Slashdot Mirror
Hotmail To Junk Non-Sender-ID Mail
William Robinson writes "If your e-mail does not have a Sender ID, Microsoft wants to junk your message. Somewhere after November, MSN and Hotmail will consider it as spam. Sender ID is a specification for verifying the authenticity of e-mail by ensuring the validity of the server from which the e-mail came. Some experts feel that 'Sender ID' is not an accepted standard and has many shortcomings. Some also feel that Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard."
...richie - It is a good day to code.
"We think Microsoft is trying to strong-arm the industry into the adoption of an incomplete and not accepted standard".
Gee, when's the last time this happened?
Personally, it will only be a matter of time until the spammers figure out a way to get around this. End result: a serious pain for everyone that accomplishes nothing.
Despite the fact that Hotmail will only be using SPF v2 records to do the filtering, it seems that Hotmail themselves haven't bothered yet to publish one: http://www.dnsstuff.com/tools/lookup.ch?type=TXT&n ame=hotmail.com
I don't know ANYONE who uses hotmail for more than a throwaway address. So let them have their little party. Who cares?
Tom
Someday, I'll have a real sig.
I've had my fun with e-mail spoofing, but now that e-mail is everywhere and used by almost everyone it's probably close to "time" for mechanisms and protocols that make e-mail more trustworthy and difficult to spoof (of course there are always going to be exceptions). But Microsoft contributes little by doing their own end run on the industry.
From the article:
This opens up a huge can of worms... I don't quite get why Microsoft doesn't learn from past mistake^H^H^H^H^H^H^Hefforts. The unwashed masses (read, typical computer users) already deal daily with mind numbing quirky computer behavior (or lack of). For example (and I know I'm beating a dead horse (checkmate!)), Microsoft's morphing menus with chevrons, Microsoft's dumping of random files in random directories to mold their vision of a magical world (how many have been burned by the unexpected "thumbs.db" file in their picture folders?), and bizarro network settings (ever wonder why seemingly every computer in a home network gets configured with bridging?) -- these are just a few examples of things that confuse and irritate typical users, but the ripple effect is into the "support" community (that's us).
Rolling out this semi-baked quasi-standard e-mail device could wreak havoc with the e-mail users. I'm hoping whatever they do it's configured by default to not reject non-ID'ed e-mails. Regardless, unless and until there's a stronger and more mature standard, this one's trouble.
I wonder if G-Mail will be out of Beta by then? That could be an interesting opertunity for Google.
Anyway, G-Mail is already so superior to Hotmail, in both the interface and spam blocking, I can't imagine why people still use Hotmail.
1. Microsoft (virri vulnerabilities) causes SPAM. Slashdot outraged.
2. Microsoft fights SPAM. Slashdot equally outraged.
Conclusion: Microsoft is always evil no matter what they do.
I bet that if it was a story about Gmail then it would be a great idea, becasue Google never does evil.
Karma: Positive (probably because of superiour intellect)
Frankly, Sender-ID is a dead duck for many reasons but the biggest is simply that many legitimate emails come from random IPs while plenty of spam comes from infected "authorised" machines.
This is just another, on a thirty-year-long run, example of the fact that when it comes to IT, MS is clueless. Business methods and the law are their fortes.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
You still have a trusted list that will redirect straight to the inbox. This will be the same as I have mine set up now because only people on my list make it to the inbox and the rest is in the junk folder. This is actually a good thing for sites like geneology.com that harvests your family tree and sends email from relatives with the same name (lame). The simple fact is, something has to be done about spam and just because Microsoft has its name attached to it doesn't make it a bad thing. No spam == good.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
Not even as long ago as when MS bought Hotmail - Hotmail has gone down in the last few months - buggy switching between accounts (at least on Firefox anyway - although it could possibly be a GAIM or Trillian problem from the places I've noticed the bug), changing the method of navigating between mails to javascript instead of a simple href (so you can't for example just middle-click on each email to open a tab with it in, at least by default in Firefox - maybe an extension can fix this), more timeouts on pages and pages not loading fully etc.
Hotmail wasn't too bad (main problem I'd say previously was spam and spam filters (many false positives)), but now it's got terrible and if I didn't know better I'd say MS was trying to kill it off.
