Slashdot Mirror
80% Of Incoming E-mail At Hotmail Is Spam
The Llama King writes: "According to this AP story at The Houston Chronicle, 80 percent of the e-mail that makes its way into Hotmail's user inboxes is spam. And that does not include the UCE caught by Hotmail's filters. This is the first of a three-part series the Associated Press is doing on spam."
Most people use their Hotmail account to sign up for newsletters, do posts to news servers, give it out to people they only just met 2 minutes ago..
Of course most of it is spam. That's not Hotmail's fault.
Most spam is the result of an account owner's own actions (direct and indirect).
Other spam is just broad coverage, i.e. people sending to aaaaa1@hot/mail.com aaaaa2@hot/mail.com aaaaa1hot/mail.com and so forth.
I hardly have any spam on Hotmail, the spam I do get I mostly get from auto-forwarded e-mails to an address I had 2 years ago.
Judging from my inbox it seems that 80% of outgoing email at hotmail is spam.
Where's that mentioned in the article?
------
Cost effective attractiveness
Still, there is promised security of the MS passport system etc. In this case it looks like more like a spam enhancement system. since this is supposed to be something to verify your login across the net. This means that most email addresses there have been preverified by MS as being valid.
a gift to spammers everywhere.
"It is a greater offense to steal men's labor, than their clothes"
Not only that. Since Hotmail implemented one-click filtering, spammers have been using to: and cc: instead of bcc: so the commercial messages you have requested get throught into your mailbox. Annoying as hell. One reason I went over to Yahoo. Later I changed to spamcop, since yahoo aka large-intrusive-popup-ad-parlour sucks :-)
No, spam does not have to work because there's so much of it. What does work is selling harvested email addresses to assholes.
I quite like getting Cindy's email.
Makes me feel good.
It's pretty much the most interesting thing that happens in my day.
hmmm.. I think I need a new job.
~the keyboard is mightier than the pen.
Finally, a well-written article that highlights the downside of spam.
...)
Yeah, we all know that email is a "powerful new marketing tool", but few have written about how much negative impact it has to the economy and our everyday lives.
I have an email address that I've never given out, and 90% of the messages I receive are spam. The email address on this posting ONLY receives spam... mostly in some funky character set that I can't bother to being to read. This address gets about 40 a day (and likely more after this posting).
So, industry self-regulation? Well that doesn't seem to work - and it didn't work with Enron (or WoldCom or Andersen or
So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.
They passed laws to control the misuse of FAX machines... and although not perfect, they do help. Then again, how many people do you know that have a fax machine at home? Betcha most people have unplugged theirs due to FAX Spam.
Considering Micro$oft sells your address with nanoseconds of signing up, who is surprised? There are numerous mentions of this in previous comments to /. stories involving Hotmail. The most telling of these are the ones that claim the address was never given out, and still had SPAM within minutes.
One thing I always wondered is why providers of free web-based email accounts haven't started mining their users' inboxes/outboxes for more addresses.
For instance, I've got a nice spam-free email account w/ my ISP, but all my friends have accounts with shady-web-based-email-company.com. If I send them (or if they send me) messages, is my pristine address now at risk because it's now in their in/out boxes? Technically, this type of collection would seem trivial to implement.
I'm not sure if the big guys (Hotmail, Yahoo) sell even their registered addresses (I could be wrong), but does anyone have a report of a web-based email service engaging in this kind of practice?
This article itself is pure spam . . It contains information we allready knew about, and it contains a commercial for Associated Press. If slashdot had a block article button, I would have pressed it.
All these things are pretty standard these days, but webmail providers (not just hotmail) don't actually seem to bother. Remember, the more times you check your inbox, the more ads they have viewed.
I set up a Hotmail account on Sep 10, 2001. I needed to get a couple small files for a job, and since I had a cable modem I didn't have any internet access unless I was home. (Dial-up is so much more convenient in that regard...) Until that point, it was a small point of pride that I had not succumbed to Passport and all its' evil empire connotations. (So much for that...)
We soon realized there were more than a couple small files missing, so they FedEx'd a CD from Massachusetts to South Carolina. While I waited for the truck, I was reading /. -- and learned right here of the terrorist attacks. I ended up staring at CNN for an hour before the package came and I went to work.
Not a very auspicious start...
That hotmail account was spam-free for a month or so... I never used it other than to give the address to one person. I know for an absolute fact she didn't give it out or sell it or whatnot.
Let's see now... I haven't checked it in 2 days, so I wonder how much crap is in there?
- 73 Messages -- all spam, of course
- 362 KB
I don't know why I don't just let the account expire... morbid curiosity, perhaps?"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
And we all know that. Technical solutions will curb spam. Solutions for users and consumers like Brightmail ans spamcop are steps in the right direction.
Now if only all the mail server admins (corporate and private) of the world get their collective brains together and start blocking all the spame using any combination and permutation of RBL possible, spam might not make it into our mailboxes.
SPEWS blocks ISPs. I like that. I don't receive crap from certain domains anymore since using SPEWS. I also don't accept mail from hotmai, yahoo, lycos, and many other free web-based email services except from whitelisted users.
