Microsoft Will Sell Whitelist Services For Hotmail

Ec|ipse writes "Looks like Microsoft has found another way to make money, this time from spam. Microsoft has adopted a "whitelist" program (Bonded Sender by IronPort) which will allow marketers to pay Microsoft so that they are included on a special whitelist, guaranteeing uninteruptable delivery of their messages to Hotmail and MSN users. You can catch the full article at Excite. I especially like the nice naming for spammers, calling them 'marketers' sounds so much more legitimate." mgibbs adds "Hopefully the $20K fine that results from abuse of this system is enough to deter spammers."

It's also a list to avoid!

Get a hold of the whitelist, and you can immediately add it to your OWN spam filter! Nice of Microsoft to offer to collect all, umm, marketers in one place...

Re:It's also a list to avoid!

[Allen+Zadr]

Great Idea!

Except that IronPort, not Microsoft, is running this list. IronPort are the same people who purchased SpamCop. IronPort's business is SPAM prevention.

There are plenty of legitimate companies that don't SPAM that have IronPort bonds. Especially where these companies are sending out 'Technical Errata' or trying to run product support over E-mail.

Now you can argue that 'Technical Errata' sometimes has embedded ads (usually not), and sometimes is unsolicited (usually not) - but most people who ask for it think it's useful. If I send a company an Email asking them about how to fix thier broken product, I surely wouldn't want the reply to be stuck in a SPAM filter (this happens to me once or twice a month).

If you want to use IronPort's whitelist service, inquire at thier web site.

Re:It's also a list to avoid!

[Electrum]

IronPort's business is SPAM prevention.

Actually, they play both sides of the fence.

And then

[GarbanzoBean]

And then they will charge users extra for "adv free" service. Oh wait, I thought they were talking about phone companies.

This is a BOND, not a payment

[Richardsonke1]

Sorry to give you one less reason to hate MS, but they are taking the money as a BOND, not as payment. MS only gets the money if the spammers don't follow their rules. Probably something like "must use real return address and have a unsubscribe link that doesn't add you to more lists."

Re:This is a BOND, not a payment

[rixstep]

What difference does that make? They're still spamming. I don't care if they do have a valid return address: 'unsolicited' is still 'unsolicited'.

Re:This is a BOND, not a payment

[nodwick]

What difference does that make? They're still spamming. I don't care if they do have a valid return address: 'unsolicited' is still 'unsolicited'.

It actually could make a difference, if it makes spam economically unprofitable for spammers. Spammers make their money from the fact that they can send out a bazillion emails and survive on very tiny response rates. By increasing the cost of sending spam, in the form of seized bond funds, Microsoft can make it infeasible for spammers who post bonds to profitably send unsolicited spam. This is also the idea behind those "internet postage" and other proposed spam-defeating measures.

The beef I have with this scheme is that since it's the user that's inconvenienced by the spam, the bond money should be sent to them in the event of a violation. The fact that Microsoft is the one getting the funds is what makes it seem like a money grab.

Re:This is a BOND, not a payment

[Jaywalk]

They're still spamming.

No, they're not. It's bulk email, but it's not unsolicited. Looking into my junk mail folder -- the one that picks up the bulk email -- I see updates from ParentCenter.com, HomeDepot.com and PublicKnowledge.org. These are all organizations that I signed up for to send me regular updates, so it's not unsolicited email. But the company spam filter doesn't know that, so it sweeps them into my junk mail folder along with the Viagra and penis enlargement crap. If these companies were on a white list of companies that post a bond $20k against a promise to only send "opt-in" bulk email, the mail filter could be programmed to assume they're legitimate and I wouldn't have to keep checking to see how much legitimate mail I'm losing.

This should encourage everyone to move to Gmail!

[mike_diack]

Looks like they've just pointed a double barrelled gun at their feet. If they were trying to avoid wholesale migration away to either:
- Google's Gmail OR
- Novell's MyRealEmail....

Then this is a f***ing dozey way to do it!

FREE VA.LIUM X-A-N-A-X no P R E S C R I P T I O N

[RucasRiot]

I cert.ainl.y H-O-P-E th4t it d0es a G o o d job

why using hotmail?

