80% Of Incoming E-mail At Hotmail Is Spam

The Llama King writes: "According to this AP story at The Houston Chronicle, 80 percent of the e-mail that makes its way into Hotmail's user inboxes is spam. And that does not include the UCE caught by Hotmail's filters. This is the first of a three-part series the Associated Press is doing on spam."

My first reaction

[Alien54]

My first reaction, cynical as it is, is that the reason that this is happening is that no one really uses hotmail except as a junk mail account, something to use when entering an address into a form online etc.

Still, there is promised security of the MS passport system etc. In this case it looks like more like a spam enhancement system. since this is supposed to be something to verify your login across the net. This means that most email addresses there have been preverified by MS as being valid.

a gift to spammers everywhere.

Yay.

[standards]

Finally, a well-written article that highlights the downside of spam.

Yeah, we all know that email is a "powerful new marketing tool", but few have written about how much negative impact it has to the economy and our everyday lives.

I have an email address that I've never given out, and 90% of the messages I receive are spam. The email address on this posting ONLY receives spam... mostly in some funky character set that I can't bother to being to read. This address gets about 40 a day (and likely more after this posting).

So, industry self-regulation? Well that doesn't seem to work - and it didn't work with Enron (or WoldCom or Andersen or ...)

So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.

They passed laws to control the misuse of FAX machines... and although not perfect, they do help. Then again, how many people do you know that have a fax machine at home? Betcha most people have unplugged theirs due to FAX Spam.

Re:Yay.

[anthony_dipierro]

So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.

What good is that going to do? Do you actually know the identity of the person spamming you? You can't sue John Doe defendants in Small Claims Court.

Bill Gates - I have the answer!

[Captain+Kirk]

Bill,

Scott and Larry said you would like to know about this.

Are you tired of churning Hotmail accounts due to spam? Have you ever found yourself wondering if others have inside tips that are holding your back?

Wonder no more. I have the answer. Move Hotmail to Debian Linux, type 'apt-get install spamassassin razor' and your problems will be solved.

Send your credit card details now to pay for my $0.02 worth.

Patrick

Re:Bill Gates - I have the answer!

[MS]

Hotmail still uses FreeBSD with Apache (recently upgraded to 1.3.26) on some of its servers. The Web-Frontend is entirely on W2K, but a lot of the hard work is still done by FreeBSD:

http://uptime.netcraft.com/up/graph/?host=ad.law10 .hotmail.com
Same for ad.pav0.hotmail.com, law2-ad.hotmail.com, and many others.

Don't fix, what ain't broken - maybe Microsoft understood this rule.

Well

[Mr_Silver]

I've found that I've always had a problem with spam to my hotmail account. I don't sign up for anything, I don't ask for anything and I certainly don't publish my email address as it was only used for a couple of months.

Granted, a lot of spam gets through on guesswork (such as every common permutation of John Smith @ hotmail.com) but you have to wonder if something odd is going within the company when (as a test) you register ibtgsrq at hotmail dot com and within two weeks it starts receiving the usual fake degrees, penis enlargment and general porn stuff.

subnote: ibtgsrq stands for I Bet This Gets Spam Real Quick - and it did.

Spam techniques

[flonker]

Recently, I ran a script against the mail server logs, testing what email addresses receive how much mail. And I was quite surprised to find a large number of hits for mailboxes that don't exist. For example: ...
8 - diane@domain.com
2 - diane1@domain.com
2 - diane2@domain.com
2 - diane3@domain.com
2 - diane4@domain.com
2 - diane5@domain.com ...

And also, such classics as jsmith@domain.com (and all numbers attached.)

Obviously, they can't afford to do this all of the time, but do it once, and use web bugs to track who opens the message, and boom. Instant verified email addresses.

Social and technical measures - automatic fines

[Cato]

One of the better articles I've seen on how to stop spam covers Social and technical measures (Google cache), by Richard Jones - using Google because that site isn't reachable right now. It doesn't have all the answers, but has some very good ideas. Most importantly, they can be implemented by ISPs without legislation, important though that is in the medium term.