At work I get about 15-20 spam emails daily from an old work email address when the company changed named two years ago. If only the HMFIC of email would block off that domain i'd receive none. Laws won't help in this case because the email server is located in another country. Only a technical solution.
I'm so sick of spam I run my own mail servers and filter the crap out of all mail. I receive on average 1 spam per week in my inbox. All the rest gets rejected or filtered into a spam filter that i oly perue occasionally, but I don't see it in my inbox.
Keep going SPEWS - it's a great system.
Bill,
Scott and Larry said you would like to know about this.
Are you tired of churning Hotmail accounts due to spam? Have you ever found yourself wondering if others have inside tips that are holding your back?
Wonder no more. I have the answer. Move Hotmail to Debian Linux, type 'apt-get install spamassassin razor' and your problems will be solved.
Send your credit card details now to pay for my $0.02 worth.
Patrick
1000s Warcraft Gold while you sleep
Granted, a lot of spam gets through on guesswork (such as every common permutation of John Smith @ hotmail.com) but you have to wonder if something odd is going within the company when (as a test) you register ibtgsrq at hotmail dot com and within two weeks it starts receiving the usual fake degrees, penis enlargment and general porn stuff.
subnote: ibtgsrq stands for I Bet This Gets Spam Real Quick - and it did.
Avantslash - View Slashdot cleanly on your mobile phone.
Recently, I ran a script against the mail server logs, testing what email addresses receive how much mail. And I was quite surprised to find a large number of hits for mailboxes that don't exist. For example: ... ...
8 - diane@domain.com
2 - diane1@domain.com
2 - diane2@domain.com
2 - diane3@domain.com
2 - diane4@domain.com
2 - diane5@domain.com
And also, such classics as jsmith@domain.com (and all numbers attached.)
Obviously, they can't afford to do this all of the time, but do it once, and use web bugs to track who opens the message, and boom. Instant verified email addresses.
One of the better articles I've seen on how to stop spam covers Social and technical measures (Google cache), by Richard Jones - using Google because that site isn't reachable right now. It doesn't have all the answers, but has some very good ideas. Most importantly, they can be implemented by ISPs without legislation, important though that is in the medium term.
I think a combination of strong filtering, strong terms of service (e.g. take credit card numbers of those who sign up for email service, and have an automatic and substantial fine for abuse), and legislation could really help. Spammers moving offshore actually makes filtering easier, for those people who don't do a lot of business with China at any rate...
One key point is that spam-filtering should be controllable by the individual, to allow people to make sure they receive email that might look like spam (e.g. most commercial newsletters) and server-based so that nobody needs to download spam over slow dialup or mobile wireless connections. SpamAssassin is the best tool I've found so far.
and seeing how you just posted your email address to a publicly viewable webpage, I guess you can expect junk mail anytime now..... what makes you think the email-address-haversting-robot-web-spiders don't parse /. for wouldbe spamees ?
- HeXa
Since I have a mail server set up for my vanity domain, I switched for a while to giving out unique mail userbnames to websites, etc.
Over a year ago, I started forwarding webmillion@[mydomain] to postmaster@webmillion.com, because I was getting several spams a day to that account, and it was pretty clearly their fault.
Last month, I was cleaning up my rules, and decided to remove that rule, thinking that the problem had passed. Wrong! Within an hour I had 4 mails. So the forward went back on.
Oddly enough, Webmillion never contacted me about the fact that I was forwarding buckets of spam to them; I guess they are used to it because of the harvesting they apparently do, and just ignore that account.
If everyone on Slashdot started asking sites like these about their harvesting practices, or simply forwarded the crap mail back to them, they would inevitably find the parctice more costly than beneficial to the bottom line.
Get off my launchpad!
So what does MS do to solve the problem? Punish the users. Make the mail account smaller. Disable POP access. Post your user information to "affiliates". Nag you to death about your account being to big.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
..... I remember back in the good ol' days when Hotmail was great and not owned by MS..... ah.... how sweet those memories are....
- HeXa
"I think China is good place to be," Ralsky said. "You don't get the same kind of grief."
Obviously he would prefer to live in a non-democratic country and keep on spamming (read. annoying) people. Rather then try to provide a valuable service to the general populous.
As well, Ralsky is right, you don't get the same kind of grief, you get worse. But, that's the attitude of a con artist, no true intelligence or consideration for anyone else. I say, send the spammers to China. Hell, I'll pay for their plane ticket even.
~ kjrose
Set Junk Mail Filter to "high" and Junk Mail Deletion to "automatic"
And block as many domains as you can in the block sender list. Every time you receive a new piece of junk add its domain to the blocked list if possible.
I just tried this recently and the spam I had to review went down from a 100 per day to about 10 per day which is much more manageable.
Of course the spammers will probably get more sophisticated and we'll just have to think of something else.
The only reason all cover-ups appear to fail is that you never hear about the ones that succeed.
I think we all knew this at least subconsciously didn't we?
This has been said for months, but it's obvious why the spam gets through: because Microsoft lets it get through.
