Admins Accuse Microsoft of Hotmail Cap

kurmudgeon writes "The Register is fielding reader tips that Hotmail has placed Draconian limits on the number of Hotmail recipients who can receive an email. The first 10 Hotmail addresses included in a mass email go through just fine, according to these reports. But any additional addresses are returned to sender with a message that reads: "552 Too many recipients." (Microsoft denies it has placed any such restriction on the number of senders.) This would appear to be a violation of RFC 2821, which states: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification."

And the problem is...?

[Kelson]

Let's look at that phrasing: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification." (emphasis added).

Are they rejecting messages, or are they rejecting recipients?

According to this, they're rejecting recipients with an obvious "try this again" code. Really that should be 452, not 552, but that same RFC 2821 says that senders should treat a 552 as temporary:

RFC 821 [30] incorrectly listed the error where an SMTP server exhausts its implementation limit on the number of RCPT commands ("too many recipients") as having reply code 552. The correct reply code for this condition is 452. Clients SHOULD treat a 552 code in this case as a temporary, rather than permanent

So whatever sending server runs into these limits should retransmit the message to the remaining recipients on the next queue run. Okay, it'll only reach 10 recipients at a time, which is annoying. It shouldn't be kicking back the error to the client.

Really, assuming Microsoft has actually put this limit in place, the only thing I can see that's wrong, from a practical standpoint, is using the outdated 552 code instead of the more specific 452 -- but that same RFC people are waving around says that their servers should treat it as temporary anyway.

Am I missing something?

Re:And the problem is...?

[Gyppo]

No - for every recepient that they reject, they are, in effect, blocking those recipient from receiving the intended message. So they are blocking messages.

Re:And the problem is...?

[fatphil]

Are you missing this bit:
"""
      recipients buffer
            The minimum total number of recipients that must be buffered is
            100 recipients. Rejection of messages (for excessive recipients)
            with fewer than 100 RCPT commands is a violation of this
            specification.
"""
which is only a couple of paragraphs above what you quoted.

You're also missing the fact that when a server rejects a message because of some issue with the recipients, it is still rejecting the message, and not "rejecting the recipient", which is a completely meaningless concept in the language of the RFC.

Re:And the problem is...?

[Kelson]

No - for every recepient that they reject, they are, in effect, blocking those recipient from receiving the intended message.

The proper reaction of a sending server to a temporary error is to try again. Per that same RFC, the server should be treating '552 too many recipients' as a temporary error.

Yahoo does the same thing at 30 recipients, though they issue the more proper 452 error code. The first 30 recipients at Yahoo get the message, then the sending server retransmits to the remaining addresses.

Re:And the problem is...?

[Obfuscant]

No, according the standards, every recipient rejected for "too many" stays in the queue and delivery is attempted at the next queue run. While Hotmail's violation of the standard seems bad, the worst effect it should have is to slow the delivery, not prevent it.

If a client actually stops trying to deliver based on a 552 error, then it, too, is violating the standard, in a way that actually prevents delivery. I consider that a more serious violation.

Re:And the problem is...?

[dvazquez]

How about this:

      Errors due to exceeding these limits may be reported by using the
      reply codes. Some examples of reply codes are:

            452 Too many recipients (see below)

      RFC 821 [30] incorrectly listed the error where an SMTP server
      exhausts its implementation limit on the number of RCPT commands
      ("too many recipients") as having reply code 552. The correct reply
      code for this condition is 452. Clients SHOULD treat a 552 code in
      this case as a temporary, rather than permanent, failure so the logic
      below works.

      When a conforming SMTP server encounters this condition, it has at
      least 100 successful RCPT commands in its recipients buffer. If the
      server is able to accept the message, then at least these 100
      addresses will be removed from the SMTP client's queue. When the
      client attempts retransmission of those addresses which received 452
      responses, at least 100 of these will be able to fit in the SMTP
      server's recipients buffer. Each retransmission attempt which is
      able to deliver anything will be able to dispose of at least 100 of
      these recipients.

      If an SMTP server has an implementation limit on the number of RCPT
      commands and this limit is exhausted, it MUST use a response code of
      452 (but the client SHOULD also be prepared for a 552, as noted
      above). If the server has a configured site-policy limitation on the
      number of RCPT commands, it MAY instead use a 5XX response code.
      This would be most appropriate if the policy limitation was intended
      to apply if the total recipient count for a particular message body
      were enforced even if that message body was sent in multiple mail
      transactions.

Re:And the problem is...?

[dgatwood]

Only if the sending SMTP server is broken. SMTP has two types of return codes: permanent failures and temporary failures. A permanent failure causes the message to bounce to the sender. A temporary failure causes the message to be queued and resent. Upon resending, only recipients for whom an error was generated are retried. Thus, if this error occurs after ten recipients, the remainder won't get the message in the first pass, but the next ten will get it when the sending server retries (usually after an hour, IIRC). This should continue until the recipient list is exhausted. Even this assumes that the sending SMTP server is extremely dumb and doesn't really understand anything about this error code at all beyond that it is a temporary error.... If it actually understands the code, it should try resending to additional recipients immediately, and divide the message into smaller batches, in which case it would delay delivery by a few minutes at most.

In theory, in some extreme cases, the recipient might never get the message. If it retries once an hour for a week (fairly typical), that would effectively cap the number of HoTMaiL recipients of a single message at 10 * 24 * 7 = 1680 recipients. Of course, a proper sending SMTP server should already be able to split messages into batches of a hundred or less because a limit of 100+ is considered acceptable behavior by the receiving server. Thus, in effect, because 1680 is larger than 100, short of a very long term net outage after the initial connection attempt, all the recipients should receive the message in every case. If this does not occur, the sending SMTP server is broken.

This is, of course, just my opinion.

Re:And the problem is...?

[cez]

"Clients SHOULD treat a 552 code in this case as a temporary, rather than permanent"

I think the important part is the longevity that this filter is in place. Does anyone have any first documented cases with a nice time stamp?

I am not one to defend MS, but sometimes shit happens, if they are providing a correct code to identify a temporary action, then the clients should react appropriately with a next queue. However, I don't know how I would feel if they did this on purpose, logged were all those 522s were sent, then blocked the top 90% offending hosts without cause or reason lifting the temporary 10 recipient 522 rejection...

FTFA:

Several people have reported a work-around, which can be achieved by setting the max_rcpt of the SMTP transport to 10 or less. This method worked for Old, but he said it has the potential to consume significantly more bandwidth, a limitation that is sure to hurt legitimate senders but have much less of an effect on spammers, who don't pay for their internet service.

The last time we spoke with a Hotmail official, we learned that of the 5 billion emails sent to its users each day, about 4.5 billion of them, or a whopping 90 percent, were spam. Clearly, unsolicited email is a problem that warrants a tough response from Microsoft.

This is what kills me about the net neutrality argument, do analysts just need another figure of loss to dream up? With all the illegitimate abuses of bandwidth out there, fingers are going to start being pointed. Granted email didn't used to take up that much of a percentage of global traffic, but with the inclusion of pdf, jpgs and other attachments in the spammers arsenal, as well as zombie botneted PCs in the millions...

Re:And the problem is...?

[Sorthum]

5xx rejections are permanent, "Give up now."
4xx rejections are temporary, "try again later."

Re:And the problem is...?

[beckerist]

Microsoft? Broken?



ok folks, lesson 101 on karma whoring on /.

Re:And the problem is...?

[Ctrl-Z]

No no! For once Microsoft is the receiver!

Re:And the problem is...?

[morcego]

Ok, I might need some further clarification here.
Aren't 55X errors supposed to be permanent, while 45X errors are temporary ?
Why would the sender keep the message on the queue after a permanent error ?

Re:And the problem is...?

[Obfuscant]

Refer to RFC2821, which is the RFC that MS is being blamed for violating by not allowing 100 RCPT commands per session. Normally, you are right, 5XX is fatal, but 4.5.3.1 Size limits and minimums says:

RFC 821 [30] incorrectly listed the error where an SMTP server exhausts its implementation limit on the number of RCPT commands ("too many recipients") as having reply code 552. The correct reply code for this condition is 452. Clients SHOULD treat a 552 code in this case as a temporary, rather than permanent, failure so the logic below works. SHOULD means "unless you know what you are doing and have a good reason to do otherwise." The "logic below" is that the sending server removes the ones that were successful and tries the rest again later.

Re:And the problem is...?

5xx rejections are permanent, "Give up now."
4xx rejections are temporary, "try again later." Read RFC 2821. Code 552 SHOULD (in the RFC-sense) be treated as an exception to that rule.

