Slashdot Mirror
Microsoft Offers Tools to Spamming ISPs
Michael writes "Computer Business Review reports that 'Internet service providers curious to know how much spam they are sending Hotmail users will be able to get detailed reports on the topic, courtesy of a service Microsoft launched in beta yesterday.' Microsoft's new Smart Network Data Services, a part of the larger MSN Portmaster initiative, allows the owners of IP blocks to view reports on the volume of email being sent from their networks to Hotmail users, and see how much of that email is being flagged as spam."
Comment removed based on user account deletion
Now if they could only tell how much spam is coming from hotmail accounts...
To understand recursion,
you must first understand recursion.
Excellent! I had no idea if my spam was getting caught by the spam filter or not. Now they are providing a great tool to measure my spam filter bypassing techniques!
Thanks Microsoft!
Fix windows and we will have less spam zombies. It's a bit late to close the barn door once the horse has bolted.
I like muppets.
-1 Troll
And shame the ISPs into sorting the problems?
Deleted
This includes spam that users themselves mark as such. Very smart idea if ISPs actually use it.
what's next? Microsoft will announce a new tool for IRS auditors to see the discrepancies in your tax return??
Internet service providers curious to know how much spam they are sending Hotmail users, please raise your hands...
ummmm.. I dont see any.. Seriously, if ISP's were THAT concerned about the amount of spam their clients are generating, I wouldnt have to worry about spam, in the first place...
with Microsoft products? oh well nothing changes
I'd like to offer spamming ISP's my tool...in a very uncomfortable place.
Nope, but their customers might want to know how effective the SPAM tactics are working.
I think you underestimate just how much I just dont care.
Sure they will... It'll help them calibrate their spam-blocking techniques. If the volume goes up (or stays the same) and the hit count drops, then they'll know that something's working especially well.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Careful Microsoft...wouldn't want to get sued (again) would you?
127.0.0.1 has been successfully added.
Please do not let scientific accuracy interfere with the intended humourous/interesting/insightful value of this comment
AOL's SCOMP system (http://postmaster.aol.com/fbl/index.html) pioneered this methodology of encouraging responsibility. It was first and remains an invaluable asset to large (and small) ISPs.
I'm really happy that hotmail has started up and followed AOL's lead in this arena.
On your own network fairly easily with some perl scripts, MRTG, Cricket, Zabbix and similar. We used popfile for classification.
Deleted
...I thought it meant "Microsoft Offers Tools to ISPs Who Are Spammers".
Taking it to another level, I guess.
I wonder if this software runs only on windows servers.
--------========+++Dont Feed The Lab Techs+++========--------
I applaud this effort by Microsoft to fix what seems to be a service which has experienced the exposition of a host of security problems since its inception by allowing for increased accountability of abusers of the Hotmail service. If I am correct, Hotmail email addresses generate the most spam on the internet, or at least have in the past. Whether this is because they have such a large user base or the security flaws aforementioned is debatable, but irrespective of this fact, accountability should be encouraged at all levels of the spamming process, from creation to transmission.
The Crimson Dragon
All of it.
Actually, it seems that almost all of my incoming mail is spam. I guess I don't know enough old people from Korea.
Are there really clueless ISPs who can't monitor their own SMTP traffic? They're paying by the bit for their outgoing volume, usually, so you'd think all of them would have a good handle on what is going out.
The ones who care already know. The ones who don't care won't be helped by a tool, because they're either explicitly making money off of it or they tolerate it so as not to scare away paying customers.
On the other hand, maybe some of them will want to know what to charge.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Just about every web-based email provider, and most ISPs, have methods by which you can flag and report messages as spam... so why doesn't AOL, Yahoo, Google, Microsoft and everyone else not already share this data ?
"will the ISP's sending most of the spam care?"
