Slashdot Mirror
Hotmail Implements Spam Filter System
emerson writes "News.com is reporting that Hotmail has finally taken the plunge and decided to implement the MAPS RBL spam "blackhole" list. The article notes that they have seen a marked decrease in spam in just a short time. Read the whole article." More and more ISPs seem to be jumping on the MAPS RBL bandwagon. It's a very good thing IMO, especially for the "free" e-mail services that attract spammers the same way picnics attract ants.
This means ISPs who have been lazy about closing their spam relay holes will have to take the RBL seriously now. If you are running a server and want to make sure you don't have any holes that will put you on the RBL telnet to mail-abuse.org
-- Virtual Windows Project
I have an account that i use to filter all my spam through.. the account that i use when i need to get a mail.. but i know will get sold to spammers.
That account is usually getting about 20-40 spams a *DAY*.
That same acount was empty when i checked it this morning.
That has never happened before. Thank you RBL.
--
rJames.org - illustration
So, just trying to make it as painless as possible yields you at least 5 spam emails, all trying to unsubscribe. They sure don't waste their tim with that.
All spam starts with the line: "THIS IS NOT SPAM"
God did not appoint us to suffer wrath but to receive salvation through our Lord Jesus Christ --1Thes5:9
Right! We use it a lot on our servers.. Also I wanted to make note of how late they are in doing this I mean look at NetAddress(USA.net) they have had it since.. Well as long as I can remember.. and that's a long time over 3 years.- -
-----------------------------------------
Movie News - "Entertainment news, bitch!"
Spammers using Hotmail will be happy to have a mailbox that won't fill up with their competitor's spam right before it gets canceled.
Maybe from now on all spam will be from Hotmail.com to Hotmail.com.
"Who needs open relays when you can get a free mailbox in 96 seconds?"
- Create a rule to move all mail that doesn't contain your email address in the "To" header.
- Create another rule (with a higher priority than the one above) to skip certain messages that you do need (mailing lists, etc.)
- Voila! Enjoy a spam-free life!
If you're afraid that some important email may be accidentally deleted, make the messages go to a temporary "Spam" folder, and check it once in a while.Actually, my Hotmail accounts are the only ones I didn't do this with, as Hotmail doesn't allow filtering by the "To" header.
--
I logged in to one of my old hotmail accounts after reading this article, and if there's really been spam reduction efforts, I haven't noticed. I have about 15 spam mails dating from last week (I did not sign up for any mailing lists or register anywhere with this address. I did sign up for webspace at some odd site, but I put its spam domain on ignore already). I took a look at the domains and saw about 8 emails from various obscure/unlisted domains which I assume to be open mail servers. Moreover I had 2 emails from RealNetworks, which had supposedly been blocked according to the article. Another problem I noticed is that the rest of the spam came from major 'legit' domains like yahoo.com, aol.com, and hotmail itself. There's no way hotmail will block these huge domains off, and since a LOT of spam is generated by such sites, the spam problem will still be in effect. Despite hotmail's and MAPS' best efforts, I really don't see anything a e-mail provider can really do to fully prevent spam.
:)
:D )
So I guess spam handling is still more of a personal issue than anything. My advice for spam control would be as follows:
1. Don't give out the adress for your main ISP account... I never even use mine since I learned my lesson with my old ISP. I gave out the account to every sleazy signup site and ended up with about 100 msgs on the server at one point... which is a real pain when on your main account.
2. Either use an extra e-mail account from your ISP, an account on a friends domain, or a low-profile free mail service for your main email adress. You most likely won't be placed on any mass spam list if you only give the adress to people you intend to communicate with. Plus you have a greater level of anonymity should you need it or desire it.
3. Hotmail accounts do have a purpose after all. My advice would be to register one or more and keep it/them as a spambox... use it to sign up for accounts, mailing lists, newsletters etc. You'll expect spam anyway, and if it gets flooded to hell, it's just a free hotmail account, so no big loss.
4. If you don't need to recieve a reply email (like website passwords or account verification) from a site that expects you to give them your adress, use a fake one. It's easy, and allows you to exercise your creative juices... I always like using root@
Let's just face it, spam is always going to be an issue regardless of the efforts of MAPS and the like. It can be annoying, but if you just use an extra moment of time and some common sense, you'll save yourself a lot of annoyance. (I'm actually to the point where I check my hotmail inbox just to see all the new spam since I never get any mail in my personal box
Actually hotmail does have its own share of filter options. Just log into your hotmail account, go to options, and you will find a filter option. There, you can add e-mail adresses to a list of "blocked senders," and any e-mail from the specific sender will be sent directly to the trash can. Also, you can also direct incoming e-mails to a certain folder (including trash can) by telling it to look out for certain keywords in the subject, sender's name, or sender's e-mail. Or if you're really lazy, and you already have some spam in your inbox you can just go to the messgae and tell it to block the sender of that message from now on. Granted, it won't keep your hotmail account spam-free, but the option is there should you wish to use your hotmail account for standard e-mail purposes. But personally I would stick to one of my current POP3 accounts instead of bothering to configure my hotmail account :)
There's a really easy way for an ISP to protect itself against people using it to send spam: introduce a one or two second delay before accepting each message. This is insignificant to the normal user --- my mailer, exmh, takes about five seconds between my pressing `send' and control returning to me --- but would stop spammers dead. Two seconds per message means 30 per minute, less than two thousand per hour. It means that they can no longer blast thousands of messages into the server. If you like, you can also implement something that checks for, say, more than a few hundred messages in an hour and automatically disables email.
The effort needed to implement this is trivial.
(You would need a normal mail server to handle mailing lists, of course. But that's not a problem as mailing lists tend to be handled purely at the server end, without the messages been sent down the dial-up link.)
So talk to the MAPS people about the offending domains -- subscribing to the RBL is no guarantee of spam freedom -- the RBL has to be maintainted constantly by volunteers and people in the community.
If the RBL isn't decreasing your spam, it's at least partly because you're not doing your part to help MAPS.
--
I use hotmail as a spam filter like just about everyone else. Heck even the one posted here is a spam account, but it doesn't get spammed. I have been going into my hotmail account everyday and if anything the amount of spam has increased. If they implimented anything I sure as hell can't tell. I guess it's time to use my mail filters on hotmail again, they don't work but they worked better than this RBL thing.
Good is never enough, when you dream of being great!
For this kind of requirement, I use and recommend the Spam Receiving Service at www.tinaa.com/spam/index.html.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Problem with this system: it punishes the 'little users' for their ISPs mistakes. I was more than a little irked to find that I couldn't send email from my professional address to my mother of all people because my hostname was on their 'blackhole' list. I went through the site and the mail server I had been using was abused by some spammer through an open relay so it was put on the blacklist.
Now, this is a big place, and the wheels of bureacracy only turn so much so far, and this event happened months ago and our sysadmins haven't gotten around to fixing this little nuisance yet. So now because some people don't want to use procmail or hit the delete key when they get UCE, I can't email my freakin' mother.
I hate spam as much as the next guy, but this banding together and automatic trial-by-fire via 'intelligent systems' is going a little too far. I have a feeling these RBL guys have a pang of glee as they happily restrict an entire domain from sending email somewhere... "That'll teach 'em"... that'll teach 'em what? To pester their poor sysadmins to "do something"? _They_ didn't send the spam.
Although Hotmail implements protections from allowing their own users to send too many emails/spams out.. There is nothing stopping me from creating hundreds of hotmail accounts and creatively spamming a bazillion users.
How many times do you think Hotmail itself shows up on the spam blocking services available? I quit my sysadmin job for something more rewarding and aside from the user support, spam was the number two headache I had to deal with. LOTS AND LOTS of spam comes from Hotmail accounts.
The spam issue will not come to an end by these means. I hate to say it but I really think the only thing that will stop the spammers is a world wide agreement to prosecute harshly.
Fish! LipHo
What's really funny is that currently Microsoft itself is VERY close to being RBLed for their massive spewage of Y2K related junk E-mail. They are spamming every last E-mail address they have their hands on, and, as a result of that, are really pushing the edge of the envelope.
So, if microsoft.com gets RBLed, we'll just pop some popcorn, and watch what happens when Microsoft ends up RBLing itself...
--
Lots and lots of spam has a hotmail envelope from address or a hotmail reply address, but I've never had spam which actually originated at hotmail.
Spamming via hotmail would be really painful and slower (even with a Perl script to handle it for you) than just finding an open relay and/or a throwaway dialup account. Unless all the other ways of spamming get locked down, I don't think we'll see this happening much.
See Brightmail, I think it is fairly close to what you are talking about. Unfortunately it is a proprietary, for-profit system. Not sure if they have patents. There is an overview of the system design. I believe the software is written in Perl!
How do you wash dishes? The answer: you hold them under the faucet and run water, a great deal of water, across them, and whatever was on the dish that you want to get rid of gets swept away in the flood.
This is my system for dealing with spam. All I do is subscribe to two or three mailing lists, which deal with interesting subjects (for me, art and economics). From these mailing lists I get about eighty emails a day. In addition to those, maybe three times a week someone sends an email directly to me, and of course every day anonymous spammers throw a few slices of spam in the mix.
Before I subscribed to those mailing lists, there were times when I'd log in to my mail server and almost all the new mail - say, four emails out of five - was spam, and like everybody else I found that quite annoying. But now if I get four or even ten spams in a day, I barely notice and I don't care.
The only downsides are: 1.) if I don't log on and download the email it piles up to an alarming height; until just now I haven't logged on to my personal account since Saturday, and I had to download over four hundred messages, and 2.) that's an awful lot of stuff to think about; from where I sit at my desk I can see three open books, face down, which I am reading to try to keep up with the the current threads on the two economics lists. Beats the Hell out of watching TV, though.
Yours WDK - WKiernan@concentric.net
Boo, hiss! Go use something like intelligent filtering. It works a helluva lot better than the RBL, and innocent people aren't caught in the line of fire.
--
Aha. This is exactly why Hotmail using RBL is such a good thing. Your local sysadmins may not care much about email being unable to reach a few small domains. But what happens when your company can't contact thousands (or millions) of clients, because your sysadmin is allowing spam?
The squeaky wheel gets the grease, and a mountain of refusals from Hotmail will be very squeaky. If another big name like Yahoo or Earthlink joins in, the squeak becomes a roar, and your bureacracy will move quickly indeed. Which is precisely how RBL is supposed to work.
For effective anti-spam measures, they should not only use MAPS, but also the ORBS database and the Radcliffe database as well.
ORBS is effective at fighting spam. And the nice feature, compared to MAPS, is that it's automated. ORBS automatically tests an SMTP server to determine whether it has known holes. If a hole is found, that server is blackballed right away by the software; the only way to get out of ORBS is to fix the problem. A convenient web sumission form lets you report suspected open relays, and you can track the progress that it's making in probing the site.
To protect myself from spam, I use a procmail filter that pings *four* databases.
The only rare spam I get nowadays is from the true ``whack-a-mole'' spammers: mostly amateurs who spam directly from dial-up accounts. The last time that happened, I complained to the ISP in question and they supposedly took action. Additionally, very rarely, I get a spam through a hitherto unknown open relay, which I promptly report to ORBS.
The delay won't help against spread spectrum attacks, whereby the spammer sends a small number of messages to a large number of servers.
Also, you are forgetting that spammers don't send to your ISP directly; they usually get someone's insecure relay to do the dirty work of delivery. The relay has all that time in the world.
A one or two second delay wouldn't be enough anyway; a spammer could send mail to two hundred people in just over three minutes. That's enough to bother a small ISP.
The delays imposed by distinct mail servers are going to be consumed in parallel, so your scheme would not do anything to stop the overall spamming. In three minutes, the spammer could send a hundred messages to a hundred different ISP's in parallel, even if each of those ISP's had the delay mechanism in place.
The number one reason is administrator cluelessness. Mail servers don't relay because their admins want them to, but because the admins who set them up don't have a freaking clue on how to operate a secure mail site. At least, these are the ones who have ``wide open relays''.
Even admins who think they have closed their relays often have left some obscure hole, due to bugs or quirks of programs like sendmail.
For example, some sendmail servers will properly refuse to forward a mail with the envelope recipient address like but if it's wrapped in quotes, like they forward it, thinking it's a local address. The deeper rule that operates after the quote stripping doesn't enforce the no relay policy or something like that.
The ORBS system performs about a dozen or so different tests involving various obscure holes that permit mail to be routed. If you want more information, surf www.orbs.org.
That's not mis-use; it's one of the ways in which the RBL was meant to be used. The B stands for ``black hole''. That means creating black hole route entries for the rogue networks so to deny them access to your network.
Kudos to Teleglobe for having the courage to take action against spammer infested cesspools like home.com.
The RBL is far from being for blocking e-mails only. Ultimately, MAPS wants to cut off spammers from all services that they rely on. That means networks which host spammer web sites are blacklisted as well, not just networks that originate spam e-mail. In other words, the networks that Teleglobe is denying access to don't even originate spam e-mail; some of them just host spammer sites.
There may be legitimate web sites alongside spammer websites under these networks. The idea is to exert pressure on the operators of these networks to crack down on the spammers, and get themselves un-blackholed so that access to their site is restored.
There is no easy technological measure to block out only the spammers, and retain access to legitimate sites. Heck, a spammer site and a legitimate site could even be on the same web server machine. That sort of scalpel precision would require URL filtering, which is difficult to implement at the IP forwarding level. Doing that would also remove a lot of the incentive for the spammer-friendly operators to change their ways, and the expense of fighting spam would be absorbed entirely by the people doing the costly filtering.
Such filtering at the TCP stream level would likely reduce bandwidth and require more hardware.
I can think of some reasons why Hotmail wouldn't make use of the RBL a per-user option.
For one thing, it would require some programming in order to make a hotmail configuration web UI affect the back-end. The SMTP servers that handle incoming mail would actually have to accept connections from spammers, take the envelope address, resolve it to a user profile, retrieve the preferences and then make a decision whether to drop the connection or accept the mail. This is extra overhead that could perhaps impact the existing scalability of Hotmail.
Anything is doable with software, it's just a question of time, money and overall feasability. Would the cost of adding frills to the service be justified, given that it is already free? Another aspect of development is the management of risks; hotmail is a live operation. Any fundamental changes have to be thoroughly tested before being deployed, even though this is being run by Microsoft. Someone also has to estimate the performance impact that the change might have.
It's easy to forget that the function of Hotmail is to spam its users anyway---with advertisements. The real clients of Hotmail are the people that pay to have their crap appear on your Hotmail page. Thus it would probably be necessary to convince these clients that giving users extra frills would bring in enough additional revenues to justify the development costs and risks.
I've been known to be a bit perjorative about these things, but legitimacy is one of the last things I'd ascribe to the emissions of hotmail, and most services like it.
How about a Slashdot poll:
I have