Re:And the problem is...?

[walt-sjc]

Dealing with mail servers that handle newsletters with subscribers numbering in the 100K+ each range, I have several special configurations on my servers to handle various broken behavior. In fact, I have a "butthead-TMR" list that contains hotmail for this EXACT reason. I also have a "butthead-TMC" list for a few broken servers that start doing the same 500 level errors for "too many simultaneous connections".

It's one thing to have anti-spam and anti-abuse mechanisms in place, it's another to deliberately break basic functionality in direct violation of the standards that make email work. There are MUCH better ways of handling situations where you want to rate limit inbound mail that are fully compliant with the RFCs, that allow all valid mail to get through.

It simply amazes me how many IDIOTS are running servers at large ISP's / sites. It is well known by most competent email admins that hotmail is totally broken and unreliable. Anyone still using hotmail for everyday use should have their head examined.

Re:And the problem is...?

I also have a "butthead-TMC" list for a few broken servers that start doing the same 500 level errors for "too many simultaneous connections".

There is absolutely nothing wrong with rejecting excessive multiple connections from the same IP, as there is no good reason for this to ever happen, since a message to 1000 users at the same site should create just one connection. For a large site talking to a large site, it's possible to have multiple users sending single e-mails that could cause multiple connections, but then you just need to set the max to match expected usage.

I run a small server with less than 20 users, and have the max connections that I allow from one IP set to 10, which is quite reasonable. I've used a value of 50 for sites with around 500 users with no problems from real sites, but it stopped a lot of really bad spambots.

Also, when a system rejects too many multiple connections with 421 (as I do), your end should retry, and unless you are really slamming out a lot of different e-mail to the same site, your users should never notice an issue.

Re:And the problem is...?

[jZnat]

Then perhaps it's a good thing that Hotmail is blocked at nearly any place that uses filters, eh?

Re:And the problem is...?

[ScrappyLaptop]

Wait a minute; are you trying to tell me that Hotmail is actually meant for something other than forms that require an email address? Sheesh, next you're going to tell me that I shouldn't trust them to protect my personal information...

Re:And the problem is...?

[walt-sjc]

A rejection is a 5xx level error. A 4xx is just a temp fail, and not a rejection.

I'm talking about 5xx level rejections. 4xx level errors are JUST FINE!

Too many?

[shine-shine]

Oof.

"552 Too many first posts."

No Wai!

Microsoft not following a standard? Shocking!

Re:No Wai!

[Tuoqui]

Specifications? We dont need not stinkin' specifications!

E-mail is dead for mass communication

[iamacat]

Not only are most mass e-mails spam, but pushing a message with multiple image attachments to tens of thousands of users is a huge waste of bandwidth. Let's reserve e-mail for personal, one to few communication. Companies can use RSS or some similar mechanism to get their newsletters out.

Re:E-mail is dead for mass communication

[RollingThunder]

I take it you're not on any discussion mailing lists, then?

All MS is doing is cranking up bandwidth costs now. Instead of one copy being sent to all 68 subscribers on the server, my listserv now has to send them 68 copies of the same damned thing. Incredibly inefficient, but the subscribers want the email, so that's what'll happen.

Re:E-mail is dead for mass communication

I take it you're not on any discussion mailing lists, then?

I haven't read a discussion mailing list since 1998. I'm subscribed to one now, but only because they force me to in order to search their web archives.

Why are people still using these? Why haven't they been replaced by forums?

Re:E-mail is dead for mass communication

[gsmith78]

Completely agree with you!

Re:E-mail is dead for mass communication

[secPM_MS]

I assume this is to make spamming a bit harder. My DSL line comes with a tie-in to MSN, so I run Outlook 2003 using the connector tool to link to the mail server (I would be much happier with a POP or IMAP access), but I have been told I am an antique who doesn't see the inherent superiority of HTTP / web access.

When my wife was corresponding secretary of an organization with a mailing list in the low hundreds, I had to send out the e-mails. I experimented and found that e-mails with 8 recipients would go out, but that e-mails with 16 recipients had problems. THus I created a large number of 8 element mailing lists and sent stuff out that way.

Pain in the ass, but MSN does seem to be doing a pretty good job of spam supression, far better than I experienced after pacbell shifted its users onto yahoo.

Re:E-mail is dead for mass communication

[vux984]

Not only are most mass e-mails spam, but pushing a message with multiple image attachments to tens of thousands of users is a huge waste of bandwidth. Let's reserve e-mail for personal, one to few communication. Companies can use RSS or some similar mechanism to get their newsletters out.

1) How does RSS save bandwidth? The images are loaded when each user checks their newsletter? Assuming the newsletter is legit, then te read rate will be high, and the bandwidth gets used anyway.

2) The newsletters I personally send out are hosted on the web for archival anyway, so we just send them the email with the images linked to the web based images; i'm not sure if bandwidth is overall saved or not. People who don't read the messages consume less, people who read them clear their cache, and read them again use more. On well managed a legit mailing list you'll get most readers at least opening the message.

3) RSS is GREAT for the end user; and I personally prefer to subscribe to rss over email because I get to do it anonymously. Its great for companies too because it dodges the whole 'someone thinks this is spam even though they double opted in' crap. But at the same time, not having the email address of the recipients is a real loss.

But regardless, RSS is moot. Most people out there aren't comfortable with RSS, and the email newsletter is a lot more accessible to less technically savvy people who don't have a clue what RSS is. Anyone doing legit newsletter distribution would be insane to cut over to pure RSS, they'd lose far too many people.

Re:E-mail is dead for mass communication

[SnoopJeDi]

Why are people still using these? Why haven't they been replaced by forums?

At UMBC, almost all student organizations, many classes, club teams, etc. etc. all use a mailing list system powered by Sympa to communicate. It's way more convenient than logging into our blackboard site, browsing to the class, finding the discussions forums, and finding the right thread in the mangled excuse for organization.

With the mailing list, all I have to do is check my email. Email is easier to centralize to the individual than forums, and leaves organization up to the end user. I have to check my email for personal communiques, contact from professors, and automatic notifications ANYWAY, why the hell should I not use the system to stay in the loop in a group, too?

That said, reply-all is the worst thing in the world.

Re:E-mail is dead for mass communication

[qnetter]

Because forums require that you go to them, which requires you to remember to, which requires you to be telepathic about whether there is important information there. When the info comes to you, you can quickly triage it and determine if you need it now, later, or never.

Re:E-mail is dead for mass communication

[dw604]

Many email marketers like to personalize their mailings, so they do it the inefficient way all the time.

Re:E-mail is dead for mass communication

[McDutchie]

Why are people still using these? Why haven't they been replaced by forums?

Because web forums suck.

1. You're limited to whatever interface the web forum admins chose. You cannot choose your own interface. You have to use a different interface and/or register a new account for each forum.
2. Most forums lack basic features such as threading and decent filtering/sorting/killfiling. (So do most email programs, but at least you can choose one that has these features!)
3. Web interfaces are s-l-o-w.
4. Outages or being offline means you can't get to the forum.
5. You have to remember to go to them. Mailing lists come to you. (That what really kills most web forums for me. Slashdot is an exception.)

Re:E-mail is dead for mass communication

[drsmithy]

6. You (or anyone else) can't (easily) keep your own [searchable] archive of postings.

Re:E-mail is dead for mass communication

[aztracker1]

To be honest, I participate on a number of email based discussion lists.. and also to be honest, I would much rather have NNTP access... this could still be nicely structured and accessed in my email client, but not interleaved with my email, and not risk being cast into the junk folder on occassion... I really wish that Google Groups, and Yahoo Groups had an NNTP interface, you could use your user login to access... that would so rock over the email mode..

Re:E-mail is dead for mass communication

[amorsen]

I really wish that Google Groups, and Yahoo Groups had an NNTP interface

gmane.org!

Re:E-mail is dead for mass communication

Way to go on the mass generalisation, moron. I send a weekly email to members of my sports club. It's a miracle that even the majority of them have email addresses. Barely 5% would have heard of RSS, have any idea of accessing a feed or even be interested in changing away from a system that works perfectly well (when MS are fucking it over) on the say so of iamacat from slashdot.