They should care. If everyone was to reduce the amount of spam they are sending, then this will in turn reduce the amount of spam they are receiving and having to filter out. Creating less total spam and making each ISP's customers happier. These reports should also help in determining the zombies that they are currently serving and allow them to contact or 'pull the plug' on these customers.
Who has a hotmail account now days? Past that as a server admin why would i care how much spam i send to microsoft, their product is what creates spam zombies...now if gmail was at stake....that might be different.
People should send Microsoft a report of how much malicious traffic comes from computers running their OS.
There are 10 kinds of people in the world - those who understand binary and those who don't
they could simply count the number of mails incoming from spamcop or such service.
ah, duh, next thing MS will patent this. What a crock.
It's just another MSN ploy to get people to signup for MS Passprt.
Wow, I better change from gmail, and get a BETTER e-mail account at hotmail.
I would get better spam protection right? lol
I thought "care" was a noun in the parent post.
Gosh, but this language is ambiguous.
You'll never outsmart a human, 'cause you know, you're a human yourself.
I suppose MS's first step is to provide warnings to ISPs about their spamming customers and zombies. The next and obvious question is, What Comes Next?
Will MS(Hotmail) begin blocking those ISP's?
Will MS send them a notice saying something like, "... after $DATE we will bill you $BIGBUX per thousand spams. By continuing to spam our customers you agree to pay."
Frankly, it sounds good to me. Let the BigGorillas set the tone and practice for spam.
I made this up. Might happen. Might not. YMMV
This sounds like a good idea, that is if ISP's care to know, however on a weekly basis maybe, 10% of my legitimate emails will be filtered into the "spam"box. 10% is a fairly large percentage, large enough to make the report almost useless.
And, the spammers are certainly interested in knowing which ISPs are the most spam-friendly.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
microsoft claims to invent wheel, tries to patent..its the same thing microsoft has always been doing..from the article it just sounds like a smtpd stats generator, but i guess since it was made(ripped off from opensource) by microsoft, and carries there mark, its special...hell, my mailserver mails me reports nightly of all activity, incoming, outgoing, spam, virus/trojan/phishing, and has been emailing reports for years, but its opensource, so its not special...
I realize that this may sound impossible to /. users, but maybe this tool could be useful to non-spammers. For example, perhaps a business that sends out newsletters to customers wishes to see how many of its customers are marking the newsletters as spam. If a lot of people mark the newsletters as spam, perhaps it is time to a) change the format of the newsletter, b) make it easier and more clear how to stop receiving the newsletters, or c) stop sending newsletters.
Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
I dont get it, Why would then do this? How is this going to make hotmail any better? the way Microsoft does things is such a baffle to me.
Spammers? probably not. But, the ISPs that are running mailing lists will. (Ie legitimate mail, not spam) I know a couple folks at my office are curious to see this, just to see how much of our mailing list traffic is getting dumped by a big provider.
(before you all start, yes, they're opt-in, and they're limited subject lists anyway, so there's no reason to spam with them.)
Have a look at the site: only the arin contact, postmaster@ or abuse@ are going to be able to get these stats. Customers, spammers (who don't own the IP space they're querying) and regular joe's are not going to be given this by MS (at least, not in this rev...we'll see what the future holds)
Haven't you ever been pissed off with someone just enough to sign them up for 10s of "limited subject" lists?
My personal favorites to send people to include sewing and knitting sites.
They are VERY eager to sign people up, and they are right, they are totally opt-in, and all recipients have filled in the online form. Its just accidental that I give their address instead of my own.
Now, what do you think the annoyed recipient will do as soon as this hits his inbox (with a decvent provider)?
liqbase
Spotting spam zombies should be easy: if a computer on your ISP is hitting port 25 all day, then it's probably a spam zombie.
You don't need feedback from Microsoft to tell you that you have zombies on your network. The question is, what are you going to do about them?
Perhaps this is Microsoft's way of saying, "We think you're spewing spam, and now you know we know it. Fix it or we'll stop accepting mail from you entirely."
