Slashdot Mirror
Microsoft Going After Hotmail Spammers
Mirkon writes "Quoth The Register: "Microsoft has targeted spammers with a lawsuit aimed at bulk mailers who harvest email addresses of Hotmail subscribers in order to bombard them with junk." Details are apparently sketchy at this point, but it's nice to see America's favorite monopoly putting its power to good use." The original news.com.com story is slightly more informative.
Now they are going to go after themselves?
I created a hotmail account as a test purpose. I picked as odd a combination of names and letters I could, to the maximum allowed. I never used the account, nor told anyone about it.
One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.
So let's see them go after themselves and fine themselves heavily. Or better yet, put themselves out of business.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Now if I could only get hotmail to stop spamming me. About once a month I get spam from hotmail under the guise of 'hotmail member services'. These junk emails have ads for all sorts of things, have little to do with the opperation of my email, and are annoying.
You can't block this address (staff@hotmail.com), and there is no 'opt out' other then to stop using the hotmail service.
Mildly tolerable and acceptable if you are getting the email for free, but unacceptable if you sign up for a years service and pay them. Needless to say, I did not renew my pay subscription.
The Internet is generally stupid
Yessssss!!!!
I also use hotmail, and their filters are not as good as Yahoo's, because you cannot filter on message content, only header. I get an average of two spams a day in my hotmail account. I wish MS/hotmail would improve their inbox filtering, but I am glad to see them doing something about the problem.
I have no problem siding with the Borg on this one!
My rights don't need management.
*cringe* it is almost too hard to say but...
Yay for Microsoft!
*ugh* that was hard. And it still hurt to say.
NoKey.
I'm sorry, but my kharma just ran over your dogma.
One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.
Microsoft actually might be at fault there. Spammers have been bruteforcing honeypot domains for a few years now, sending spam to any and all combinations of letters and numbers. what doesn't bounce gets added to a "cleared" list and passed along, so the spam accumulates from there.
> My guess is that MS itself sold the account to spammers.
The spammer probably used the dictionary-like-attack described in the Register article to guess your address. I receive all mail sent to my domain regardless of the address. I am the first and only owner of the domain, yet I receive spam sent to addresses I've never used. The spammers are clearly not bothering with harvesting addresses; now they're just making 'em up.
... the people using Hotmail to spam everyone else. Like 50% of the spam that I get is from accounts like hotmail.com or yahoo.com, even on accounts for those very same domains and even with the spam filters for each of those domains on (set to "high" in Hotmail's case). Eliminating spam BEFORE it gets sent seems like perhaps a more important issue for everyone, but then again corporations doing what's best for them and not everyone isn't exactly news either (nor necessarily bad).
Microsoft sick of paying for bandwidth? NO! They get paid for giving out their emails. I used to use hotmail before it was bought by MS, and I never got spam. All the sudden I started receiving tons of it after the purchase. I wrote Hotmail tech support to complain, who responded by telling me they have to pay for the service somehow. That was six years ago, but I believe it still happens. Why else does their spam filters filter one porn subject line but ignore another with the same or similar strings?
There are programs out there that generate random email adresses for a given domain. There is no way Microsoft would do something so stupid. Why does everything posted about MS on Slashdot have to be some kind of conspircy?
...it's time to allow women to vote!
Seriously, while it's good they're finally doing it, why weren't they doing it years ago?
WWJD? JWRTFM!!!
HAHA. that's funny. I can think of three reasons to do this:
1. The spam is costing them insane amounts of money in bandwidth
2. People stopped using MSN hotmail because of the spam, and they need more subscribers to look better compared to AOL.. because potentially Microsoft could boost it's "MSN Userbase" by including some hotmail users
3. More money. This option is unlikely, since Microsoft probably won't gain any money directly from the lawsuits, but I guarntee that more userbase + less bandwidth fees because of spam = more money in the long run for msft.
"Instead they use Hotmail. Which means that M$ effectively controls all Internet email"
Huh? When there are dozens if not hundreds of alternative e-mail services that you can easily use from anywhere for free? Not even close. In fact, in the e-mail I receive, only a small percentage come from people using Hotmail.
"If they start filtering stuff out--even spam--then they are abusing their monopoly power to limit free speech"
No, it is their network. Free speech is not an issue; you are a guest on their system. Just as it does not violate "free speech" if the New York Times does not bother to print your latest letter about jet contrails.
Just keep your name out of their Member Directory and you will be spam free. I've had my Hotmail account for years spam free.
+++ David Watts 5495 0.0 0.5 1888 884
An intresting widget for a mail reader would be a "spam button". It deletes the spam, blacklists the spammer, and sends an error message to the spammer... Like the one you get when there is no address with that name.
Are there any mailreaders with thatkind of widget?
In dream society, people could be given the ability to mod replies. In real life, it would be disaster.
I don't actually get a lot of junkmail on my hotmail account. In fact, I haven't checked my hotmail account for two weeks, and I only have two pieces of mail in there:
1. Some crap from a mailing list I signed up for.
2. Spam.... from 'hotmail member services' sadly, I can't block them (I tried), but really, are "7 hot tax tips" really all that important for me to know, at least in terms of maintaining my account?
Shouldn't this kind of stuff come in as MSN-approved spam?
I can't really complain, though, cause it's free, and they only spam me once in a while.
I've had this account for a couple years now, and I use it as a junk email account whenever a website demands an email address. Still, no deluge of spam.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Many of the comments have been blaming this on Microsoft itself selling addresses or stuff like this. I am not pro-Microsoft or whatever, but I think that's just nonsense.
...
Spam, I guess, hurts the company more than anybody else, it clutters the database, and waste space, and fills unused email accounts with lots of junk,
We should think a bit before blaming everything on Microsoft just because of the bad guy it is being towards us.
"What you 'seek' is what you get!"
Most people these days don't even use their ISP email addresses, because they may change and are often hard to remember in the first place.
My local ISP is named after my town, which has six letters. I have a three character username, so it is essentially xyz@mytown.net. That is a helluva lot easier than rox0r432@hotmail.com.
Boromir, son of Faramir, King of Gondor and Minas Tirith
Boromir is Faramir' brother. Both are the sons of Denethor. Neither could ever be the king of Gondor, since they are the stewards, charged with taking care of the kingdom until the return of the rightful king. For Boromir to be Faramir's son would require some plot manipulations that even Peter Jackson would probably feel uncomfortable with.
GF.
Lots of petrified grits
Here it somes folks ... the herecy.
...)
E-mail should be paid for by the sender! Just like real mail. A new protcol needs to be designed (or maybe has been ???) to address (pun intended) this problem.
Right now the reciever covers all the costs of filtering, blocking, and dealing with the god awful Relay and Domain Blacklists (if you've ever been on one, good luck getting off
As soon as the sender has to pay you'll see spam practically drop off the map except for "legitimate" product offers and announcements.
the 'slide
"Corporate rock still sucks. What are you gonna do about it?"
Hotmail's filters have always been poor compared to Yahoo's (insert obligatory anti-ms joke here.) But I have to say, that if Microsoft is going to start aggressively suing spammers who send email to Hotmail accounts, it's going to make their Hotmail service a whole lot more desirable. Microsoft has been desperately trying to get people to pay money for their Hotmail accounts (which, back in the DotCom boom, once promised "free email for life."), and I think suing spammers might be their best possible strategy. Not only does will it reduce Microsoft's storage and bandwidth costs, it will differentiate Hotmail from the slew of freemail providers, and make the service much more worth paying for.