Re:E-mail is dead for mass communication

[hebertrich]

totally agree .. and do remember we're talking hotmail
here .. any cap they put on the number of recipients
is a small step towards lowering spam on the global
level. For once imho MS is doing something positive
for the " greater good " and cleaner inboxes :)

Re:E-mail is dead for mass communication

[ultranova]

All MS is doing is cranking up bandwidth costs now. Instead of one copy being sent to all 68 subscribers on the server, my listserv now has to send them 68 copies of the same damned thing. Incredibly inefficient, but the subscribers want the email, so that's what'll happen.

Simple solution: don't allow subscriptions from Hotmail accounts.

Re:E-mail is dead for mass communication

[SCHecklerX]

Or you could configure your server to put a maximum number of recipients per envelope and also limit the number of envelopes sent at a time, if necessary. I did this to stop this exact problem. It's more efficient since you only send the stuff once (albeit, broken up into more than one message), but it is accepted vs. the constant retrying and whittling of the original recipient list.

And M$ has cared about RFCs since when?

[ravenspear]

This might be news if:

1. Microsoft actually gave a shit about any protocol they didn't define.

2. Anyone actually gave a shit about hotmail.

Re:And M$ has cared about RFCs since when?

"2. Anyone actually gave a shit about hotmail."

hehehehe!

Re:And M$ has cared about RFCs since when?

3. SMTP wasn't already amply demonstrated to be a poorly thought-out and flaw-riddled protocol from the outset.

Haven't we all by now seen enough to be able to say, aspects of the SMTP protocol are downright BAD, and maybe it's okay to limit individual email transmissions to 10 recipients.

Spam is a massive problem and sadly, falls right on top of many of the SMTP shortcomings. It also wastes more bandwidth than stupid-ass 90's tech mailing lists, even if they're retransmitting portions of their lists. Maybe it's not so bad to impact a few old-school distributors if it puts even a minor dent into the spammers' activities...

-AC

Re:And M$ has cared about RFCs since when?

[flyingfsck]

"1. Microsoft actually gave a shit about any protocol"

There, fixed it for you...

Re:And M$ has cared about RFCs since when?

[QuietObserver]

Good point. I've seen a number of protocols, along with file formats, etc., Microsoft itself claims to have come up with, then have dropped without explanation. One of the worst is the MS Word format (which I think sucks anyway), which keeps changing with every version. Files created in Word 2000, for example, won't open in Word '97, and I know a professor who is now getting Word 2007 documents he can't open because he's still got the previous version. I compare that to WordPerfect, which hasn't made an overall file structure change since version 6; WordPerfect 6 might not be able to fully interpret every new tag in files created by later versions, such as spelling correction tags, but it simply ignores any code it doesn't recognize, so WordPerfect 6 can still open any file created by, for example, WordPerfect 12 with minimal data loss. I'm not saying the WordPerfect format is perfect, because it isn't, but it's much better than MS Word's.

Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

Our (100% legitimate, double opt-in) mailing list gets a few Hotmail addresses added to it every now and then. We frequently get people complaining about missing mails and so on. Invariably, it's because of something silly, usually spam filtering that has been set to be so ludicrously aggressive that practically anything not white-listed (i.e., nothing on a new account) gets through.

We have now reached the point where we consider Hotmail an irrelevance. We don't even advise complainants to use another mail client any more, we just ignore them. The list is not run for profit, and the effort of supporting Microsoft's not-playing-ball freebie mail system just isn't worth it for what is basically a hobby set-up run for the benefit of our community.

Re:Hotmail is unreliable anyway

[sjwest]

Yahoo are not much better, we where doing some domain keys signing and yahoo where not checking those for a while considering it was there baby go figure.

It took a day to get a test message to yahoo to one user.

We dont run mail list but hotmail, and yahoo are not really in very good shape. Theres better free email out there.

Re:Hotmail is unreliable anyway

[Klaus_1250]

The bad thing about spam filtering in Hotmail is that they do it silently. I've had complaints in the past about mails being lost, so I checked my server logs: 250's for all messages to hotmail. Wrote an email to postmaster@hotmail.com which bounced back (sigh). Then I gave up and adviced to make sure recipients had the sending email-address in their addressbooks before sending them anything, which seems to do the trick most of the times.

Re:Hotmail is unreliable anyway

I suppose that you've not worked in a corporate environement lately, or else you'd have stumbled into these kind of problem(s?) a lot ..

Most SPAMfilter will make emails "magically dissapear" (as opposed to the usual, it gets through or you receive a NDR) as soon as your Marketing/Communication/whatever departement sends a few emails out. Then again, maybe the business I work for is special since it's a TV channel. Still, if you start listening to the "hey! My email was late/not delivered once I checked" from your customers (aka coworkers), you suddenly realise that just like most systems, the SPAMfilters are being runned by idiots, just like most SMTPs (opening 1000 connections allowing 100000 emails each is not really the ideal "default" for an SMTP server, nor a SPAMfilter).

If you started dissing hotmail (which I just tested with a 50 recipients list and stopped checking after the 11th) for "abusive SPAM filtering", maybe _you_ need to check how you send emails and/or the clients (scripts hopefully better then client for massmailing) to achieve your goals.

Re:Hotmail is unreliable anyway

[Dark_Gravity]

Our (100% legitimate, double opt-in) mailing list

As a legitimate list admin, please read this, and consider using the less confusing term, "confirmed opt-in" instead of "double opt-in".

You won't need to feel obligated to refer to yourself as "legitimate" once your choice of language announces that for you.

Re:Hotmail is unreliable anyway

[ozmanjusri]

The bad thing about spam filtering in Hotmail is that they do it silently.

It's not just silent, it's unpredictable.

I've just sent two emails from my own server to my Hotmail account. The first was with one of those short .wmv videos as an attachment (3.5Mb), the second was the same email, but without the attachment.

The email with the video went through, while the second one, with identical text but no attachment, has vanished.

Re:Hotmail is unreliable anyway

[Mex]

And don't get me started on Hotmail's "mysterious" tendency to completely miss messages coming from Gmail accounts.

No, they don't even show up on the "Spam" folder, I've checked. I don't know if this is random, but it's very suspicious.

Re:Hotmail is unreliable anyway

[mks113]

I worked with a bunch of missionaries who routinely sent out email newsletters to hundreds. Our server was blocked alternately by AOL and hotmail, along with a few others. It was locked down, but legit users were sending out "mass" mailings to people who had requested them.

Between being blocked and email going to hotmail junk boxes, we gave up on complaints.

We got on a few other blacklists from time to time, but it usually had to do with other users in the IP block our ISP had us on.

Wouldn't using bcc fix this issue?

Re:Hotmail is unreliable anyway

[Curmudgeonlyoldbloke]

The "silently dropping mails" problem has been around for a while. I've had a Hotmail address for ages - well pre-Microsoft, and tended to use it for lists that I read every now and again. Out of about 20-30 regular list posters it was very repeatedly dropping certain senders - a few UK cable addresses (but not other UK cable addresses), one Gmail and a couple of Hotmail addresses (but not others).

Headers of the dropped mail were all pretty legit - in the case of ISP mail, person's PC SMTPs it to ISP, the servers of which SMTP it to the list, which SMTPs it to Hotmail (in the case of webmail, the webmail servers send it to the list via some route). None of this "silent dropping" seems to be content-dependant (it's always the same senders and always all mails from those senders).

I gave up completely on Hotmail a few months back - to be honest I only keep the account open to say what emails it's dropping.

Re:Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

If you started dissing hotmail (which I just tested with a 50 recipients list and stopped checking after the 11th) for "abusive SPAM filtering", maybe _you_ need to check how you send emails and/or the clients (scripts hopefully better then client for massmailing) to achieve your goals.

We send out our mails using a standard issue mailing list manager, which deals with confirming all the addresses before they are added to the list among other things. All mails we send come from recognisable addresses, include a recognisable keyword in the subject line to help people wanting to use mail filters, include appropriate headers to indicate that the mail is a bulk message, and contain only content of the kind a list subscriber would expect.

We do not use SPF, Sender ID, DomainKeys, or any similar fundamentally flawed system, nor will we support one until a recognised, widely adopted and effective standard is in place.

This suits our goals, and those of most of our community, just fine. We don't lose any sleep over the few people who choose to blame us rather than their mail service because their mail service doesn't follow the same rule as everyone else.

Re:Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

Thanks for the suggestion, but I don't think the Spamhaus-recommended terminology is any better. "Double opt-in" has been the common name for our approach since a long time before anyone heard of Spamhaus, and I don't see how "confirmed opt-in" is any less vulnerable to word-twisting abuse according to the argument they give. They even acknowledge on the page you cited that "double opt-in" is a term in use by legitimate mailers (unlike some of the other suggestions they mention, which frankly I've never heard of until today).

