Slashdot Mirror
Microsoft Going After Hotmail Spammers
Mirkon writes "Quoth The Register: "Microsoft has targeted spammers with a lawsuit aimed at bulk mailers who harvest email addresses of Hotmail subscribers in order to bombard them with junk." Details are apparently sketchy at this point, but it's nice to see America's favorite monopoly putting its power to good use." The original news.com.com story is slightly more informative.
Now if I could only get hotmail to stop spamming me. About once a month I get spam from hotmail under the guise of 'hotmail member services'. These junk emails have ads for all sorts of things, have little to do with the opperation of my email, and are annoying.
You can't block this address (staff@hotmail.com), and there is no 'opt out' other then to stop using the hotmail service.
Mildly tolerable and acceptable if you are getting the email for free, but unacceptable if you sign up for a years service and pay them. Needless to say, I did not renew my pay subscription.
The Internet is generally stupid
*cringe* it is almost too hard to say but...
Yay for Microsoft!
*ugh* that was hard. And it still hurt to say.
NoKey.
I'm sorry, but my kharma just ran over your dogma.
Why would MS sell your e-mail address so they can turn around and pay for the bandwith it takes to receive thousands of spam e-mails?
Besides they have banner ads to serve you to make $$$
One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.
Microsoft actually might be at fault there. Spammers have been bruteforcing honeypot domains for a few years now, sending spam to any and all combinations of letters and numbers. what doesn't bounce gets added to a "cleared" list and passed along, so the spam accumulates from there.
> My guess is that MS itself sold the account to spammers.
The spammer probably used the dictionary-like-attack described in the Register article to guess your address. I receive all mail sent to my domain regardless of the address. I am the first and only owner of the domain, yet I receive spam sent to addresses I've never used. The spammers are clearly not bothering with harvesting addresses; now they're just making 'em up.
There are programs out there that generate random email adresses for a given domain. There is no way Microsoft would do something so stupid. Why does everything posted about MS on Slashdot have to be some kind of conspircy?
HAHA. that's funny. I can think of three reasons to do this:
1. The spam is costing them insane amounts of money in bandwidth
2. People stopped using MSN hotmail because of the spam, and they need more subscribers to look better compared to AOL.. because potentially Microsoft could boost it's "MSN Userbase" by including some hotmail users
3. More money. This option is unlikely, since Microsoft probably won't gain any money directly from the lawsuits, but I guarntee that more userbase + less bandwidth fees because of spam = more money in the long run for msft.
Do you actually think the spam comes from hotmail? Have you heard of people forging from: addresses? Please, go read the SMTP RFC and come back when you have something to contribute :)
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
That might be just a new bussiness model. Invest in bandwidth to receive spam and then get your money back tenfold by sueing the spammers and winning the case...
"Instead they use Hotmail. Which means that M$ effectively controls all Internet email"
Huh? When there are dozens if not hundreds of alternative e-mail services that you can easily use from anywhere for free? Not even close. In fact, in the e-mail I receive, only a small percentage come from people using Hotmail.
"If they start filtering stuff out--even spam--then they are abusing their monopoly power to limit free speech"
No, it is their network. Free speech is not an issue; you are a guest on their system. Just as it does not violate "free speech" if the New York Times does not bother to print your latest letter about jet contrails.
Just keep your name out of their Member Directory and you will be spam free. I've had my Hotmail account for years spam free.
+++ David Watts 5495 0.0 0.5 1888 884
Hotmail's filters have always been poor compared to Yahoo's (insert obligatory anti-ms joke here.) But I have to say, that if Microsoft is going to start aggressively suing spammers who send email to Hotmail accounts, it's going to make their Hotmail service a whole lot more desirable. Microsoft has been desperately trying to get people to pay money for their Hotmail accounts (which, back in the DotCom boom, once promised "free email for life."), and I think suing spammers might be their best possible strategy. Not only does will it reduce Microsoft's storage and bandwidth costs, it will differentiate Hotmail from the slew of freemail providers, and make the service much more worth paying for.
