Slashdot Mirror
Hotmail To Junk Non-Sender-ID Mail
William Robinson writes "If your e-mail does not have a Sender ID, Microsoft wants to junk your message. Somewhere after November, MSN and Hotmail will consider it as spam. Sender ID is a specification for verifying the authenticity of e-mail by ensuring the validity of the server from which the e-mail came. Some experts feel that 'Sender ID' is not an accepted standard and has many shortcomings. Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard."
This means that I will stop using Hotmail -- go figure!
Zhrodague.net - I do projects and stuff too.
This is a trial baloon. If some other big ISPs decide to go along with this, I can see it happening. If nobody else goes along with it, they won't enforce it. No need to panic here.
The problem is, that the experts think, that the patents which MS owns endanger Free implementations of the "standart".
Not one to get caught up in Microsoft bashing, I salute the company. It may not make the best decisions, but it is making decisions. At some point something is going o have to happen to stem the tide of crap floating round the internet. This may not be the best secision, but maybe it will inspire other people to start making decisions. Once again Microsoft has proven itself to be a market leader, even if in bad ideas.
Every time RBLs are discussed here, there are a great many comments (quite a lot at +5) to the effect of "they're my mail servers, I can drop any mail I want to" from those defending their use of the various RBLs.
How is this any different?
It's official. Most of you are morons.
Hotmail has been on a steady decline every since Microsoft bought it. Just compare it to gmail or yahoo (which you CAN use with almost ANY useragent, even ones that don't support javascript). Most other webmail providers are now more rhobust, with a cleaner interface.
Not to mention you don't have to worry about them trashing your Non-Sender-ID emails.
"Is this just useless, or is it expensive as well?"
Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard.
...And some (like me) feel that anything from
Hotmail most likely counts as spam anyway, and
have the entire domain in my filter list.
So Hotmail can't get mail from me anymore. Boo-frickin'-hoo. What next, AOL doing the same? Then perhaps Yahoo?
Sorry, but until a major provider that matters picks an anti-spam tech, they will accomplish nothing more than effectively depriving their customers from using email.
MSN Messenger is the crazy glue that holds together the consumer with the hotmail account. I gave all of my friends gmail accounts which are far superior going by interface alone (and they agree with this). However because they use MSN Messenger they almost always prefer to check their hotmail accounts. What Google needs to do to successfully compete with MSN is to release their own messenger program that's tied in with GMail, only then will it be easier to switch your friends over to another free email service.
Some experts feel that 'Sender ID' is not an accepted standard and has many shortcomings. Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard.
Let me guess, the story submitter is a Wikipedian? Let's try to avoid weasel terms. Unlike Wikipedia, Slashdot has no neutrality obligation, but if you want to attack something then be clear about it. Don't be redundant either; if a web standard is not accepted by the W3C (the only real web standards authority), then it is not a standard. Let me show you:
Opponents believe the non-standard 'Sender ID' is flawed, and that Microsoft is trying to force the industry to adopting an incomplete protocol.
See? It's shorter, unequivocal while maintaining all previous meaning. Weasel words do not sanitize an opinion in any way.
-- User:Xmnemonic
Microsoft has been using this kind of "embrace and extend" or pure "we implement and damned what everyone says" with their OS for so long, that they have forgotten how to do anything else. They're going to have quite a wakeup call when they try this in a market where they're far from being the main dominant force.
---- Take the Space Quiz!
it will only be a matter of time until the spammers figure out a way to get around this
A way around what, exactly?
Sender-id is *not* an anti-spam measure. It will do absolutely nothing (as in _NOTHING_ ) to stop spam.
All it does is say "this email comes from a server that the owner of the domain says is OK."
How, exactly, does that stop a spammer from sending spam?
Well that cinches it... now I can block Hotmail permanently, since they are refusing to deliver mail from my legitimate MX.
There are lots of alternatives to using Hotmail... Gmail, Yahoo mail, and others. Use them instead.
