Slashdot Mirror
Hotmail's Spam Filter: The Best In the Business?
Barence writes "Microsoft claims an "independent" report proves it has the best spam protection in the industry — an argument deconstructed by PC Pro. 'Our own internal metrics, customer feedback, and even a recent third-party report confirms that no mail service offers better protection than Hotmail,' Microsoft's Dick Craddock wrote in a Windows Live blog post earlier this week."
When you are the source.
There is or can be built a machine that can simulate any physical object. -Church-Turing principle
NO!
Move.......NEXT!?!??!
Considering my hotmail account is nothing but spam, and it is so bad I had to quit using it, I'm going to have to disagree.
Hotmail's spam protection is awful! I get about 15-20 spam messages/day and about one every couple of months on my gmail account.
I have accounts in both hotmail and gmail with about the same "exposure" on the internet and can't say i've seen any difference
with only one or two pieces showing up in the junk folder every couple weeks. I've been using Hotmail(Live) for a few years now.
bought a penis pump, ordered synthetic Viagra or sent money to Nigeria are automatically exempt from this study.
No one reads it any how, so just assume its all spam. Presto, 100% effective spam filtering.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Funniest thing I have read all year!
You're kidding, right?
Hotmail's spam filter is the worst in the business. It frequently places confuses spam and ham and what is worse is that sometimes it seems to think I'm on the mailing list of said spam list and automatically displays the content.
What staggers me is the number of phishing attempts that get into the spam folder, they should even be getting that far.
The only thing Hotmail is useful for is signing up for things that are almost certainly going to send spam.
Summation 2
people still use hotmail?
Let me be among the first to chime in... Their spam filter sucks big time.
For the past 6-8 months (or more), I've been getting spam for all sorts of services that originate from the same sender. They use the SAME template! It's just a series of images, with THE ONLY TEXT being "Can't see Images? Click here". I marked such sh!t as Junk countless times, only to come back the next day to seeing some of the same ones in my Junk filter, some in my Inbox.
It doesn't matter that the subject line is the same - advertising for Match.com or some other crap, even though I mark it as Junk, apparently Hotmail does not even pretend to do anything about it. Same subject line, same template with images only.
THIS IS BASIC SPAM FILTER 101, if there is no address, or Unsubscribe in the newsletter, or a poor text to image ratio, IT IS SPAM! What the hell is their spam team researching?
And it has the most worthless spam configuration settings: all off, the useless "ON" setting, or the idiotic "exclusive" from your contacts only.
Wish T-Mobile would pick up some sort of spam filtering .. I'm getting a lot of crap on my mobile phone and don't want to sit around blocking this number or that, but have them block known text spammers (anything with 'prize' in the email address) or phonus balonus lottery/baby name/ whatever promoters.
A feeling of having made the same mistake before: Deja Foobar
As usual, Microsoft is full of shit. My hotmail account allows the MOST spam through to my inbox. Gmail's filters are nearly perfect--I think I've only seen one spam message make it through in the past few years, whereas in hotmail, I've had to create a rule that moves anything not specifically addressed to me into the junk folder. Every day, that folder gets filled with spam from the likes of obviously faked domains like SEBUJIHJTPHJ@a.encloserrewall.com, and HUZDSUBYYZMB@a.gamelikeinconside.com. I've contacted hotmail demanding to know why their spam filter sucks so hard that they can't even filter out something as obvious as that. Of course, there's no response because as we can see, they're spending money on spokespeople rather than developers.
Furthermore, it's not just that hotmail fails to filter spam, the problem is that they have such an antiquated and feature-poor interface for users to control how incoming email is sorted. Then the web interface itself is extremely slow. I'm hardly a fan of Google but anyone with half a brain can see that Gmail is superior in EVERY CONCEIVABLE WAY. It's not even close.
Hotmail is for email you don't give a shit about, and when you don't want to give out a real address. Honestly, I don't even know why I still have it. I'd be better off creating a garbage gmail account and use that instead.
I've been running a test of the Hotmail system for about the last ten years. Not of their Spam detection, when it started even Spam Assassin was a baby, but of an assertion I saw on an online forum that MS sold email addresses to spammers.
I am happy to say that I have never gotten any junk mail at all in that inbox.
I have used the account to send test messages to a malfunctioning mail server and to register MS products but that's really all. The only mail I get there now is from MS itself, which could be considered Spam but that would be stretching things a bit.
Non bene pro toto libertas venditur auro
People and 'important' accounts get my gmail address. Most forms get my hotmail address.