As you have demonstrated, the form I tend to use makes it very clear both that we are not in the business of spamming and that we take technical measures to ensure that we don't come across that way. As long as people understand that, I'm happy.

Re:Hotmail is unreliable anyway

[dave562]

We do not use SPF

What specifically is your beef with SPF? I'm just a jack of all trades system admin and not a "mail server" admin by any stretch of the imagination, so excuse any perceived ignorance here. SPF seems to be picking up traction in Europe. I work for a major art museum and they are communicating with people around the world. I recently had to add an SPF record for our outgoing server because more and more recipients were bouncing mail back. On the surface it seems like a good system and is very much akin to reverse lookups. It just verifies that the server is who it says it is and in the case of SPF, that the server is authorized to send email for the domain that it is sending email for.

Re:Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

SPF is, IMHO, a flawed implementation of a worth-a-try idea:

• If you legitimately have mail being sent from your domain via many servers, it's a royal PITA to set up and there is a time lag for any changes to propagate. SPF is based on the obviously untrue idea that each domain from which mail might originate will generate that mail from its own server, or at least a reasonably small and consistent set of servers that can be readily identified. This might work for big business with professional sysadmins setting up all the server boxes, but it's hopeless for small-scale home users, volunteer groups, etc. etc.
• It's not an accepted standard: if you support SPF, do you also support Sender ID for this big free mail system, DomainKeys for that one, tomorrow's rehash for the next guy...?
• Nowhere near enough people use it properly. Of the domains that set SPF records, a very significant proportion are just set to allow all to avoid SPF-related bounces, undermining the entire scheme.

In other words, it's a pain to set up if you're the little guy, it's not future proof even if you do, and in any case, improper use is so widespread that its concept is undermined before you even start. The idea wasn't a bad one, but the implementation is hopeless as it stands.

Re:Hotmail is unreliable anyway

[dave562]

If you legitimately have mail being sent from your domain via many servers, it's a royal PITA to set up and there is a time lag for any changes to propagate. SPF is based on the obviously untrue idea that each domain from which mail might originate will generate that mail from its own server, or at least a reasonably small and consistent set of servers that can be readily identified. This might work for big business with professional sysadmins setting up all the server boxes, but it's hopeless for small-scale home users, volunteer groups, etc. etc.

It seems like you're talking about two seperate issues here in the same context. One is that if you have a lot of servers sending email for your domain then it is a PITA to setup. Then you talk about how it is a PITA for small-scale home users. In my experience of consulting and working with mail systems over the last ten years, I've never run into an organization with more than two or three outgoing mail servers. I've dealt with some pretty big, multi-site, world wide Exchange deployments and although there may be numerous mail servers in the organizational hierarchy, there are rarely more than a few public facing MTAs and those MTAs have ALWAYS had static addresses. Like I said earlier, I'm not a mail admin by any stretch of the imagination, but I'm having a hard time conceptualizing a scenario where you would have multiple outgoing mail servers that would be changing their IP addresses frequently enough to make keeping an SPF record up to date difficult or time consuming.

It's not an accepted standard: if you support SPF, do you also support Sender ID for this big free mail system, DomainKeys for that one, tomorrow's rehash for the next guy...?

True, it is not a standard. It is just another tool in the toolbox.

Nowhere near enough people use it properly. Of the domains that set SPF records, a very significant proportion are just set to allow all to avoid SPF-related bounces, undermining the entire scheme.

Just because people choose not to impliment it properly doesn't mean that it should be discarded. Less than half of the people in America exercise their right to vote. Maybe we should just take it away? ;)

In other words, it's a pain to set up if you're the little guy,

I just don't buy the pain for the little guy line of reasoning. If you're a little guy, odds are you have your domain hosted somewhere else and you aren't doing it yourself. If you're in the SMB segment, you probably have a single mail server for your organization on a static IP. You don't even need to know crap about DNS to setup spf. You can just go to spf.org and use their web form to generate the proper syntax to add to the zone file.

Re:Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

The organisation that runs the mailing list I've mentioned elsewhere has a large organising committee, which changes fairly frequently (each post changes hands at least once per year, more frequently in some cases). On that committee, there are several different people who would want to send a mail to our announcements list at times. We have no mail server of our own, but always send mail with a From: header set to our general contact address. Thus we can have several people, each of whom will post to the list using whatever mail server they personally have access to, and those people change quite often.

Of course, we could try to work out all the IPs used by each person's ISP/mail provider, and include them in an SPF record for our domain, and update it every few weeks when one of the posts changes hands to someone new. We could set up Sender ID and DomainKeys and so on as well. But frankly, that's a lot of hassle, and gains us very little. As I said earlier in the discussion, until there is a common, widely used, effective standard for this stuff, we just don't consider it worth our time to support everyone's pet idea.

Re:Hotmail is unreliable anyway

[dave562]

So in other words you don't want to/can't invest in the infrastructure to do it effectively? There are products out there like listserv, Lyris, and other mass email programs that can be setup, on a single IP, to do what you want to do.

In one way I feel for the position you're in. You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there. You are free to continue doing things the way that you want to. However, if you don't want to play by the rules that others are setting up, you can't expect your mail to be delivered. The time might be coming that your organization needs to have a real internal conversation to decide whether or not you want to do things right and be done with it, or continue to try to find ways around increasingly more restrictive controls being put in place to deter spam. I think it is just another sign of the times. The internet is becoming more and more controlled. I miss the days when I could have a wide open relay for all of my friends to use.

For me, SPF was a worth while investment of 15 minutes out of my day. Not only did creating an SPF record allow my users to send mails to domains that check for SPF records, it also eliminated the problem of spammers using our domain on forged headers for the spam that they sent out. In your case, SPF may be a big fast waste of time. You might not have spammers who have appropriated your domain name for their purposes. I'm honestly surprised that you're able to change the From: header and have it work. Most of the commercial SMTP servers that I come across these days don't allow that kind of thing anymore. If you are joeblow@earthlink.net and you try to send out an email as joeblow@mailinglist.org, the outgoing server is going to reject your relay attempt.

Re:Hotmail is unreliable anyway

[Anonymous+Brave+Guy]

You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there.

Might? We're talking about a non-profit organisation, running a mailing list as a service to the community. There is no question of "investment", because there is no money to invest.

However, if you don't want to play by the rules that others are setting up, you can't expect your mail to be delivered.

Perhaps I wasn't clear. For the overwhelming majority of people on our list, everything works just fine. It is only those who choose to use substandard mail services that lose out. Our position — and this was discussed — is that this is their problem, not ours.

You might not have spammers who have appropriated your domain name for their purposes. I'm honestly surprised that you're able to change the From: header and have it work.

It's funny: I hear that a lot, yet not one of the various people I mentioned before, using any of the mail services from the local university through small local ISPs up to some pretty big names, has ever reported encountering this problem in practice. Given that many of us have our own personal domains, but again we send mails through various ISPs' servers, I rather doubt this is because mail is getting silently dropped.

We did get one guy mailing us the other day, telling us how our system was set up "wrong" and helpfully telling us how to "fix" it by adding SPF to our domain. He had discovered this because he had configured his own mail system to reject incoming mail based entirely on whether the sending domain had a matching SPF record, and he happened to notice a bounce message in his logs.

I contemplated replying to explain to him why he was a fool for configuring his mail system in that way. I could have pointed out that fewer than 1/10 of all domains actually have an SPF record, and that of those who do, getting on for half of them are just set to "accept all" to get around this sort of foolishness. But I decided I had better things to do with my time. If he configures his mail filtering that aggressively, not receiving an occasional update from us is the least of his worries.

I'm shocked

[Zashi]

Microsoft isn't following standards? I'm the rest of the slashdot community is just as surprised as I am. I mean, microsoft is a company we've come to trust, to do no evil, to side with the consumer and the technical community at large. I'm sure this is just an honest mistake, one we will not see again.

*incoherent wheezing and laughter*

What's the bid deal?

[jtroutman]

There's been a fix for this problem for a while now.

Re:What's the bid deal?

[jtroutman]

That should, of course, have read "What's the big deal?", but I've had a head cold for the last week.

Re:What's the bid deal?

No, as opposed to those pesky chest colds. Moron.

People still use hotmail?

[heptapod]

There are hundreds of free alternatives available and a simple Google search brings up numerous email forwarding services that can take the sting out of changing email accounts.

Re:People still use hotmail?

[alien9]

Yes.

I use it due to integration with messenger IM.

