I sent an emial once to a nutcase who used to brag about how he never got spammed in a year and included the symbol "" with no valid http tokens.
and just like slashdot used to... it incorrectly assumed it was html and bounced it!
Nothing amuses me more than average iq people that think they know all the answers.
If you are going to all of this trouble, have you considered setting up a spammer Tar Pit*, Sure mostly you will be nailing r00t3d boxen, but you would be providing a valuable if secret service to the rest of the web.
*by tarpit I mean a program that responds to incorrect and invalid requests verrry sllowwwly. Someting on the rate of one character per second, just long enough to keep them from timing out, but still tieing up the connection for minutes on end.
I used to have a cool sig, back when I cared
Since when i=did the internet have any perceived "sales power"? Last I checked, the internet was just a bunch of wires tying a bunch of computers together using TCP/IP. It's great, but please....
This sig no verb.
You guys have it easy... I can't even *find* mail that isn't spam on my hotmail box! I receive tens of thousands a day!! Go figure.. some people are just too damn unlucky.
Mr. J. Smith
how does one change his
Opt users out of the hotmail email address directory by default and let them opt-in.
The spammer could go through an alternate mail server, bypassing the ISP's mail server.
Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.
How difficult/time consuming would it be for someone with a decent commercial internet connection (DS3 or better) to run a scan of the entire IP address range, sending a test e-mail back to himself through all discovered open relays (perhaps with the e-mail address used @testingcompany.com for easy identification)? This list could then be used either to contact address owners and perhaps creating public blacklist for those who refuse to plug the holes.
Simplifying the math, with about 4 billion total addresses (I'm not factoring in private ranges), and one attempt per second, I get 134 computer years. Divide this by a corresponding increase in the number of possible attempts per second, and it slices down rapidly. For example, 100 attempts per second would be 1.34 computer years, and that could be further lowered by either faster or multiple computers (or both). Factor in the private address ranges and it drops even further. The main problem I see in this is the possibility of a perceived attack, though this could be moderated by randomizing the address listing so a large block owner doesn't get hundreds of probes a second.
I'm sure spammers already do these kinds of things anyway, so why can't we? Or does someone already do this?
You can never go home again... but I guess you can shop there.
Considering the cost of Spam on the Hotmail system I wonder why a company like Microsoft won't spend a few bucks to make everybody in the world not even want to think about spamming.
That 80% is probably only what they catch using the Junk Mail filters. I get a lot more that I don't even report because of how much of it I get.
There would be no way I would spend a dollar on increasing my Hotmail account size considering the circumstances I mentioned. That's lost $$$$ for MS
(1) Create hotmail account.
(2) Post address all over the place.
(3) Don't even bother looking at the account.
(4) Lather, rinse, repeat.
For extra expense to Microsoft, sign up for a lot of Microsoft newsletters with the account.
I use an Anti-Spamming tool. And because it is based on Fuzzy logic and ratings of email it works VERY WELL. This will also continue on in the future since it filters out anybody who wants to sell me something or etc...
As a result I am one happy camper. I can keep my old email address and not have to worry about the tons spam...
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
However, I have my filter set on high, and almost nothing gets through that isn't approved. And out of the stuff that isn't spam that ends up in my junk mail, that's like 1 message per week, and their just mailing lists for some online notices, like IGN, and atomfilms.
The spammers have gotten really good and are using reply and from addresses like hotmail and msn admins/notices, etc.
And yes, I have other email addreses, but I don't get junk mail in those cause I don't use them for any type of purchases or online posting.
Well I've been using my Hotmail account for almost as long as the site's existed..and I don't get that much spam. Is that unusual? Granted, I NEVER used my Hotmail address in a web-based form or forum, only gave it out to my friends, never published it in any publicly available area..I still do get occasional spam, but not as much as other people seem to be complaining about. Could much of the spam problems that people seem to be having be related to actions they took themselves, thinking there was no harm in them?
I think I have gotten about 3 pieces of spam the entire 2 years. This is about on par with the amount I've gotten in my ISP accounts. Now, my Yahoo accounts on the other hand...
