Microsoft Going After Hotmail Spammers

Mirkon writes "Quoth The Register: "Microsoft has targeted spammers with a lawsuit aimed at bulk mailers who harvest email addresses of Hotmail subscribers in order to bombard them with junk." Details are apparently sketchy at this point, but it's nice to see America's favorite monopoly putting its power to good use." The original news.com.com story is slightly more informative.

So what....

[IWantMoreSpamPlease]

Now they are going to go after themselves?

I created a hotmail account as a test purpose. I picked as odd a combination of names and letters I could, to the maximum allowed. I never used the account, nor told anyone about it.

One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.

So let's see them go after themselves and fine themselves heavily. Or better yet, put themselves out of business.

Re:So what....

[zuggy]

Why would MS sell your e-mail address so they can turn around and pay for the bandwith it takes to receive thousands of spam e-mails?

Easy, to force people to return often to said free email account to delete spam on the very small capacity accounts, thus seeing more ad banners in the process...

AND

To frustrate serious users into shelling out money to purchase an account with a higher capacity

You don't become a monopoly by thinking linearly!

A good start

[interstellar_donkey]

Now if I could only get hotmail to stop spamming me. About once a month I get spam from hotmail under the guise of 'hotmail member services'. These junk emails have ads for all sorts of things, have little to do with the opperation of my email, and are annoying.

You can't block this address (staff@hotmail.com), and there is no 'opt out' other then to stop using the hotmail service.

Mildly tolerable and acceptable if you are getting the email for free, but unacceptable if you sign up for a years service and pay them. Needless to say, I did not renew my pay subscription.

In a word....

[earthforce_1]

Yessssss!!!!

I also use hotmail, and their filters are not as good as Yahoo's, because you cannot filter on message content, only header. I get an average of two spams a day in my hotmail account. I wish MS/hotmail would improve their inbox filtering, but I am glad to see them doing something about the problem.

I have no problem siding with the Borg on this one!

I took Hotmail spammers to mean ...

[Strike]

... the people using Hotmail to spam everyone else. Like 50% of the spam that I get is from accounts like hotmail.com or yahoo.com, even on accounts for those very same domains and even with the spam filters for each of those domains on (set to "high" in Hotmail's case). Eliminating spam BEFORE it gets sent seems like perhaps a more important issue for everyone, but then again corporations doing what's best for them and not everyone isn't exactly news either (nor necessarily bad).

Re:I took Hotmail spammers to mean ...

[Steve+B]

The spam dropboxes (the address for suckers to reply) often is on hotmail. Whenever I report one, the drones send a message a few days later asking if the issue has been resolved (yeah, right, I'm going to try to send mail to a spam drop box to find out whether or not you bothered to do your fscking job and nuke it).

paying for bandwidth

[ebuite37]

Microsoft sick of paying for bandwidth? NO! They get paid for giving out their emails. I used to use hotmail before it was bought by MS, and I never got spam. All the sudden I started receiving tons of it after the purchase. I wrote Hotmail tech support to complain, who responded by telling me they have to pay for the service somehow. That was six years ago, but I believe it still happens. Why else does their spam filters filter one porn subject line but ignore another with the same or similar strings?

Mail readers.

[IncarnationTwo]

An intresting widget for a mail reader would be a "spam button". It deletes the spam, blacklists the spammer, and sends an error message to the spammer... Like the one you get when there is no address with that name.

Are there any mailreaders with thatkind of widget?

Re:Mail readers.

[Daniel+Dvorkin]

Apple's Mail.app for OS X has such a feature. The first few times you run the program, it runs in "training" mode -- you get all the messages in your inbox, it marks what it thinks is and isn't spam, and you tell it if it's right or not. When you're satisfied, you switch it to regular mode, which is pretty much the same except that the messages it marks as spam get sent either to a special "Junk" mailbox, or the trash, your choice. You can always tell it if it makes a wrong choice, and if you mark a message as spam, it sends it off to the Junk box for you and ... does whatever it does to learn the changes. I usually have it send the marked messages to Junk rather than straight to the trash, since I like to look through the subject lines and senders to make sure there aren't any false positives before I delete them.

It's very, very good. I'd say I haven't had any false positives since training it early on (some of the mailing lists I subscribe to tend to look a lot like spam, but it picked up on those fast) and I get very few false negatives, under 5%. It's not perfect, but it's a good start. It also has a "Bounce Message To Sender" option that I rarely use, since what usually happens is that the message gets bounced right back to me -- forged headers, etc.

Re:Mail readers.

[Bilbo]

> i hate spam to, but i don't think there is or should be anything illegal about it.

Heh... You've obviously never been on the receiving end of this little trick. You'd quickly change your pretty little tune after receiving several thousand hate-mail messages, and had your ISP account cancelled because you were "generating illegal spam and violating the User Agreement," and then got blacklisted from other ISP's because you were a known spammer, and had people hacking into your computer to get back at you and... well, need I go on?

> if i send the same messages via snail mail is it illegal abuse of your home address?

Ummm.... that's called Mail Fraud, and carries heavy fines, and jail time if you do it enough.

My experience with hotmail....

[dfenstrate]

I don't actually get a lot of junkmail on my hotmail account. In fact, I haven't checked my hotmail account for two weeks, and I only have two pieces of mail in there:
1. Some crap from a mailing list I signed up for.
2. Spam.... from 'hotmail member services' sadly, I can't block them (I tried), but really, are "7 hot tax tips" really all that important for me to know, at least in terms of maintaining my account?

Shouldn't this kind of stuff come in as MSN-approved spam?

I can't really complain, though, cause it's free, and they only spam me once in a while.

I've had this account for a couple years now, and I use it as a junk email account whenever a website demands an email address. Still, no deluge of spam.

It's not Microsoft doing this ...

[Khalidz0r]

Many of the comments have been blaming this on Microsoft itself selling addresses or stuff like this. I am not pro-Microsoft or whatever, but I think that's just nonsense.

Spam, I guess, hurts the company more than anybody else, it clutters the database, and waste space, and fills unused email accounts with lots of junk, ...

We should think a bit before blaming everything on Microsoft just because of the bad guy it is being towards us.

The Essence of Value Added

[Schlemphfer]

I think we'd all agree that an e-mail address isn't worth much, by itself. Spam prevention has become one of the best ways to add value to an email address, and make it more worth paying for. Filters work with varying success, and to the extent that filters are effective, an email account becomes more worth paying for. But filters will only take you so far; I use a Yahoo account for my personal email. Once upon a time, I never got spam there. But now I get hundreds of spams a month, and at least three or four a day slip past the filter.

Hotmail's filters have always been poor compared to Yahoo's (insert obligatory anti-ms joke here.) But I have to say, that if Microsoft is going to start aggressively suing spammers who send email to Hotmail accounts, it's going to make their Hotmail service a whole lot more desirable. Microsoft has been desperately trying to get people to pay money for their Hotmail accounts (which, back in the DotCom boom, once promised "free email for life."), and I think suing spammers might be their best possible strategy. Not only does will it reduce Microsoft's storage and bandwidth costs, it will differentiate Hotmail from the slew of freemail providers, and make the service much more worth paying for.

Until we get aggressive federal anti-spam legislation, this new strategy from Microsoft will be great for Hotmail users and good for the Internet in general. If the lawsuits actually frighten spammers away from Hotmail, I might indeed finally pay for my Hotmail account, which I now use only as one of those disposable junkmail accounts for registering on sites I don't trust.

hrmm

[clarionhaze]

for some reason eberyone thinks your info has to be sold for the spammers to get it. thats discusting incorrect! there are ways for them to get into the databases of emails, you'd probably be surprised.

Re:Not true...

[Christianfreak]

Its a conspiracy because many of us used hotmail before it was bought out by the Borg. I used it for 2 years and got maybe 5 spams. It wasn't more than a week after MS bought it and it started getting flooded with spam. At that point I quit using it. I don't remember what the password to the account is now (and MS in their infinate monopoly spirit will only let you retrieve your lost password if you have IE), I shudder to think of what is in that account now.

Re:Obtain ID's from banner ad server referal?

[tiohero]

Maybe its comming from the banner ad servers?

Is is possible for spammers to obtain email ID's from the URL obtained from a banner ad's "referal" data? Or perhaps they can harvest emails ID's if you click on a banner ad. Isn't there some sort of HTML mechanisms to do this?... I don't know, thats why I'm asking.

What about if they serve flash animations? Can flash code be made to spit back the complete refering URL?

What about ...

[JSkills]

... people who use a continuous flow of newly creatred hotmail accounts to SEND spam? Shouldn't Msoft do something about them too?

I've written a server based SPAM filter that uses the RBL and mail from hotmail addresses are always rejected since it appears they are on the RBL. This makes it difficult for legit people using Hotmail to send mail to places using the RBL for filtering.

Re:What about ...

[Steve+B]

people who use a continuous flow of newly creatred hotmail accounts to SEND spam? Shouldn't Msoft do something about them too?

Now, now, you can't expect them to be able to handle something as technically complex as imposing a 2 second per destination address delay on new accounts.

Re:Obtain ID's from banner ad server referal?

[Ed+Avis]

Yes, you can harvest addresses from your referrer log if people come from Hotmail to your site. At least, you could: I haven't checked if Hotmail's URLs still include the email address or some munged version of it.

But Then Why?

[Bilbo]

If it's a brute force guessing attack, then why don't I get the same amount of spam on my Yahoo account?

Actually, there is a solution, at least on my end. I created a hotmail account just so I could talk to someone on the Microsoft IM client, so I know I should receive ZERO messages on that account. I just set filtering to only accept mail from people in my address book, and then have zero entries in my address book.

It doesn't stop all the Spam that Microsoft itself sends me, but it keeps most of the rest of the spam away.

And yet...

[Zebra_X]

"...monopoly putting powers to good use."

and yet not so much. imagine how much they could "save" by not having to broker all the crap the spammers are sending to their systems. less hardware costs, less bandwidth, less headaches. less spam for hotmail users is really only a by product of their business goal to save money. if they could make money from spam - then hotmail users would get a lot more of it!

business is the worst of people.

Hushmail's spam filter...

[dark_panda]

This thing works pretty well...

1. When someone (or something) sends you an email, it gets stuffed into a "pending" folder rather than your inbox.
2. Whoever sent you the email gets an automated reply from hushmail that requires them to click on a picture of a keyhole that's placed randomly on the screen in a java app, or something to that effect.
3. After clicking on the keyhole once, they'll automatically get past your spam filter from then on. You can also set up lists of addresses or domains that bypass the filter all together.

This system basically assumes that there's a human on the other end of that email to click through the filter. I haven't seen a single spam in my inbox since I enabled it.

It's not impossible to defeat, but for the moment, it works great.

J

Re:Using their power for good use..

[Matty_]

As a somewhat former mali server administrator, I would say that the intense amount of SPAM being sent to hotmail.com has a lot do with the decreasing availibility of MX's for hotmail.com. I remember watching the Postfix logs one day and it received "connection refused" messages one right after another until it finally found an MX that responded to it, which was maybe the fifth or sixth one it tried.

Spmmers / Messengers

[OrbNobz]

My hotmail account is awash in spam, I have never used the account. Simply amazing.
I really think we are going about the spam issue the WRONG way, however. Hear me out.
We are hellbent on shooting (drawing/quartering) the messengers. The messengers are ever-changing, fraudulent, pieces of crap that forge everything from the originating IP to the recipients address. But all Spam has one thing in common. Content.
All spam is trying to get you to buy some product or service.
The only reason spammers do what they do is because it's MAD profitable. Why? Because the content's originator makes it that way.
I propose we turn this massive gun we call "public outcry" towards the TRUE originators of all the spam: The people who construct the content, or pay the spammers.
If spamming becomes unprofitable, it will stop. Spammers aren't doing it to be malicious, they are monetarily motivated! Stop the source of the money, and stop the spammer.
Order one of those mini-hovercraft RC things, find out who it ships from, then sic your lawyers on them. Buy that Viagra from an online pharmaceutical, find out where it ships from, then set the coordinates on your lawyer-launcher. Go after AT&T, Discover, Home lending companies.
Your email address, once harvested, is like the freakin village bicycle! It gets passed around so much, you have no CLUE as to who grabbed it orginally, nor does it matter since so many other spammers have it! It's a vicious circle, and I say go after the TRUE SOURCE!

Does this make sense to anyone else, or should I drink some more coffee and calm down?

- OrbNobz
If I had a nickel for every spam I received, I'd...be...getting...paid, thus part of the problem! Ack!

Coincidence ???

[andrewbaldwin]

Just by pure coincidence I submitted a posting about 2 hours before this, asking if anyone had done a comparative study of e-mail providers and Spam.

I created a Hotmail account specifically for product registrations. It's NEVER been used in newsgroups (or to send out an e-mail for that matter), yet within hours it stared receiveing junk mail.

I've not had that problem with my main e-mail provider

Does this mean that

a) Hotmail is a prime target for people generating "random" names for spamming

b) Hotmail / Microsoft have weak security

c) MS are selling or leaking addresses so that they can publicly clean up later and gain credit

d) I'm just unlucky

Personally I favour Napoleon's dictum that we should not attribute to malic that which can adequately be explained by incompetence (in other words, favour the cock-up theory over the conspiracy)

Strange Yet True

[OrcishSpacesuit]

I've had a spare hotmail account for nearly a year now, and I've gotten no spam in it at all, unless you count the MS stuff. I've even used it, giving out the address to people I know and to sites I trust (like slashdot.org and skotos.net), and to small community sites like forums and such.

No spam. At all.

If I had to guess, I would say that the 15-character username throws off some spammers. Mine's actually a combination of two words, though you won't find one in most dictionaries.

more likely scenario

MS spam is going unnoticed due to all the "illegitemate" spam (not that it's illegitimate to *it's* source).
Illegal spam is BS, like it's somehow different from paid for advertising. I think it's kinda nice that some MS scam is side by side in my inbox with cell phone antenna boosters. Two products that claim to do something...
It's like those guys in redmond have a lot in common with thieves everywhere.

Re:MS **IS** THE SPAMMER..

you are kidding, surely. Have you not seen this type of spam/fraud before? I get loads of them from the b*st*rds.

What happens in this fraud is.. stupid, greedy and/or gullible people read it and think its true, they contact the fraudsters who then talk them into coughng up a few grand in legal fees/bribes/etc with the promise of the big payout. Once they've done that, the fraudsters keep asking for a bit more and more and more, evetually they inform the sucker they're coming to a hotel in the US to give them their share... and the sucker never hears from them again.

It has nothing to do with MS. Why would anyone think it is - except that it gets delivered to your hotmail account?

MS does not charge for a spam-free service. They filter some spam mails for free. The ones that get through will get though a premium service too.
Second, MS does pay bandwidth charges - which telco provides them with their internet access? They don't give it away for free.

MS cannot find the spammers easily - they forge the email headers, and email does not contain the IP address the stuff was sent from.

The problem with spam is pervasive to everyone on the internet. New laws may help if they can find and prosecute the spammers, if so, I'm all for it. Good on MS for having a go at the spammers.

I use my Hotmail to harvest spam

[CanadaDave]

I use my hotmail account to harvest spam for use with Mozilla's Bayesian filters. Without Hotmail, my spam folder wouldn't have over 1000 messages in it right now (and I just started a few months ago, when mozilla 1.3a came out)

Making spam expensive

[Space]

Can the slashdot effect make spam expensive?
If we posted any URL from a spam message, minus any identifying information, to slashdot and enough people visit that url will the spammer lose money paying for that bandwidth? What if several broadband slashdotters run a recursive wget several hundred times simultaneously? Can we make spam a less viable matketing technique if the bandwidth costs alone are more than snail mail and any of the idiots that actually buy stuff from spammers can't even connect to the site in question?