Slashdot Mirror
Microsoft Will Sell Whitelist Services For Hotmail
Ec|ipse writes "Looks like Microsoft has found another way to make money, this time from spam. Microsoft has adopted a "whitelist" program (Bonded Sender by IronPort) which will allow marketers to pay Microsoft so that they are included on a special whitelist, guaranteeing uninteruptable delivery of their messages to Hotmail and MSN users. You can catch the full article at Excite. I especially like the nice naming for spammers, calling them 'marketers' sounds so much more legitimate."
mgibbs adds "Hopefully the $20K fine that results from abuse of this system is enough to deter spammers."
Spam the hell out of everyone, sue the spammers for profit, and then profit from the whitelists.
Get a hold of the whitelist, and you can immediately add it to your OWN spam filter! Nice of Microsoft to offer to collect all, umm, marketers in one place...
And then they will charge users extra for "adv free" service. Oh wait, I thought they were talking about phone companies.
Sorry to give you one less reason to hate MS, but they are taking the money as a BOND, not as payment. MS only gets the money if the spammers don't follow their rules. Probably something like "must use real return address and have a unsubscribe link that doesn't add you to more lists."
"Men lie."
"Yeah, about sleeping with other women, but never about bioluminescent plankton."
-Dan Brown
Looks like they've just pointed a double barrelled gun at their feet. If they were trying to avoid wholesale migration away to either:
- Google's Gmail OR
- Novell's MyRealEmail....
Then this is a f***ing dozey way to do it!
Linux fan and Win32 developer
I was *just* recently sitting here and wondering if there was anything Microsoft could have done to squander the product, userbase and public goodwill MS inherited when they bought Hotmail that they haven't done already.
/. article right now..
I couldn't think of anything
I guess I'm just not as imaginative as MS.
I'll bet the GMail team is doing a little dance of joy at reading this
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I cert.ainl.y H-O-P-E th4t it d0es a G o o d job
Props to GNAA!
I had an hotmail address years ago, back in the day before MS buy the domain... I never really used it... and I still don't know why people need an hotmail address? passport thing? you can live without it and without MSNM you know...
/. should make a poll to know who has and who hasn't an hotmail address, and in comments we would know why people who has one, well... has one.
"Science will win because it works." - Stephen Hawking
So, Once again they get the little guy. What about that small nonprofit running their own mail server. Or that small business running their own mail server. They have to pay the same as the big business.
Large companies can afford to drop a payment on this but the small business/non-profit sure can't.
Evolution or ID?
One can only imagine what is being built into LongHorn to ensure this kind of business model continues.
So, everyone just blocks MSN and HotMail period! So long "marketeers" and their funny little noses and tails.
Yahoo has been doing this for a LONG time.
they have their "spam" filtering yet there are types of spam that will not go away as they have "special" spam from their "partners" that will NEVER EVER hit their filtering rules for spam.
I am betting that ALL free email sites will do this within this year.
Do not look at laser with remaining good eye.
In Denmark the marketing rules forbid people to send uninvited marketing material. Unless you specifically accept to receive it - it will be illegal (and punishable by court) to send it. This law is not only to electronic e-mails but goes to all kinds of marketing. You are not allowed to call by phone to someone in order to sell them something (unless the user has registered his phone number somewhere and accepted to receive a phone call).
So unless you check the checkbox somewhere in your hotmail registration, you will be able to sue MS - in Denmark at least...
-:) Oh no - not again.
www.rednebula.com
or is everyone completely against MS making any money whatsoever? The Bonded Sender program looks like it will actually be really useful for 90% of Hotmail users, the ones who use it for their normal e-mail address, rather than the ones who just use it for MSN access. I've used Hotmail for the past 5 years, and have only ever had problems with spam from companies that really have nothing to offer, or cba with writing decent adverts. I think MS, if it has any sense (there goes my argument), will start refusing access to those kind of companies, and the spam that is actually put through will be of a higher quality and maybe even relevant (in a GMail kinda way?) Then again, I might be completely wrong.