I'm constantly having to babysit the GMail Spam filter; I get about two false positives a week. But it has done a fine job on my inbox; I've never gotten a Phishing attempt in it, and the only e-mails where I have to click "Report Spam" are usually just annoying websites I got a login on that decided I absolutely needed their useless newsletter.
Hotmail, Yahoo, AOL, and Gmail are probably the biggest targets for spammers, especially those using dictionary attacks. If you are going to send spam you certainly will be including those providers in your target list.
Unfortunately for these providers they cannot implement certain restrictions that smaller email providers or businesses might set up. For example, we run our own email server and reject outright email connections from a number of countries. We have the luxury of not needing to exchange email with someone in Russia or China (for example) which allows us to filter out huge blocks of IP ranges (using the country specific RBL's).
So Hotmail users may see spam in high quantity, but it's likely a very small percentage of that actually was targeted to the user. I did not RTFA, perhaps I should do so now, but it makes sense to me that Hotmail may actually have quite a good anti-spam scorecard.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
I have posted my Gmail address publicly without reservation for 7.5 years (see above). I get approximately 1 spam email to my inbox per week, out of a volume of several hundred per day to my spam folder.
I have relatives who use hotmail, who take paranoid care that their email is not posted on the internet in public, even in obfuscated form. They have changed addresses multiple times for this reason, but stuck with hotmail.
I have had a Hotmail account since the middle of high school. About 8 years ago, the spam got to the point that I ended up just switching it to dump everything in the junk folder. About once a week I glance through the junk folder and see if anything is in there that shouldn't be, and add that to safe sender list or safe domain. I think for the average home user, the only way to get a decent filter on it is slowly over time, make your own... I suspect that Microsoft's filter makes my junk mail folder human readable enough that I can still glance through it, and for that I appreciate their efforts. But if you stop there, you deserve what you get :-P
I work at a university and Hotmail has on a number of occasions blocked all mail from our domain as an overreaction to some compromised accounts sending mail to hotmail users. These blocks have lasted for days while we have to ask them to revert this. They've been completely unwilling to whitelist our domain or even incorporate a more expedient process for getting these blocks resolved. We have never had any similar problems with Google, Yahoo, etc..
Their metrics for "best" are flawed if they block tens of thousands of good accounts and emails on account of a few compromised accounts, which every institution with over 20,000 users will have. I'm sure their users appreciate not getting normal mail from some domains for days instead of a slightly larger spam folder.
I'm using GMail, I've got frakkin' publicly advertized email adresses and I get very close to zero spam.
Once in a while I see some sh!t in my 'spam' mailbox and it is, indeed, spam. But even that is very rare.
I'd say the number of actual real spam making it through my GMail inbox during one year is a number made of only one digit (in base 10).
Who's still getting spam and who's still spending spam?
GMail and Hotmail, seen how they filter greatly spam, will probably soon be not profitable enough for the spammers.
I take it that at zero spam per year in my inbox spammers can't possibly be making money on GMail / Hotmail...
And that day is coming. And it's coming fast.
I honestly don't really remember how a mailbox full of spam looks like. I used to have one, years ago. But I'm on GMail since the GMail beta and honestly the amount of spam keeps going down.
Back in 2003 or so I gave up on my Hotmail account because if I didn't clear out the spam every 3 days, it would fill up my mailbox and delete all my older (read: personal and legitimate) email messages. This was when a free account only included 2MB of storage. After losing all my email a couple times over a period of several months, I gave up on it. I think I maxed out the number of custom filters you could have with attempts to delete junk automatically, which gave me maybe one more day.
I switched to Yahoo and eventually Gmail, and on the latter I receive one or two junk messages per day. False positives are rare, and spam NEVER gets to my inbox. Of course, the same day I signed up for Gmail, I started getting spam, before I ever even used the address anywhere.
my, your, his/her/its, our, your, their
I'm, you're, he's/she's/it's, we're, you're, they're
Microsoft Windows is the most loved OS in the world, based on the fact that you can't buy a PC from a brick-and-mortar without it being preinstalled.
I gave up on hotmail BECAUSE the filter was so poor... that and I couldn't schwack my account
I run a small business, shipping many packages daily.
Nearly all the customers who don't get the confirmation email with the tracking number are using Hotmail. The message is sent from a proper server with valid SPF and Domain key signature. It contains no links or special content, just text with the tracking number. All the other mail services are very good about recognizing it as a legitimate email.
But not Hotmail. If anyone from Microsoft is reading this, your spam filters suck.
My last little experiment with hotmail was about 7 years ago. Perhaps things have improved since then but I opened an account, then didn't log into it again for a month. I never sent mail from it, never used it to sign up for anything and never gave it to anyone. When I logged in a month later it was full of spam. That pretty much killed hotmail for me.