[Frederic54]

I had an hotmail address years ago, back in the day before MS buy the domain... I never really used it... and I still don't know why people need an hotmail address? passport thing? you can live without it and without MSNM you know...
/. should make a poll to know who has and who hasn't an hotmail address, and in comments we would know why people who has one, well... has one.

Re:why using hotmail?

[AndroidCat]

It's handy to use for Usenet posting, a web site contact address or one-shot subscription signups. People can get in touch, and if I want to, I can shift communication over to a real mailbox. And every four years when the account gets joe-jobbed by a spammer or nut cult, I just open the next account in sequence. (I'd better update my /. journal.)

following Yahoo's footsteps

[Lumpy]

Yahoo has been doing this for a LONG time.

they have their "spam" filtering yet there are types of spam that will not go away as they have "special" spam from their "partners" that will NEVER EVER hit their filtering rules for spam.

I am betting that ALL free email sites will do this within this year.

In Denmark it is illegal to send spam!

[Saggi]

In Denmark the marketing rules forbid people to send uninvited marketing material. Unless you specifically accept to receive it - it will be illegal (and punishable by court) to send it. This law is not only to electronic e-mails but goes to all kinds of marketing. You are not allowed to call by phone to someone in order to sell them something (unless the user has registered his phone number somewhere and accepted to receive a phone call).

So unless you check the checkbox somewhere in your hotmail registration, you will be able to sue MS - in Denmark at least...

If only they would share the proceeds

[G4from128k]

I'd accept all the spam in the world if they paid me 15 cents per message. That would make spam much cheaper than bulk mail and would weed out marketers who aren't serious.

If a company is going to sell my resources (time spent downloading/reading/procesing email) they had better share the revenues with me.

Re:If only they would share the proceeds

[mikeboone]

I handle bulk emailings to people who signed up at my client's website. They are a legitimate business and unsubscribe those who reply or use the web form. But you invariably get spam bounces and other errors (here are some numbers).

I was amused to find in the bounce mailbox one day an auto-reply from a person who offered to read our message if we'd deposit $5 into his account via Paypal. I don't remember the website, but I wonder if anyone has ever paid $5 to have their email delivered.

Some real companies might be willing to pay $0.05 to $0.15 if it really meant their message was being read. Our small business probably couldn't afford it though. And I'd hate to see the whole email system become pay-per-view.

personal experience

[astanley218]

My company was informed of this bonded sender program by MSN/Hotmail support 2 months ago. At the time they claimed the Bonded Sender program was a third-party service with no affiliation to MSN/Hotmail or Microsoft. At the same time, they also claimed that even if you DO subscribe to the bonded sender program MSN/Hotmail will give no guarantee that your emails will be delivered!

Do any journalists know how to use english?

[hiroko]

mixed metaphors...
allow legitimate marketers to thread the gauntlet of spam filters

• run the gauntlet
• thread the needle

choose one.
D.

Good luck getting bonded... I tried!

I am an engineer in charge of a large email system. We send millions of emails per week to our members. I have contacts in the top 10 ISP's and we're on no RBL's of consequence (the big 10 RBL's are clean, we are not concerned about the RBL run by sn0rky in his dorm room). Rarely do we have a delivery problem, however we did decide to get Bonded since it looks like a good program for responsible mailers.

The BondedSender process looked us over and saw that we had, *gasp*, 50 complaints with a volume of 20 million messages sent. One complaint per million is their threshold for acceptance into the program! This is unreasonable. People complain about messages from their own damn family in my experience. The geeks here wont understand because they are literate of the issues surrounding the politics of email... but your average citizen is going to flip out and start whacking the "report as spam" button for anything they don't want to receive: their buddy sending them a dirty joke they don't want, an alert from their bank about their account being low, mailings from their girlfriend breaking up with them, etc.

This is absolutely true. I've heard the horror stories from my contacts at the aforementioned top 10 ISP's. The number of complaints they get about private emailings to and from their own contact lists rivals the number of messages that are actually spam.

I have an associate that works at large-bank-corp and they get about 1 per 10,000 complaints for their goddamn credit card statements!