99% of the mail coming from Hotmail is spam anyway, so this gives me more reason to stop the spam coming from Hotmail to my users. I'm protecting my users by blocking Hotmail.
I for one am tired of Microsoft claiming to embrace standards by strangling off the air from the lungs of the real standards bodies. When Sender-ID is a widespread industry standard (i.e. in every MTA without patching), THEN I'll begin working with Microsoft to stop spam.
I will not be strong-armed by Microsoft, ever, especially where it affects MY server and MY users and MY mail. Period.
Until their OS stops being a malware replication engine, their services stop harboring spammers by the millions, and their patches actually FIX problems instead of CAUSING them, they can go pound sand.
Heh... I use a GMail account for normal use, and have a Hotmail account for use with Hotmail users. (it appears that Hotmail automatically blocks GMail e-mails)
I tell the person in the first e-mail (from the Hotmail account) to make my GMail address a contact - therefore whitelisting it. I also usually send a GMail invite their way once they whitelist me.
Get them a VPN, get them a corporate email account and some way (webmail, RPC over HTTP, etc) to send email, etc. Sorry but relying on known broken mechanisms for your business isn't my problem. Sure I believe Sender-ID is dead, but the idea that they embraced and extended (SPF) is not. Many ISP's already either block messages or give them extremely high spam scores based on the lack of an SPF record, this isn't that new. SPF is about raising the bar for spammers, and hopefully we can eventually figure out which registrars are helping the spammers setup throw away domains and either pull their ability to create new domains, or find some other way to get them to stop support the scum.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I hope microsofts new steps towards curbing spam will end the millions of messages from hotmail accounts that end up in my mailbox...
- Applicants can't recieve email (e.g. an offer letter or response to resume submission
- Customers send feedback and support requests, but cannot recieve responses
- Newsletters stop being recieved
- Receipts of purchase stop being recieved
- Warnings about termination of service stops being recieved
On the plus side, I'm hoping that they will accept SPF-Classic, and that my ISP will list one, finally. I'm tired of getting mail bounced because my SPF inclusion of my ISP isn't honored (due to their lack of SPF listing).Dunno. My problem with Sendmail was that I only had to install it every couple of years, so I'd forget how to configure it and have to go through the Bat book again. The fourth time I lost it and decided that it would be faster to write my own email server. So I took a week off and did:
http://freshmeat.net/projects/cmg/
It certainly doesn't do everything Sendmail does, but it does everything I and my companies need it to, and I never have to wade through hundreds of configuration options for things I don't even understand, let alone need from a mail server.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Or get someone to write a plugin for gaim or trillian that will give them a "You've got mail" when mail arrives in their gmail box. We don't need another IM program.
It's an incomplete standard covered by a patent awarded to Microsoft who is only providing it under non-OSI compatible terms (it's non-transferrable, so each party needs to get a license directly from Microsoft). This is Microsoft trying to bully everyone else into adopting their patented standard. However, I believe they have overestimated their strength in this matter.
I used up all my sick days, so I'm calling in dead.
Bullshit! Many domains have published SPF records that deal with MAIL FROM, you can't apply those policies to arbitrary mail headers (PRA). Microsoft would be abusing the published policy of hundreds of thousands of domains (including several of mine) by doing PRA checks on SPFv1 records.
Your link is barely more than a long rant.
The examples given apply to 1% of internet mail users.
Most of the examples are such extreme exceptions to the norm that I would have no qualms with blocking them alltogether.
I understand what SMTP was designed to be, but that was what the internet needed 20 years ago. What we need now has changed. SMTP can still work, just not entirely as it was designed; and SPF is a step in the right direction.
How can you say SPF fixes nothing? Numerous examples have been given of how SFP can help alot. Phisher are one good example. Many of the virii that went around last summer would have been stoped by SPF and were on the networks I admin (those virii that use from admin@yourdomain.com, "run this program please")
SPF Records and Filters need to be configured correctly to be effective. But critisizing SPF because it breaks antiquated "features" of SMTP is no excuse to totally reject it.