/. is just running this story because it singles out Hotmail, which is owned by MS. If it was Yahoo then the story never would have been posted. On a completely unrelated note, I just saw an ad for VS.NET; I'm thinking of picking up a copy today :-)
Why is this? Simply because my Hotmail account is the address I give to people and sites I trust (this one for example) that I'm sure won't share it with spammers. My Yahoo acccounts serve the opposite purpose. Whenever I register to some shady looking website that just seems to want to collect names it goes to the Yahoo accounts.
I've said this before: People that sign up for Hotmail and get barraged with spam are either 1) using an easy to guess address or 2) using a numbered extension suggested to them by Hotmail eg Cindy1234567@hotmail.com. It goes to figured that every numbered extension before that is a valid address. Do you think spammers don't realize this?
Anyway, I know that
---
I didn't want to leave this space blank.
You just have to laugh at what the spammer said. He's going to CHINA because the don't give you that kind of grief over peddling spam.
Yeah man, go to China. They'll love you there.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
My wife will be relieved. She knows I'd do it, too.
...when you can just send all your spam to stevecase@aol.com?
Hell, who dosen't have a spam-account at hotmail?
:)
I get my inbox to 100% in a couple of weeks.
100% pure wholesome SPAM
I don't particularly like m$, so I make them use up bandwidth on useless spam!
So that's why you never reply to my emails!
I think it's more likely, as someone else pointed out in these comments, that more addresses are harvested by "email this web page to:" and e-greeting card links.
Sometimes I wonder if the "email this to ten of your friends" "friend" emails get harvested by some people. After a few forwards you can see 40 or fifty legitimate email addresses.
In my experience, internet cafes have all kinds of spyware and trojans on their computers. After being stung the first time I travelled, I've always used throwaway accounts, too, although I name them somewhat more coherently.
Since Mircosoft is going to buy yahoo in november,
Ah, Mircosoft. I remember they once produced Web-based software that purported to take your picture via your monitor. Unfortunately, I can't seem to find that little gem anymore. I tried www.mircosoft.com, but that turned up nothing.
one hundred twenty
is just enough characters
to write a haiku
My sentiments exactly. I am getting about 40 spams /day on my hotmail account.
I remember somewhere there was a metric to determine if posts in usenet groups were spam or not. The method was something like this:
1) For each time a duplicate of the suspect message is found within one group, increment the count.
2) For each time a duplicate of the suspect message is found in a different group, square the count.
A certain threshold then isolates the spam.
So, my question is, why can Hotmail not implement a similar system to guess the spam across all the users mailboxes. Seems to me that they have a huge advantage of managing millions of accounts over which they should be able to generate stats to remove spam for all.
Or maybe Hotmail want everyone to get spam so that they are more likely to purchase extra mailbox space...
-- Mike
since I didn't see this at messages posted 4/5 I'll assume no one wrote this. This is the most effective solution for spam, will take a couple months to implement.
- change the mua only accept email from ppl in the address book. This can be done (and I will do it as soon as I get a computer) for mozilla/evolution without too much effort. Optionally accept pgp messages sign to individual from any address (a method of hashcash)
- invitations 2 join persons addressbook will be via a server application that verifies the random new persons email by sending an email to them. so u will get a email saying: "person john doe wants to be added to your address book: here is his info". If it's spam, then you have the email account of the bum who sent it 4 sure...
complicated a bit.. need to write it up.. but I'll do this for my family/friends, and maybe it'll catchon, but best thing is that it doesn't need to... I'll be 100% spam blocked in a day, and I don't need 2 worry about false positives...
"Sued by Verizon Communications for millions of dollars, spammer Alan Ralsky said he may simply move beyond the reach of U.S. courts to where service providers value cash more than complaints.
"I think China is good place to be," Ralsky said. "You don't get the same kind of grief.""