Until we get aggressive federal anti-spam legislation, this new strategy from Microsoft will be great for Hotmail users and good for the Internet in general. If the lawsuits actually frighten spammers away from Hotmail, I might indeed finally pay for my Hotmail account, which I now use only as one of those disposable junkmail accounts for registering on sites I don't trust.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
for some reason eberyone thinks your info has to be sold for the spammers to get it. thats discusting incorrect! there are ways for them to get into the databases of emails, you'd probably be surprised.
all i see are 1's and 0's
Is is possible for spammers to obtain email ID's from the URL obtained from a banner ad's "referal" data? Or perhaps they can harvest emails ID's if you click on a banner ad. Isn't there some sort of HTML mechanisms to do this?... I don't know, thats why I'm asking.
What about if they serve flash animations? Can flash code be made to spit back the complete refering URL?
It's too easy for spammers to use a free HotMail account (like "bigscam89734@hotmail.com") to send SPAM from. Microsoft should fix that first.
I've written a server based SPAM filter that uses the RBL and mail from hotmail addresses are always rejected since it appears they are on the RBL. This makes it difficult for legit people using Hotmail to send mail to places using the RBL for filtering.
A class action suit is filed against microsoft for bugs in IIS, Outlook and IE.
Sending tonnes of virus spam and cloging up networks.
thank God the internet isn't a human right.
Yes, you can harvest addresses from your referrer log if people come from Hotmail to your site. At least, you could: I haven't checked if Hotmail's URLs still include the email address or some munged version of it.
-- Ed Avis ed@membled.com
Actually, there is a solution, at least on my end. I created a hotmail account just so I could talk to someone on the Microsoft IM client, so I know I should receive ZERO messages on that account. I just set filtering to only accept mail from people in my address book, and then have zero entries in my address book.
It doesn't stop all the Spam that Microsoft itself sends me, but it keeps most of the rest of the spam away.
Your Servant, B. Baggins
"...monopoly putting powers to good use."
and yet not so much. imagine how much they could "save" by not having to broker all the crap the spammers are sending to their systems. less hardware costs, less bandwidth, less headaches. less spam for hotmail users is really only a by product of their business goal to save money. if they could make money from spam - then hotmail users would get a lot more of it!
business is the worst of people.
I am a Hotmail user. I have been since 1997.
I'm also a Yahoo Mail user. I have been since 2000.
Last fall I decided that I either had to subscribe to a third free mail service (I hid the address I pay for, thank you very much) or try to work with the filtering tools. Both accounts were flooding with spam to the point of tediousness.
First Step: I spent a week unsubscribing out of every spam that came into my inbox at both accounts.
Expected Result: I expected the spam to increase. I was proving that not only was the address valid, but it was read.
Actual Result: Spam did decrease. Some of the spammers actually are good for their word. Others are not.
Second Step: Identify who is spamming me despite my requests. Block them, and filter them with the tools at both websites.
Expected Result: I expected to be able to stop some of the spam, but not much. They are crafty bastards after all.
Actual Result: A good portion of them dropped off.
Short Term Prognosis: After two weeks of work (Step One and Two) the volume of spam at both accounts fell about 66%. Roughly. Unscientifically. Hotmail went from 100 daily spams to 30. Yahoo went from 30 to 10. Give or take.
Mid Term Results: After a month of time passing, I encountered a spike in spam. On both accounts. My addresses had been sold.
Mid Term Actions: I repeated steps One and Two. After a short bit of work, both accounts settled back down.
Long Term Results: It's been about 6 months. I still get spam, at a much reduced rate. I dedicate one day out of every month to opt out of spam mails in my inbox. I dedicate another day to working my filters and blocks (when I say "day" I mean about an hour of work on a single day).
I get less spam. It's not all gone, but I get less. Both Hotmail and Yahoo send me "user updates". About once monthly. Sometimes I read them. Sometimes I delete them. I am not overly concerned about it. One letter per month is not something to quit a free service over. Unless I want to grandstand with my important indignation.
The point of all of this, and how it relates to the actual discussion:
If you aren't paying for the service, you get what you pay for. I don't pay for either, and it costs me about 4 hours each month to keep each one useful. Fair trade.