Like everyone else has posted, if you block everything, you're not going to get spam. Just as bad as yahoo in terms of blocking legitimate email, and just like yahoo, somehow spam actually makes it through MORE than legit email. Not sure why gmail can seem to get the whole spam/ham thing correct relatively quickly even with no recipients, and you don't have to jump through nearly as many crazy hoops as a mail provider to get your emails through
I know almost everyone here likes to bash Microsoft, but I've had a Hotmail account for over a decade, I post my e-mail address everywhere, I use my Hotmail account on all those web forms which require an e-mail address, etc. Of the four e-mails accounts I actively maintain Hotmail gets the next-to-least amount of spam. The account with the least spam has been active for less than a year and is only used for business. I've only had a few false positives over the years, so I'd say Microsoft is doing a pretty good job.
They're the only ones to offer an exclusive white list for your inbox. Everything else sucks.
By these metrics my filter is even better:
if(true) { delete email }
...always put a smile on my face. Thanks for the laugh.
Is that still a thing?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
I have personally found that Gmails spam filter is substantially more accurate and effective.
I actually used to work at MS and met somebody who worked on the Hotmail team. I was telling him that personally I've noticed that my Hotmail account, which i haven't actively used (well maybe 2 or 3 emails every 3 months) for years has more spam than my yahoo or gmail accounts. I told him that numerous times I've flagged emails as phishing and spam but continue to receive emails.
He actually couldn't believe it and honestly felt that Hotmail had top of the notch security. He told me to forward any examples to him so he could modify the algorithms to detect for patterns. Well my point is I'm not sure if Hotmail actually knows that they are having spam problems. It seems to me that Hotmail in general believes that they don't even have any SPAM problem.
I just logged into check my Hotmail account and counted 14 spam emails with either chinese or latin/spanish text. As always i mark them as phishing scams....
The Worst In the Business?
giggity
Calling this "independent" is hogwash. It's a scam MS has been pulling for well over a decade, paying for "independent" competitive studies whose design and publication they control, and then trumpeting the results of the ones that say things they like.
In this case, the methodology was designed in a way that only exposed the test addresses to a narrow subclass of spam and which helped rationalize the fact that the study is completely blind to false positives. It cannot be accidental that the most widespread criticism of Hotmail and Microsoft's other hosted mail services by outsiders who work with mail servers and spam control is not that they deliver or emit spam, but that they have massive chronic false positive problems, not just with mis-filing into "Spam" or rejecting in SMTP for no good reason, but with mail being accepted for delivery and vanishing without a trace, in large volumes. It's a mess and I am 100% certain that MS knows about internally, at least at senior mail geek levels. It is a spectacular display of chutzpah for MS to be applauding themselves for a study in which they would have been beaten by a email system with no Internet connectivity.
And as someone who has been dealing with spam filtering and prevention since before anyone at MS knew that "spam" wasn't just a Hormel product, I should add that a methodologically sound study of the filtering systems of the big freemailers is probably not possible in the real world. Different people get significantly different types of spam and non-spam based on the history of their addresses and how they use them, and you really can't say anything meaningful about an 'average' mail stream because no real address has one. The big freemail providers have a very hard job because of the scale and diversity of their user base and pathological business models, but that can't justify promotion of a study which ultimately is worthless.
...is why on Earth does Microsoft advertise studies about its own products and always emphatize the fact that "this is an independent source"? It's like the most obvious possible way to tell everyone they had their fingers on the research. If there are no independent studies that show your product is the best, then I guess maybe you should, like, IMPROVE those products? Or make completely new (and BETTER) ones? Oh, and when it comes to spam filters, I've had an account on gmail for over 3 years and only received my first spam message about two weeks ago. That about sums it up. (Although I've only had a hotmail account for a very short period of time, so I'm giving MS a slight benefit of doubt)
"I'm just here for the achievements"
Not only have I never received spam originating from a Gmail address, I might have seen spam make it to my inbox once in the past year. This is an address I've used for six years, and splattered all over the Interwebs. I also had three different Hotmail addresses, which I canceled to avoid spam.
Equally allegorical and equally convincing to me, I went through an episode with my mother-in-law where spam began to be sent from her email address to everyone, and I mean everyone, in her address book, multiple times per day. Now, she doesn't typically engage in risky Internet behavior, being the kind of person who is skeptical of ATMs because she's afraid they'll withdraw the money without actually giving it to her. Suffice to say it caused a bit of a problem. She's sticking with Hotmail because, as she says, "that's the address everyone has for her", against all advice to the contrary.
This unbiased moderation brought to you by the Porcine Aviation Group!
