Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% Of Incoming E-mail At Hotmail Is Spam

Posted by timothy on from the conservative-estimates dept.

The Llama King writes: "According to this AP story at The Houston Chronicle, 80 percent of the e-mail that makes its way into Hotmail's user inboxes is spam. And that does not include the UCE caught by Hotmail's filters. This is the first of a three-part series the Associated Press is doing on spam."

9 of 367 comments (clear)

  1. Forgeries by olman · · Score: 3, Informative

    Not only that. Since Hotmail implemented one-click filtering, spammers have been using to: and cc: instead of bcc: so the commercial messages you have requested get throught into your mailbox. Annoying as hell. One reason I went over to Yahoo. Later I changed to spamcop, since yahoo aka large-intrusive-popup-ad-parlour sucks :-)

    No, spam does not have to work because there's so much of it. What does work is selling harvested email addresses to assholes.

  2. Well filter better ... by blowdart · · Score: 3, Informative
    OK so filtering doesn't stop spammers sending, but hotmail could do the simple things,
    • Use blacklists, spews.org if you want to be really careful, or relays.visi.com or relays.osirusoft.com to stop open relays connecting for a start
    • Check the sending domains exists when mail is sent.
    • Drop the common abusive domains
    • Increase the amount of blocked domains you can have. 250 is not enough when people use aaaa.com, aaab.com and so on
    • Data mine the individual block lists. If more than 20% of hotmail users block a domain, then it should be looked at

    All these things are pretty standard these days, but webmail providers (not just hotmail) don't actually seem to bother. Remember, the more times you check your inbox, the more ads they have viewed.

  3. Social and technical measures - automatic fines by Cato · · Score: 4, Informative

    One of the better articles I've seen on how to stop spam covers Social and technical measures (Google cache), by Richard Jones - using Google because that site isn't reachable right now. It doesn't have all the answers, but has some very good ideas. Most importantly, they can be implemented by ISPs without legislation, important though that is in the medium term.

    I think a combination of strong filtering, strong terms of service (e.g. take credit card numbers of those who sign up for email service, and have an automatic and substantial fine for abuse), and legislation could really help. Spammers moving offshore actually makes filtering easier, for those people who don't do a lot of business with China at any rate...

    One key point is that spam-filtering should be controllable by the individual, to allow people to make sure they receive email that might look like spam (e.g. most commercial newsletters) and server-based so that nobody needs to download spam over slow dialup or mobile wireless connections. SpamAssassin is the best tool I've found so far.

  4. Re:Bill Gates - I have the answer! by Huge+Pi+Removal · · Score: 3, Informative

    Or just move back over to your old FreeBSD servers and type 'cd /usr/ports/mail/spamass-milter; make install' (assuming Billy G doesn't mind using sendmail).

    In fact, amavisd-new (or is it -ng?) supports spamassassin/razor now, so you get 3 milters for the price of one :)

    --
    - Oliver

    The right to bear arms is only slightly less stupid than the right to arm bears...
  5. Re:Spam goes both ways by Rick_T · · Score: 3, Informative

    > Judging from my inbox it seems that 80% of
    > outgoing email at hotmail is spam.

    If you read the message headers, you'll probably discover that most of this spam isn't actually *from* hotmail. It just shows a hotmail address in the "From:" line. The "From:" line is no more accurate than a return address written in the top left-hand corner of a letter you'd get in the mail. In other words, it can say whatever you want it to say.

    And as someone who has more than one e-mail account, bring able to change "From:" without trouble is a *good* thing ...

    --
    -- Rick
  6. Re:Bill Gates - I have the answer! by thogard · · Score: 3, Informative

    spamassin has a bug that sometimes it decides things are in mbox format but it drops the empty line before the ^From\ line. This can be very bad if the 1st message is spam and the second one isn't. When I tried to report this, bugzilla was having a bad week.

    Spamassin also is very bad at deciding attachments are spam because any large image will have enough 4 letter regex hiding that it hits. I figure it false positives at least 5% of time.

  7. Re:dah ? by Scaba · · Score: 3, Informative

    I have a very similar experience. I signed up with Hotmail (and all of the major services) just to have a Hotmail account, but have never even mentioned in passing to anyone that I have one. My Inbox right now contains 260 messages received in the last week, 259 of which are spam, and the remaining one from Hotmail Services asking me to pay for a "faster" Hotmail account. Oddly enough, I also have a Yahoo! account which I've used heavily and given out freely for the past few years (until around May when I registered my own domain name), and receive at most maybe four or five spams per month. So, yes, I think Hotmail is a shitty service, and while maybe they don't directly sell addresses, they make it very easy for harvesters to gather them and very easy for spam to get through.

    The funny thing is, once I registered the new domain, I started getting four and five spams a day at Yahoo! (probably from address harvesters crawling thru whois entries), but since I now only check the account to make sure I don't miss any mail from senders who don't have the new address yet, it doesn't concern me much.

  8. Re: spam ratio too high? by mosch · · Score: 3, Informative
    Honestly, if 90% of your new messages received are spam and this is with an email address you never gave out - you have issues with your particular ISP.
    In a word, no. Spammers often engage in what's referred to as a rumplestiltskin attack, where they just try to send mail to someguy@somedomain.com, and then they see if it bounces. If it doesn't, bingo, that address is being resold.

    Additionally, for major providers like AT&T, Hotmail, etc, they'll take every single username that they know of at hotmail, and try it at AT&T, and see what bounces.

    Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.

  9. Re:impssible account names by Wanker · · Score: 4, Informative

    Have you looked at sneakemail? It generates permanent random mail addresses that forward back to your "real" address. You can configure the name that gets inserted into the name when it forwards (i.e. "Spanish Cypercafe One") as well as the name people see when you reply ("Mr. Fly").

    It saves a lot of tedious filling out of Hotmail accounts and attracts a surprisingly small amount of spam. (And you get to find out who spammed you...)