BondedSender will be short lived unless they relax their restrictions. Any spammer sending pr0n and v|agra mailings is going to not be interested in this deal simply because of the costs and hassle of getting bonded. It's cheaper for Ma Bulker to just switch ISP's every two weeks or scam open relays.

Anyway... that's my say... Good luck if you try getting Bonded.

But that makes Usenet less useful

[mccalli]

I've never really had a problem from spam.I've never given my email address out on usenet...It just seems to me that if people looked after their email address...they would reap the benefit of a spam-free inbox sooner rather than later

However, that makes my email address less useful, and Usenet a less useful resource.

I've never disguised my email address on Usenet or anywhere else (with the exception of some of the more pointless web site registrations). There have been plenty of times I've gone back to ancient archives digging for answers, come across someone who solved almost what I'm trying to do, and sent them an email asking if they'd mind helping me. And the converse has happened too - many people I don't know have emailed me over the years after coming across old posts, and I've helped out where possible.

I'm pretty defiant over this one. I refuse let low-life scum dictate how I can use my address. I am not going to jump through hoops at their behest - my email address is a contact point, and people should be able to use it to contact me.

Cheers,
Ian

MS isn't sellling anything, they are buying

[wayne]

A classic screwed up slashdot submission.

MicroSoft isn't selling anything, they are using the services of another company, namely bondedsender.com.

Who are bondedsender? They are part of ironport systems, who also own spamcop.net. Spam reported to spamcop.net automatically gets reported to bondedsender.com and the spammer gets whacked.

This is really good news because spamcop.net/ironport were recently sued by the spammer snotty scott richter. This means that ironport will have more income to not only fight the spam lawsuit but fight spam in general.

May be a good, realistic approach

[RhettLivingston]

Anyone thinking there is a greed motive for this is wrong. There is no way that Microsoft would trade this much bad press for the paltry amounts of money that this could generate. So, here's what I think is happening.

Microsoft has been pursuing various antispam paths, but the ultimate one, enforceable legislation to stop it, has encountered some resistance unless the legislation's effects are limited in some way. I think they are trying to counter some of this resistance.

There are occassions that I get "spam" from software companies (whose products I've used in the past) advertising new products. I don't mind that kind of spam, yet I almost always find them in my spam box because I use a pure white list approach and forgot to put the company on my white list.

The kind of spam that really drives me nuts and causes me to switch addresses is the spam that's looking for that one sucker in a million, the viagra spam, the refinancing spam, and the pornographic spam.

If the guidelines a) ban the improper spam while allowing contacts from other companies and b) strongly enforce requests to remove my email from a list, I could live with this system. Especially if they implement a one stop shop to manage whose lists I'm removed from.

But why would I want to live with this? Because it cuts the only leg of the spammers arguments that has been getting any mileage at all out from under them. If you create an enforceable system and say, "you can spam if you follow the rules of this system", then they can't argue that their "legitimate" spam is being blocked anymore and all antispam legislation suddenly gets a green light.

Re:This is a BOND, to IRONPORT

[Allen+Zadr]

The bond is to IronPort and is relinquished to IronPort.

IronPort is NOT Microsoft! IronPort is selling a service which Microsoft has purchased for the purpose of using on Microsoft's Hotmail (and MSN) mail service.

Re:Nice One

[1u3hr]

Bill is a business man, get used to it !

We've been used to it since 1976: An Open Letter to Hobbyists.

The article is unclear

[Croaker]

The original poster assumed that Microsoft is opening the door to spammers. What is unsaid in the article is if these e-mails were actually solicited.

I could see that legit ads (i.e. you definitely signed up to recieve them) might be tossed out with the huge amount of spam. What Microsoft *might* be doing here is saying "OK, you say you are opt-in, we'll let your stuff through, but we're gonna take a bite out of you if you are lying to us."

Unfortunately, the author of the article didn't bother to state exactly what the rules are that Microsoft is imposing. Roast the journalist, not Microsoft (at least, not yet).

Not how it works

[mikeage]

This is a very misleading summary. Basically, the bonded program (which even spamassassin recongnizes and assignes according a minus "point") requires mailers to put up a bond before their emails are allowed. They still cannot send spam, however, they may only send mail to registered users. If users complain, the company has to either prove they joined or pay up.