I'd accept all the spam in the world if they paid me 15 cents per message. That would make spam much cheaper than bulk mail and would weed out marketers who aren't serious.
If a company is going to sell my resources (time spent downloading/reading/procesing email) they had better share the revenues with me.
Two wrongs don't make a right, but three lefts do.
Yup, I guess it does give them the right to do that.
All those moments will be lost in time, like tears in rain.
When I first read that tidbit yesterday, I assumed it was so Microsoft could snoop on all future Windows machines. Now in ADDITION to that potential, they can beam you uninterruptible spam!
So, is there any chance that if those features are advertised widely, fewer people will buy Longhorn?
I fail to understand why anyone even bothers with hotmail anymore. There's nothing less professional looking than putting a free-email address on your business card or website.
-- Even if a god did exist, why the fsck should I worship it?
My company was informed of this bonded sender program by MSN/Hotmail support 2 months ago. At the time they claimed the Bonded Sender program was a third-party service with no affiliation to MSN/Hotmail or Microsoft. At the same time, they also claimed that even if you DO subscribe to the bonded sender program MSN/Hotmail will give no guarantee that your emails will be delivered!
allow legitimate marketers to thread the gauntlet of spam filters
- run the gauntlet
- thread the needle
choose one.D.
Just because you can't, doesn't mean you shouldn't.
I'm thinking about the one involving putting the fox to guard the chickens.
Seriously, I hope this convinces people to not use Hotmail etc - now with guaranteed spam...
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
As has already been pointed out, this is a bonding service - not a straight for profit medium for Microsoft.
My biggest questions is When a company breaks the rules, where does the bonded money go??
My other problem is that this in an opt-out service. I would prefer to see an opt-in only service, but that would pretty much invalidate the idea of a global whitelist, wouldn't it.
I just hope that microsoft doesn't think this is the end all answer to spam filtering. Bill Gates stated in the Washington Post back in November that MS would eliminate spam within I think the next 2 or 5 years (something like that). This certainly is NOT the answer.
I am an engineer in charge of a large email system. We send millions of emails per week to our members. I have contacts in the top 10 ISP's and we're on no RBL's of consequence (the big 10 RBL's are clean, we are not concerned about the RBL run by sn0rky in his dorm room). Rarely do we have a delivery problem, however we did decide to get Bonded since it looks like a good program for responsible mailers.
The BondedSender process looked us over and saw that we had, *gasp*, 50 complaints with a volume of 20 million messages sent. One complaint per million is their threshold for acceptance into the program! This is unreasonable. People complain about messages from their own damn family in my experience. The geeks here wont understand because they are literate of the issues surrounding the politics of email... but your average citizen is going to flip out and start whacking the "report as spam" button for anything they don't want to receive: their buddy sending them a dirty joke they don't want, an alert from their bank about their account being low, mailings from their girlfriend breaking up with them, etc.
This is absolutely true. I've heard the horror stories from my contacts at the aforementioned top 10 ISP's. The number of complaints they get about private emailings to and from their own contact lists rivals the number of messages that are actually spam.
I have an associate that works at large-bank-corp and they get about 1 per 10,000 complaints for their goddamn credit card statements!
BondedSender will be short lived unless they relax their restrictions. Any spammer sending pr0n and v|agra mailings is going to not be interested in this deal simply because of the costs and hassle of getting bonded. It's cheaper for Ma Bulker to just switch ISP's every two weeks or scam open relays.
Anyway... that's my say... Good luck if you try getting Bonded.
However, that makes my email address less useful, and Usenet a less useful resource.
I've never disguised my email address on Usenet or anywhere else (with the exception of some of the more pointless web site registrations). There have been plenty of times I've gone back to ancient archives digging for answers, come across someone who solved almost what I'm trying to do, and sent them an email asking if they'd mind helping me. And the converse has happened too - many people I don't know have emailed me over the years after coming across old posts, and I've helped out where possible.
I'm pretty defiant over this one. I refuse let low-life scum dictate how I can use my address. I am not going to jump through hoops at their behest - my email address is a contact point, and people should be able to use it to contact me.
Cheers,
Ian
I mean, if I am to enter my mail somewhere on the internet, it's my (long deactivated) hotmail account that I am using exactly for this purposes. And on my everyday mail account, I don not get much spam on that one. I mean, come on. If you were thinking that free online services will stay free, then you did never think about the money one can make of advertising. So this is rather natural, I suppose. Why not move to another provider? There are lots...
Black holes were created when god tried to divide by zero
MicroSoft isn't selling anything, they are using the services of another company, namely bondedsender.com.
Who are bondedsender? They are part of ironport systems, who also own spamcop.net. Spam reported to spamcop.net automatically gets reported to bondedsender.com and the spammer gets whacked.
This is really good news because spamcop.net/ironport were recently sued by the spammer snotty scott richter. This means that ironport will have more income to not only fight the spam lawsuit but fight spam in general.
SPF support for most open source mail servers can be found at libspf2.
Anyone thinking there is a greed motive for this is wrong. There is no way that Microsoft would trade this much bad press for the paltry amounts of money that this could generate. So, here's what I think is happening.
Microsoft has been pursuing various antispam paths, but the ultimate one, enforceable legislation to stop it, has encountered some resistance unless the legislation's effects are limited in some way. I think they are trying to counter some of this resistance.
There are occassions that I get "spam" from software companies (whose products I've used in the past) advertising new products. I don't mind that kind of spam, yet I almost always find them in my spam box because I use a pure white list approach and forgot to put the company on my white list.
The kind of spam that really drives me nuts and causes me to switch addresses is the spam that's looking for that one sucker in a million, the viagra spam, the refinancing spam, and the pornographic spam.
If the guidelines a) ban the improper spam while allowing contacts from other companies and b) strongly enforce requests to remove my email from a list, I could live with this system. Especially if they implement a one stop shop to manage whose lists I'm removed from.
But why would I want to live with this? Because it cuts the only leg of the spammers arguments that has been getting any mileage at all out from under them. If you create an enforceable system and say, "you can spam if you follow the rules of this system", then they can't argue that their "legitimate" spam is being blocked anymore and all antispam legislation suddenly gets a green light.
My $0.02 worth! The more you tighten your grip, Gates, the more star systems will slip through your fingers. -Princess Leia (modified)
I read thru BondedSender's terms of service. Their allowed complaint rate is 1 per 1,000,000 messages sent. Each complaint over that limit deducts $20 from the sender's bond.
As someone that does legitimate commercial mailings (opt-in, for our MMORPG, about 15,000 messages per month to current and past players), this strikes me as slightly expensive, and somewhat dangerous. Some math...
Typically I get about 10 angry letters per newsletter, so that's $200 to send each newsletter. A cost of 1.3 cents per email isn't bad, since I know that most people read what I send.
Two problems. First, most newsletters go through now. Maybe 10% get spam filtered (I should probably set up a way to track this). So reaching those additional people costs 13 cents each. That is expensive.
Second, I worry that if the system becomes well known, it would be griefed: A single player with a bone to pick would sign up under a bunch of email addresses and "complain" from each. I'm not sure how to resolve this.
So just imagine, in a year or so... Microsoft whitelists some spammers. Then Microsoft developes Outlook enhancements to block MSN-enabled spammers, for a minor upgrade cost. Then Microsoft MSN finds a way around this, for their premium spammers for an extra fee. Then there's always Microsoft, who promptly developes new Windows and Outlook work-arounds necessarily to close the viral windows enabling the premium ones... for a minor fee to the users.
But, ironically, I don't believe they do this on purpose. It's more like virus writers vs Norton Anti-Virus or a game of chess, with two entirely different sides that just coincidentally are under the same corporate umbrella.
IronPort is NOT Microsoft! IronPort is selling a service which Microsoft has purchased for the purpose of using on Microsoft's Hotmail (and MSN) mail service.
Kinetic stupidity has a new brand leader: Allen Zadr.
We've been used to it since 1976: An Open Letter to Hobbyists.
The original poster assumed that Microsoft is opening the door to spammers. What is unsaid in the article is if these e-mails were actually solicited.
I could see that legit ads (i.e. you definitely signed up to recieve them) might be tossed out with the huge amount of spam. What Microsoft *might* be doing here is saying "OK, you say you are opt-in, we'll let your stuff through, but we're gonna take a bite out of you if you are lying to us."
Unfortunately, the author of the article didn't bother to state exactly what the rules are that Microsoft is imposing. Roast the journalist, not Microsoft (at least, not yet).
The bond is held by BondedSender, i.e. IronPort, not Microsoft. According to their site "Proceeds from bond debits are not retained by IronPort Systems and are instead shared with third-party non-profit organizations."
This system could potentially hurt many small hosting companies and small businesses. Businesses that have their own mail servers, or small hosts that provide mail services for their clients are now going to have to pay more just to provide basic mail service. Telling people "sorry, you can't send to MSN accounts" is simply not acceptable. It doesn't matter if it's a bond or not, the fact is that a small host now has to pay a lot of money to provide an essential service to it's clients. IronPort could essentially charge whatever they want if they own exclusive rights with MS for this service.
This approach form Microsoft is scary as hell for small hosts/providers and I hope that it doesn't happen if there is only one whitelist that MS goes with. If there were multiple whitelists, then I'd feel much more comfortable.
Monitor bandwidth usage on IIS6 in real-time: http://www.waetech.com/services/iisbm/
This is a very misleading summary. Basically, the bonded program (which even spamassassin recongnizes and assignes according a minus "point") requires mailers to put up a bond before their emails are allowed. They still cannot send spam, however, they may only send mail to registered users. If users complain, the company has to either prove they joined or pay up.
-- Is "Sig" copyrighted by www.sig.com?
IronPort's Whitelist access is available, here.
Kinetic stupidity has a new brand leader: Allen Zadr.
Ironport's "sender" site.
IronPort's "receiver" site.
Kinetic stupidity has a new brand leader: Allen Zadr.
The SpamAssassin test USER_IN_DEF_WHITELIST checks to see if the sender is in the list of companies that are on its built-in white list. Network Solutions, internic, register.com, nytimes.com, amazon.com, mypoints, paypal, the FT, Palm, Handspring and others are all on it. They don't sell access to it, so it is not the same as what Microsoft is doing. It is similar, however, in that some companies get a free pass (well, up to -15) for any mail that they send out.
-- http://www.swcp.com/~hudson/
Okay, people, there are about two clueful people who have posted so far, and about 50 idiots who are yelling "Microsoft is taking money to allow spamming". READ THE ARTICLE. Holy shit.
For those too st00pid to read it, here's your list of clues. Microsoft gets no money, IronPort gets the money.
If you're a legitimate emailer (i.e. you email to people who have asked for email) IronPort takes the $20K up front as a bond. If you spam, you get knocked off the whitelist and they take your $20K.
It's not "pay $20K and spam all you want". It's "put up $20K to say that you won't spam".
As someone else here said, their standards are *very* high. You must have no more than 1 complaint per million emails, which is a very low number. Having run double-opt-in lists myself before, I assure you that cluefucks will complain about something that they signed up for (and confirmed) the day before.
As an ISP, let me say that this is a great program.
They are very anal
Do you have ESP?
IronPort's receiver service page.
If you are interested in the rules that bonded senders have to ablige to:
IronPort's sender standards page.
Kinetic stupidity has a new brand leader: Allen Zadr.
People here should know that putting a pricetag on something doesn't make everything kosher.
A very good point, in general. Yet as an adult I feel i have the right to enter business relationships - there is nothign wrong with selling my email processing labor. As long as the consumer retains control, I see no problem with bulk e-mail. With control of the system, I can easily raise the price of spam delivery to 50 cents or a dollar per message if the 15 cents/spam is generating too much volume.
Bulk mail without opt-in should be criminalized regardless if the envelope is paper, SMTP or whatever. Bulk mail is just another form of 'I have money, I can send propaganda to anybody, you cannot stop me, muahahaha!".
I'm not sure I want the government holding my hand and deciding what is good for everyone and what is not. I don't even see how the government can regulate spam given the international nature of it and the fact that commercial email has legitimate uses such as when my airline emails me that my flight schedule has changed or tells me of upcoming airfare sales.
To me, the greatest scheme for controlling spam would be monetary -- the spammer pays the recipient an amount that the recipient decides and the sender agrees to. Add recipient-controlled whitelists, blacklists, and rebates and the system provide zero-cost email between friends and trusted parties and consumer-regulated communications otherwise. This avoids the heavy-handed, one-size fits all approach of government regulation and pays each recipient for the resources consumed by spam as judged by the recipient. If someone hates spam so much, they can set their price at $100 per email.
The big problem with the current system is that the recipient bears a disproportinate burden of the costs. The cost to send an email is miniscule. But the cost to personally accept, read and process an e-mail is large. All I seek is a means of charging for my labor.
Two wrongs don't make a right, but three lefts do.
can i use this "whitelist" as a "blacklist" it seems a handy thing to have a list of self confessed spammers
Saying Apple is better than MS is like saying Botulism is better than rabies.
Fron the list of Directors at Ironport.com:
JACK SMITH: CO-FOUNDER AND INVENTOR, HOTMAIL CORPORATION
"...After the acquisition, Smith worked as Director of Engineering at Microsoft...then leading a team developing next generation Internet software infrastructure."
DOUGLAS C. CARLISLE: MANAGING DIRECTOR, MENLO VENTURES
Former board memeber of Hotmail.
SCOTT BANISTER: CHIEF TECHNOLOGY OFFICER
"Scott started his career as a pioneer in the email business. He was founder and VP Technology of ListBot...ListBot was acquired and became Microsoft's ListBuilderTM, part of the bCentralTM suite of business offerings..."
SCOTT WEISS: CEO
"...Scott was one of the early team members at Hotmail, the world's largest web-based email service. At Hotmail, Scott was responsible for all partnership and revenue generating business development efforts. It was this experience at Hotmail that helped Scott identify the emerging business opportunity that would later evolve into IronPort Systems. After Hotmail's acquisition by Microsoft, Scott led a business development team at Microsoft with the MSN division. "
No, they're not Microsoft. But they're dang close.
I must say I'm really disappointed in this. Ironport have generally been good guys, but their trust level just plumetted. If you read the sender standards page you'll notice that, while they are at least trying to rule out some of the worst spam, their standards explicitly do allow spam (by diluting the concept of 'consent' to the point it's unverifiable and thus meaningless.) On the other hand, it doesn't sound like they're going to try to adjudicate complaints, just charge a small fee for each one and make judgements based on the sheer number of complaints, so it will be interesting to see how that works out. If enough end-users refuse to tolerate spam, that could effectively keep it out of the whitelist, even though the 'standards' are written to allow it.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
If you know that a particular site is on the whitelist it makes sense to route your spam via that site if you can.
Honeypot, flies, attract are some words that come to mind.
Believe it or not, there ARE groups out there that advertise via email - but aren't spammers - that are arguably upset about spammers who clog inboxes.
One of them I buy stuff from infrequently - Overstock.com. I get an email from them every day, usually delete it right off, but I don't mind getting it because I did, indeed, sign up for it when I bought something from them the first time.
Ironport's service isn't just a "pay us lots of money and we'll look the other way" thing - the people in question do indeed have to stick to decent ethics about what they're selling, and to whom, and make sure it's damn easy to get off the list. So I view this as a relatively ambivalent thing.
It's not good, in the sense that spammers may manage to sneak in. But it's not bad, because the spammers will likely get zapped pretty fast, and because the idea of REAL companies putting up a bond of trust, "their money where their mouth is" so to speak with regard to a code of conduct, is a GOOD THING.
Consent
V. Participating Senders must ensure that consent with appropriate disclosure or a prior business relationship exists prior to sending Commercial or Promotional Email Messages.
Acceptable forms of consent include:
Double Opt-In: (sometimes referred to as 'Confirmed Opt-In'): The Recipient affirmatively requests to add his/her email address to a mailing list. The Recipient receives a confirmation email and the Recipient confirms his/her request by replying or visiting a provided URL.