I have, shall we say, more than a little experience in the spam area. And having studied it in considerable detail over a very long period of time, I can say -- rather definitively -- that Hotmail does, and has done for many years, an absolutely horrible job of controlling outbound spam. (Which is of course the most important criteria by which to measure them. Inbound spam only matters to those with accounts there. Outbound spam matters to the entire Internet.) The only reason I would award them an "F" grade for their performance is that there is no lower grade available.
My handle is somewhat a reflection of my own nature, which can be condescending and indeed, arrogant. But even I wouldn't attempt something of this magnitude: Microsoft isn't merely exaggerating, they're absolutely, completely, totally lying.
It's irrelevant to boast the best spam filters when you hard code spam into people's outgoing mail below their signature.
Comment removed based on user account deletion
This statement is open to interpretation:
no mail service offers better protection than Hotmail
Let's add in a few implicit phrases:
no mail service [at all] offers better protection than [the service provided by] Hotmail
The OP states: "Microsoft claims an "independent" report proves it has the best spam protection in the industry"
Actually, Microsoft doesn't claim that (though it badly wants you to *infer* that).There's a small but subtle difference. What Microsoft claims is that "no one else has better spam protection than us". This is actually a fairly common little trick.
What's the difference? Simple enough. For the claim "Company A has the best X" to be true, Company A's X must be the best. For the claim "No other company's X is better than Company A's" to be true, either Company A's X must be the best - *or it must be equal to any number of other company's Xs*. An equal showing is okay for the second statement; it's not for the first.
This kind of claim is particularly common in cleaning products - you often hear 'no-one else's cleans cleaner than ours!' or some variation on it. It's a statement that's clearly encouraging you to infer that the advertiser's product is actually *better* than the competition's, but it's not actually saying that, and that may well not be the case. I suspect the truth in fields like domestic cleaning is that every product is pretty much equally good, and some smart advertiser hit on this line as a good way to try and promote your brand-name cleaner so it sounds like it's better than the budget alternative, when it isn't.
As the linked article makes clear, this is precisely the dodge Microsoft is using here: the survey found Hotmail and Gmail were in a statistical tie. It did not find that Hotmail was better than Gmail.
I can't speak to the quality of Hotmail's spam filter, but I can say that they are top notch at handling email abuse reports. They are fast and accurate. Second place would have to be Yahoo. They are slightly slower than Hotmail, and they often need you to reply and point things out that their investigations missed. Right in the middle would be AOL. They are not really a major source of abuse, so I can't say I've interacted with them very often. The two worst ever are Google and GMX. GMX is a scam 1&1 brand, which should tell you all you need to know about those losers. In last place is strangely enough Google. It is not really clear why they are so bad at dealing with email abuse (if they deal with it at all). Maybe they are just too big to be able to handle the volume of abuse reports that come in, and scammers know this gravitating to them, and the problem snowballs. It seems that the bad actors out there know the strengths and weaknesses of the major email players. If you want to send spam, use Yahoo or Hotmail. If you want to maintain a bulletproof drop email box or recieve incoming email for your pet scam, make sure you use Google/Gmail. Your operation will never be touched.
What difference does it make when SSL is off by default and 3rd parties can hijack your email, then change the password to sites with credit info, unfortunately I know this from experience. Better turn on SSL, just saying...
...I get little to no spam on my GMail account. I get nothing but spam on my Hotmail account (and I barely use it for anything except GFWL). By my independent research, I get 100% spam on my Hotmail. Gmail is probably a better than that.
-Will P.
Filters will never end the spam epidemic, at best all they do is kick the can down the road. Any time the filters are changed, the spammers change their tactics correspondingly to get around them. The filters don't do jack shit to address the underlying cause of spam.
For those who are too clueless to comprehend the root cause, I'll clue you in that spammers are not actually spamming you to piss you off and waste your time. Spammers are spamming you because they make money doing it. If you actually want a real, long-term solution to the spamming problem, you need to go after the money. As soon as the spammers stop getting paid, they will stop sending spam. And filters will never, ever, ever, get us there.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I've honestly not noticed much difference in spam filtering with free email accounts these days. At least those from the 'big providers' like Google, MS, Yahoo, etc. Heck, even SpamAssasin (formerly SpamYourAss) is decent the past few years.
Google, for all its email faults, (and it has some real doozies -- some of them drive me batty) hasn't thrown a good email into spam in many months. I probably see an actual spam in the inbox perhaps once a week, which I delight in marking as spam to help other gmail users. That's pretty darned good; I compulsively check both the inbox and the spambox, and I am *extremely* satisfied with Google's ability to discriminate.