If you don't check your Hotmail account for a few weeks, spam will surely push you over the 80% mailbox size limit... and suddenly you get an email from Microsoft telling you that you've nearly reached your limit, and you should upgrade for only $x a month.
Also, don't they also have an advanced spam filter for paid accounts?
Actually, I use a yahoo.com account for my junk, since their spam filters are better.
Since I still have a Windows machine, I have Outlook Express installed and check my Hotmail through that, usually.
What's really stupid, IMHO, is that the best way to prevent excess spam is to block the domains, which I can do through the Hotmail web site, but not via Outlook Express.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
As soon as a filter picks up a message as spam, the originating server should be probed to see if it's an open relay, and added to a blacklist network if it is. More agressive, probe every server that connects! (Hey, there's less than 2^32 of them :-)
This way a spammer would only be able to relay _one_ message onto hotmail, and if they do the must expect the server to get blacklisted everywhere within hours.
Instead of defining spam, hotmail could define spam combating.
Belief is the currency of delusion.
To all the people whining about how crappy hotmail is:
.cn and .tw originating domains was a good one. :)
Read aloud:
"It's a free service, I get what I paid for".
If you want good quality webmail/email, hook up with an ISP who delivers that webmail/email for you. Yes, that probably will cost you money, but the last time I checked, my groceries weren't free either.
If you're dutch or from belgium: check out XS4all. This ISP has webmail, plus they have an antispam service, which lets you create a shadow mailbox which is used to dump the spam in (i.e.: you can check it if the filters have moved some mail as spam but it is legitimate). The filters use all blacklists available and some other sophisticated mailfilters. I received 25 spammails per day or so on my account there, and after I applied the filters this dropped down to 0.0. Especially the filters to block
Never underestimate the relief of true separation of Religion and State.
At least they are paying for the long distance phone call when they send me FAX spam.
What's the percentage on outgoing mail that's spam? I seemingly get the majority of my spam from hotmail or yahoo mail. Wish they'd implement a filter on that.
Get Vipul's Razor[1], Pyzor[2] or DCC[3]. *They actually work*.
Done! Finished! No more spam!. Spammers are no more! And stop whining about bloody getting spam for Christ's sake!
[1] http://razor.sourceforge.net/ and http://www.cloudmark.com/ for Lookout.
[2] http://pyzor.sourceforge.net/
[3] http://www.rhyolite.com/anti-spam/dcc/
Government of the people, by corporate executives, for corporate profits.
hotmails servers allow spammers to verify email addresses. so spammers use a program to verify every abc123 combo up to like 12 chars. Yahoo etc does NOT allow you to verify email addresses via their servers.. this cuts down on a lot of the spam.
What was your username again? -BOFH
I've had an account with Hotmail that I created in November 2001 for the express purpose of trapping spam. To this date, I have yet to receive a single spam to that account, aside from the regular hotmail notices.
I have never displayed the address on it's own in public, so maybe that's part of the problem. It can be viewed on the web page I created for this trap test , but nowhere else.
Hmm, now that I mention this page, two of the links seem to be down... looks like I have a bit of editing to do.
Come to the University of Mars! Classes starting soon!
I created a couple of throw-away hotmail accounts before my current long vacation, as something to hand out to people I really don't want to know after we say goodbye.
There were of the form (slightly changed to protect the poor accounts)
qris9.4food772a@hotmail.com and
3metre3e4w.pa7@hotmail.com
not the kind of addresses a script could guess by incrementing numbers. I carefully un-checked all the "please let M$ partners spam me" boxes as well. For the first 2 weeks after creating these accounts, not a single message came in. Then they both started getting occasional spam, obviously targeted.
A couple of weeks ago I handed out the first address to a number of people while in Spain, and then checked it regularly from cybercafes around Portugal. Within days it was getting 3-10 portuguese language spams per day. Now it gets about 20 spams per day in various languages, but the second account is still only getting 2-3 per day.
Strange.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I have a hotmail email address that I don't give out to anyone except my friends. Well so far, after a year of usage I've received less than ten spams.
I also have another hotmail address that I use for absolutely everything, from registering to websites to putting it in my website, etc. Last time I checked I had 470 spams within a month.
... with the bath water is one of the problems in fighting spam.
I use Mail Washer as a pre-processor for my email accounts. It has now turned out to take more time to weed out legitimate messages.
More and more of my legitimate email from distro lists I have subscribed to from cNet, Woody's Windows Watch and even obscure lists such as Amusing Facts Daily now show up in the ORBD and other spam lists it consults.
For instance, just coming back from vacation I had 1200 messages across five accounts. 70% were tagged as spam from a spam list. 20% of those were legitimate distro lists.
The independent spam lists do a good job of catching most of the spam, but it also catches too many legitimate lists. I try to send an email to the list admin letting them know, but typically they respond that it's not worth the effort trying to get off the lists.
I've gone through a something just like it where I was Mudrered Electronically by my ISP.
This site talks about what happens when a legitimate company gets on the list.
Do you actually know the identity of the person spamming you?