Yeah, it would sure be better if Microsoft fixed its OS instead, and they're working on that, too. But it can't do anything about compromised Windows 95/98/ME boxes if they're not patching, so it's up to the ISPs to notify users that they're in violation of the terms-of-service and had better shape up.
I think that Microsoft may carry more weight than Spamhaus does with the ISPs. If Hotmail starts declining mail, users get pissed. If Hotmail cuts all connections, so that users from an entire ISP can't get on, users get rabid.
I don't know what Microsoft has in mind, if anything, but a gentle threat may just be their first salvo.
1. Create hotmail account :)
2. Send EVERYTHING to spam folder
3. Spammers try more and more creative/outlandish
means to sneak by supposed filter.
4. Spammers suffer cerebral meltdown
5. Enjoy spam-free world
That's why legitimate mailing lists send a confirmation request before adding to the list. Failing to use such confirmations is considered a blacklistable offense by many, and mailing list software makes it so easy there's no legitimate reason not to.
And the problem, as the GP post pointed out, is that folks will even mark those confirmation requests as spam...not much a legit list can do in that case, except talk to the ISP, but you have to know it's happening first.
overseas. I just throw out everything from entire IP address ranges in parts of the world where I don't know anybody.
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
The reason is that spam was filling up the lower limit mail boxes. They had to up the limit so more spam could be delivered...
Quality Hosting e3 Servers
I have a bias against mass email. Partly it's the spam problem and partly because it's a push technology. I prefer online bulletin boards to mailing lists. But I have to admit I haven't got the hang of marketing. Maybe it works for the people who send the email. Maybe that's the root of the problem.
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
for exactly your skills Email & Spam De-Filtering Expert. Email reply address if they pull the listing is careers@vendisys.com. Don't all of you reply at once. It might look too much like spamming.
A sort of "Look, we know people from your network are sending us spam, this is causing us damage. We're now informing you of the size and scale of the problem you're giving us by not sorting it.".
If it isn't sorted, six months down the line they may have a case.
Deleted
I think the creative idea team at MS needs to be fired.
I'm looking forward to the day when I can change my SPF checking from "soft" (Allow domains without SPF records) to "hard." There are still a few mail servers I get mail through that haven't gotten on the SPF bandwagon yet, though. I might just set a cutoff date for sometime next year and let the folks that go through those servers just be out of luck ("Sorry Mom and Dad, your ISP is clueless...")
My "nuclear" option, should it ever become necessary, will be a real time PostFix filter which checks incoming mail to insure that it's encrypted to my personal PGP key. All unencrypted messages will be rejected and the keys will be changed at least quarterly. I'd be rather surprised if any spam at all made it through that...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
There have been months when I got several thousand SPAM messages from hotmail and MSN mailservers.
:)
Maybe they would be interested in using their own medicine...
When I wrote them about the problem, they kindly asked me to send the _HEADERS_
Yeah sure and I was gonna collect and send the headers of 20000 e-mails a week
A certain, very small percentage of e-mail sent from my domain to hotmail is apparently getting "reported" as spam. What I find curious is that although MSN/hotmail have my abuse@my.domain and postmaster@my.domain addresses, they've never passed along an abuse complaints to my.domain.
...and the real question is...
How long will it take Microsoft to react to the fact that spam condoning ISP's are using the results to help tune the content of spam being sent?
Did anyone else read "portmaster" (as posted in the story headline) and think... oh great.. now what does microsoft think they own ?
This is even better than the things AOL is offering, except maybe the feedback loop. This is a AOL Postmaster service where you can sign up to have the messages forwarded to you when an AOL user clicks on "This is spam" button, instead of sending it to AOL Abuse.
But what MSN have done here is very, very good. I can see exactly which of our business units is doing a good job keeping their lists clean, and which ones are not. The hits on spamtraps is especially useful as a cluestick, as are the tally of Red Days. Now I can show specific projects or persons exactly how their practices are affecting the deliverability of their mailings.