Despite the fact I use gaim/pidgin most of time, the email/IM integration provided by their service led me to the decision of keeping my account, which is the same long before hotmail was purchased by microsoft.

I think the service fits my needs, to provide a reliable account for registrations/memberships elsewhere.

The lack of baynesian spam filtering (such has gmail and others) is a shame.

The interface (yes, I tried Live) sometimes simply sucks.

The storage and transfer limitations could be a problem for anyone lacking scp or such file transfer tools.

I said, _could be_. Email lost its credentials as serious transfer and communication tool.

Some of us may remember when Bill Gates stated that SPAM issue elimination was simply a matter of time. I gave them few credence then... and nowadays, email is clearly depicted as an unreliable, flawed tool.

Ordinary people can be kept safe by white-listing methods which figures out annoyances to me. They cay rely on such filtering to avoid Enlarge Their Penises NOW!!!

I would put my coins on a bit more intelligent solution to handle spam. There are a lot of solutions along with gmail or inova.net. The management of messages by AI systems which carries out the trash is a requirement to make email a reliable and trivial tool again... and not the scam nest it has been featured into.

This kind of announcement clears out what is the real level of microsoft improvement attempts - incredibly naive, blatantly stupid, moron-shaped company policies.

But, wait..

At all, who the heck would need to forward the message to 10+ recipients? In hotmail accounts? Oh... spammers. The less skilled and no less annoying of them. The ones who include my address in religious spiritual good intentioned chain letters.

Turns out microsoft is doing the right thing. The intelligence involved in their approach of bulk mail fits the targeted ones'.

Re:People still use hotmail?

[HillBilly]

Considering hotmail almost has twice as much storgae (5 gigs) as gmail and doesn't feel as clunky. Yes.

Re:People still use hotmail?

[heptapod]

http://mail.google.com/mail/?ui=html

Gmail's been available as html-only for quite some time and it's not very clunky.

Yahoo trumps them all by giving unlimited storage space.

You gotta pay up!

[argux]

I read about something like this a few days ago. A big website was warning people not to register with any Microsoft accounts (MSN, Hotmail, Live) because their mails were bouncing. They also mentioned that if they paid some fee, the cap would be lifted (obviously, they wouldn't in a million years give a cent to these people). Instead of paying, they would only recommend people to use Yahoo or Gmail.

Of course, it's not the exact, same thing, but the similarity between the two situations is spooky, to say the least.

Re:You gotta pay up!

[blincoln]

Hotmail et al have been silently blocking mail from my personal domain for a month or three now. It would have been nice if they'd at least bounced it, so I would have known earlier.

Dont worry!

[Ariastis]

No sweat guys, for 19.99$ per year, you can become a member of the Windows MSN Live Hotmail Benefactor Plus Live rewards program!

Benefits include :
1) Spam whomever you want, bypassing all spam filters!
2) Send e-mails to more than 10 recipients (Also called the "I run a mailing list you fucktard" option)
3) Free "Upgrade to Vista (Please)" coupon.

Microsoft doesn't deny it

[jas79]

The answer Microsoft gave was about the limits for sending email, not for receiving email.

Oh NOES!

[geekoid]

Now microsoft will get hammered by the Standards police.

Re:Oh NOES!

[NewWorldDan]

That's ok. RFCs are only a suggestion.

an RFC is not automatically a 'Standard'

[Kaenneth]

From Wikipedia for SMTP:

Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. Formally SMTP is defined in RFC 821 (STD 10) as amended by RFC 1123 (STD 3) chapter 5. The protocol used today is also known as ESMTP and defined in RFC 2821.

The only thing the Sender sould care about is the first digit of the response code, per RFC 1123:

Whenever possible, a sender-SMTP SHOULD test only the first digit of the reply code, as specified in Appendix E of RFC-821.

and also from Wikipedia SMTP:

RFC 3700 Internet Official Protocol Standards (STD 1). As of 2004, this RFC Designates RFC 821 and RFC 822 as the SMTP and MAIL standards, respectively, with RFC 2821 and RFC 2822 as proposed standards.

I don't see anything obseleting 3700 yet.

What is this RFC of which you speak?

[mkcmkc]

With all due respect, can Microsoft even spell RFC?

Re:What is this RFC of which you speak?

How does one spell an acronym?

Re:What is this RFC of which you speak?

[zeromorph]

Yes they can, but they think it means Redmond's Frickin' own Canon. And in that 552 reads:

"Do whatever you think suits your interests best. Ah, and standards are for softies."

And as far as I can see they implemented their RFC coherently in every single product, not only hotmail.

Re:What is this RFC of which you speak?

"How does one spell an acronym?"

Apparently *humor* is being bounced by some filters as well....

Re:What is this RFC of which you speak?

[db32]

Sure they do...RFC is all over their paperwork. Request For Compensation

I'm in violation too...

[Ossifer]

... this is a well known anti-spam technique -- it helps thwart dictionary attacks. Hotmail allows 10 recipients, my email server allows at most 1 (one). Of course, my domain only has one email account...

There are 10 kinds of people at Microsoft...

Those who can count to 100, and those who can't.

Re:There are 10 kinds of people at Microsoft...

[EnigmaticSource]

But that's only 60% of the cap, but then again, I don't think hotmail users can count to 1010.

Re:There are 10 kinds of people at Microsoft...

[EnigmaticSource]

60% short
Sorry, posting drunk again

Did anyone read it....

as "Admins Accuse Microsoft of Hotmail Crap"....

Great idea

[101010_or_0x2A]

Maybe this will make users realize that there are better options than hotmail? If someones sending an email to more than 10 hotmail addresses, they need fewer friends..

And WHAT excuse do our fanbois here have for this

[unity100]

Ms provided much more crap through hotmail to service provider admins in the past, this one even pales in importance. There was one time that they were putting legitimate emails in junk folder without telling anyone and causing many clients to go yelling at the providers.

RFCs are not laws

[Angst+Badger]

This would appear to be a violation of RFC 2821, which states: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification."

I love the way the OP makes this sound like a serious criminal violation. Microsoft (or you, or me) is free to violate RFC 2821 till the cows come home. Whether doing so is the best way to handle whatever problem they're trying to address is another matter, but they're not drowning puppies or breaking laws, they're violating voluntary standards, which is not exactly a newsworthy activity for Microsoft.

Re:RFCs are not laws

[jamesh]

That's exactly right. The only problem it might cause them is they can't claim to be running an RFC2821 compliant mail server (for whatever that's worth), and as anyone who has ever implemented a spam filter would know, they aren't the only ones.

None of the customer mail servers I look after will accept more than about 50 recipients per message from internal users, let alone external users. Otherwise, I get too many calls from customers complaining that their internet access is slow, only to find out that their marketing department have sent a 5MB attachment to 500 people again. This is made even worse by Exchange's default setting to try and send out 100 or so messages concurrently (so they all time out and retry). If you need to get any information out to that many people, especially large amounts of information, there are better ways of doing it.

Re:RFCs are not laws

[glwtta]

I love the way the OP makes this sound like a serious criminal violation.

I love the way you just make shit up. All I got from the summary was that they are violating the RFC, I can't imagine what kind of synaptic misfire would lead anyone to think "criminal" when they read that.

Is overzealous MS reverse-bashing the in thing now?

Re:RFCs are not laws

[aproposofwhat]

They can do what they like - fair enough.

But if they don't play nicely with the other children, everyone will think they're jerks - which is fair enough too.

Standards (voluntary or not) are there for a reason - they help disparate systems to communicate in a predictable and consistent manner.

Ignoring a standard because you're a 'big player' isn't polite behaviour, and is ultimately counterproductive, because there is now no incentive for others to adopt the standard when communicating with you.

Hell, if I were to reply to you in French (on this site where English is the lingua franca), would you expect to have a meaningful conversation?

Adherence to standards saves everyone time and effort, and it would be nice to see Microsoft doing it once in a while.

Re:RFCs are not laws

Every time someone buys Microsoft, God kills a kitten.

Re:RFCs are not laws

And we all know, that nobody at Microsoft bothers reading standards at all. It is doubtfull if reading or writing are required skills at Microsoft.

They never follow technical standards
The never write technical documentaion (unless the EU tells them to hire somebody who can write to do so),

Re:RFCs are not laws

[DavidTC]

Except that a) Everyone 'violates' this standard, and b) 'violating' this standard does not harm anything, and, most importantly, c) it's not actually a violation.