The laws should require that ISPs provide you with any and all contact information for the person assigned the IP address from where the spam originated (provided that you can provide reasonable proof that the headers are legit). I'm sick of complaining to ISPs and having them say "pay $150 to get a subpeona and then we'll tell you who spammed you -- *if* we even know."
Greg Egan is an author, programmer, and scientist.
:)
In one of his short stories, he mentions having a setup where a whitelist of people you know are allowed to send you email for free, and anything else requires a minimum payment (which can be set from 0 to as high as you want). Tired of spam? I wouldn't be, for 25 cents a spam. That'd pad my bank account nicely.
How could it be done? There are already proposed extentsions to the SMTP command set so that clients and servers could agree on an amount and pass a token to each other (be sure you're using a TLS aware MTA, like Postfix), and it could be verified by both sides with the 3rd-party escrow server (which manages the money). Paypal is the only current online money system with enough momentum to make this work well for everyone, but maybe another one will come up
Either way, it makes it easy to stop spam by removing the one thing that spammers like -- the cheapness. Only people who want spam (haha), or people who don't live in the 21st-century (MTA wise) will have to deal with the 20th century scourge known as spam.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I've used a free email service for over two years and have NEVER received spam. I'm sure it's partially because it's less well known than hotmail but also because the have a serious commitment to blocking all spam and pursuing action against incoming and outgoing spam.
From the Myrealbox No Spam Policy:
"Spam is no good.
Don't do it.
It causes bad karma and cancer (and perhaps some other diseases).
Yes, this is true.
No, it's not a joke.
Oh, and spammers rot in hell."
"For each violation of the no spam policy, users will be fined ten dollars ($10 USD) for EACH E-mail sent. This damages provision does not preclude Novell from seeking other damages as well."
They give you IMAP, POP in addition to a nice webmail interface. I'm assuming they'll start charging for at some point but this is a good example of how it is possible to block spam if the service provider is committed.
Spam Detective can work with Hotmail accounts. What other programs can?
I pledge allegiance to the flag...
of the Corporate States of America...
I've had that happen a few years ago. I traveled to a part of the US that I'd never been to before and used Hotmail to keep up on email. Within a couple of days, I was getting spam targeted for businesses in that area. This surprised me because I didn't even know what the URL's were for the businesses in that area. The people I was sending and receiving emails from also started to receive the same spam. The only explanation was that someone in that area (an ISP?) was sniffing email addresses and then selling them.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
My wife, for example, created a Hotmail account, even though she already has her own email address with my ISP. The only reason she created the additional Hotmail account is to serve as a junk box. Many web sites that you don't really trust ask for your email address so they can send you a login/password to use their message forum or what-have-you. Why give them your primary email address, and risk them reselling it (or endlessly spamming you themselves)? She can just use the Hotmail account whenever she's not sure about the people on the other end.
How much of the spam in there is actually Hotmail's own fault? Who knows.... We don't really care either. She just deletes everything in it, each time she signs on, after retreiving anything of value buried in all the junk.
Back home (in Italy), I got lots of viruses from Mexico (obviously the PCs in the cafes got infected by Nimda, CodeRed, Klez and friends). A few months later I also noticed an increase in spam-mails from all over the world.
For me it's clear: viruses also spread your e-mail addresses a lot, and finally your address ends up in some spammers database.
Spammers obviously use *any conceivable method* to harvest addresses.
That's better than my account is doing right now. Of course, I don't get much email as I don't really use it for correspondance. This goes to show just how useless email is slowly becoming for anything worthwhile. It may very well be that in the near future we will need to design a new spamproof (or at least spam resistant) mail protocol to prevent this problem.
-Restil
Play with my webcams and lights here
Honestly, if 90% of your new messages received are spam and this is with an email address you never gave out - you have issues with your particular ISP.
I, for example, have an account with Southwestern Bell, and last time I checked - they don't even have any spam filtering in place on their end.
I try not to give this address out, but I have accidently posted a message once or twice to Usenet with my real email address in it. (This was due to freshly re-installing my OS and applications, and forgetting to change a couple defaults before I posted.)
Even having done this, I only get 2 to 4 emails per day of spam. I receive quite a bit of email each day, too - so this isn't a bad ratio at all, IMHO.
Every time I've had real problems with spam on an email account, I can trace it back to something stupid I did myself. (Most often, it had to do with leaving it up on a web site for a long time, under one of those "click here to email me" links.) Those email harvesting bots will eventually find it and add it to spam lists if you do that.
For what it's worth, legislation rarely solves problems. Our knee-jerk reaction of "there oughta be a law!" every time we're upset usually causes our country more long-term harm than good.
I will say, however, that laws have been in place for quite a long time that may already apply to spam email. I just saw a Supreme Court ruling yesterday, while perusing a list of older "free speech/free press related" rulings. It basically stated that anyone receiving an article in the mail that they consider to be offensive or obscene (and the receiver can make this determination on their own) can legally ask the post office to block any further articles from that recipient. As you also pointed out, there are laws in place governing unsolicited fax transmissions.
We may not really need any *additional* laws to handle the problem.... only the courts interpreting existing laws in such a way that they cover electronic mail as well.
