Spammers Exploiting Hotmail Vulnerability

chip rosenthal writes "Notice more Hotmail spam in your inbox recently? There is a good reason for that. In March, spammers discovered a new vulnerability in the Hotmail service that allows them to script their spam sending. So far I've seen a 2200% increase in Hotmail spam as a result. We're now at three months and counting, and the problem only seems to be getting worse."

Spammers cutting and pasting???

[SeanTobin]

Microsoft has created a grave spam threat with this vulnerability. Hotmail has always been a problematic spam source. The saving grace has been that the spam had to be transmitted manually, through a web form, so the sending rate was limited by how fast the spammer could cut-n-paste. Now that Microsoft has provided this new programmatic interface for spammers, that limit has been removed. Spammers may now script their spam runs--and they do--which has created a huge increase in spam transmitted by Hotmail.

So you are telling me that all the spammers out there who so gracefully manage to figure out how to avoid the plethora of filters designed to stop them, negotiate with bandwidth providers to keep thier accounts, and carefully hide thier irl addresses from everyone on earth with a spare brick and a good arm actually cut and paste thier e-mailed spam?

I don't buy it. An hour with a Perl for dummies book and the LWP doc's and any spammer can automate thier submissions.

Does the author really believe that these spammers are copy and pasting thier spams? I sure as heck don't.

Spam control in Hotmail? Bought a bridge lately?

[_RidG_]

Not to totally deride Hotmail, but after having used it for several years, I can honestly say that it's probably the worst out of all free e-mail providers in terms of controlling incoming spam. Yahoo Mail blocks out a good 80-90% of incoming unsolicited mail, and hushmail.com is even better at it - I haven't gotten a single spam during my 6 months with them (so far at least). Add to that the ease with which Hotmail passwords can be hacked (trivial even for script kiddies), and after some consideration you might want to look at another provider.

And hey, it's owned by Microsoft! Grab your pitchforks! :)

hotmail spam

[markov_chain]

Hotmail seems to receive more spam than other free email providers. I believe this may be due to how they handle recipient verification in SMTP. When a mail client attempts to send a message to an unknown username, the hotmail mail server will reply with an error message, indicating that the user doesn't exist. As a result, it is possible for a single spammer to spend some time just once to brute-force user names, and then distribute the list of known-good user names.

Yahoo generates the same reply regardless of whether the recipient exists or not. Thus, to guess user names, spammers would have to brute-force every mailing, as opposed to just the initial one like in the hotmail case.

Why hotmail would do something like this is completely beyond me.

Re:DAV as an integration method for outlook?

[bloxnet]

You know what I have been waiting for? Ximian Evolution for Windows. I don't know what I could personally do to contribute to this endeavor short of purchasing such a product or donating to the port....but that would be a completey sweet alternative...I love running Evolution on Linux machines, and I wish there was a convenient installer for Windows.

* btw - if there is a port and I am just not aware of it, someone please let me know.

hotmail leaks on purpose?

[geoff+lane]

I created a hotmail account with an unusual name unlikely to be guessed by any kind of directory attack, and selected every privacy option I could find but within four hours I got spam.

How could that be without Hotmail leaking names?