This is really good stuff. I hope it gets the other major ISPs kicked into gear to provide the same data to us.
ISPs route packets for users, which is their job.
I find it amazing how the spam issue will turn people who everywhere else defend the end to end principle of internet design, along with other fundamental internet concepts such as flat-rate billing, opposition to port blocking and the rest -- to suddenly reverse themselves.
We all want to stop spam very much. Yet with spam, we're ready to shoot the packet forwarder (and even the other customers of that packet forwarder) at the drop of a packet.
Because be warned, the principles you abandon "just to get spam" are at a danger of being lost everywhere else.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I need a .NET passport to login?!
... if like AOL they E-MAILED you when you hit a large spam volume.. rather then having to have me go in there EVERY NIGHT and look.
Once again Microsoft ALMOST got something right.. but failed (again)
Grab copies of public spam blacklists, and run the IPs through grepcidr to see if any IPs from your network(s) are blacklisted. Nice that Microsoft is providing additional data, letting us know where spam comes from. With the information known by Hotmail alone (being made public) we should be able to easily locate the majority of worldwide spamming IPs.
That's simply not true. The spammers may not be clever, but there are black-hat programmers who recognize the need and write easy-to-use software for generating spam that gets around filters. Have you not seen emails from someone named, say, "Rectum G. Arboretum" that has an advertising image, and a passage from an encyclopedia at the bottom to get past your filter? That's spam software at work. And when that first came out, it was really effective.
I sure hope you meant spam instead of SPAM. This is exactly what Hormel Foods is compaining about.
For reasons known only to themselves and their therapists, many of the students on our campus forward all their official mail to Hotmail accounts. This, despite the fact that we have a very nice webmail service that has great availabiliy, will never throw away important information, etc etc.
Inevitably, these same students come whining to us that their mail 'isn't getting through', typically because they aren't capable of looking in the junk mail area and certainly aren't capable of the four mouse clicks required to ensure mail to their student email address isn't marked by hotmail as spam.
This tool should be a useful way of showing how much of our mail is actually being thrown away by Hotmail and could provide some useful evidence to preventing any more of these misguided fools sending their important email to hotmail.
Nihil Illegitemi Carborvndvm
SNDS is a very good idea and I'm glad Microsoft has put it out there. It will help ISPs to identify spammers within their own networks (i.e. zombies) and should result in a drop in the spam entering Hotmail and other Microsoft properties.
To make this service even better, Microsoft should add a web service interface so that ISPs can automatically check their records. An alternative would be to email the ISP summary reports in a standard format -- in much the same way that AOL does.
There's no point logging "From" headers (or SMTP envelope=from) from the point of view of analyzing spam. They are meaningless. The only meaningful data in an SMTP transaction are the IP of the sending server (that is only theoretically forgable) and the envelope-to (rcpt) address, that needs to point to a real mailbox if the spam is expected to arrive at one.
I have reported thousands of spam messages using spamcop.net, and haven't seen even one coming from Hotmail servers. I've seen many with forged Hotmail return addresses.
Back to the new MSN service: the reporting service they put there is completely useless. You need to analyze the headers manually to know that their servers are the source before you go to their reporting service to report spam sent from them. Almost no one on this planet is going to do that. You can use spamcop.net to report spam to any service provider and you don't need to analyze headers manually to do that. You don't evan need to know anything about the sender in advance. Just paste the complete message in (or forward as attachment) and have a report automatically generated and sent to the right place.
> Haven't you ever been pissed off with someone just enough to sign them up for 10s of "limited subject" lists?
No, but then again, I'm not an asshole.
From: headers in spam are usually fake, but From: headers in non-spam that your filter caught by mistake are real, so logging them helps you find those messages if someone wants to look. Also, From: headers can be useful for finding trends in spam, either things that appear to be the same spammer, or people using the same spamware, or various kinds of phishing (From: security@ebay.com etc.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks