Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Microsoft Going After Hotmail Spammers 403

Mirkon writes "Quoth The Register: "Microsoft has targeted spammers with a lawsuit aimed at bulk mailers who harvest email addresses of Hotmail subscribers in order to bombard them with junk." Details are apparently sketchy at this point, but it's nice to see America's favorite monopoly putting its power to good use." The original story is slightly more informative.
This discussion has been archived. No new comments can be posted.

Microsoft Going After Hotmail Spammers

Comments Filter:
  • Now they are going to go after themselves?

    I created a hotmail account as a test purpose. I picked as odd a combination of names and letters I could, to the maximum allowed. I never used the account, nor told anyone about it.

    One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.

    So let's see them go after themselves and fine themselves heavily. Or better yet, put themselves out of business.
    • Re:So what.... (Score:5, Insightful)

      by robw47 ( 558051 ) on Wednesday February 19, 2003 @10:18AM (#5334412)
      The article says the spammers are harvesting the e-mail addresses.

      Why would MS sell your e-mail address so they can turn around and pay for the bandwith it takes to receive thousands of spam e-mails?

      Besides they have banner ads to serve you to make $$$

    • by vena ( 318873 ) on Wednesday February 19, 2003 @10:20AM (#5334426)
      One month later the box was *filled* with spam. My guess is that MS itself sold the account to spammers.

      Microsoft actually might be at fault there. Spammers have been bruteforcing honeypot domains for a few years now, sending spam to any and all combinations of letters and numbers. what doesn't bounce gets added to a "cleared" list and passed along, so the spam accumulates from there.
      • sorry about that ;)
      • Spammers have been bruteforcing honeypot domains for a few years now, sending spam to any and all combinations of letters and numbers.

        Surely they can bruteforce some, but they cannot try all combinations. If the test addresses are long and random enough, they cannot be found by bruteforce. I wanted to try that experiment myself, but I wasn't even able to create an account on hotmail. When I was a hotmail user many years ago, it worked nicely in many browsers. And hotmail was even improved during the time I used it. I stopped using hotmail the day Microsoft bought it. But I did check if new mail arrived for some time after that, but Microsoft introduced more and more problems, and eventually I was no longer able to use it.

        And BTW, some of the spammers verifying addresses on hotmail have been using my honeypot, which they thought was an open proxy. My honeypot said OK to all of those addresses, so there will be invalid email addresses on their lists.
    • by fleener ( 140714 ) on Wednesday February 19, 2003 @10:20AM (#5334428)
      > My guess is that MS itself sold the account to spammers.

      The spammer probably used the dictionary-like-attack described in the Register article to guess your address. I receive all mail sent to my domain regardless of the address. I am the first and only owner of the domain, yet I receive spam sent to addresses I've never used. The spammers are clearly not bothering with harvesting addresses; now they're just making 'em up.
      • Mail readers. (Score:2, Interesting)

        An intresting widget for a mail reader would be a "spam button". It deletes the spam, blacklists the spammer, and sends an error message to the spammer... Like the one you get when there is no address with that name.

        Are there any mailreaders with thatkind of widget?
        • Re:Mail readers. (Score:2, Informative)

          by MindStalker ( 22827 )
          Mozilla has a "Junk" button, it blacklist the spammer, creates a holistic statistic based on all spam blacklisted to help in guessing future spam and can automatically delete it. Now if someone will just hack in a bounce message.
        • Re:Mail readers. (Score:2, Informative)

          by Anonymous Coward
          For Windows there is Mailwasher []
        • Apple's for OS X has such a feature. The first few times you run the program, it runs in "training" mode -- you get all the messages in your inbox, it marks what it thinks is and isn't spam, and you tell it if it's right or not. When you're satisfied, you switch it to regular mode, which is pretty much the same except that the messages it marks as spam get sent either to a special "Junk" mailbox, or the trash, your choice. You can always tell it if it makes a wrong choice, and if you mark a message as spam, it sends it off to the Junk box for you and ... does whatever it does to learn the changes. I usually have it send the marked messages to Junk rather than straight to the trash, since I like to look through the subject lines and senders to make sure there aren't any false positives before I delete them.

          It's very, very good. I'd say I haven't had any false positives since training it early on (some of the mailing lists I subscribe to tend to look a lot like spam, but it picked up on those fast) and I get very few false negatives, under 5%. It's not perfect, but it's a good start. It also has a "Bounce Message To Sender" option that I rarely use, since what usually happens is that the message gets bounced right back to me -- forged headers, etc.
        • Re:Mail readers. (Score:5, Insightful)

          by jweb ( 520801 ) <jweb68&hotmail,com> on Wednesday February 19, 2003 @10:57AM (#5334688)
          All fine and good, as long as the reply-to address isn't forged.

          Case in point: About 3 weeks ago my email was flooded with bounce-backs from spam. Apparently someone had used my email address in a forged From and Reply-To header. I recieved about 300 of these messages in 5 hours.

          In your scenario, suddenly my email address is blacklisted, not the spammers. Oh well, guess it's time for a new Hotamil address anyway. (BTW, I do have another Hotamil address, that has never recived a non-"Hotmail member services" spam. I think the trick was to put nonstandard characters in there, that particular address has an _ character in it).
        • Re:Mail readers. (Score:5, Informative)

          by Erasmus Darwin ( 183180 ) on Wednesday February 19, 2003 @11:09AM (#5334765)
          "sends an error message to the spammer... Like the one you get when there is no address with that name."

          The problem is that spammers who're searching for valid addresses generally check whether or not an error occurs at the SMTP level. When the message is in your mailbox, it's already too late.

          First, the spammer connects directly to your server and checks how you handle invalid addresses (by sending an email to an almost guaranteed bogus account). If your mail server rejects mail to the test address, the spammer then begins doing a dictionary-based attack. If any mail gets through, that address goes on the spammer's list of valid targets.

        • Like the one you get when there is no address with that name.

          That is probably not possible.
          1. The error is generated by the sending mailserver, not the receiving mailserver. The sender is told already when sending wether the destination address is valid, so once your mailserver has said OK, it is already too late.
          2. The sender address could be invalid, so the generated error message could be send to somebody else.
          3. You would live in a constant risk of blacklisting a valid sender address.
      • The spammer probably used the dictionary-like-attack

        He used a random mix of characters, so it would have to be a brute force attack in that case.
      • A dictionary attack helps them determine which combinations are genuienly not valid, thus putting more uumph behind the guesses. They want to know when they are wasting effort...not if. In this case, a miss is as good as a hit.

        And in other news, sendmail honeypots are more entertaining than ever.
      • But Then Why? (Score:4, Interesting)

        by Bilbo ( 7015 ) on Wednesday February 19, 2003 @11:18AM (#5334866) Homepage
        If it's a brute force guessing attack, then why don't I get the same amount of spam on my Yahoo account?

        Actually, there is a solution, at least on my end. I created a hotmail account just so I could talk to someone on the Microsoft IM client, so I know I should receive ZERO messages on that account. I just set filtering to only accept mail from people in my address book, and then have zero entries in my address book.

        It doesn't stop all the Spam that Microsoft itself sends me, but it keeps most of the rest of the spam away.

    • Re:So what.... (Score:2, Insightful)

      by Khalidz0r ( 607171 )
      Well that's a weird case to be honest, because I have been using different kinds of account names to see which ones recieve less spam, and I have noticed that some kinds of names actually recieve more spam then others, most noteably first alphabet emails. I have recieved emails sent to names very simillar to mine (in the To list) in a brute force manner. Maybe you forgot to uncheck the addition to white pages or something? Because it is there by default, and if you have it checked then reasons of spam are obvious.
    • Ohters in this thread suggest dictionary-style spam campaigns aimed at high-profile domains, which is a good explanation.

      However, I wonder if this isn't the beginning of an attempt to corner the market on (euphamism mode on) "permissioned, targeted email marketing" to hotmail users.

      Step 1: chase away spammers who don't buy protection from MS
      Step 2: sell access to spammers (high quality lists, demographics, etc)
      Step 3: $$$$$

      It's got to frost MS a little that there are all those "consumers" at hotmail and somebody else is sending them marketing info that MS doesn't get a big slice of.

    • Actually Microsoft is suing spammers because they don't like the competition.
    • Re:So what.... (Score:5, Informative)

      by babbage ( 61057 ) <> on Wednesday February 19, 2003 @12:00PM (#5335220) Homepage Journal
      I've been wondering about that since the Spam Conference last month, where both an engineer from Microsoft Research and a representative from Brightmail spoke about how they're trying to filter spam from large networks such as Hotmail and MSN. The scenario you describe is a common perception -- the most obvious explanation for the way even unused, "funny looking" (not dictionary words, numbers, etc) Hotmail addresses get so much spam is that the company must be selling their subscription list to spammers. But if that were actually true, then why are they putting so much effort into filtering out spam at both the network & mail client levels?

      A different idea that came up at the conference was what I'll describe as "bigger targets attract more arrows". That is, an ISP with millions of subscribers (Hotmail, Yahoo, AOL, Earthlink) is a more appealing target for things like dictionary attacks than, say, my personal DynDNS account with two legitimate users behind it.

      If you're going to carry out a dictionary attack against a domain, diminishing returns will take over for the little one (one billion tries, two hits -- 2e9%), but for the big one you can expect a reasonable hit rate (one billion tries, 3 million hits -- 0.003% -- and in fact a reasonably big fraction of all users on the network).

      In practice, this means today that the bigger the netwowrk, the greater the current spam volume, to the point that of the largest ISPs and corporate networks around today, something like 40% to 50% of their mail traffic is now spam.

      I think this is a better explanation for what's going at Hotmail et al., and it also does a better job of why they want so badly to control the spam issue. The explanation they'll give to the public is that this is good customer service, and to an extent that's true. But at the same time, trying to handle all this network traffic is probably a technical nightmare (and comments about the migration from FreeBSD to Win2000 are not helpful here :). For a free service, having to handle that much unwanted traffic is probably killing them, and bringing it under control for that reason is probably at least as important as maintaining customer good will.

  • Took em long enough to get sick of paying for all that bandwidth.
    • Re:Bout damn time (Score:5, Interesting)

      by SN74S181 ( 581549 ) on Wednesday February 19, 2003 @11:41AM (#5335063)
      That's just the way Microsoft works.

      They're big, they have deep pockets, and they ramble into a market and will spend tons of money at first while they figure out what the heck they are doing.

      I used MSN for internet access for quite awhile in the year after Windows 95 came out. I was actually a 'beta tester' in the pre-release Windows 95. During the 'beta' period you could get on MSN through your 'beta' version of Windows 95 for free. Unlimited free connect time in 1995 wasn't that common. Then, I signed up for a 'paying' account, but with a 'first month free.' I had second thoughts about paying so I cancelled the account in the last week of the trial month. A month later I did the same thing. I ended up in total getting three or four free months by applying and canceling. On the same credit card with the same name. They weren't managing their service at ALL like a rational business would.

      They're doing the same thing again with their game console (whatever it's called, let's not even mention it's name in this discussion thread). Sell it at below cost, while they figure out what the hell they are doing.
  • by jimson ( 516491 ) on Wednesday February 19, 2003 @10:15AM (#5334385) Homepage
    That's what my hotmail account is for.......its the address I give whenever a website wants my email address. I never give out my real address.
  • The only organism allowed to spam Hotmail subscribers is - Microsoft.
    And they can sell that advertising power to their partners.
    Indiscriminant spamming only dilutes their value, so they HAVE to stop it.

    *Coming Soon* Want a bigger penis? Download Microsoft Internet Explorer VII.
    Hey, it'll work as well as those other remedies...
  • by IncarnationTwo ( 457191 ) on Wednesday February 19, 2003 @10:16AM (#5334399)
    And I quote the article "The suit doesn't name defendants" but seems more like an face saving campaign for Hotmail and per se. Microsoft.

    Like 'See, we're at your side'. Those who actualy believe that professional spammer can be traced raise their hands.
    • Those who actualy believe that professional spammer can be traced raise their hands.

      *raises hand*. If a spam has any chance of making money there has to be some form of legitimate contact information, a web site that is selling something, a phone number,... some way of collecting money. If there is a way of collecting money, there is a way of tracking someone down.

    • If you'd read the next part of the sentence, you'd have found out that that's standard practice when suing a large number of as-yet unknown defendants.

      It gives them the power to issue subpoenas so that they can find out who's spamming, then sue them by name.

      Happens quite often.

      As for whether professional spammers can be traced - how about that guy who got his address and photos of his house posted on Slashdot?
    • by djtack ( 545324 ) on Wednesday February 19, 2003 @01:12PM (#5335858)
      Their real motivation may be that they want the spammers to have to buy the list from Hotmail. It's well known that they do sell the list, and when spammers use a dictionary attack (perhaps more accurately called a Rumplestiltzken attack (guess my name)) Hotmail loses out on potential revenue from the spammers.

      I think it's likely that they will find at least some of the spammers. For most individuals, it's not worth the time (or money), but spam can be tracked.
  • no spam? (Score:4, Funny)

    by cribb ( 632424 ) on Wednesday February 19, 2003 @10:16AM (#5334400)
    What? NO SPAM? how the hell am i going to increase my penis then?
  • A good start (Score:5, Interesting)

    by interstellar_donkey ( 200782 ) <> on Wednesday February 19, 2003 @10:16AM (#5334403) Homepage Journal
    Now if I could only get hotmail to stop spamming me. About once a month I get spam from hotmail under the guise of 'hotmail member services'. These junk emails have ads for all sorts of things, have little to do with the opperation of my email, and are annoying.