Luckily I now use my GMail account for anything relatively important - I pretty much just keep my hotmail account around for MSN Messenger and places I may have forgottern to switch the email address over to.
Linux Wireless Hardware in the UK
My mail server stopped accepting mail from hotmail over 2 years ago.
a lot of people use MSN... as much as I don't like it, I have to use it to keep in touch with most of my non-tech-savvy friends, who won't use any other IM...
And to use MSN you need a hotmail account.
Google still has a lot of public awareness ground to cover IMO... when I give out my gmail address, some people ask me "so you work for the government?"
I've been using GMail for over a year now and Not one message has been wrongfully marked spam, and the only spam that slipped through was anit-microsoft spam (curious no?).
Complacent? Don't talk such rubbish. Gmail doesn't offer me anything worthwhile, so I stick with Yahoo.
;)
I've had the same Yahoo address since about 1998. It's followed me from ISP to ISP, and country to country. I got sick of constantly changing my email address, be it personal, work or academic, which was my main reason for sticking with Yahoo. On top of that, they forward all email to my personal domain account, and tag spam in the process. I only use the web interface when I'm on the road, although I could set up a web interface on my own mail server. They also provide 2GB of disk space, which I doubt I'll ever need.
So tell me again, what is the "got to have" feature of Gmail? I certainly don't think I'm being complacent. Maybe you're just gullible and will jump at every piece of marketing foisted in your direction
As I understand it, you're wrong:
> You still have a trusted list that will redirect straight to the inbox.
According to the SenderID docs from Microsoft, your "trusted list" will NEVER BE CONSULTED -- the INBOUND SMTP SERVER will reject the message if there is no SPF record published, or if the originating mail server is not in the SPF record.
Ergo your filters never run - the message is never delivered to them because it is assumed that the message is spam.
Someone correct me if I'm wrong.
/~mikeg
"Anyone who makes statements like this truely doesn't understand the purpose of SPF." Did I say spf was designed to stop spam? uhh, nope. SPF breaks things, and fixes nothing. A primer on some broken things; http://homepages.tesco.net/~J.deBoynePollard/FGA/s mtp-spf-is-harmful.html
As to me not understanding, that's an assumption on your part.
I spent a lot of time in the marid working group.
I thought this was a very interesting concept.
I paid attention, I participated.
I, as in *I* decided, that for my users, it held
no value.
I am certainly not at all alone in this point of view.
Because ICQ is a crufty old monster. Most of the people I know who use ICQ haven't used the official client in years - the official ICQ client is the fugliest piece of software I've ever seen. I use Miranda for both MSN and ICQ, but most of my friends have migrated from ICQ to MSN.
I think this is what happened: ICQ took a strangle-hold of Canada. Backwards Americans missed the boat. Then, Mirabilis/AOL ran ICQ down the tubes by bloating it into a monstrous, crufty piece of crap. As a reaction, users migrated to the IM program that was already residing on their computer (and, at the time, launched automatically when you opened OE).
Why? I have no idea. I'm guessing it's Microsoft way of throwing "Sign-up for Hotmail!" signs when you're filling up your info in MSN Messenger.
Personally, I hate Hotmail. Yahoo! and GMail upgrade all their users' space at the same time. As for Hotmail, it still has my account at *2 megs*, the same limit it had since *1998*, when I signed up for it. I wrote an email to Support asking if they were planning on upgrading my account and they just advertised Hotmail Plus!, the paid version.
(joke)My guess is that they still have my account stored in an old Solaris box and they can't find where it is.(/joke) I haven't used my Hotmail account for a long time now, but I keep it around just in case some distant family member who got my email 5 years ago tries to contact me -- yes, it happens more often than I expected.
Bored? Browse Slashdot with a +6 modifier for Troll comme
The thing to do would be for everybody who does not want an MS dominated email infrastructure to reject all email from servers that publish SPF records.
Too bad nobody has balls to do that though. MS will own another vital infrastructure by throwing their weight around and shoving down everybodies throats. The rest of the industry will bend over and take it like usual.
It's kind of a abused spouse syndrome. They keep getting slapped around and they are too afraid to leave.
evil is as evil does
Do you think Yahoo would have given you those two gigs if gmail hadn't done it first?