Until we get aggressive federal anti-spam legislation, this new strategy from Microsoft will be great for Hotmail users and good for the Internet in general. If the lawsuits actually frighten spammers away from Hotmail, I might indeed finally pay for my Hotmail account, which I now use only as one of those disposable junkmail accounts for registering on sites I don't trust.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
> spam that I get is from accounts like hotmail.com or yahoo.com
Take a look at your full headers, those are forged.
I filter out mail from @yahoo.com|@msn.com|@hotmail.com|@aol.com where the connecting host does NOT end in yahoo.com, msn.com, hotmail.com, or aol.com
Just this alone got rid of 20% of my mail (all spam, never a false positive).
- For the complete works of Shakespeare: cat
All fine and good, as long as the reply-to address isn't forged.
Case in point: About 3 weeks ago my email was flooded with bounce-backs from spam. Apparently someone had used my email address in a forged From and Reply-To header. I recieved about 300 of these messages in 5 hours.
In your scenario, suddenly my email address is blacklisted, not the spammers. Oh well, guess it's time for a new Hotamil address anyway. (BTW, I do have another Hotamil address, that has never recived a non-"Hotmail member services" spam. I think the trick was to put nonstandard characters in there, that particular address has an _ character in it).
Think For Yourself. Question Authority.
The problem is that spammers who're searching for valid addresses generally check whether or not an error occurs at the SMTP level. When the message is in your mailbox, it's already too late.
First, the spammer connects directly to your server and checks how you handle invalid addresses (by sending an email to an almost guaranteed bogus account). If your mail server rejects mail to the test address, the spammer then begins doing a dictionary-based attack. If any mail gets through, that address goes on the spammer's list of valid targets.
Why would MS sell your e-mail address so they can turn around and pay for the bandwith it takes to receive thousands of spam e-mails?
Easy, to force people to return often to said free email account to delete spam on the very small capacity accounts, thus seeing more ad banners in the process...
AND
To frustrate serious users into shelling out money to purchase an account with a higher capacity
You don't become a monopoly by thinking linearly!
I am a Hotmail user. I have been since 1997.
I'm also a Yahoo Mail user. I have been since 2000.
Last fall I decided that I either had to subscribe to a third free mail service (I hid the address I pay for, thank you very much) or try to work with the filtering tools. Both accounts were flooding with spam to the point of tediousness.
First Step: I spent a week unsubscribing out of every spam that came into my inbox at both accounts.
Expected Result: I expected the spam to increase. I was proving that not only was the address valid, but it was read.
Actual Result: Spam did decrease. Some of the spammers actually are good for their word. Others are not.
Second Step: Identify who is spamming me despite my requests. Block them, and filter them with the tools at both websites.
Expected Result: I expected to be able to stop some of the spam, but not much. They are crafty bastards after all.
Actual Result: A good portion of them dropped off.
Short Term Prognosis: After two weeks of work (Step One and Two) the volume of spam at both accounts fell about 66%. Roughly. Unscientifically. Hotmail went from 100 daily spams to 30. Yahoo went from 30 to 10. Give or take.
Mid Term Results: After a month of time passing, I encountered a spike in spam. On both accounts. My addresses had been sold.
Mid Term Actions: I repeated steps One and Two. After a short bit of work, both accounts settled back down.
Long Term Results: It's been about 6 months. I still get spam, at a much reduced rate. I dedicate one day out of every month to opt out of spam mails in my inbox. I dedicate another day to working my filters and blocks (when I say "day" I mean about an hour of work on a single day).
I get less spam. It's not all gone, but I get less. Both Hotmail and Yahoo send me "user updates". About once monthly. Sometimes I read them. Sometimes I delete them. I am not overly concerned about it. One letter per month is not something to quit a free service over. Unless I want to grandstand with my important indignation.