I think a combination of strong filtering, strong terms of service (e.g. take credit card numbers of those who sign up for email service, and have an automatic and substantial fine for abuse), and legislation could really help. Spammers moving offshore actually makes filtering easier, for those people who don't do a lot of business with China at any rate...

One key point is that spam-filtering should be controllable by the individual, to allow people to make sure they receive email that might look like spam (e.g. most commercial newsletters) and server-based so that nobody needs to download spam over slow dialup or mobile wireless connections. SpamAssassin is the best tool I've found so far.

Re:Social and technical measures - automatic fines

[GigsVT]

I've written a grep patternfile that does a very good job as far as not causing false positives. It's not going to block 100% of spam, but I have not had it block a legitimate email yet, even corporate newsletters that may look like spam.

If the lameness filter will let me post it, here goes:

(I had to combine some of the shorter lines to get past the fucking lamenessfilter. Lines with a "-" in them should be broken into two lines)

[Bb]egin[[:space:]]*[0-7]{3}[[:space:]]*.*\.(vbs |v be|js|exe|com|pif|lnk|scr|bat|shs|sh).*
name=.*\. (vbs|vbe|js|exe|pif|lnk|scr|bat|shs|sh).*
filename=\"?.*\.(vbs|vbe|js|exe|pif|com|lnk|scr| ba t|shs|sh)\".*

Free Money - MyLife.scr - Pamela Anderson - Kournikova - Nasty Celebs Naked - CELEBS NAKED
Free.VIP.Membership - LOSE WEIGHT FAST - LOSE 30-60 LBS - HOME REPS NEEDED - FREE NO OBLIGATION QUOTE - yyyesss.com - Click here for a FREE QUOTE - tvdiscounts-online

My Life.scr - Oregon auto loan - as well as six new vulnerabilities - Adult-Life.Com - Simply click the unsubscribe link below

Unsubscribe Here - Penis Enlargement - hot young teen - hardcore sex - Cum inside - Uncensored Teen - bigger penis - penis longer - penis grow - Led.exe - HERMOSO DESEO

myparty - fuck and suck - suck and fuck - x-msdownload - Content-type: application/mixed

I send you this file in order to have your advice - Content-Type: audio/x-wav - ABC1234567890DEF - sexyfun - gone.scr - youngest teens
tightest pussy
Global Remove List
inches to your penis
youngest teen
jaculation
hottest teen
Go to here to be removed
Click here to be removed
o be removed go
\(ADULT\)
\(FUNDS TRANSFER\)
The Best of the Best!
t e e n s
VIAGRA
Pheromones
rape sex
Snowhite and the Seven Dwarfs
sexual enhancement
supercharge your sex life
amplify your pleasure
Prosextra
fucked HARD
INSTANT FREE FULL ACCESS
If you wished to be removed from this mailing list
get your rocks off
Let these whores
18 years old
barn yard fun
Rape SEX!!
Mature Audiences
sex with dogs
Sex With Dogs
Snake Fuck
DO NOT SAVE
REAL ANIMAL FUCKING
permission based messages
permission based marketing
Our Sluts
opt-in
MUST BE AT LEAST 18
To be removed from our

Disregard the remainder of this message, it was necessary to get around the lameness filter.

Well, now I have to type a bunch of stuff to get past the lame-ass filter. Blah Blah Blah, the cat sat on the fat rat, this is a waste of my time. The ends do not justify the means. I wonder if this line is long enough to raise the average line length yet, maybe I should keep typing. Man, I know why they call it the lameness filter, it is damn lame. 20.3 chars per line now, better type some more to raise that average. Lets see, I've wasted, what, 10 minutes of my life now because of this stupid filter? I wonder how many people just give up by this point. Blah Blah Blah, test test test. Maybe I can paste this line twice.
lamenessfilterlamenessfilterThis is for the lamenessfilterlamenessfilterThis is for the lamenessfilterlamenessfilterThis is for the lamenessfilter menessfilterThis is for the
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibheuismod tincidunt ut laoreet dolore magna aliquamerat volutpat. Ut wisi enim ad minim veniam, qusnostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex eac ommodoconsequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velite ssemolestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros etaccumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augueduis dolore te feugait nulla facilisi.Lorem ipsum dolor sit amet,consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreetdolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrudexerci tation ullamcorper suscipit lobortis nisl utaliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit invulputate velit esse molestie consequat, vel illumdolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissimqui blandit praesent luptatum zzril delenit augue duis dolore te feugait nullafacilisi.Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diamnonummy nibh euismod tincidunt ut laoreet doloremagna aliquam erat volutpat. Ut wisi enim ad minimveniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquipex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit invulputate velit esse molestie consequat, vel illumdolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissimqui blandit praesent luptatum zzril delenit augue duis dolore te feugait nullafacilisi.Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diamnonummy nibh euismod tincidunt ut laoreet doloremagnaaliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exercitation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duisautem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat,vel illum