You go do that. And as more and more Chinese domains are blocked at the border Beijing will start to notice the effect it has on business there, where their businesses aren't able to reach customers that can afford such luxuries like "indoor plumbing" (with the local GDP per capita still hovering around $3600, China needs Western markets). And Beijing will start to impose new anti-spam laws with penalties ranging from all-expense paid trips to one of the interior's lovely "re-education" camps to death by an accute case of lead poisoning delivered to the back of the head (conducted in stadiums so we all had the chance to cheer them on).
Don't let the door hit you in the ass on the way out!
for the past year or so I've been thinking that it might be time to see if it would be practical to set up an account which will only accept email signed with GnuPG or PGP or perhaps email that has been encrypted with my public key. (actually, that wouldn't stop anyone fom sending me spam, although I suspect the cost of encrypting huge amounts of email might make it unfeasible for most spammers, but I might be mistaken in the longer run)
any message that has not been signed is discarded. an additional requirement could be that the the key used for signing the message has to be present in a list of authors I want to accept email from.
I haven't given this scenario any thorough analysis, so I'm sure there are a lot of problems I haven't anticipated. for one it is going to be rather inconvenient having to exchange keys. not to mention that mail might become significantly more CPU intensive -- but on the other hand; I'd rather burn a few extra CPU cycles than waste my time deleting spam, always risking that legitimate mail gets deleted because some people insist on using silly aliases in their From fields.
has anyone given the use of cryptographic signatures for filtering mail much thought?
it shouldn't be too hard to make a mail delivery agent that is easy to use and easy to configure.
-Bjørn
the heavy amount of hotmail spam is no surprise, especially as more people have the need for "junk emails" to retrieve identities.
I have seen several plans to fighting the spam problem, but let me mention my current solution.
For $20 I use www.fastmail.fm for web based email, have 50mb storage, 3 aliases and imap mail and pop forwarding. It's great! And in the last three months, I have not received a single spam message! Sure, I've been more careful than before, but it's still pretty great!
I'm not a paid shill, just an enthusiastic supporter. rj
Robert Nagle, Idiotprogrammer, Houston
I saw this happen once to my parent's Qwest.net email account, the 'to' field had the following address in it: [""@qwest.net] The address is the one between the blockquotes []. Seriously, and as far as I know, this was sent to everyone who had a qwest.net email account. Perhaps this is how Hotmail gets spammed so bad?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Someone who replies to spam the correct way http://www.thespamletters.com
Don't believe me?? Sign up for a new hotmail account, don't sign up for any of the newsletters.. Don't give anyone the address.. Within a few days, you will have spam.
Use http://www.spamhole.com for short-term e-mail address redirection (up to 72 hours).
Besides that, Yahoo Mail is used for the same purpose, and I guarantee that tons less gets to their user's inboxes.
ORDB
I can throw myself at the ground, and miss.
I remember opening up my Hotmail account years ago when It was on FreeBSD and there was no whiff of MSN or passport anywhere in the system.
Since Microsoft took over, the game has been to change the service to a profitable, for-pay service.
If they stuff my inbox with junk, then it will soon exceed the new, lower size limits. If I want to subscribe, then they will be happy to give me more space.
People like boasting about how many messages they receive. Especially journalists. Few seem to mention the proportion of spam.
Ok so 80% is junk mail ,actually in my case it's 100% I dont give out or use hotmail for anything more than the passport so I could look at the Win CE shared source code.
But what kills me is they (Hotmail) wants you to buy a larger account So they can spam you some more.
I have four email accounts. One comes from my webhost, the second comes from my ISP, the others belong to the free mail servers. The amount of spam I get from Hotmail isn't much when compared to what I get via cross_ring@lycos.com - literally six megabytes of spam, the current space limit for free LycosMail accounts.
The one bright side of filling an unused inbox with spam is NOT receive any more spam, since it would just say "This mailbox is full. Please try again later."
Have you looked at sneakemail? It generates permanent random mail addresses that forward back to your "real" address. You can configure the name that gets inserted into the name when it forwards (i.e. "Spanish Cypercafe One") as well as the name people see when you reply ("Mr. Fly").
It saves a lot of tedious filling out of Hotmail accounts and attracts a surprisingly small amount of spam. (And you get to find out who spammed you...)
