Microsoft Helping Nigeria Fight Scammers

encodics writes "News.com is carrying a story today about how Nigeria is asking Microsoft for help in fighting scammers." From the article: "Microsoft will provide technical expertise, training and other security resources to Nigeria's Economic and Financial Crimes Commission (EFCC), which is tasked with fighting cybercrime in the country. Nigeria was initially slow to respond to the problem of '419' e-mail scammers operating in the country, who were duping unsuspecting Internet users out of thousands of pounds by promising a share of the secret multimillion-pound fortune of a deposed African dictator. "

They asked Microsoft first....

[WoodstockJeff]

... because most of the ones we've received in the past few months are sent by MSN/HOTMAIL users. While many actually used MSN.COM or HOTMAIL.COM accounts, Microsoft has a few hundred "vanity domains", for which there is no accountability whatsoever - attempts to report the spam get bounced, because there is no "abuse@" for these domains, and abuse@hotmail.com will only accept reports of hotmail.com accounts, just as abuse@msn.com will only accept them for msn.com accounts.

It's a nifty little scheme - use one of the vanity domains, and you can send spam for months. The mail is delivered through HOTMAIL.COM servers, so blocking by IP doesn't work. Unless, of course, you are willing to take the colateral damage of blocking all HOTMAIL and MSN customers.

Which, it turns out, might not be much real damage at all...