Slashdot Mirror
Hotmail To Junk Non-Sender-ID Mail
William Robinson writes "If your e-mail does not have a Sender ID, Microsoft wants to junk your message. Somewhere after November, MSN and Hotmail will consider it as spam. Sender ID is a specification for verifying the authenticity of e-mail by ensuring the validity of the server from which the e-mail came. Some experts feel that 'Sender ID' is not an accepted standard and has many shortcomings. Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard."
This is a trial baloon. If some other big ISPs decide to go along with this, I can see it happening. If nobody else goes along with it, they won't enforce it. No need to panic here.
Not using hotmail is one thing, but it looks like you might not be able to continue sending e-mail to those with hotmail accounts and don't share your view.
I don't practice what I preach because I'm not the kind of person that I'm preaching to.
Every time RBLs are discussed here, there are a great many comments (quite a lot at +5) to the effect of "they're my mail servers, I can drop any mail I want to" from those defending their use of the various RBLs.
How is this any different?
It's official. Most of you are morons.
Hotmail has been on a steady decline every since Microsoft bought it. Just compare it to gmail or yahoo (which you CAN use with almost ANY useragent, even ones that don't support javascript). Most other webmail providers are now more rhobust, with a cleaner interface.
Not to mention you don't have to worry about them trashing your Non-Sender-ID emails.
"Is this just useless, or is it expensive as well?"
MSN Messenger is the crazy glue that holds together the consumer with the hotmail account. I gave all of my friends gmail accounts which are far superior going by interface alone (and they agree with this). However because they use MSN Messenger they almost always prefer to check their hotmail accounts. What Google needs to do to successfully compete with MSN is to release their own messenger program that's tied in with GMail, only then will it be easier to switch your friends over to another free email service.
Some experts feel that 'Sender ID' is not an accepted standard and has many shortcomings. Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard.
Let me guess, the story submitter is a Wikipedian? Let's try to avoid weasel terms. Unlike Wikipedia, Slashdot has no neutrality obligation, but if you want to attack something then be clear about it. Don't be redundant either; if a web standard is not accepted by the W3C (the only real web standards authority), then it is not a standard. Let me show you:
Opponents believe the non-standard 'Sender ID' is flawed, and that Microsoft is trying to force the industry to adopting an incomplete protocol.
See? It's shorter, unequivocal while maintaining all previous meaning. Weasel words do not sanitize an opinion in any way.
-- User:Xmnemonic
Heh... I use a GMail account for normal use, and have a Hotmail account for use with Hotmail users. (it appears that Hotmail automatically blocks GMail e-mails)
I tell the person in the first e-mail (from the Hotmail account) to make my GMail address a contact - therefore whitelisting it. I also usually send a GMail invite their way once they whitelist me.
This is one of those utterly stupid "anti-spam" systems that just creates hastle for legitimate users while failing to take into account the actual effect it'll have on spam. It's moronic, the people proposing it are morons, and anyone blindly supporting it hasn't paid it more than a few seconds of thought.
Want to know why we have so much spam? Why it grows every year? Because the bulk of the "anti-spammers" are too myopic in their hatred of a minor technical problem to encourage and adopt solutions that'll work. Hence the ever increasing attempts to build increasingly ineffectual blacklists and whitelists. Meanwhile, the spammers simply increase the amount of stuff they send, knowing that if only 1% of their messages will get through, they have to send 100x as many messages. The entire thing has become nothing more than a game between anti-spammers creating little intellectual challenges and spammers solving them.
What is Sender-ID? A lemon. It solves the wrong issue. I want to be able to say "Have I given this entity permission to email me?" It says "Well, can't tell you that, but I'll tell you what, this is coming from an entity unwise enough to not protect their domain name with a list of 'legitimate' SMTP servers. So I'll junk it, because I think that's bad practice."
They're breaking email, and they don't care. As long as they can pretend it's the spammers that are at fault, like some thug that breaks all the windows of all the buildings owned by a particular landlord because one of the landlord's tenants in one particular building plays his music loudly at 3 in the morning, they can justify their actions to themselves in a fit of self-righteousness. Fuck 'em, and the horse they rode in on.
You are not alone. This is not normal. None of this is normal.
It's an incomplete standard covered by a patent awarded to Microsoft who is only providing it under non-OSI compatible terms (it's non-transferrable, so each party needs to get a license directly from Microsoft). This is Microsoft trying to bully everyone else into adopting their patented standard. However, I believe they have overestimated their strength in this matter.
I used up all my sick days, so I'm calling in dead.
It will stop SPAM that is from a forged sender
Bullshit. It will do no such thing.
Most spam comes from trojaned machines (zombie networks), and there is *NOTHING* that will stop the trojan authors from simply having the zombie do a whois lookup and setting the return address to something that will bypass sender checks (even if it means sending through an upstream mail server.)
Result? The From: address will still be forged, legitimate forwarded email is stopped, nobody wins.
Look over your SPAM headers, and you'll see, most of the return-addresses do not match the machine that relayed the message.
Which will *WILL NOT CHANGE*, even with SPF.
And as someone else said, there is *nothing* to stop a spammer from spending $10 to register a domain, spamming for a week or two using Sender ID/SPF legitimately, then abandoning the domain if it gets blacklisted.
If you think this is an anti-spam measure, then you really don't have a clue as to how email operates, or how spammers operate, or both.
While I agree with everything you said (except that you imply that Sender-ID might actually work, when it doesn't) it's important to distinguish between SPF and Sender-ID.
SPFv1 is an anti-forgery system that works. It does not claim do anything whatsoever to stop spam . But, preventing forgery is necessary before you CAN do anything to stop spam (think about it).
SenderID, AKA SPFv2(pra) is an attempt by Microsoft to seize control over an open standard (SPFv1) so that they can control who gets to send email and who doesn't. They claim it prevents forgery (but it doesn't) and that it does not break some forms of forwarding the way SPF does (they lie) and that it is open (actually, they've submarine-patented parts of it) and that it is an anti-spam measure (which it wouldn't be even if it worked).
Once someone really understands these two facts, all becomes clear. The 800-pound gorilla is beating its chest and waving its tiny pecker around, hoping you will be either be afraid enough to adopt MS-controlled SenderID, or outraged enough to not adopt open, useful SPFv1.
For more information you might want to read some SPF-discuss list threads.
Not true. A lot of spam is now sent via thousands of zombies which would be nearly impossible to encompass in an SPF record.
It is true that SPF will not stop spam on its own. As part of the whole puzzle, SPF is best used along with a reputation system if you want to stop spam.
There are some problems for legitimate senders and are confined to situations where there is unknown or uncontrollable forwarding going on. There are ways around these problems too (SRS et al...)
Another problem is that M$ is trying to co-op SPF with this "Sender-ID" which is NOT the same thing!
--