If Microsoft is going to endeavor to get rid of unwanted spam from outsiders. I applaud them. It might not impress the anti-MS crowd, but I'm ok with that. I don't pay for the service, and they are trying to do something to make it better. In a fashion that costs them money. With a method that no other free email service is attempting.
I'm sure it will somehow go all wrong and I will be forced to wear my MSYou! Implant Chip05 at the end of it all, but that's the price of working with the Evil Empire. So long as I get less spam with my Soilent Green, I can live with it.
Grimwell - old, cranky, mean, obsessive
- When someone (or something) sends you an email, it gets stuffed into a "pending" folder rather than your inbox.
- Whoever sent you the email gets an automated reply from hushmail that requires them to click on a picture of a keyhole that's placed randomly on the screen in a java app, or something to that effect.
- After clicking on the keyhole once, they'll automatically get past your spam filter from then on. You can also set up lists of addresses or domains that bypass the filter all together.
This system basically assumes that there's a human on the other end of that email to click through the filter. I haven't seen a single spam in my inbox since I enabled it.It's not impossible to defeat, but for the moment, it works great.
J
these are not free to operate
I thought everyone paid the Microsoft Tax when they bought a computer.
Apparently Microsoft hates spammers as much as the rest of us. Now if they'd only hate the other scourge of the Internet as much as the rest of us do...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
My hotmail account is awash in spam, I have never used the account. Simply amazing.
I really think we are going about the spam issue the WRONG way, however. Hear me out.
We are hellbent on shooting (drawing/quartering) the messengers. The messengers are ever-changing, fraudulent, pieces of crap that forge everything from the originating IP to the recipients address. But all Spam has one thing in common. Content.
All spam is trying to get you to buy some product or service.
The only reason spammers do what they do is because it's MAD profitable. Why? Because the content's originator makes it that way.
I propose we turn this massive gun we call "public outcry" towards the TRUE originators of all the spam: The people who construct the content, or pay the spammers.
If spamming becomes unprofitable, it will stop. Spammers aren't doing it to be malicious, they are monetarily motivated! Stop the source of the money, and stop the spammer.
Order one of those mini-hovercraft RC things, find out who it ships from, then sic your lawyers on them. Buy that Viagra from an online pharmaceutical, find out where it ships from, then set the coordinates on your lawyer-launcher. Go after AT&T, Discover, Home lending companies.
Your email address, once harvested, is like the freakin village bicycle! It gets passed around so much, you have no CLUE as to who grabbed it orginally, nor does it matter since so many other spammers have it! It's a vicious circle, and I say go after the TRUE SOURCE!
Does this make sense to anyone else, or should I drink some more coffee and calm down?
- OrbNobz
If I had a nickel for every spam I received, I'd...be...getting...paid, thus part of the problem! Ack!
Just by pure coincidence I submitted a posting about 2 hours before this, asking if anyone had done a comparative study of e-mail providers and Spam.
I created a Hotmail account specifically for product registrations. It's NEVER been used in newsgroups (or to send out an e-mail for that matter), yet within hours it stared receiveing junk mail.
I've not had that problem with my main e-mail provider
Does this mean that
a) Hotmail is a prime target for people generating "random" names for spamming
b) Hotmail / Microsoft have weak security
c) MS are selling or leaking addresses so that they can publicly clean up later and gain credit
d) I'm just unlucky
Personally I favour Napoleon's dictum that we should not attribute to malic that which can adequately be explained by incompetence (in other words, favour the cock-up theory over the conspiracy)
I've had a spare hotmail account for nearly a year now, and I've gotten no spam in it at all, unless you count the MS stuff. I've even used it, giving out the address to people I know and to sites I trust (like slashdot.org and skotos.net), and to small community sites like forums and such.
No spam. At all.
If I had to guess, I would say that the 15-character username throws off some spammers. Mine's actually a combination of two words, though you won't find one in most dictionaries.
I doubt this is a good start by MS, and I'm not sure MS is completely helpless or innocent either.
.end attachment
: : : :
I suspect this is a PR stunt to plead helpnessness in a matter where they are actually the guilty party.
I get frequent spam on my hotmail account, I'm using this account for 4 years now. Curious thing is, these spam mails for elongated pelvic protusions, anlarged mammiary glands and Nigerian style mails - APPEAR - to be spam.
But APPEARANCES CAN BE DECEPTIVE. I'm pasting a complete mail I got recently from a bogus address, to my hotmail account, sundaram_kr@hotmail.com I post this address publicly - so I can study the spam problem in detail.
My reasoning first, then the attachment:
1. This mail APPEARS to be spam, but is NOT. The instinctive reaction of any 'SENSIBLE' receiver of spam is to hit the delete button. I did not. I sent a 'reply' and it bounced off the non-existent sender's address.
2. I checked the mail for any snail-mail address - surprisingly, there was NONE WHATSOEVER!!
Thus, I conclude:(Elementary, my dear Watson)
1. If the 'sender' were indeed a Nigerian bank spammer, he'd have included his snail mail address.
2. If he's paying for the bandwidth to send the mails to MS Hotmail, he'd better have a sound motive. Annoying me does not serve any purpose for a banker, however moronic.
3.Even if he'd planted the mail in insecure servers and used their bandwidth to spread his spam, he'd still need a motive - none appears to exist.
4. It should be trivial for a co. like MS to track down such a bulk e-mailer - years ago. Apparently hey have not done so - and thus:
5. MS 'IS' THE SPAMMER. They are the ONLY ones who'd gain a cent by annoying me, and charging me for a spam-free service. They are the only ones who could store these messages on their servers and not need to pay any bandwidth charges.
and now, the so-called spam:
begin attachment
Mr.Isaiah K.Muttai.
Senior Manager,
Operations
Banking Services,
Kenya commercial Bank.
Dear Sir,
I Isaiah K.Muttai the Senior Manager, Operations
Banking Services, I want to include you in this God's given opportunity.
On Saturday 30th January 2000, flight KQ 431 left Nairobi at 12.00 p.m. headed
for Lagos, Nigeria on a scheduled flight. The thirteen-year old Airbus had on
board a total of 179 passengers who included 11 crew members.
This plane could not land at Lagos due to poor weather and the pilot decided to
stop and refuel in Abidjan, Cote d'Ivoire. However, on leaving Abidjan, about
two to three kilometres from the coast,the plane crashed in the ocean. This is
the first time a crash involving a Kenya airways plane since it was established
in 1977.
So my friend, one of our customers happened to be involved in the plane crash,
who deposited £11.3m.(eleveen million, three hundred thousands pounds) few
months before the incedent.
This fund has been dormant in his account with this Bank without any claim of
the fund in our custody either from his family or relation before our discovery
to this development.
Although personally,I keep this information secret within myself and partners to
enable the whole plans and idea be profitable and successful.
Meanwhile all the whole arrangement to put claim over this fund as the bonafide
next of kin to the deceased, get the required approval and transfer this money
to a foreign account has been put in place
and directives and needed information will be relayed to you as soon as you
indicate your interest and willingness to assist us and also benefit your self
to this great business opportunity.
In fact I could have done this deal alone but because of my position in this
country as a civil servant,we are not allowed to operate a foreign account and
would eventually raise an eye brow on my side during the time of transfer
because I work in this bank.
This is the actual reason why it will require a second party or fellow who will
forward claims as the next of kin with affidavit of trust of oath to the Bank
and also present a foreign account where he
will need the money to be re-transferred into on his request as it may be after
due verification and larification by the correspondent branch of the bank,where
the whole money will be remitted from to
your own designation bank account.