Really easy, instead of using Hotmails spam filter, I use thier "sorting filters" (or whatever they are called) and filter it all to your junkmail folder.
n fo@
Add these:
user of your username in the subject, because if the address is not blocked, the subject with your login name is a dead giveaway)
Do the same with anything from these addresses:
@msn.com
@bigfoot.com
@yahoo.com
i
Interesting that filtering mail from yahoo on hotmail gets the majority of the spam, but does it work the other way around?
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Go into your passport preferences (not hotmail ones)
::shrug::
Uncheck the option at the bottom allowing microsoft to give your email address.
I only get one spam every few months.
Spam does not exist! It is merely a liberal myth. This is a falsehood perpetuated by the media giants similar to other blatant liberal myths such as that whole 2+2=4 thing, gravity, the idea that grass is green, and the contention that the cubs will never win the series. As we all know, spam does not exist, 2+2=0, gravity does not exist, grass is yellow, and the cubs won the series 3 years ago. Do not be fooled!
People always talk about how spam is popular because it's so cheap.
I've always wonder, just HOW cheap is spam? The article mentions 1 million e-mail addresses for $60. Figure that this is probably a high estimate, but you would still have to then pay for at least a few employees in the company to send the spam as well as management and support personel. Then add in the cost of an ISP to send it through. All this probably adds up to around $100 for every million addresses.
Now figure that most of these spam messages are for cheesy-ass products that probably generate only about $5-$10 for every sale once all expenses are taken care of.
So, for the spammer to make back their money, if we assume $10 profit per sale and $100 per 1 million spam messages, they need to get at least 1 out of every 100,000 messages sent to turn into a sale.
Now, I figure that at least 50% of spam goes to non-existant or unused accounts, so that cuts out half of their potential sales. Next figure that 10% of the remaining e-mails probably gets filtered without anyone even seeing it. Finally a lot of other recipients get messages in languages that they can't understand.
So I figure that spamers need at least 1 our of every 25,000 people out there to be DUMB enough to actually buy whatever product is being sold, and that's just to cover the expense of spaming! Ok, that's a really rough estimate, but the general idea remains the same.
Ok, I'm sure some will say that there really are at least 1 in 25,000 people who are dumb enough to honestly believe that a $20 pill will add 3 inches to their penis, but I've got to wonder.
The simple questing that I'm wondering though is this: Is spam actually profitable to anyone? I get the feeling that it's a lot like a pyramid scheme/MLM where a few people at the top make lots of money while the millions of people at the bottom that are actually sending out the spam get screwed over. Hmm.. maybe that helps to explain why so much spam involves pyrimd schemes/MLMs in the first place...
To all the people whining about how crappy hotmail is:
Read aloud:
"It's a free service, I get what I paid for".
I agree with your main point about paying for good email service. But Hotmail being free doesn't mean we can't complain about it. What if a car pulled up next to your kid on a dark street and someone inside offered him an unwrapped candy bar? Would you think that was OK if the candy bar was free?
Since Microsoft has been jockeying for position as a corporate entity that will keep track of all our personal information for us with this Passport crap, the fact that they can't even keep the existence of a Passport account a secret is certainly worthy of some concern. I had a Hotmail account in 1998. The amount of spam I got in that account skyrocketed after Microsoft took over. I also have a Hotmail account that I opened in 2000 as an experiment (containing a random 4-digit number). I told no one about it, nor did I send mail from it. It was immediately pelted with spam. Once a month I log in to keep it alive, and delete about 500 offers for penis enlargement, teenage sluts, and "credit repair software". Some of these emails even visibly display (in the To or CC field) the 100 Hotmail accounts nearest to mine alphabetically! I mean, come on, how hard is that to detect? How does this crap get past their filters? There is no excuse for it. Yet these clowns want me to tie my personal information to my Passport account.
The FREE part is irrelevant. They are trying to extend this fiasco into a system with some serious privacy implications. Getting a Passport is optional (and free, as you point out), but considering this is Microsoft, it could easily become "optional as in eating". If we are going to eventually be forced to use their crappy services as they take over one useful resource after another (rumors are they recently bought Yahoo), we have every right to scream about their ineptitude.