Why? Mail servers can reject or defer mail for whatever reason they want at any time, and this overrides all other considerations in the RFC except mail to postmaster. I quote It is a well-established principle that an SMTP server may refuse to accept mail for any operational or technical reason that makes sense to the site providing the server.

And, perhaps more the point, RFCs are just suggestions, and almost every mail server does this, just like they 'violate' that part of the RFC in a dozen ways. Almost no one has left that limit at 100, and it harms no one. Multi-recipient SMTP was a nice bandwidth saver when all mail was valid and there were only a few dozen email servers, but now it's almost entirely used by spammers, and I, personally, have cut it down to 10 peopl ein my server.

But here's the relevant line: The minimum total number of recipients that must be buffered is 100 recipients. Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification.

Here's the next line: The general principle that relaying SMTP servers MUST NOT, and delivery SMTP servers SHOULD NOT, perform validation tests on message headers suggests that rejecting a message based on the total number of recipients shown in header fields is to be discouraged.

That's right, almost all 'reject during delivery spam' filters are in violation of the RFC. Despite them being one of the safest form of spam-filtering because senders of actually-valid email get a little notification about it from their own server. It's the only way to notify blocked senders without a bounce that sends spam to forged addresses. And it's a total violation of the RFC.

RFCs are just suggestions on how to behave. In the case of spam fighting, mail servers almost always operate in violation of the RFC, if you ignore the fact, according to the RFC, you can refuse to accept mail whenever you want.

Re:RFCs are not laws

[SoulRider]

is overzealous MS reverse-bashing the in thing now?

You must be new here!

I'm not TERRIBLY pro-MS, but...

[DigitalSorceress]

Honestly, if everyone followed all the RFCs for email and didn't adapt, spam would probably bring everything to a grinding halt. As it is, with countermeasures and counter-countermeasures in an escalating spiral in the "spam wars", I sometimes marvel that email even still works at all.

Granted, security through obscurity isn't really effective, but why should they bother telling spammers how small to make their batches in order to get things through? Make the bastards work a little bit.

Wow, I've gotten cynical.

Re:I'm not TERRIBLY pro-MS, but...

[Random832]

Granted, security through obscurity isn't really effective, but why should they bother telling spammers how small to make their batches in order to get things through? Because there are lots of legitimate reasons to send an email to more than 10 recepients on a large service like Hotmail, and batching them up (as opposed to sending the whole email, headers and body, to the server multiple times) saves bandwidth.

I would be pissed off if i were subscribed to something and I were the 11th hotmail user on their list.

Re:I'm not TERRIBLY pro-MS, but...

[gubol123]

I don't know what makes you and most others think security through obscurity does not work. Every single successful security has some part which is obscured from everybody else. For some it is algorithms, for others some key information. Obscuring your ATM key from all others has generally worked. Obscuring private key for every body else has also worked fine.

Re:I'm not TERRIBLY pro-MS, but...

[msuarezalvarez]

I don't know what makes you and most others think security through obscurity does not work. Every single successful security has some part which is obscured from everybody else. For some it is algorithms, for others some key information. Obscuring your ATM key from all others has generally worked. Obscuring private key for every body else has also worked fine.

You clearly do not understand what `obscurity' refers to in `security through obscurity does not work'.

Excellent!

[flyingfsck]

If this makes it more difficult for idiot spammers to send idiot spam, then I cannot really say anything against it.

Re:Excellent!

[pembo13]

Turning off the server has the same effect. Do you still agree?

Re:Excellent!

[TheLink]

Turn off hotmail?

Sure :).

Most people don't follow that standard

[billstewart]

Most mail-system managers I've talked to don't accept 100 recipients on a message except for internal communications inside a company. The problem is precisely that spammers have abused the feature - some people limit connections to 1 recipient, some to small numbers like 10, but in general if you accept a lot more you just get spammed.

It does sound to me like the too-many-recipients failure should be a 452 rather than 552, but other people have commented that mail senders are supposed to know how to deal with that.

Re:Most people don't follow that standard

[Obfuscant]

There are some "violations" that actually break things. There are some "violations" that don't. Violations that don't are not supposed to get RFC2119 language applied to them, like "MUST".

It appears that the authors of RFC2821 walked around RFC2119 by mandating a minimum limit on something without using RFC2119 language, when breaking that limit doesn't actually break the system.

E.g., the maximum size of a "local part" is 64 characters. If a client generates a "local part" longer than that, the system breaks because the wrong data appears at the server, or the server rejects the message altogether. When the number of RCPT TOs is set to 1, the client is supposed to keep trying, one at a time, and all the messages eventually get through.

That's why what MS did is pretty trivial. System managers ought to be able to set lower values on this to accomodate their systems.

Hotmail is just one sign

[cdrguru]

Email is useless. It cannot be relied upon. Mail servers will silently drop your mail after acknowledging receipt. Mail servers will reject your mail for no logical reason. All of this is in the name of fighting spam.

Because of spam, you can assume only that if you send an email and do not get a response that it never got through. If the only contact you have with a customer is an email address, you aren't going to get anywhere. Mail can be blocked at any point between the sender and the recipient without the knowledge or consent of the recipient - telling the recipient that they need to unblock your email is pointless as they may have nothing to do with the blocking.

Face it, email is suitable for sending threatening letters to georgebush@whitehouse.gov, love notes to your girlfriend and jokes to others in the office. And that's about it.

Meh....

[Cleon]

Really, this sounds like something for the "Never Ascribe to Malice What Can be Adequately Explained By Stupidity" department. It just sounds like hotmail has screwed something up and is slow on the ball getting it fixed.

It seems a bit silly for Microsoft to have such a strict policy and then lie about it.

Redmond ...

With all due respect, can Microsoft even spell RFC?

Guess how you know a Microsoft fanboy got mod points? They mod you down for that and all mod points are negative. I guess Redmond click kiddies do read /. Me, I thought it was funny.

Redmond Fraud Crackeheads - Post anon to avoid mod point hell.

The bandwidth difference is negligible

[billstewart]

Sure, it uses N times as much bandwidth if you limit the number of recipients per connection, but that's not usually a significant cost factor except for a few large mail systems, because email isn't a large fraction of your bandwidth usage unless you're just a mail handler or a spammer (web and BitTorrent are the big bandwidth consumers), and the bandwidth costs are balanced by other costs including all the spam-filtering and CPU utilization.

So yeah, it's annoying in theory, but that just means you need a mail transfer agent that has a limit on the number of recipients per connection that it will send. Postfix does, and I think sendmail does (based on mailing-list-manager discussions from 2004 about Hotmail rejecting messages with too many recipients :-)

RFC 2821 is not (yet) a standard

[Eric+Smith]

This would appear to be a violation of RFC 2821, which states: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification."

RFC 2821 isn't a standard, though. It's on the standards track, but it has not yet been accepted by the IETF as a standard. The current SMTP standard is RFC 821, also known as STD 10. RFC 821 says:

recipients buffer

The maximum total number of recipients that must be buffered is 100 recipients.

TO THE MAXIMUM EXTENT POSSIBLE, IMPLEMENTATION TECHNIQUES WHICH IMPOSE NO LIMITS ON THE LENGTH OF THESE OBJECTS SHOULD BE USED.

This only requires that up to 100 recipients must be buffered, but doesn't explicitly state that there is any requirement to deliver to all 100 such recipients, nor that recipients cannot be rejected for some reason other than running out of buffer space.

Re:RFC 2821 is not (yet) a standard

It may not be a recommended IETF standard, but the RFC number (on standards track) makes it an effective (read: recommended) standard. If you're a fan of RFC's you should implement them when they are in the Standards Track Especially when it's a trivial extension of an existing protocol, especially when (most) everyone else does.

Re:RFC 2821 is not (yet) a standard

[Eric+Smith]

Standards track means that there's some chance that it will be adopted as a standard someday, but there's certainly no guarantee, and it can't even be said to be likely. Exercise for the reader: count how many RFCs are on the standards track and not obsoleted, but not yet actually adopted as an IETF standard. For bonus points: construct a histogram of these by month and year published.

There was a time when hotmail started pulling shit

[unity100]

about email deliveries and tried to force providers to go enroll in their paid whitelist scheme.

what happened ?

many providers, including hosting providers have started to refuse hotmail addresses being used for account signups, and warned customers that they should get an email from another provider to sign up with.

go figure what effect did this have. a hint - hotmail dropped the whitelist crap shortly thereafter.

Microsoft is Innovating

Microsoft is not hurting anyone or violating any standard. Instead they are embracing and extending the standard, to protect people. Who needs to send to more than 10 people at a time anyway, generally SPAM and other malware try to do that.