Opt-In with Verification: The Recipient affirmatively requests to add his/her email address to a mailing list. The Recipient receives a verification email notifying him/her of the subscription and providing clear unsubscribe instructions.
Opt-In: The Recipient affirmatively requests to add his/her email address to a mailing list. Pre-Selected Option with Verification: The Recipient consents to have his/her email address added to a mailing list by leaving a clear and conspicuous pre-selected option intact. The Recipient receives a verification email notifying him/her of the subscription and providing clear unsubscribe instructions. Commercial or Promotional Email Messages sent under this form of consent must include clear and conspicuous identification that the message is an advertisement or solicitation.
Pre-Selected Option: The Recipient consents to have his/her email address added to a mailing list by leaving a clear and conspicuous pre-selected option intact. Commercial or Promotional Email Messages sent under this form of consent must include clear and conspicuous identification that the message is an advertisement or solicitation.
I struggled for days and days and all I got was this lousy sig.
Two wrongs don't make a right, but three lefts do.
You've never driven in Pittsburgh.
___
It's the end of my comment as I know it and I feel fine.
If you have a hotmail account, you already know you can't block or filter to the trash any email from "staff@hotmail.com". It just isn't allowed. Of course, if you're like me, you only have the hotmail account for registering and you know it will only ever have spam, therefore you have everything go to the junk mail folder which will empty automatically. Only pitfall is I have to access it about once a month to prove it is "active".
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
can i use this "whitelist" as a "blacklist" it seems a handy thing to have a list of self confessed spammers
header RCVD_IN_BONDEDSENDER eval:check_rbl('relay', 'sa.bondedsender.org.')
describe RCVD_IN_BONDEDSENDER Received via a whitelisted Bonded Sender address
score RCVD_IN_BONDEDSENDER +100.000
should work for SpamAssassin 2.2x/2.3x
The +100.000 should ensure they get marked as spam.
Pardon my attitude, but if you ask me, they should be the ones coming to us to see if they're ATA, Serial-ATA, FC, or Serial-SCSI compatible. We have the expertise, they just write a driver.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Seems to me like this is a step in the direction of entities eventually only accepting mail from "whitelisted" persons or groups, which will in all likelihood lead to a "fee" to be on a whitelist, thereby causing e-mail to no longer be free...
Maybe I'm being short-sighted, but this sounds fishy to me..
I hope that's really what you wanted.
Kinetic stupidity has a new brand leader: Allen Zadr.
No, someone asked if they could block a whole slew of reputable businesses and I told them how one would go about doing it. I have no intention of implementing that on my mail server.
describe RCVD_IN_BONDEDSENDER Received via a whitelisted Bonded Sender address
score RCVD_IN_BONDEDSENDER -100.000
Note that "-100.000". That says "accept this, even if it looks like spam". You might want to use, say, "-3.0" instead. Give them a little credit, but don't open the floodgates.
Watch for spam with the "RCVD_IN_BONDEDSENDER" flag in the X-Spam-Status header line. You might want to have Mozilla (I assume Slashdot readers aren't using Outlook) move such messages into a "Bonded Sender" folder. That lets you watch what they're sending.
As soon as you find a real spam passed by BondedSender, please post it to NANAE.
Microsoft really needs to do something about it's image -
Having been landed in court for antitrust violations and with their software needing updates every week, Microsoft are really looking bad, and people are really looking for an alternative.
With MacOS and Linux getting updated so much faster, the software Giant and Monopolist will need to act quick if it wants to stand any chance of making it through the to the next decade.
I opened a hotmail account once. My company decided to adopt MS Instant Messaging as a standard and I did not want to give out any real email addresses to set up the .NET Passport thingy so I createrd a new Hotmail account. I was recieving spam in the account within 24 hours.
Insert Generic Sig Here:
Spam by any other name...is still spam!
"Si hoc legere scis nimium eruditionis habes."
(If you can read this, you're overeducated.)
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
The owner of the most spammed sites on the planet is partnering with the biggest spammer arms dealer to ensure open access to your Inbox for their customers