Let's say that you have to pay $0.01 in tax for each recepient of your message. For an ordinary user sending ten daily messages to friends this would amount to $3 a month.
A "mail tax server" signs your header and your mail program can check for the validity of this signature. No signature means good old-fashioned mail with a risk of spam
What will this get us? To you and me it'll mean slightly increased ISP costs, to the spammers there would be sizeable bills. The tax money could go to the ISP, who in terms reduces costs. But the tax has to be protected by state or national law.
So what if you have legitimate reasons to send piles of mail? Put your name and domain on a public list - and secure your mail servers - and you get the tax refunded.
Would this work? Are we willing to pay for mail in order to avoid spam?
B
A) Live in a state with decent anti-spamming laws.
- AND -
B) Find a DA with the time to piss away prosecuting a spammer ... I mean, heh, there are dangers to our society out there smoking that mari-ju-wanna, you know?
I have a better idea; one more Shakespearean in nature ('the first thing we must do, is kill all the lawyers'). I say, waste 'em.
Seriously.
Every day these parasites collectively consume greater than the equivolent of several human lifetimes in aggrivated and wasted time that it takes you, me and everyone to filter their crapflood.
They knowingly and maliciously violate the code of civilized society in the name of 'my right to make a buck.'
The good Mr. Jay's comment is typical of the spammer:
A complete dodge from the obvious truth that Mr. Jay is stealing from you. He is stealing your time and abusing a service you pay for. Email was not created to be a snake-oil salesman's bull horn in your ear. Mr. Jay and those like him are thieves who contend time and time again that their theft is legal; it is their right to steal from you.
Shut up, you consumer fuck.
Shut up and take it.
I say no more. Let's turn ROSKO into American's most wanted.
Cheers,
-- RLJ
I guess, like myself, most people don't use a pay account on Hotmail but the free service, so we're aren't paying to have up to 5 Mbytes of spam stored on the Hotmail system, but Hotmail has to provide the storage requirements for all that crap. As most people probably wouldn't use their 5 Mbytes for notmal email, they could probably save themselves an awful lot of excess storage space if they just filtered out the spam themselves, plus also bandwidth costs, etc.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
I am sick to death of receiving email from people I know which are forwarded wit "forward all", which means that I get huge lists of email addresses of people I don't know (and my email appears on theirs too).
Just send one of these emails to a spammer and there you go... lots of valid active email addresses for free.
All this could be solved if people had a bit of education and politeness but they don't wanna know about it, for them email is not important.
I can recommend spamassassin.
I get 40 personal Emails a day. 35 of them are SPAM. Spamassassin filtes out ~32 of them.
I have had 3 false positives in three months, the senders of which then got onto my whitelist.
To improve the capabilities of the system I submit any SPAM not caught by spamassassin to DCC and Razor.
Really a great system and works nicely with kmail.
Moritz
Spam goes into the inboxs of children. For most adults it's an irritation, but for kids to get an email titled dogsexrape or whatever is not good. Hotmail should do more.
You obviously don't know anything about any of the anti-spam systems I mentioned. Why not actually try find out about them before making yourself look any dumber than you have already.
Hey, I even included URLs that you could have followed.
Government of the people, by corporate executives, for corporate profits.
I signed up for hotmail purely to get to speak to my friends on msn, I clicked the box saying something like "if you don't wish you email to be passed on click here" and de-selected all the newsletters.
In 4 months I have had 4 emails, all from support@hotmail.com telling me of new services. No spam at all. Perhaps people just need to pay more attention to the sign-up process.
Obtain a prosperous future, money earning power,
and the admiration of all.
Diplomas from prestigious non-accredited
universities based on your present knowledge
and life experience.
No required tests, classes, books, or interviews.
Bachelors, masters, MBA, and doctorate (PhD)
diplomas available in the field of your choice.
No one is turned down.
Confidentiality assured.
CALL NOW to receive your diploma
within days!!!