This is Microsoft innovation at it's finest.

Re:Microsoft is Innovating

[justinlee37]

Who needs to send to more than 10 people at a time anyway

Oh, I don't know ... Newsgroups? Businesses?

Re:Microsoft is Innovating

[david_thornley]

I do have more than ten friends, and often want to mail party invitations to them.

Limiting emails to ten at a time won't do anything to stop spam that limiting them to a hundred won't. Spams are in the tens of thousands, easily, often much more. Last time some [censored] sent out a spam using my domain, I got over four thousand bounce messages. I have no idea how many messages didn't generate a bounce.

Re:Microsoft is Innovating

[dbcad7]

There are sales reps that I deal with who do stuff like that .. salesman22@(yahoo or hotmail or gmail).com .. or their personal home email account.

It's not very professional, and doesn't give me good feelings about their company... I understand the convenience and ease of having the web mail accounts, but it make me that think either their company is nothing but cheap bastards, or that the salesman is shady by keeping his email separate from the company. (they are representing their company)

Now, an address of salesman22@(the company).com really guarantees nothing, other than they care how their business is perceived.. and that they want to be professional.

When choosing between two unknowns..., a professional appearing company, and bobsgotstuff4u@(hotmail).com .. who do you think I will give a try ?

Re:Microsoft is Innovating

[justinlee37]

I was also thinking of internal company e-mails & memos. Of course, if that's what they're sending out then they should really use their own mail server and not hotmail, but ...

RFCs ARE laws

[unity100]

laws that are communally agreed upon and makes the world of internet email turn around. if people start going haywire on them, imagine the resulting mess.

no surprise, violation comes from microsoft. they dont hesitate to violate laws in any country they do business in, why should they hold back from rfc ?

Slashdot extra-whiney tonight

[slashkossucks]

Of all the things in this world to whine and complain about, this really takes the cake. What a bunch of babies on this board... is this really all you do? Get worked up in a lather over something at Microsoft? Honestly, you people are OBSESSED....

Oh well.

[HaloZero]

You're all old enough - and should have been at this long enough - to know that Microsoft has a habit of taking a look at specifications and RFCs, saying 'Hmm... those are nice suggestions..' and then throwing the stack out the window.

Further, why does anyone use Hotmail any more, any way? There aren't enough other free providers out in the world yet?

Re:Oh well.

[pv2b]

My dad, for one, has a 10-year old hotmail address.

Changing it now would be a real PITA.

What would the robot do...

[kcbanner]

...frame someone! *Camera pans to M$*

Yahoo is worse

Oh, having struggled with this recently, I am now advising people I know to stay away from Yahoo as well.

Yahoo has, with much fanfare, implemented this crock called "DomainKeys". And it's recently been advanced as DKIM, and even more recently had a full-blown RFC issued for it.

One would think that, with either Domainkeys or DKIM signed email that Yahoo, of all people, would treat that as non-spam. Nope. Domainkeys signed email still goes straight into people's bulk folder, along with all the other spam. And the bulk folder is usually automatically purged in 30 days (IIRC), by default.

Hello? Why promote something if you're not going to use it correctly?

Maybe it's because DK/DKIM won't stop spam at all, since it misses the target? Maybe Yahoo understands this all too well, from first hand experience? Maybe the problem is that it is easy for a spammer to set up a DK/DKIM domain, spam a lot of people, and then drop it from sight? And maybe the problem is with certain Domain Registrars would profit quite well from selling domains to spaammers? Something that the RFC won't/can't address?

In any case, Yahoo has totally screwed up with this one. Note very well that, while they try to get you to use domainkeys, nowhere on their site do they say that they'll actually treat it as non-spam.

In short, Yahoo has hoodwinked a lot of people with this complete nonsense. And they are extremely hypocritical in promoting it, but not using it as per what they tout. Or what the new RFC says.

And this is with their own software on sourceforge!

In short, don't waste your time with either Yahoo or DomainKeys or DKIM. It's all a scam.

Oh. And for the crackers out there, you might try doing a security audit on the code. Maybe, just maybe, all the big email sites using domainkeys are vulnerable.

Sorry for the rant, but I REALLY don't appreciate my time being wasted. Just stick with Google. They seem to have some technical competence over there.

10 hotmail ids?! You gotta be kidding..

[gbalaji]

Seriously. I'm not a loony devoid of friends. I regularly mail close to some 100 friends in any combination. But I don't think there is a single hotmail id in my address book. I use my hotmail id only to login to expedia.com. I simply cannot believe someone has more than 10 hotmail ids in his address book. What is all this ruckus about?

And btw, why do I have to type in average.joe@HOTMAIL.com when I'm already on the hotmail page?

Re:10 hotmail ids?! You gotta be kidding..

[PureSophist]

Because Hotmail can be used to log into msn.com and hotmail.co.uk accounts.

Sometimes even earlier denial is good

[kju]

Some server will deny some/more recipients even after only one prior recipient. The reason? Spam filtering during the SMTP phase and conflicting configuration of the different recipients. Doing spam filtering during SMTP is good, as you can cleanly deny spam instead of just acting like a black hole and throwing it away. In the case of a false positive the sender will at least get a clean error message without having to send one of these nowadays very annoying bounce messages. If you ever became victim to some spammer abusing your mail address as the sender of spam and you've got 25000 bounces, you know why bounce messages need to be eliminated thanks to spammers.

Unfortunately spam filtering has became so complex that more often than not one there is no one-size-fits-them-all configuration. But this means that the same message might be acceptable to the configuration settings of user A but not to the settings of user B. When now a mail sender tries to send a message to A and B, it will be necessary to deny recipient B due to the differing config (at least for filters which are based on content and thus can not be run before the recipient was accepted and the message sent).

Yes, this breaks a proposed standard. But so do a lot of other spam filtering techniques like RBL, SPF and Greylisting. Thanks to the spammers we have broken SMTP quite some while ago and one is to wonder why internet mail is still quite reliable. I predict it can only go downhill from here.

You think MS is bad? Try Yahoo!

[statemachine]

Yahoo has been junking all e-mail from my domain. Yet, my domain has been around since '99, has an SPF record, and has not been on a spam blacklist ever. I don't run any lists, and usually these e-mails are only directed at one recipient.

When I contacted Yahoo, I was referred to a broken web form that supposedly would direct me to a place where I could whitelist my domain, or at least make it less spammy-looking to Yahoo. Upon further attempts to reach them, I only received automated responses, but no answers to my questions.

I am not the only one who has had this problem sending e-mail to Yahoo accounts. Ironically, just Google for all the discussions on how Yahoo doesn't care.

Sending e-mail to GMail accounts works just fine for me. None of my messages show up in the spam folder. This is an indicator that the problem lies with Yahoo, and not with my domain.

Re:You think MS is bad? Try Yahoo!

[proficiovera]

I have this same problem. People who have me white listed don't get my emails sometimes. Doesn't even make their bulk email.

Re:You think MS is bad? Try Yahoo!

[geekboy642]

You likely got joe-jobbed, and Yahoo didn't bother to determine where the spam really originated from. Then again, it could just be a corporate bureaucratic fuck-up, and I can't say it'd surprise me.

Re:You think MS is bad? Try Yahoo!

[Spad]

I abandoned my Yahoo account about a year ago after I discovered, purely by chance, that I wasn't receiving a whole load of emails that were being sent to me, from a wide range of senders. I'm all for spam filtering, but randomly dropping emails with no indication to either the sender or recipient that this has taken place is an excellent way to lose customers.

Re:You think MS is bad? Try Yahoo!

[wytcld]

Has anyone found a convenient way to fix this problem? I've been active in several Yahoo Groups e-mail lists for years, and now my submissions get culled before the list moderators can even see them. On the one hand, my domain's been around for 13 years, so there's regular spam forging it as the from address; on the other I have an SPF record specifying that nothing is legitimate aside from my own IP range. And Yahoo is supposed to be a strong SPF supporter. Go figure.

I also can't get anything through to University of New Hampshire's many dispersed systems - unfortunate since a number of their professors subscribe to an arts list I run. Their friggin servers all say "Sender domain may be forged" - despite that the reverse DNS matches, the SPF record is set, and the outgoing server matches the MX for the domain. It doesn't surprise me so much that a second-rate state university system has amateur-level sysadmins though, compared to Yahoo, which really should hire uber-competent staff.

"Admins Accuse Microsoft of Hotmail Crap"

[cliveholloway]

Heh. Am I the only one who misread the headline and thought, "How true".