"Maybe you're just gullible and will jump at every piece of marketing foisted in your direction ;)"
And how much marketing has Google given gmail? Absolutely none.
Computers are useless. They can only give you answers.
-- Pablo Picasso
Hmm.
I have a domain, glitterandtwang.org, which is hosted by suffusions.net. Suffusions.net has an SMTP server, but it requires authentication (in the form of having checked your email in the last 15 minutes over POP) and so I use my ISP's SMTP server. So my email is from dexter@suffusions.net, but it's sent from adelphia.net... am I going to be shitlisted by everybody with SPF and Sender ID?
I'm on a road shaped like a figure eight; I'm going nowhere but I'm guaranteed to be late.
This doesn't stop spam, but it makes sure that no one can forge an address from your domain, unless it was really sent from your domain.
So, if I want to send mail from my personal domain, won't SPF screw me? I'm on speakeasy and, while they certainly are decent at CS, I doubt they'll add spf records for my domain.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
I like the concept of using cryptographic methods to protect the mail headers and body. I think that is the most promising approach. That said, crypto solutions like DomainKeys is not without problems.
Crypto solutions breaks on way too many mailing lists and more than a few email forwarders because content is often added (ads on the bottom) or changed (spam/virus filtering), and this breaks the crypto signatures.
Also, there is also a real problem with replaying a message. You just can't distinguish a Yahoo customer sending a message to a large mailing list, and a spammer who signs up with Yahoo, sends a message to themselves, and then redistributes that correctly signed email to their list of 50 million victims.
There are various ways to try and solve to both of these problems, but none of the solutions are very clean and probably not very effective.
I think that if there was a nice, clean solution to the forged email problem, it would have been discovered many years ago.
I think the crypto solutions, and things like SPF (or DMP, or RMX, or any of the other LMAP-type solutions) can help each other out. SPF primarily fails on forwarded email, while the crypto solutions primarily fail on mailing lists. If all email uses both, it can help automate the detection of forwarders and mailing lists, and then you can know which system to use for each email.
DomainKeys is not the only crypto solution, there is also IIM, and META-signatures. I actually like the latter two better because I think they handle the problems with mailing lists better. Yahoo and Cisco have announced that they are merging DK and IIM into a single spec, but they haven't released the spec yet, and the details will be very important.
Domainkeys, like SenderID, has two other problems that could cause problems for the F/OSS world of email. First off, Yahoo has patents on DomainKeys and their license isn't (currently) compatible with many F/OSS software. I suspect that Y! will be much more willing to make changes to their license than MS was, but who knows. Secondly, like SenderID, it turns out that DomainKeys is already trademarked by someone else and this could cause lots of legal fun for the parties involved.
SPF support for most open source mail servers can be found at libspf2.
I hate SPF. Ever since Yahoo implemented SPF, I can no longer list my yahoo email address as my "from" address when using a client email application, such as Outlook or Thunderbird.
I can't send email through Yahoo's SMTP server because the guys over at Cox Cable block outgoing SMTP traffic which all ISPs do.
SPF completely ignores the realities of today's internet connected world, and it's preventing me from using my email in the way that I want to.
Each of the established IMs have millions or tens of millions of subscribers
That's why GAIM is the answer. Everyone I've given it to loves it. GAIM is one of the most useful OSS apps available on Windows. It's handling of multiple IM protocols simultaneously easily trumps all other clients.
"I assumed blithely that there were no elves out there in the darkness"
we need a "get in" based system and I think MS is trying to get some accountability on the ISP side.. of course the purpose of email is to contact people you don't know... that's what this wrecks. We need a new protocol like customized Jabber or some kind of pre-authorized opt-in agreement between companines. So I can pre authorize to your companies servers, then send away. of couse the OTHER big thing is SOX requiring all sorts of tracking and documentation.. SOX alone is enough to kill email as we know it... we need something between email, IM, slashdot, and blogs. Due to SOX "private" email will be dead at most companies anyway... so a more forum based alternative may be better.
Again, MS holds the current customers, but oss holds the long term lead. if we can get enough admins to switch over... we've got to gun for an incompatible exchange replacement and do it better.. if MS is calling it, then let's break it better..and faster... there's no way they could keep up.