Many of you have mentioned temporary address. There is a free serivce that will give you a temporary address... www.spammmotel.com very cool.
Kind thoughts do not change the world
One of my hotmails is used for some registration sites, like a spam magnet address. 99% is spam there. On the others I have no spam at all, but that's only thanks to me blocking everything that is not explicitly allowed.
Will work for bandwidth
I started using it because it was one of the premier places to get an account back around 1997. Now I keep it because I have to have it for all the Passport things that I encounter. I avoid Passport whenever possible, but occasionally run across something that I want to use and need it for.
Most people would die sooner than think; in fact, they do.
I use SpamCop, which is quite effective. Once in a while I look at the queue of messages that SpamCop has decided are spam. About a thousand messages a week are rejected. Sometimes I hit the "report them all to their ISP" button, but usually I just let the stuff scroll off after 3 days.
Because you need it to use for Microsoft's Passport crap which is now incorporated into nearly all their web pages and products. If you want to use MS messenger, or the games on the Zone, for instance, you have to use Passport. I avoid Passport where possible, but I bet that many people need to use some of MS's other services.
Most people would die sooner than think; in fact, they do.
A lot of you are asking, why Hotmail? Why not use some other free email service. Well the answer for me, and probably a lot of their user base, is that you have to use it for Passport. Since Passport is incorporated into nearly all of their web pages and services, it is necessary to have an address for this purpose. For instance, if I need to communicate with a family member on MS Messenger, even if I'm using Trillian or something, I have to have a Passport account to login and use the service. Same with games on the Zone. I quit using that site because they forced passport on users, but I bet many people still use it.
I am currently getting around 75 spam messages a day to my Hotmail. Since I don't use that address for regular correspondence, just Passport, I just decided that perhaps its possible to get around the spam by setting my junk mail filter to exclusive, and then not adding anyone to my list of contacts. Sure I'll still get the MS crap about upgrading my account and stuff, but it should be so much better.
Is anyone else doing this? Does it work?
Most people would die sooner than think; in fact, they do.
Additionally, for major providers like AT&T, Hotmail, etc, they'll take every single username that they know of at hotmail, and try it at AT&T, and see what bounces.
Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.
I've gotten so fed up with Hotmail letting through 100 spams a day and then locking out my account that I decided to switch. I looked at upgrading my yahoo account to one of their for-pay services and just found it a bit too pricey and inflexible. So I started looking around for web based email providers, and found fastmail.fm
The domain sounds weird, but it is a web based email provider written by geeks for geeks. I paid $20 for a premium account after one day of using their free service. IMAP/POP/SMTP access, spam protection, virus protection, a really cool 'bounce' feature, 50 MB inbox, and a great 'Sieve' based filter system (you actually code rules in a pseudo-language designed solely for mail filtering), and you can receive email at anyaddress@youraccount.fastmail.fm. The interface is simple, fast, HTML only (with lightweight style sheets) and I've yet to see it go down or lose an email.
Not a single spam yet. Additionally, I use the anyaddress@ feature to provide better tracking in the event of spam. I gave slashdot the address slashdot@myaccount.fastmail.fm - so that if slashdot ever sells out (heaven forbid) I can just block that address in my ruleset.
Anyway, your mileage may very, but there are much better providers out there - there is no reason to stick with hotmail.
-josh
This means that it actually has nothing to do with hotmail, or microsoft, other than spammers assume (correctly in most cases) that mail admins won't block the entire hotmail.com domain as SPAM.
Don't get me wrong, I'm not defending anyone here, I'm just saying, be clear on what the problem is, and who the bad guy is before getting out the pitchforks and torches.
just my .02 cents (US)
Comment removed based on user account deletion
Well, duuuh. What do people actually think that Hotmail, Mail, Excite, Go or other accounts are for? If you get on the Internet, you go through an ISP, which provides an email account, sometimes up to 5. That's where you get your real mail. For public exposure (signing on to news sites, etc.) email, get a Hotmail account, and just let it fill up with junk. I see it as getting a benefit from the Microsoft tax.
... forums like Slashdot, Kuro5hin, and Fsckedcompany; sending rebuttals to online news journalists; and mailing webmasters/programmers about their sites/programs.
Hotmail:
more spam-prone exposures, like logins to pr0n sites, yowza.
Go and Excite:
miscellaneous uses that I haven't thought of yet.
... you will just be using your own bandwidth to fill up your own hard disks.
Suckers.
Here's my strategy. My ISP: 1 email account; personal use (friends and associates). Mail(.com): identifying myself in public commentary
Thus, my ISP email is utterly clean of spam. My Mail(.com) account gets a couple pieces of spam a week, with some replies from journalists, webmasters and programmers; I logon to Mail(.com) once a week to delete some spam and find some replies. My Hotmail account is a windswept and dusty wasteland of spam, getting 2-6 pieces of spam a day, and has some notices from the sites I subscribe to; I logon to Hotmail every 1 to 4 weeks to delete essentially everything, which is dozens of spam mails. The Go and Excite accounts are still being evaluated for their usefulness; I just login once a month to keep 'em active.