0.01K ought to be enough for anybody.

[ls671]

0.01K ought to be enough for anybody. -Bill Gates

Puppies

[renegadesx]

but they're not drowning puppies or breaking laws, they're violating voluntary standards

Drowning puppies is worse than violating standards? I gotta go... to... wax my... Xbox...

Re:Hotmail has many worse problems than this one!

[saarbruck]

OP could have provided more detail but was not trolling: I run an email server on a static IP on my 768/128 DSL line. It's for 2 users. My mother, who has been a Hotmail user for so long that she can't relocate or "no one will find her!" refuses to move to gmail despite my pleas. Hotmail silently drops mail from my server about two thirds of the time. Messages such as "Hey, where are we meeting for Grandma's birthday dinner" disappear into the ether despite me being on her whitelist. Repeated hotmail support requests go something like this:

me: why are you accepting my email with code 250 OK, but never delivering it?

them: we can't talk to you until you submit all the forms at postmaster.hotmail.com

me: submits the forms, which are clearly geared toward businesses (my "site" doesn't have a "privacy policy" or an "opt out form" because I don't SELL ANYTHING).

them: we can't talk to you until you sign up for our email tracking service to analyze your traffic

me: signs up. My server doesn't generate enough traffic for them to even log.

them: you need an SPF record

me: installs an SPF record

them: your SPF record is wrong. RFC blah blah states...

me: IT WAS GENERATED BY YOUR ONLINE TOOL!! And if you want to quote RFCs at me how about the one where if your server accepts email, you're guaranteeing not to drop it for frivolous reasons (RFC 2821, sec. 6.1)?

them: our reasons are not frivolous, but we won't tell you anything.

me: like how your servers drop email sent from thunderbird but let the same messages through when sent from outlook express?

them: we don't filter based on header information

... and so it goes. I understand that I'm a small fish in a big pond and that there's a war on terror, uh, I mean spam, but hotmail just sucks.

Well....

[Kyokushi]

Hotmail is used for MSN Messengger, and ironically it is the most popular IM client where I live. looks like people like its shinyness, while people like me hated its bloat. Also Hotmail doesnt even have the "Mark as Read" button, forcing me to read or delete every single mail there. Usually it's delete though for me. Important mails are divided into my 6 gmail accounts.

Re:Well....

[TSDMK]

If you use Windows Live Hotmail there is a "Mark as read" button - just select the messages and right click.

Blame spammers not hotmail.com

[WoTG]

SPAM affects every mail system. I've probably had to implement a dozen different ways to reduce inbound SPAM in my inbox and the inboxes of my customers over the years. On the flip side, I also have to get my emails out, including those of a modest sized opt-in mailing list through recipient SPAM filters.

It's ridiculous the volume of SPAM out there. If you've never had to think about this, it's easy to underestimate. Now, imagine my relatively simple situation and multiply it by about a million. That's what the Hotmail administrators have to deal with. It's not easy. Looking briefly at the article, it looks like a relatively harmless error, comparable, but different, to greylisting.

IMHO, stop using mail blasters that spool out emails as fast as the server can spit them out. That just doesn't work anymore. Queues and slow spooling are critical to making email recipient servers happy - otherwise it looks just like a zombie'd home computer spitting out spam.

Easily worked around

[daBass]

A simple workaround is to simply send the message to every user in a different SMTP session. So no repeated RCPT commands means Hotmail will deliver them all, first time, every time.

In Postfix you can set this using default_destination_recipient_limit. Setting this to 10 would solve the problem as after 10 recipients, Postfix will deliver the DATA part and then start a new session for the remaining recipients. I am sure other MTAs will have a similar setting. (and if they don't they should)

New tag proposal: transmittingisreading

[kcbanner]

Recently with the Google "omg read ur mailz" thing I thought the addition of a new tag should be in order. Everyone tag things like this with transmittingisreading

Getting a tad desperate for articles, are we?

[Kelsey-GrammerNazi]

I mean really- What is the news in this?
Isn't there something more newsworth....uhhh..
??

Oops! Sorry- I thought the header said "...Hotmail Crap "

People still use hotmail

[Cyko_01]

I use it to sign up for any site that I know is going to spam me. I set my junk mail filter to exclusive and check my junk mail folder whenever confirmation is required. Sure there are other services out there for this purpose but some sites block disposable email addresses. I still hang on to my old email address for MSN messenger(which I rarely use) and I can also receive important emails sent to my old address from people who didn't receive my notification regarding my switch to Gmail

Spam filtering - Vista Style

[Cyko_01]

You are attempting to send an email to more then one person. Cancel or Allow?

Shock

[requeth]

Three cheers for less spam!

(Shocked that Microsoft did something responsible)

To Limit Spread Of Viruses

[gig]

Anyone who is using a Microsoft product today deserves what they get. The cat is already out of the bag. What do they need to see to know it's over? Bill Gates giving up and giving the money back?

Hotmail used to be a beautiful service once

[brrrrrrt]

But people who in this day and age are still stupid enough to use Hotmail deserve things like this

Re:Hotmail has many worse problems than this one!

[vide80]

http://postmaster.live.com/ oh what an unprofessional service. For example, if you fill the form to take part in the JMRP, you will get an email from some external person who works for Microsoft, whose mail address is something like "Microsoft Customer Support" and he tells you to ANSWER to this message, but the sender addres DOESN'T EXIST!! It gets bounced This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. SENDS.JMRP.WW.00.EN.SYK.MNL.TS.T01.SPT.00.EM@css.one.microsoft.com So, how is supposed I can answer the questions he's making me??

Mod parent troll

[Kawahee]

Geddit everybody? Hotmail has a 2GB storage limit and uh, oh, wait.

Re:Mod parent troll

[ls671]

Hey calm down please, it is a joke. Are you too young to remember "640K ought to be enough for anybody" ?

http://en.wikiquote.org/wiki/Talk:Bill_Gates

People joke about this you know, even at Microsoft ;-)

I have a hard time seeing how this could qualify as a troll ;-)

People actually use hotmail other than for spam?

[liftphreaker]

Let me get this straight - there are people who actually use hotmail? As in non-spam mail? Buhwahahahahaha! Serves them right.

But

Hotmail's a shit service. What on Earth did anyone expect? My home email address can't send to anyone on Hotmail because they drop my messages with no warning or bounce message. My home email address is in the .cx domain.

Re:Hotmail has many worse problems than this one!

[eulernet]

Hotmail may suck, but you might have the same problem as me: a spammer sends messages with your email address. This adds your email in a blacklist, from where it is impossible to be removed. I had the problem with aol.com bouncing back all my mails, even though they were in text. BTW, aol.com recently removed me from this list. I guess they upgraded their spam tools. If you own your domain, simply try with another email address, but use only one account for all these addresses.

Re:Hotmail has many worse problems than this one!

I had this problem on my mail server at home too. While it's not an ideal solution, I was able to get round it by using my ISP's mail server as a forwarding server. Mail I send usually gets marked as spam until the recipient whitelists my address, but at least it doesn't get silently dropped anymore. This also solved the problem with Yahoo! dropping mail that was mentioned further up.

Hmm

[p00n0s]

Microsoft doesn't read your e-mails, but won't send it either.

ummm

[keirre23hu]

If your users send large attachments this would be an immense waste of bandwidth... just because M$ doesn't like the RFC and chooses not to follow it. hmm.. where have we seen this before?

Re:ummm

[daBass]

Well, this seem to be a particular problem for mailing lists. Most mailing lists do not allow big attachments, if any. On top of that, how big is the chance that a significant number of your list's recipients are on the same domain? It would have to be an incredible amount before reasonable message sizes would cause any kind of problem. (the average mail size is only 20KB, after all.)

I wouldn't worry about it...

The obligatory checklist

[Random832]

Your company advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

FUD

Really, I've been using Hotmail since the late 90s. It works fine and syncs real good with Outlook, multiple copies of Outlook and MSN Messenger.

Yahoo is just as bad

[bogie]

Yahoo pulls shit like this as well. My company made the mistake of using them for email and web and they are a nightmare. For the first 6 months with them it was nothing but over the invisible limit complaints and users still have emails bounced for no reason. They are fine as a web host but absolute garbage as an email provider.

How Easy Is This To Test?

[Nom+du+Keyboard]

Microsoft denies it has placed any such restriction on the number of senders.

And just how easy is this to actually test? Should take a couple of minutes -- five tops -- to know if it's actually happening for average users.