Re:impssible account names

[anticypher]

I created a couple of throw-away hotmail accounts before my current long vacation, as something to hand out to people I really don't want to know after we say goodbye.

There were of the form (slightly changed to protect the poor accounts)
qris9.4food772a@hotmail.com and
3metre3e4w.pa7@hotmail.com

not the kind of addresses a script could guess by incrementing numbers. I carefully un-checked all the "please let M$ partners spam me" boxes as well. For the first 2 weeks after creating these accounts, not a single message came in. Then they both started getting occasional spam, obviously targeted.

A couple of weeks ago I handed out the first address to a number of people while in Spain, and then checked it regularly from cybercafes around Portugal. Within days it was getting 3-10 portuguese language spams per day. Now it gets about 20 spams per day in various languages, but the second account is still only getting 2-3 per day.

Strange.

the AC

I'm suriprised no one mentions Greg Egan.

[Inoshiro]

Greg Egan is an author, programmer, and scientist.

In one of his short stories, he mentions having a setup where a whitelist of people you know are allowed to send you email for free, and anything else requires a minimum payment (which can be set from 0 to as high as you want). Tired of spam? I wouldn't be, for 25 cents a spam. That'd pad my bank account nicely.

How could it be done? There are already proposed extentsions to the SMTP command set so that clients and servers could agree on an amount and pass a token to each other (be sure you're using a TLS aware MTA, like Postfix), and it could be verified by both sides with the 3rd-party escrow server (which manages the money). Paypal is the only current online money system with enough momentum to make this work well for everyone, but maybe another one will come up :)

Either way, it makes it easy to stop spam by removing the one thing that spammers like -- the cheapness. Only people who want spam (haha), or people who don't live in the 21st-century (MTA wise) will have to deal with the 20th century scourge known as spam.

Re:impssible account names

[tiny69]

I've had that happen a few years ago. I traveled to a part of the US that I'd never been to before and used Hotmail to keep up on email. Within a couple of days, I was getting spam targeted for businesses in that area. This surprised me because I didn't even know what the URL's were for the businesses in that area. The people I was sending and receiving emails from also started to receive the same spam. The only explanation was that someone in that area (an ISP?) was sniffing email addresses and then selling them.

Dude! I'll pay for your plane ticket!

[Guppy06]

"Sued by Verizon Communications for millions of dollars, spammer Alan Ralsky said he may simply move beyond the reach of U.S. courts to where service providers value cash more than complaints.

"I think China is good place to be," Ralsky said. "You don't get the same kind of grief.""

You go do that. And as more and more Chinese domains are blocked at the border Beijing will start to notice the effect it has on business there, where their businesses aren't able to reach customers that can afford such luxuries like "indoor plumbing" (with the local GDP per capita still hovering around $3600, China needs Western markets). And Beijing will start to impose new anti-spam laws with penalties ranging from all-expense paid trips to one of the interior's lovely "re-education" camps to death by an accute case of lead poisoning delivered to the back of the head (conducted in stadiums so we all had the chance to cheer them on).

Don't let the door hit you in the ass on the way out!

Re:impssible account names

[Wanker]

Have you looked at sneakemail? It generates permanent random mail addresses that forward back to your "real" address. You can configure the name that gets inserted into the name when it forwards (i.e. "Spanish Cypercafe One") as well as the name people see when you reply ("Mr. Fly").

It saves a lot of tedious filling out of Hotmail accounts and attracts a surprisingly small amount of spam. (And you get to find out who spammed you...)