1 - 2 8 1 - 5 8 7 - 6 1 0 1
or
1 - 6 1 5 - 3 6 6 - 7 8 3 0
Call 24 hours a day, 7 days a week, including
Sundays and holidays.
That was classic intercourse!
When I checked my Hotmail account yesterday, there were about 30 spams in there so I started clicking on the checkboxes to delete them. When I finished, I clicked the delete button. It redisplayed my Inbox...and there were several more messages waiting!
Probably between 10-30% of my spam (varies day-to-day) is from azoogle.com, a supposed "opt-in" spamhaus. They have an "opt-out" system that says to put in your email address - Once I got so desperate to stop THEIR spam only (not caring if they might resell it) that I put in my email address.
It didn't work.
While azoogle's site lists their location as Canada, their domain registration contacts are in NYC.
A 45-minute train ride away.
The minute I find an applicable law (The fact that I have requested that they refrain from contacting me and contact continues means I may have a harassment case) I am taking those bozos to court.
"You just verified your address as valid" - azoogle doesn't CARE if your mail is valid or not - I have procmail configured so that any mail from my spam blocklist gets bounced with a "user not available" message from MAILER-DAEMON. It works with some spammers (I got a message saying, "You have been unsubscribed from list greatsex2@somedomain" due to 4 or more bounced mails. Please correct this and click on the link below to restart your subscription." YEAH RIGHT!), but azoogle has been ignoring the bounces for over a month.
retrorocket.o not found, launch anyway?
Right now, a spammer has no qualms about shotgun-spamming people, on the hopes that 0.01% (One in 10,000) will respond positively to his email.
The 50%+ of people who are pissed off are of no concern to him/her.
The 1-10% that are so pissed off they'd sue if they had the option are of no concern.
If even 0.1% of the recipients of a given spam (1 in 1000) responded with a lawsuit, the spammer would give up VERY quickly.
Less of the spam out there is "masked" than you'd think. Probably 90%+ of my spam originates from semilegit spamops claiming to have "opt-in" marketing, when they're "opt-out" at best. (Most, especially Azoogle, Inc., seem to just shotgun spam without a care, not even bothering to see if a mail bounces or not.) If a law against spam is passed, these guys will all go out of business VERY quickly.
retrorocket.o not found, launch anyway?
Except that in this case, the problem seems to be people sniffing your email address rather than receiving in directly. Knowing who you gave a compromised address to doesn't help you any if it's an eavesdropping third-party who compromises it. Even worse, it may cause you to erroneously suspect an innocent party of giving out your address.
I would argue that the likelihood of someone guessing "8juep001@sneakemail.com" as a valid address is much lower than some sleazy company not holding your E-mail address with sufficient security to prevent harvesting.
In either case, the address heads to the garbage can and/or blacklist and a nasty-gram goes to the company in question.
- It's not hotmail's fault. VRFY commands and other techniques are used at dense provider domains to troll for emails. Even if you never publish them, there is a sophisticated network of spam hackers attacking the top 100 domains. I know because I ran one of them for over a year. We had a lot of custom software in place to stop this - but they would counter that with viruses and other distributed trolling systems.
- The only real solutions are active relay scanning and active scoring systems - similar to the way slashdot ranks posts.
Some good examples are SpamCop, well-maintained RBL lists like relays.osirusoft.com and ordb.org, supplemental RHSBL lists, and Vipul's Razor. These systems really work *very* well. Note: MAPS is cracked since it isn't fast enough and is run by a biased admin - who will probably blacklist slashdot for posting my comment. Beware of dsbl.org: it's too aggressive to use except for scoring.
- I used to get about 90% spam at some very public addresses, however since we use a couple of the aforementioned scoring systems - 99% of the spam is simply blocked. About 1 mail in 200 "legit" mails is blocked because an ISP hadn't maintained his server - but our policy is: blame the ISP for running a crappy server, not us for blocking him!