I will not fail to inform you that this transaction is 100% risk free. The
sharing rate of this money will be discussed later upon your favourable response
showing your zealous determination to assist
us but the first priority is your total acceptance and commitment to assist.
Please,you have been adviced to keep top secret as we are still in service and
intend to retire from service after we conclude this deal with you. I will be
monitoring the whole situation here in this bank
until you confirm the money in your account and ask me to come down to your
country for subsequent sharing of the fund according to percentages.
Please my friend, i will like to hear from you whether you are interested or
not.
Best Regard,
Mr Isaiah K Muttai.
The 'header' with the bogus details...
From
"Isaiah Muttai"
To
isaiahkm@myself.com
Subject
Thanks for understanding
Date
Tue, 05 Nov 2002 07:50:37 -0500
end header..
If you keep throwing chairs, one day you'll break windows....
The original news.com.com story is slightly more informative.
.com.
It's also slightly more
Cleaning undersea stables would indeed be a Herculean task, but I think you meant "Augean".
I use my hotmail account to harvest spam for use with Mozilla's Bayesian filters. Without Hotmail, my spam folder wouldn't have over 1000 messages in it right now (and I just started a few months ago, when mozilla 1.3a came out)
If you actually read the grandparent, you'd see that the email address is fake and that there is no return mailer. Either this is one dumb spammer who is being purely annoying, or there's something underhanded here.
As far as MS paying bandwidth charges... if it's locally-hosted spam, they don't pay on it. Fire up the spam daemon and bombard the email service internally. Why? Perhaps just to generate more clicks, I would guess.
I'm sort of disappointed the parent didn't give the extended headers; I know that hotmail would show the mail server routing... in such a case they could block the spammer if he/she was doing it directly from the home machine, or if not, to contact someone down on the anon-mail host to shut the crap off. In any case, there's a simple solution (and yes, you can tell in access logs who has been sending a ton of spam at once from the same IP, it's not that hard). Now, if these really are the headers as completely as given.... then what's left to think but perhaps they might have a hand in it? I seriously hope you weren't convinced of your statement that "email does not contain the IP address the stuff was sent from". Even a spoofed or bogus IP would show up on a robust service monitor's detection when a crapflood of spam comes in.
This could all just be MS/Big Brother FUD and this is just an isolated case of an uberignorant spammer who goofed up his mail, but I'd be interested to see what's up. I don't think MS is as innocent as they portend, given how easy it is to set up access control by IP to services. Yes, good on MS for going after spammers... but after how long that Hotmail has been spam-riddled? It reeks of opportunism to me.
Never attribute to Hanlon that which can be adequately attributed to Heinlein.
Can the slashdot effect make spam expensive?
If we posted any URL from a spam message, minus any identifying information, to slashdot and enough people visit that url will the spammer lose money paying for that bandwidth? What if several broadband slashdotters run a recursive wget several hundred times simultaneously? Can we make spam a less viable matketing technique if the bandwidth costs alone are more than snail mail and any of the idiots that actually buy stuff from spammers can't even connect to the site in question?
I Don't Work Here
Just set up Outlook Express to connect to it in typical client/server fashion. Granted, it's in beta (and has been for quite some time... dare I say, indefinitely?), so it has some issues. But it's definitely helpful in avoiding banner ads altogether...............
I know it is spam in principle, but Hotmail "staff" sends out an average of one email per month per user. Hardly enough to choke their servers or your account. As well, mail from "Hotmail Staff" is most likely just a pointer to a central file, reducing diskspace and bandwidth as well since savvy users delete the pointer (?) without loading the actual message. I personally don't find those messages all that hypocritical since they are advertising their own services. After all, why look the gift horse in the mouth? It's FREE as in beer.
As well, the reason spam is illegal is because it is unsolicited by the email provider or user. Although not solicited by the user, *who* owns the darn servers? Microsoft shouldn't be barred from sending internal messages. I'll bet the messages don't even take up allocated account space (back to that pointer issue again).