    You can't block this address (, and there is no 'opt out' other then to stop using the hotmail service.

    Mildly tolerable and acceptable if you are getting the email for free, but unacceptable if you sign up for a years service and pay them. Needless to say, I did not renew my pay subscription.

    • Re:A good start (Score:4, Informative)

      by Nurlman ( 448649 ) on Wednesday February 19, 2003 @12:39PM (#5335571)
      > You can't block this address (, and there is no 'opt out' other then to stop using the hotmail service.

      You can't block it (sneaky, Microsoft!), but you can sure as shootin' filter it. In Options|Custom Filters, put in a rule that redirects all mail from right inot the trash. Or, if you're afraid of missing out on a valuable deal to get a bigger mailbox, you can always sort Hotmail Services e-mails to some junk mailbox that you only check intermittently.

    • Re:A good start (Score:3, Informative)

      by Alan ( 347 )
      Yes, I love how the junk filter setting of "only allow mail that I have explicitly allowed" blocks everyone but them.


      Gotta love being a monopoly. Of course, depending on how you think of it, it's their service, so they can do what they want with it, no one is forcing you to use it.

      Well, no one except MS themselves, who force you to get a hotmail account for your .NET stuff, but no one is forcing you to use that.

      Well, except for MS who is building .NET into their OS, apps, and pretty much everything else they have, and they only have 90% of the desktop.
  • In a word.... (Score:2, Interesting)


    I also use hotmail, and their filters are not as good as Yahoo's, because you cannot filter on message content, only header. I get an average of two spams a day in my hotmail account. I wish MS/hotmail would improve their inbox filtering, but I am glad to see them doing something about the problem.

    I have no problem siding with the Borg on this one!

  • by Nokey ( 14772 ) on Wednesday February 19, 2003 @10:18AM (#5334411) Homepage
    *cringe* it is almost too hard to say but...

    Yay for Microsoft!

    *ugh* that was hard. And it still hurt to say.

  • ... the people using Hotmail to spam everyone else. Like 50% of the spam that I get is from accounts like or, even on accounts for those very same domains and even with the spam filters for each of those domains on (set to "high" in Hotmail's case). Eliminating spam BEFORE it gets sent seems like perhaps a more important issue for everyone, but then again corporations doing what's best for them and not everyone isn't exactly news either (nor necessarily bad).
  • paying for bandwidth (Score:2, Interesting)

    by ebuite37 ( 459068 )
    Microsoft sick of paying for bandwidth? NO! They get paid for giving out their emails. I used to use hotmail before it was bought by MS, and I never got spam. All the sudden I started receiving tons of it after the purchase. I wrote Hotmail tech support to complain, who responded by telling me they have to pay for the service somehow. That was six years ago, but I believe it still happens. Why else does their spam filters filter one porn subject line but ignore another with the same or similar strings?
  • Not true... (Score:4, Insightful)

    by dotgod ( 567913 ) on Wednesday February 19, 2003 @10:22AM (#5334447)
    There are programs out there that generate random email adresses for a given domain. There is no way Microsoft would do something so stupid. Why does everything posted about MS on Slashdot have to be some kind of conspircy?
    • Re:Not true... (Score:3, Interesting)

      Its a conspiracy because many of us used hotmail before it was bought out by the Borg. I used it for 2 years and got maybe 5 spams. It wasn't more than a week after MS bought it and it started getting flooded with spam. At that point I quit using it. I don't remember what the password to the account is now (and MS in their infinate monopoly spirit will only let you retrieve your lost password if you have IE), I shudder to think of what is in that account now.
      • Re:Not true... (Score:3, Insightful)

        by ceejayoz ( 567949 )
        Part of that could be the increase in popularity and name recognition that would be happening when MS buys a formerly independent site.
        • More likely some disgruntled employee didn't like the buyout and took matters into his own hands.

          Even if Microsoft intended to do that, I question whether they could actually move on the issue of selling a subscriber list so quickly.

  • I have always said that Once Microsoft Rules the World things will go much smoother. If anyone has a problem with anything (SPAM, Computer, Entertainment center, fridge, toilet ...) there will only be one support line!

    I Can't wait!! The Possibilities are endless.

    yours truly,
    Gill Bates
  •'s time to allow women to vote!

    Seriously, while it's good they're finally doing it, why weren't they doing it years ago?
  • by oZZoZZ ( 627043 ) on Wednesday February 19, 2003 @10:25AM (#5334468)
    HAHA. that's funny. I can think of three reasons to do this:
    1. The spam is costing them insane amounts of money in bandwidth

    2. People stopped using MSN hotmail because of the spam, and they need more subscribers to look better compared to AOL.. because potentially Microsoft could boost it's "MSN Userbase" by including some hotmail users

    3. More money. This option is unlikely, since Microsoft probably won't gain any money directly from the lawsuits, but I guarntee that more userbase + less bandwidth fees because of spam = more money in the long run for msft.
  • Just do this (Score:5, Informative)

    by eonblueye ( 627191 ) on Wednesday February 19, 2003 @10:29AM (#5334494) Homepage
    Just keep your name out of their Member Directory and you will be spam free. I've had my Hotmail account for years spam free.
  • by dfenstrate ( 202098 ) <> on Wednesday February 19, 2003 @10:32AM (#5334512)
    I don't actually get a lot of junkmail on my hotmail account. In fact, I haven't checked my hotmail account for two weeks, and I only have two pieces of mail in there:
    1. Some crap from a mailing list I signed up for.
    2. Spam.... from 'hotmail member services' sadly, I can't block them (I tried), but really, are "7 hot tax tips" really all that important for me to know, at least in terms of maintaining my account?

    Shouldn't this kind of stuff come in as MSN-approved spam?

    I can't really complain, though, cause it's free, and they only spam me once in a while.

    I've had this account for a couple years now, and I use it as a junk email account whenever a website demands an email address. Still, no deluge of spam.
  • ..I dont think Hotmail is doing crap to stop spam. Don't tell me there is no way to block out emails from wersdfjwer@Erfsdfgdfg.sdfwer

    How the funk are you going to tell me you cant tell if something doesnt even have a proper domain name..... Hotmails "spam filtering" is laughable...
  • by Khalidz0r ( 607171 ) on Wednesday February 19, 2003 @10:34AM (#5334533) Journal
    Many of the comments have been blaming this on Microsoft itself selling addresses or stuff like this. I am not pro-Microsoft or whatever, but I think that's just nonsense.

    Spam, I guess, hurts the company more than anybody else, it clutters the database, and waste space, and fills unused email accounts with lots of junk, ...

    We should think a bit before blaming everything on Microsoft just because of the bad guy it is being towards us.

  • Paid by the sender (Score:2, Insightful)

    by ultraslide ( 267976 )
    Here it somes folks ... the herecy.

    E-mail should be paid for by the sender! Just like real mail. A new protcol needs to be designed (or maybe has been ???) to address (pun intended) this problem.

    Right now the reciever covers all the costs of filtering, blocking, and dealing with the god awful Relay and Domain Blacklists (if you've ever been on one, good luck getting off ...)

    As soon as the sender has to pay you'll see spam practically drop off the map except for "legitimate" product offers and announcements.

    the 'slide
    • As soon as the sender has to pay you'll see spam practically drop off the map except for "legitimate" product offers and announcements.

      The only problem with that idea, is that the major benefit of using e-mail instead of snail mail is that it doesn't cost anything.
      If you make it so that the sender has to pay for every email they send, I think you would get less and less people using email and other internet services every year. The internet and e-commerce is the way you pay for "free" services like hotmail, not by putting a "postage fee" on every email sent.

      And besides, to be able to charge someone for the email, you have to be able to track them down. How many spammers do you know of stupid enough to do their spamming from their home computer, using their actual email addy?
  • by Schlemphfer ( 556732 ) on Wednesday February 19, 2003 @10:36AM (#5334555) Homepage
    I think we'd all agree that an e-mail address isn't worth much, by itself. Spam prevention has become one of the best ways to add value to an email address, and make it more worth paying for. Filters work with varying success, and to the extent that filters are effective, an email account becomes more worth paying for. But filters will only take you so far; I use a Yahoo account for my personal email. Once upon a time, I never got spam there. But now I get hundreds of spams a month, and at least three or four a day slip past the filter.

    Hotmail's filters have always been poor compared to Yahoo's (insert obligatory anti-ms joke here.) But I have to say, that if Microsoft is going to start aggressively suing spammers who send email to Hotmail accounts, it's going to make their Hotmail service a whole lot more desirable. Microsoft has been desperately trying to get people to pay money for their Hotmail accounts (which, back in the DotCom boom, once promised "free email for life."), and I think suing spammers might be their best possible strategy. Not only does will it reduce Microsoft's storage and bandwidth costs, it will differentiate Hotmail from the slew of freemail providers, and make the service much more worth paying for.

    Until we get aggressive federal anti-spam legislation, this new strategy from Microsoft will be great for Hotmail users and good for the Internet in general. If the lawsuits actually frighten spammers away from Hotmail, I might indeed finally pay for my Hotmail account, which I now use only as one of those disposable junkmail accounts for registering on sites I don't trust.

  • Probably first time I want that Microsoft win with this battle, spammers is something that I hate more than Microsoft business practices. But, if Microsoft loses big, well, will be not so bad.

    Is the kind of battle that you always wants to happen, whoever wins, or gets harmed, will be always good for my point of view.

    Mmm, unless the winner became stronger after the battle, if its Microsoft, trying to outlaw more things than just spammers, and if spammers, sending more spam even more than before because not even Microsoft could harm them. In this case, this perfectly could be a lose-lose situation
  • Ends, means (Score:5, Insightful)

    by ianscot ( 591483 ) on Wednesday February 19, 2003 @10:38AM (#5334569)
    From the second article linked to:

    "But new, strong laws are needed. At a minimum, senders should not be allowed to misrepresent their identity, falsify the subject of a message, or use automated means to gather e-mail addresses without the owners' consent."

    They're specifically asking for subpeona power to go after people who use brute force "harvesting" techniques for hotmail accounts -- as part of the investigative phase of a trial. Sounds like they want to sell their own list, not have automated processes "stealing" it from them. Not that that's a problem by me -- they have a hotmail privacy policy, I'm sure, somewhere in the stuff you click through to set up your account...

    But why is MS, or Earthlink, or any one company, the best choice for this role? We're all with the stated goals, here, but MS asking for "strong new laws" and wanting subpoena power against unnamed defendants, that does give a person pause.

    There's a difference between regulation for the common good and legal action taken in self-defense. We know which approach MS embodies, heart and soul. Will that really achieve the ends we all agree on?

  • by Styros ( 144779 ) on Wednesday February 19, 2003 @10:38AM (#5334571)
    Slashdot actually posted a "complimentary" piece about Microsoft??
  • hrmm (Score:2, Interesting)

    by clarionhaze ( 641956 )
    for some reason eberyone thinks your info has to be sold for the spammers to get it. thats discusting incorrect! there are ways for them to get into the databases of emails, you'd probably be surprised.
  • Hotmail could start by blocking UUNet address space. Given the huge number of spammers there, this would be worthwhile, even though it would affect quite a number of people. If they did this, and monitored UUNet's performance with regard to when all the spammers (and there are a lot of them) in UUNet's space get disconnected, it really could force UUNet to once and for all stop supporting spammers.

    What would Hotmail get out of it? Based on how much my mail servers get pounded on by spammers on UUNet space, I'd guess that Hotmail servers are getting hit to the tune of at least 10 million and possibly 100 million times a day. And even if Hotmail just blocked the spammer addresses, that would still amount to an economic burden of maybe several dozen servers just to handle those hits.

    SPEWS blocks a large amount of UUNet space because of UUNet's continued support of spammers. Lots of innocent legitimate businesses are suffering because of this, but it's better than UUNet customers suffer rather than the recipient mail server operators. UUNet is too clueless to deal with the spammers, and SPEWS is apparently has too small a user base to have an effect on UUNet. But if Hotmail did this, UUNet would be forced to finally, once and for all, disconnect the spammers. This would be good for everyone (and even for spammers who might realize they need to stop spamming and become productive members of society, instead of being thieves).

    Having a big name like Hotmail do some things like this could really help turn the tide against spamming (defined as unsolicited bulk email), and restore public confidence in email as a working medium of commerce, and enable legitimate forms of permission based email marketing.

  • by rdmiller3 ( 29465 ) on Wednesday February 19, 2003 @10:56AM (#5334686) Journal
    I don't care if MS goes after spammers who target HotMail users... but more than half of the SPAM I get in my in-box comes through some HotMail address! HotMail is the spammer.

    It's too easy for spammers to use a free HotMail account (like "") to send SPAM from. Microsoft should fix that first.

    • While in some cases dumb spammers will use a live Hotmail account as the return address for a spam run, in the majority of cases, the Hotmail addresses (and those of others like BigFoot, Juno, Yahoo, etc) are fabricated. And yes, some spammers are so dumb they leave no means of contact whatsoever. In other cases it's a web site hosted entirely separately from where the spam came from (often a wide range of open proxies for which no origin tracking headers are inserted). And those web hosters refuse to shut down those spammer sites claiming that since the spam didn't come through their network they won't do anything about it (but at least SPEWS lists them, too, which has resulted in many takedowns).

      Look at the headers and see if the message actually came from one of Hotmail's servers. Microsoft already has made it so that it is incredibly hard to spam through the web interface (just like Slashdot's "slow down cowboy" feature for those who post too fast here). But if someone does manage to spam through Hotmail, by all means notify them, although they probably already know about it.

      I don't know whether it is good to report the likely forged return address spams to Hotmail or not. Certainly if the address is real, it should be, so they can shut it down (they do). But knowing whether it is real or not is not easy.

      I don't actually see all that much spam with Hotmail as a return address. I haven't seen any from Hotmail servers in ages. I do NOT block Hotmail.

  • What about ... (Score:2, Interesting)

    by JSkills ( 69686 )
    ... people who use a continuous flow of newly creatred hotmail accounts to SEND spam? Shouldn't Msoft do something about them too?

    I've written a server based SPAM filter that uses the RBL and mail from hotmail addresses are always rejected since it appears they are on the RBL. This makes it difficult for legit people using Hotmail to send mail to places using the RBL for filtering.

    • Re:What about ... (Score:3, Interesting)

      by Steve B ( 42864 )
      people who use a continuous flow of newly creatred hotmail accounts to SEND spam? Shouldn't Msoft do something about them too?

      Now, now, you can't expect them to be able to handle something as technically complex as imposing a 2 second per destination address delay on new accounts.

  • A class action suit is filed against microsoft for bugs in IIS, Outlook and IE.
    Sending tonnes of virus spam and cloging up networks.
  • And yet... (Score:3, Interesting)

    by Zebra_X ( 13249 ) on Wednesday February 19, 2003 @11:20AM (#5334881)
    "...monopoly putting powers to good use."

    and yet not so much. imagine how much they could "save" by not having to broker all the crap the spammers are sending to their systems. less hardware costs, less bandwidth, less headaches. less spam for hotmail users is really only a by product of their business goal to save money. if they could make money from spam - then hotmail users would get a lot more of it!

    business is the worst of people.
  • by CTD ( 615278 ) on Wednesday February 19, 2003 @11:25AM (#5334938) Homepage
    I am a Hotmail user. I have been since 1997.

    I'm also a Yahoo Mail user. I have been since 2000.

    Last fall I decided that I either had to subscribe to a third free mail service (I hid the address I pay for, thank you very much) or try to work with the filtering tools. Both accounts were flooding with spam to the point of tediousness.

    First Step: I spent a week unsubscribing out of every spam that came into my inbox at both accounts.

    Expected Result: I expected the spam to increase. I was proving that not only was the address valid, but it was read.

    Actual Result: Spam did decrease. Some of the spammers actually are good for their word. Others are not.

    Second Step: Identify who is spamming me despite my requests. Block them, and filter them with the tools at both websites.

    Expected Result: I expected to be able to stop some of the spam, but not much. They are crafty bastards after all.

    Actual Result: A good portion of them dropped off.

    Short Term Prognosis: After two weeks of work (Step One and Two) the volume of spam at both accounts fell about 66%. Roughly. Unscientifically. Hotmail went from 100 daily spams to 30. Yahoo went from 30 to 10. Give or take.

    Mid Term Results: After a month of time passing, I encountered a spike in spam. On both accounts. My addresses had been sold.

    Mid Term Actions: I repeated steps One and Two. After a short bit of work, both accounts settled back down.

    Long Term Results: It's been about 6 months. I still get spam, at a much reduced rate. I dedicate one day out of every month to opt out of spam mails in my inbox. I dedicate another day to working my filters and blocks (when I say "day" I mean about an hour of work on a single day).

    I get less spam. It's not all gone, but I get less. Both Hotmail and Yahoo send me "user updates". About once monthly. Sometimes I read them. Sometimes I delete them. I am not overly concerned about it. One letter per month is not something to quit a free service over. Unless I want to grandstand with my important indignation.

    The point of all of this, and how it relates to the actual discussion:

    If you aren't paying for the service, you get what you pay for. I don't pay for either, and it costs me about 4 hours each month to keep each one useful. Fair trade.

    If Microsoft is going to endeavor to get rid of unwanted spam from outsiders. I applaud them. It might not impress the anti-MS crowd, but I'm ok with that. I don't pay for the service, and they are trying to do something to make it better. In a fashion that costs them money. With a method that no other free email service is attempting.

    I'm sure it will somehow go all wrong and I will be forced to wear my MSYou! Implant Chip05 at the end of it all, but that's the price of working with the Evil Empire. So long as I get less spam with my Soilent Green, I can live with it.
  • by dark_panda ( 177006 ) on Wednesday February 19, 2003 @11:28AM (#5334965)
    This thing works pretty well...
    1. When someone (or something) sends you an email, it gets stuffed into a "pending" folder rather than your inbox.
    2. Whoever sent you the email gets an automated reply from hushmail that requires them to click on a picture of a keyhole that's placed randomly on the screen in a java app, or something to that effect.
    3. After clicking on the keyhole once, they'll automatically get past your spam filter from then on. You can also set up lists of addresses or domains that bypass the filter all together.
    This system basically assumes that there's a human on the other end of that email to click through the filter. I haven't seen a single spam in my inbox since I enabled it.

    It's not impossible to defeat, but for the moment, it works great.

  • by Greyfox ( 87712 ) on Wednesday February 19, 2003 @11:41AM (#5335067) Homepage Journal
    Apparently Microsoft hates spammers as much as the rest of us. Now if they'd only hate the other scourge of the Internet as much as the rest of us do...
  • Spmmers / Messengers (Score:3, Interesting)

    by OrbNobz ( 2505 ) on Wednesday February 19, 2003 @11:54AM (#5335167) Homepage
    My hotmail account is awash in spam, I have never used the account. Simply amazing.
    I really think we are going about the spam issue the WRONG way, however. Hear me out.
    We are hellbent on shooting (drawing/quartering) the messengers. The messengers are ever-changing, fraudulent, pieces of crap that forge everything from the originating IP to the recipients address. But all Spam has one thing in common. Content.
    All spam is trying to get you to buy some product or service.
    The only reason spammers do what they do is because it's MAD profitable. Why? Because the content's originator makes it that way.
    I propose we turn this massive gun we call "public outcry" towards the TRUE originators of all the spam: The people who construct the content, or pay the spammers.
    If spamming becomes unprofitable, it will stop. Spammers aren't doing it to be malicious, they are monetarily motivated! Stop the source of the money, and stop the spammer.
    Order one of those mini-hovercraft RC things, find out who it ships from, then sic your lawyers on them. Buy that Viagra from an online pharmaceutical, find out where it ships from, then set the coordinates on your lawyer-launcher. Go after AT&T, Discover, Home lending companies.
    Your email address, once harvested, is like the freakin village bicycle! It gets passed around so much, you have no CLUE as to who grabbed it orginally, nor does it matter since so many other spammers have it! It's a vicious circle, and I say go after the TRUE SOURCE!

    Does this make sense to anyone else, or should I drink some more coffee and calm down?

    - OrbNobz
    If I had a nickel for every spam I received, I', thus part of the problem! Ack!
  • Coincidence ??? (Score:5, Interesting)

    by andrewbaldwin ( 442273 ) on Wednesday February 19, 2003 @11:58AM (#5335203)
    Just by pure coincidence I submitted a posting about 2 hours before this, asking if anyone had done a comparative study of e-mail providers and Spam.

    I created a Hotmail account specifically for product registrations. It's NEVER been used in newsgroups (or to send out an e-mail for that matter), yet within hours it stared receiveing junk mail.

    I've not had that problem with my main e-mail provider

    Does this mean that

    a) Hotmail is a prime target for people generating "random" names for spamming

    b) Hotmail / Microsoft have weak security

    c) MS are selling or leaking addresses so that they can publicly clean up later and gain credit

    d) I'm just unlucky

    Personally I favour Napoleon's dictum that we should not attribute to malic that which can adequately be explained by incompetence (in other words, favour the cock-up theory over the conspiracy)
  • more! (Score:3, Funny)

    by spazoid12 ( 525450 ) on Wednesday February 19, 2003 @12:51PM (#5335675)
    The original story is slightly more informative.

    It's also slightly more .com.
  • "aegean stables"? (Score:3, Insightful)

    by mwood ( 25379 ) on Wednesday February 19, 2003 @12:53PM (#5335692)
    Cleaning undersea stables would indeed be a Herculean task, but I think you meant "Augean".
  • by CanadaDave ( 544515 ) on Wednesday February 19, 2003 @01:08PM (#5335825) Homepage
    I use my hotmail account to harvest spam for use with Mozilla's Bayesian filters. Without Hotmail, my spam folder wouldn't have over 1000 messages in it right now (and I just started a few months ago, when mozilla 1.3a came out)

"Yeah, but you're taking the universe out of context."