FreeBSD: The Power to Serve!
Does nothing for me and you? Speak for yourself, I know that it would be great to not have to explain to grandma that the newest email from paypal.com isn't from paypal.com and if she follows any links therein she will be giving away access to her checking account.
--
WHO ATE MY BREAKFAST PANTS?
I wouldn't use gmail anyways, and I won't send emails to a gmail account.
No, no privacy concerns. That's all FUD.
I mean, they scan all your personal email to build and keep a profile on you, but that's not a privacy concern.
And they keep duplicate copies of all your email forever, even if you try to delete it from the server, but that's not a privacy concern.
And they make it all searchable by any government agency that might want a peek, but that's no concern.
And then, aside from privacy concerns, there's the fact that they will be manipulating you with targeted advertising every single time you use their service to communicate. I don't know about you, but I stopped watching TV because I hate advertising, and stopped listening to the radio because I hate advertising, and don't visit websites whose advertisements I can't block. Why would I want to sign up for gmail? It's like having a telephone where every time you get a call, a telemarketer who's been tracking your conversations whispers in your ear telling you what you should buy. Would you buy a phone like that?
Me neither. Hotmail might be bad. But GMail is WORSE.
-1 Uncomfortable Truth
When it really comes down to it there probably isn't a "got to have" feature of any webmail except recieving and displaying text messages. I tried out various php based webmail systems on my home server and they all were functional. You could log in and read and send mail. Some, however, were easier to use, provided more options, etc.
Gmail offers quite a bit that is worthwhile compared to Yahoo's free webmail. Threaded conversations, POP access, powerful filters that include forwarding to other addresses, simpler and more responsive interface.
Some of those options are available from Yahoo if you pay for it but that is an irrelevant comparison.
The point is, as with so many of Google's offerings, what you have may be good enough but they've improved upon it greatly. Whether it is important enough to you to invest the work to switch is your business but it isn't just another "peice of marketing".
Look, who cares if SPF breaks things. The things it breaks arn't really that important, and the internet email system is so clogged with spam it's worthless anyway.
autopr0n is like, down and stuff.
What administration costs? It took about about 10 minutes for me to create and install a SPF record for my site.
As for supporting it on the other side, future releases of mail software will do so the next time I would have upgraded anyway.
I'm all for it. You would not believe the number of phishing emails, purporting to be from my site, that say, "Your account information is enclosed. Please open and read."
It may break some forwarding, but I'd rather END phishing and trojans. Besides, we're not supposed to be open relaying anyway...
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
While I agree with everything you said (except that you imply that Sender-ID might actually work, when it doesn't) it's important to distinguish between SPF and Sender-ID.
SPFv1 is an anti-forgery system that works. It does not claim do anything whatsoever to stop spam . But, preventing forgery is necessary before you CAN do anything to stop spam (think about it).
SenderID, AKA SPFv2(pra) is an attempt by Microsoft to seize control over an open standard (SPFv1) so that they can control who gets to send email and who doesn't. They claim it prevents forgery (but it doesn't) and that it does not break some forms of forwarding the way SPF does (they lie) and that it is open (actually, they've submarine-patented parts of it) and that it is an anti-spam measure (which it wouldn't be even if it worked).
Once someone really understands these two facts, all becomes clear. The 800-pound gorilla is beating its chest and waving its tiny pecker around, hoping you will be either be afraid enough to adopt MS-controlled SenderID, or outraged enough to not adopt open, useful SPFv1.
For more information you might want to read some SPF-discuss list threads.
It's not exactly difficult to add an SPF record for your mailserver
Unless your primary e-mail account is with a provider that offers POP3 and IMAP but not SMTP (e.g. spamcop.net), and you must forge your own address through your ISP's outgoing server. Or unless your primary e-mail account is with your ISP and your ISP hasn't implemented SPF. How should one handle that situation?