READ THE FUCKING ARTICLE

[Trailer+Trash]

Okay, people, there are about two clueful people who have posted so far, and about 50 idiots who are yelling "Microsoft is taking money to allow spamming". READ THE ARTICLE. Holy shit.

For those too st00pid to read it, here's your list of clues. Microsoft gets no money, IronPort gets the money.

If you're a legitimate emailer (i.e. you email to people who have asked for email) IronPort takes the $20K up front as a bond. If you spam, you get knocked off the whitelist and they take your $20K.

It's not "pay $20K and spam all you want". It's "put up $20K to say that you won't spam".

As someone else here said, their standards are *very* high. You must have no more than 1 complaint per million emails, which is a very low number. Having run double-opt-in lists myself before, I assure you that cluefucks will complain about something that they signed up for (and confirmed) the day before.

As an ISP, let me say that this is a great program.

They are very anal

Re:It all makes perfect sense now.

[TheLinuxSRC]

Actually, you don't get anything. The bond is posted by the marketer and is put in escrow. Everytime an infraction is reported you (as the marketer) are fined a relatively insignificant amount against the bond in escrow. This way, should the marketer send out a million emails and get 10 complaints, the "fine" is insignificant. If a marketer sends out a million emails and gets a hundred thousand complaints, their bond is consumed by the multitude of tiny fines and they are no longer bonded.

This isn't as bad as the 'Article' says, but...

[Arker]

I must say I'm really disappointed in this. Ironport have generally been good guys, but their trust level just plumetted. If you read the sender standards page you'll notice that, while they are at least trying to rule out some of the worst spam, their standards explicitly do allow spam (by diluting the concept of 'consent' to the point it's unverifiable and thus meaningless.) On the other hand, it doesn't sound like they're going to try to adjudicate complaints, just charge a small fee for each one and make judgements based on the sheer number of complaints, so it will be interesting to see how that works out. If enough end-users refuse to tolerate spam, that could effectively keep it out of the whitelist, even though the 'standards' are written to allow it.

It was already impossible to block their SPAM

[Ra5pu7in]

If you have a hotmail account, you already know you can't block or filter to the trash any email from "staff@hotmail.com". It just isn't allowed. Of course, if you're like me, you only have the hotmail account for registering and you know it will only ever have spam, therefore you have everything go to the junk mail folder which will empty automatically. Only pitfall is I have to access it about once a month to prove it is "active".

Re:It all makes perfect sense now.

[Christopher_G_Lewis]

Actually, (after quite a bit of searching, mind you) according to this Fees the fine, while small, would not be insignificant.

They're talking $20 per complaint, after your "free" complaints per month. Which, for the "low" volumne bulk sender( less than 1,000,000 per month), is 1 complaint per month.

So, for the above example, 10 complains - 1 free complaint * $20 is $180. The sign up costs are $375 Application, $500 license, $500 bond.

So after your first month, you've spent $875, bonded $500, e-mailed 500,000 messages, and lost $180.

And somewhere else, I thought read that if your bond drops below half, you have to replace it. So they've effectively created a charge system for spam.

This would be quite nice if they donated some of the bond money to, say, the SpamAssassin Development Team, or maybe SourceForge.

The hole Ironport wants you to install

[Animats]

IronPort wants you to install a hole to let their stuff through. For SpamAssassin, for example, they want you to put in

• header RCVD_IN_BONDEDSENDER eval:check_rbl('relay', 'sa.bondedsender.org.')
  describe RCVD_IN_BONDEDSENDER Received via a whitelisted Bonded Sender address
  score RCVD_IN_BONDEDSENDER -100.000

Note that "-100.000". That says "accept this, even if it looks like spam". You might want to use, say, "-3.0" instead. Give them a little credit, but don't open the floodgates.

Watch for spam with the "RCVD_IN_BONDEDSENDER" flag in the X-Spam-Status header line. You might want to have Mozilla (I assume Slashdot readers aren't using Outlook) move such messages into a "Bonded Sender" folder. That lets you watch what they're sending.

As soon as you find a real spam passed by BondedSender, please post it to NANAE.