The point of all of this, and how it relates to the actual discussion:
If you aren't paying for the service, you get what you pay for. I don't pay for either, and it costs me about 4 hours each month to keep each one useful. Fair trade.
If Microsoft is going to endeavor to get rid of unwanted spam from outsiders. I applaud them. It might not impress the anti-MS crowd, but I'm ok with that. I don't pay for the service, and they are trying to do something to make it better. In a fashion that costs them money. With a method that no other free email service is attempting.
I'm sure it will somehow go all wrong and I will be forced to wear my MSYou! Implant Chip05 at the end of it all, but that's the price of working with the Evil Empire. So long as I get less spam with my Soilent Green, I can live with it.
Grimwell - old, cranky, mean, obsessive
Heh... You've obviously never been on the receiving end of this little trick. You'd quickly change your pretty little tune after receiving several thousand hate-mail messages, and had your ISP account cancelled because you were "generating illegal spam and violating the User Agreement," and then got blacklisted from other ISP's because you were a known spammer, and had people hacking into your computer to get back at you and... well, need I go on?
> if i send the same messages via snail mail is it illegal abuse of your home address?
Ummm.... that's called Mail Fraud, and carries heavy fines, and jail time if you do it enough.
Your Servant, B. Baggins
- When someone (or something) sends you an email, it gets stuffed into a "pending" folder rather than your inbox.
- Whoever sent you the email gets an automated reply from hushmail that requires them to click on a picture of a keyhole that's placed randomly on the screen in a java app, or something to that effect.
- After clicking on the keyhole once, they'll automatically get past your spam filter from then on. You can also set up lists of addresses or domains that bypass the filter all together.
This system basically assumes that there's a human on the other end of that email to click through the filter. I haven't seen a single spam in my inbox since I enabled it.It's not impossible to defeat, but for the moment, it works great.
J
these are not free to operate
I thought everyone paid the Microsoft Tax when they bought a computer.
Just by pure coincidence I submitted a posting about 2 hours before this, asking if anyone had done a comparative study of e-mail providers and Spam.
I created a Hotmail account specifically for product registrations. It's NEVER been used in newsgroups (or to send out an e-mail for that matter), yet within hours it stared receiveing junk mail.
I've not had that problem with my main e-mail provider
Does this mean that
a) Hotmail is a prime target for people generating "random" names for spamming
b) Hotmail / Microsoft have weak security
c) MS are selling or leaking addresses so that they can publicly clean up later and gain credit
d) I'm just unlucky
Personally I favour Napoleon's dictum that we should not attribute to malic that which can adequately be explained by incompetence (in other words, favour the cock-up theory over the conspiracy)
A different idea that came up at the conference was what I'll describe as "bigger targets attract more arrows". That is, an ISP with millions of subscribers (Hotmail, Yahoo, AOL, Earthlink) is a more appealing target for things like dictionary attacks than, say, my personal DynDNS account with two legitimate users behind it.
If you're going to carry out a dictionary attack against a domain, diminishing returns will take over for the little one (one billion tries, two hits -- 2e9%), but for the big one you can expect a reasonable hit rate (one billion tries, 3 million hits -- 0.003% -- and in fact a reasonably big fraction of all users on the network).
In practice, this means today that the bigger the netwowrk, the greater the current spam volume, to the point that of the largest ISPs and corporate networks around today, something like 40% to 50% of their mail traffic is now spam.
I think this is a better explanation for what's going at Hotmail et al., and it also does a better job of why they want so badly to control the spam issue. The explanation they'll give to the public is that this is good customer service, and to an extent that's true. But at the same time, trying to handle all this network traffic is probably a technical nightmare (and comments about the migration from FreeBSD to Win2000 are not helpful here :). For a free service, having to handle that much unwanted traffic is probably killing them, and bringing it under control for that reason is probably at least as important as maintaining customer good will.
DO NOT LEAVE IT IS NOT REAL