- Since we now do this for a large ISP (not as aggressively, but sufficient), we are slowly forcing other mail admins to close open relays, and turn off spammers in a timely manner. Users are also slowly learning that complaining to the "relay ISP" helps get their server delisted - whereas complaining to the "MX ISP" gets them nothing. You have to be willing to sacrifice a few bitchy late-paying, deadbeat clients to get away with this - it's worth it.
- A petition to ISP's everywhere:
SPAM blocking is a "closet" industry practice. We all really *need 1 or 2 more major ISP's* to use these proactive tools, and get tough on spam. It's a risk, I know it - but it's in their own best interests:
1 - Global costs will go down
2 - Users will enjoy their email more, and will use the internet for more important communications
3 - Users will pay more for reliable SPAM-free communications
This is a global problem, and it requires participation from at least 1-2 more of the top 10 ISP's to make it happen.
- Once we reach a certain participation threshold - everyone else will "follow the leader" and SPAM will simply "cease to be an issue". Multitiered scoring systems are very hard to crack, and spamming will no longer be an "inexpensive" solution.
A year ago I opened a hotmail account for some reason I forget. Within an hour I received something like 12 spams. I had not sent anything to anybody.
I recommend SpamAssassin to anyone who can use it. I installed this on my Linux workstation and it typically catches 98% of the roughly 75 spams I get per day. It does occasionally catch a few listmails, but I could move filters for those ahead of the spamassassin filter and solve that.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
exim. From their front page...
It's not just a spam filter, it's a GPL'ed MTA. Perhaps that's why no one mentioned it. It works, though. Well, for the most part. I just re-activated my hotjobs account, and now I'm getting resume spam, but the offers to enlarge my penis (erm, yeah, that won't work at all), enlarge my breasts (uh.... that's not useful. I don't want to have to wear a back brace, or buy custom-made undies), re-finance my house, sell my children to Zimbabwe, or CHECK OUT THESE HOT TEEN SLUTS have actually stopped appearing in my inbox.
It's a little wrong to say a tomato is a vegetable. It's a lot wrong to say it's a suspension bridge.
if my inbox is to be believed....
Exceeding the recommended torque is not recommended.
Oh! I receive a small quantity of spam. (Alas it's on my main acount which has a daily quota on number of messages).
I learnt that it was related to Ralsky's business. Recently I researched where the website of recent spam was and I found things like www*.fastwebsnet.com which is registered in China. I suspect now why.
On the other hand, I complained to Hotmail because some of the messages used Hotmail From: addresses and they replied with something that seemed a not fully automated answer. In one case they told they deleted the spammer address (a very small victory, but good on Hotmail's part) and in the other the address was fake.
Surprising from a Microsoft company. (Hey, I sound like astroturf. Have you seen my mobile phone with camera?)
They even sent messages to evaluate their quality of response. I left when the form asked for a mail address. They are evaluating a unique interaction prompted by my sending email to abuse at hotmail.com and they need that _I_ type my address!?
And as more and more Chinese domains are blocked at the border
Funny, the barbarians censor Chinese sites and China censor barbarian sites. The Wall works both ways.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
While spammers obviously do name guessing and such, that isn't necessarily the case here. The poster who you originally replied to mentioned creating a hotmail account and checking it from cybercafes in Portugal. The poster then began to receive Portugese language spams.
Now if this had been an attack purely on the server, I doubt the spams would've coincided with the country that that person was visiting. Instead, it seems to point to the address being harvested by the cybercafe or the cybercafe's ISP, neither of whom would be suspects under regular circumstances.
Throughout this, the only security lapse on the part of the company you've labelled as being sleazy is that they didn't use encryption for email address submission. And while it sounds good for them to implement as much security as possible, it's hard to justify the extra effort when SMTP requires that the address goes back out over the wire in plaintext format, anyway.
80% of mail coming from hotmail isn't much better.
Assorted stuff I do sometimes: Lemuria.org
Same AP article from CNN on the spamming here
Link to spambait program here
I wonder if the money made by selling the hotmail accounts to spammers makes up for the money spent on the bandwidth?
"Oh no, 3 horny women and only 2 condoms...Thank god I read slashdot"