I haven't used Hotmail in years, so it's impossible for me to say they're better or worse, but I am dead certain that Google is "good enough" here.
I've fallen off your lawn, and I can't get up.
The company I work for will send emails to customers (by request) and we tell them to check the spam folder if they use Hotmail since it tends to flag our emails most of the time.
.. But a fun one nevertheless.
http://www.undeadly.org/cgi?action=article&sid=20070920214130
Just today during my biweekly Hotmail check I realized that Hotmail's Junk folder is the only spam dump I check every time I'm on to ensure that I haven't missed something from someone I know. (Or something from someone I knew back when I regularly used Hotmail.) No spam filter filters more non-spam than Hotmail's junk.
Or something like that. In other news, I'm happy to see Slashdot is still doing well. ;^)
It's all 0s and 1s. Or it's not.
... but the article doesn't say independent. It says third-party. All the people whining about how M$ just bought them are just showing their inability to read. Or perhaps, someone can explain to me why it's such a bad thing for a company to hire someone to investigate their products.
I figure the people who are complaining the loudest about how terrible Hotmail and M$ are either haven't used it recently, or are confusing mail that they signed up for with actual spam. If you use a "throw-away" Hotmail account to sign up for spam-like things, how exactly do you justify complaining when you actually receive... oh, I don't know... SPAM?
Absolutely, it is! I've been blocking hotmail for years, and while I still get spam, the volume has dropped considerably.
Oh, wait... that's not what they meant, was it?
Assorted stuff I do sometimes: Lemuria.org
I still get some spam in my hotmail account so I dont know why they think they are so good, I get none at work, and none on my gmail...???
I get 10 a day in my hotmail and 0 in my gmail.
AccountKiller
I rarely use my hotmail account, yet every time I log in, there's always spam in my Inbox, and more spam in the spam folder.
I use my Gmail account frequently, and have not seen a spam in my Inbox in years. The spam folder has spam in it most days, but I expect this because I am actively using (and giving out) my Gmail address. Google's filters are fantastic.
I suspect that most people have similar experiences, judging from the replies I'm seeing here.
Julie Moult is an idiot.
Some time back I made another Hotmail account, set it up just like I do all of the others which back then meant turning on spam filtering which was off by default. I never used it any where and I still got spam. This is a completely unique name too, so it's not like anyone else could had it before me so that the spam I was getting was theirs. But not only did I get spam, at least 90% of it was in the Inbox so I still had to teach it that it was spam. Now you can argue that it was a long time ago and that Hotmail's spam filtering has improved a lot since then. Ok I'll give you that, however....
These days I use Gmail to get my Hotmail emails as well. Gmail only gets what is in the Inbox, nothing else. At least 2-3 times a week I Gmail gets, and filters, spam that was in my Hotmail's Inbox stuff that Hotmail should have filtered on it's own in fact in some cases when I got to that Hotmail account and look there are emails similar to the one that Gmail had to filter that Hotmail did catch and come in before the one that Gmail had to filter. And when I say similar, I mean the From address is close to the same, the Subjects are or close to the exact same, and even the body of the email is either the exact same or close to it.
Yes I will agree that Hotmail's spam filtering has improved greatly over the years. But better than everyone else? I don't think so.
And do an number of the people that I'm seeing here that are saying they get spam in Hotmail and but not where ever else; let's just make it clear, if you talking about the spam that's in the Inbox then ok that's a bad thing but ok fair enough, but if you're talking about or including what is in the Spam folder then that's not fair since the spam filter is doing its job.
One man's junk is another man's treasure. Who determines what is spam and what is not?
Spam filtration is a good idea as long as you can turn them off when you want to.
Personally I don't want anyone sorting my mail for me.
Right Mom? Where's my new shirt......
Because I only get two types of spam with Hotmail (mmo fishing emails and the occasional ad for a Japanese store sent from China) and they both end up in the spam folder. What Hotmail does need to work on is options for rules. I haven't fiddled with rules with any other provider but Hotmail's rules are a bit lacking.
You state you have "more than a little experience" in spam and researching it etc./et al... and you're putting down a good service ontop of that!
So, that "all said & aside":
Let's see a better free email service you yourself have created yourself to compare it to MS Hotmail - especially since you see fit to be a critic of Microsoft's hotmail, and since you're making claims of being 'knowledgeable' in this particular area.
APK
P.S.=> ANYONE can be a critic... it's QUITE ANOTHER THING to be the cook!
... apk
Except for the occasional phishing scam that make it to my inbox Hotmail does a not so bad job. Off course I been using it less recently to sign-up on other site so maybe it related. It did sent my / newsletter when / changed the newsletter format.