So, thank you Microsoft for providing me a spam filter. Go ahead and even sell the list of your Hotmail clients
[also misbehaves on Kuro5hin as Peahippo]
Because you need it to use for Microsoft's Passport crap which is now incorporated into nearly all their web pages and products.
The computer illiterate insisting on using Hotmail predates this though. Even when a better, faster, more reliable system is available.
Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.
How difficult/time consuming would it be for someone with a decent commercial internet connection (DS3 or better) to run a scan of the entire IP address range, sending a test e-mail back to himself through all discovered open relays (perhaps with the e-mail address used @testingcompany.com for easy identification)? This list could then be used either to contact address owners and perhaps creating public blacklist for those who refuse to plug the holes.
Simplifying the math, with about 4 billion total addresses (I'm not factoring in private ranges), and one attempt per second, I get 134 computer years. Divide this by a corresponding increase in the number of possible attempts per second, and it slices down rapidly. For example, 100 attempts per second would be 1.34 computer years, and that could be further lowered by either faster or multiple computers (or both). Factor in the private address ranges and it drops even further. The main problem I see in this is the possibility of a perceived attack, though this could be moderated by randomizing the address listing so a large block owner doesn't get hundreds of probes a second.
I'm sure spammers already do these kinds of things anyway, so why can't we? Or does someone already do this?
You can never go home again... but I guess you can shop there.
Considering the cost of Spam on the Hotmail system I wonder why a company like Microsoft won't spend a few bucks to make everybody in the world not even want to think about spamming.
That 80% is probably only what they catch using the Junk Mail filters. I get a lot more that I don't even report because of how much of it I get.
There would be no way I would spend a dollar on increasing my Hotmail account size considering the circumstances I mentioned. That's lost $$$$ for MS
I use an Anti-Spamming tool. And because it is based on Fuzzy logic and ratings of email it works VERY WELL. This will also continue on in the future since it filters out anybody who wants to sell me something or etc...
As a result I am one happy camper. I can keep my old email address and not have to worry about the tons spam...
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
I think I have gotten about 3 pieces of spam the entire 2 years. This is about on par with the amount I've gotten in my ISP accounts. Now, my Yahoo accounts on the other hand...
/. is just running this story because it singles out Hotmail, which is owned by MS. If it was Yahoo then the story never would have been posted. On a completely unrelated note, I just saw an ad for VS.NET; I'm thinking of picking up a copy today :-)
Why is this? Simply because my Hotmail account is the address I give to people and sites I trust (this one for example) that I'm sure won't share it with spammers. My Yahoo acccounts serve the opposite purpose. Whenever I register to some shady looking website that just seems to want to collect names it goes to the Yahoo accounts.
I've said this before: People that sign up for Hotmail and get barraged with spam are either 1) using an easy to guess address or 2) using a numbered extension suggested to them by Hotmail eg Cindy1234567@hotmail.com. It goes to figured that every numbered extension before that is a valid address. Do you think spammers don't realize this?
Anyway, I know that
---
I didn't want to leave this space blank.
You just have to laugh at what the spammer said. He's going to CHINA because the don't give you that kind of grief over peddling spam.
Yeah man, go to China. They'll love you there.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
WTF? Where did you hear about this? A quick check with Google turned up nothing...are you sure you're not propagating an April Fool's joke?
20 January 2017: the End of an Error.
I remember somewhere there was a metric to determine if posts in usenet groups were spam or not. The method was something like this:
1) For each time a duplicate of the suspect message is found within one group, increment the count.
2) For each time a duplicate of the suspect message is found in a different group, square the count.
A certain threshold then isolates the spam.
So, my question is, why can Hotmail not implement a similar system to guess the spam across all the users mailboxes. Seems to me that they have a huge advantage of managing millions of accounts over which they should be able to generate stats to remove spam for all.
Or maybe Hotmail want everyone to get spam so that they are more likely to purchase extra mailbox space...
-- Mike
"Sued by Verizon Communications for millions of dollars, spammer Alan Ralsky said he may simply move beyond the reach of U.S. courts to where service providers value cash more than complaints.
"I think China is good place to be," Ralsky said. "You don't get the same kind of grief.""
You go do that. And as more and more Chinese domains are blocked at the border Beijing will start to notice the effect it has on business there, where their businesses aren't able to reach customers that can afford such luxuries like "indoor plumbing" (with the local GDP per capita still hovering around $3600, China needs Western markets). And Beijing will start to impose new anti-spam laws with penalties ranging from all-expense paid trips to one of the interior's lovely "re-education" camps to death by an accute case of lead poisoning delivered to the back of the head (conducted in stadiums so we all had the chance to cheer them on).
Don't let the door hit you in the ass on the way out!
They just want you to look at their banner ads.
Really, they just want you to have a Microsoft Passport.
It's incredible the way they're making having a Passport a prerequisite to using most of their software and yet they let even an unadvertised box fill up with penis enlargement and credit repair offers. Hotmail is a glimpse of what you, the consumer, can expect in terms of quality and service once the entire economy has been Microsoft-Passported.
Plain old Mozilla does that just fine. Even with Win32. so no problem with popups. In fact, if I have to use IE, i get this eww! feeling from all the garbage you get plastered with. The Proxomitron is also a decent piece of work for filtering the web.
.gov :-)
I keep on handing out my spamcop address everywhere but I get almost NO spam. I'm kinda disappointed.. They claim no messages are ever deleted without being dumped into your "held mail" folder. So I quess dog+world has blacklisted spamcop along with
by tarpit I mean a program that responds to incorrect and invalid requests verrry sllowwwly. Someting on the rate of one character per second, just long enough to keep them from timing out, but still tieing up the connection for minutes on end.
This is no solution; it just escalates the war by one more level. This type of behavior is easily detectable by scumware, even with no human intervention, and the spammer can just reset the connection and move on.
ORDB
I can throw myself at the ground, and miss.
I remember opening up my Hotmail account years ago when It was on FreeBSD and there was no whiff of MSN or passport anywhere in the system.
Since Microsoft took over, the game has been to change the service to a profitable, for-pay service.
If they stuff my inbox with junk, then it will soon exceed the new, lower size limits. If I want to subscribe, then they will be happy to give me more space.
Have you looked at sneakemail? It generates permanent random mail addresses that forward back to your "real" address. You can configure the name that gets inserted into the name when it forwards (i.e. "Spanish Cypercafe One") as well as the name people see when you reply ("Mr. Fly").
It saves a lot of tedious filling out of Hotmail accounts and attracts a surprisingly small amount of spam. (And you get to find out who spammed you...)
Really easy, instead of using Hotmails spam filter, I use thier "sorting filters" (or whatever they are called) and filter it all to your junkmail folder.
n fo@
Add these:
user of your username in the subject, because if the address is not blocked, the subject with your login name is a dead giveaway)
Do the same with anything from these addresses:
@msn.com
@bigfoot.com
@yahoo.com
i
Interesting that filtering mail from yahoo on hotmail gets the majority of the spam, but does it work the other way around?
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
To all the people whining about how crappy hotmail is:
Read aloud:
"It's a free service, I get what I paid for".
I agree with your main point about paying for good email service. But Hotmail being free doesn't mean we can't complain about it. What if a car pulled up next to your kid on a dark street and someone inside offered him an unwrapped candy bar? Would you think that was OK if the candy bar was free?
Since Microsoft has been jockeying for position as a corporate entity that will keep track of all our personal information for us with this Passport crap, the fact that they can't even keep the existence of a Passport account a secret is certainly worthy of some concern. I had a Hotmail account in 1998. The amount of spam I got in that account skyrocketed after Microsoft took over. I also have a Hotmail account that I opened in 2000 as an experiment (containing a random 4-digit number). I told no one about it, nor did I send mail from it. It was immediately pelted with spam. Once a month I log in to keep it alive, and delete about 500 offers for penis enlargement, teenage sluts, and "credit repair software". Some of these emails even visibly display (in the To or CC field) the 100 Hotmail accounts nearest to mine alphabetically! I mean, come on, how hard is that to detect? How does this crap get past their filters? There is no excuse for it. Yet these clowns want me to tie my personal information to my Passport account.
The FREE part is irrelevant. They are trying to extend this fiasco into a system with some serious privacy implications. Getting a Passport is optional (and free, as you point out), but considering this is Microsoft, it could easily become "optional as in eating". If we are going to eventually be forced to use their crappy services as they take over one useful resource after another (rumors are they recently bought Yahoo), we have every right to scream about their ineptitude.
A) Live in a state with decent anti-spamming laws.
- AND -
B) Find a DA with the time to piss away prosecuting a spammer ... I mean, heh, there are dangers to our society out there smoking that mari-ju-wanna, you know?
I have a better idea; one more Shakespearean in nature ('the first thing we must do, is kill all the lawyers'). I say, waste 'em.
Seriously.
Every day these parasites collectively consume greater than the equivolent of several human lifetimes in aggrivated and wasted time that it takes you, me and everyone to filter their crapflood.
They knowingly and maliciously violate the code of civilized society in the name of 'my right to make a buck.'
The good Mr. Jay's comment is typical of the spammer:
A complete dodge from the obvious truth that Mr. Jay is stealing from you. He is stealing your time and abusing a service you pay for. Email was not created to be a snake-oil salesman's bull horn in your ear. Mr. Jay and those like him are thieves who contend time and time again that their theft is legal; it is their right to steal from you.
Shut up, you consumer fuck.
Shut up and take it.
I say no more. Let's turn ROSKO into American's most wanted.
Cheers,
-- RLJ
I can recommend spamassassin.
I get 40 personal Emails a day. 35 of them are SPAM. Spamassassin filtes out ~32 of them.
I have had 3 false positives in three months, the senders of which then got onto my whitelist.
To improve the capabilities of the system I submit any SPAM not caught by spamassassin to DCC and Razor.
Really a great system and works nicely with kmail.
Moritz
You obviously don't know anything about any of the anti-spam systems I mentioned. Why not actually try find out about them before making yourself look any dumber than you have already.
Hey, I even included URLs that you could have followed.
Government of the people, by corporate executives, for corporate profits.
No, they just need to find one sucker dumb enough to buy their "Internet Marketing Service". The sucker gets nothing but aggrivation, but by then the spammer already has his money.
/. If the government wants us to respect the law, it should set a better example.
Probably between 10-30% of my spam (varies day-to-day) is from azoogle.com, a supposed "opt-in" spamhaus. They have an "opt-out" system that says to put in your email address - Once I got so desperate to stop THEIR spam only (not caring if they might resell it) that I put in my email address.
It didn't work.
While azoogle's site lists their location as Canada, their domain registration contacts are in NYC.
A 45-minute train ride away.
The minute I find an applicable law (The fact that I have requested that they refrain from contacting me and contact continues means I may have a harassment case) I am taking those bozos to court.
"You just verified your address as valid" - azoogle doesn't CARE if your mail is valid or not - I have procmail configured so that any mail from my spam blocklist gets bounced with a "user not available" message from MAILER-DAEMON. It works with some spammers (I got a message saying, "You have been unsubscribed from list greatsex2@somedomain" due to 4 or more bounced mails. Please correct this and click on the link below to restart your subscription." YEAH RIGHT!), but azoogle has been ignoring the bounces for over a month.
retrorocket.o not found, launch anyway?
Right now, a spammer has no qualms about shotgun-spamming people, on the hopes that 0.01% (One in 10,000) will respond positively to his email.
The 50%+ of people who are pissed off are of no concern to him/her.
The 1-10% that are so pissed off they'd sue if they had the option are of no concern.
If even 0.1% of the recipients of a given spam (1 in 1000) responded with a lawsuit, the spammer would give up VERY quickly.
Less of the spam out there is "masked" than you'd think. Probably 90%+ of my spam originates from semilegit spamops claiming to have "opt-in" marketing, when they're "opt-out" at best. (Most, especially Azoogle, Inc., seem to just shotgun spam without a care, not even bothering to see if a mail bounces or not.) If a law against spam is passed, these guys will all go out of business VERY quickly.
retrorocket.o not found, launch anyway?
Except that in this case, the problem seems to be people sniffing your email address rather than receiving in directly. Knowing who you gave a compromised address to doesn't help you any if it's an eavesdropping third-party who compromises it. Even worse, it may cause you to erroneously suspect an innocent party of giving out your address.
I would argue that the likelihood of someone guessing "8juep001@sneakemail.com" as a valid address is much lower than some sleazy company not holding your E-mail address with sufficient security to prevent harvesting.
In either case, the address heads to the garbage can and/or blacklist and a nasty-gram goes to the company in question.
Oh! I receive a small quantity of spam. (Alas it's on my main acount which has a daily quota on number of messages).
I learnt that it was related to Ralsky's business. Recently I researched where the website of recent spam was and I found things like www*.fastwebsnet.com which is registered in China. I suspect now why.
On the other hand, I complained to Hotmail because some of the messages used Hotmail From: addresses and they replied with something that seemed a not fully automated answer. In one case they told they deleted the spammer address (a very small victory, but good on Hotmail's part) and in the other the address was fake.
Surprising from a Microsoft company. (Hey, I sound like astroturf. Have you seen my mobile phone with camera?)
They even sent messages to evaluate their quality of response. I left when the form asked for a mail address. They are evaluating a unique interaction prompted by my sending email to abuse at hotmail.com and they need that _I_ type my address!?
And as more and more Chinese domains are blocked at the border
Funny, the barbarians censor Chinese sites and China censor barbarian sites. The Wall works both ways.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
While spammers obviously do name guessing and such, that isn't necessarily the case here. The poster who you originally replied to mentioned creating a hotmail account and checking it from cybercafes in Portugal. The poster then began to receive Portugese language spams.
Now if this had been an attack purely on the server, I doubt the spams would've coincided with the country that that person was visiting. Instead, it seems to point to the address being harvested by the cybercafe or the cybercafe's ISP, neither of whom would be suspects under regular circumstances.
Throughout this, the only security lapse on the part of the company you've labelled as being sleazy is that they didn't use encryption for email address submission. And while it sounds good for them to implement as much security as possible, it's hard to justify the extra effort when SMTP requires that the address goes back out over the wire in plaintext format, anyway.
80% of mail coming from hotmail isn't much better.
Assorted stuff I do sometimes: Lemuria.org
I don't figure I've submitted any extra information to Microsoft than I have to. And since I log in on Messenger every now and again, the hotmail account gets checked and stays open.
Almost all spam just goes straight to the trash--I get mail there only from the people on my messenger contact list. Well, that and direct from Microsoft--they do have one thing that keeps sending me notices to pay for more disk space. But since I only use about 5k of space, I don't figure I need 10MB. So in the end, I only get about 3 spams a month that I know about.
Yeah, that spam is from Microsoft directly, so maybe that spam is Hotmail's fault. But the rest of it--the spam you see and I don't--I wouldn't consider to be the fault of Hotmail.
Of course, as always, YMMV. HTH. HAND.