Admins Accuse Microsoft of Hotmail Cap 166
kurmudgeon writes "The Register is fielding reader tips that Hotmail has placed Draconian limits on the number of Hotmail recipients who can receive an email. The first 10 Hotmail addresses included in a mass email go through just fine, according to these reports. But any additional addresses are returned to sender with a message that reads: "552 Too many recipients." (Microsoft denies it has placed any such restriction on the number of senders.) This would appear to be a violation of RFC 2821, which states: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification."
And the problem is...? (Score:5, Interesting)
Let's look at that phrasing: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification." (emphasis added).
Are they rejecting messages, or are they rejecting recipients?
According to this, they're rejecting recipients with an obvious "try this again" code. Really that should be 452, not 552, but that same RFC 2821 says that senders should treat a 552 as temporary:
So whatever sending server runs into these limits should retransmit the message to the remaining recipients on the next queue run. Okay, it'll only reach 10 recipients at a time, which is annoying. It shouldn't be kicking back the error to the client.
Really, assuming Microsoft has actually put this limit in place, the only thing I can see that's wrong, from a practical standpoint, is using the outdated 552 code instead of the more specific 452 -- but that same RFC people are waving around says that their servers should treat it as temporary anyway.
Am I missing something?
Re: (Score:2, Insightful)
Re:And the problem is...? (Score:4, Informative)
The proper reaction of a sending server to a temporary error is to try again. Per that same RFC, the server should be treating '552 too many recipients' as a temporary error.
Yahoo does the same thing at 30 recipients, though they issue the more proper 452 error code. The first 30 recipients at Yahoo get the message, then the sending server retransmits to the remaining addresses.
Re:And the problem is...? (Score:4, Interesting)
It's one thing to have anti-spam and anti-abuse mechanisms in place, it's another to deliberately break basic functionality in direct violation of the standards that make email work. There are MUCH better ways of handling situations where you want to rate limit inbound mail that are fully compliant with the RFCs, that allow all valid mail to get through.
It simply amazes me how many IDIOTS are running servers at large ISP's / sites. It is well known by most competent email admins that hotmail is totally broken and unreliable. Anyone still using hotmail for everyday use should have their head examined.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm talking about 5xx level rejections. 4xx level errors are JUST FINE!
Re:And the problem is...? (Score:5, Interesting)
If a client actually stops trying to deliver based on a 552 error, then it, too, is violating the standard, in a way that actually prevents delivery. I consider that a more serious violation.
Re: (Score:3, Insightful)
Aren't 55X errors supposed to be permanent, while 45X errors are temporary ?
Why would the sender keep the message on the queue after a permanent error ?
Re:And the problem is...? (Score:4, Informative)
Re:And the problem is...? (Score:4, Interesting)
Only if the sending SMTP server is broken. SMTP has two types of return codes: permanent failures and temporary failures. A permanent failure causes the message to bounce to the sender. A temporary failure causes the message to be queued and resent. Upon resending, only recipients for whom an error was generated are retried. Thus, if this error occurs after ten recipients, the remainder won't get the message in the first pass, but the next ten will get it when the sending server retries (usually after an hour, IIRC). This should continue until the recipient list is exhausted. Even this assumes that the sending SMTP server is extremely dumb and doesn't really understand anything about this error code at all beyond that it is a temporary error.... If it actually understands the code, it should try resending to additional recipients immediately, and divide the message into smaller batches, in which case it would delay delivery by a few minutes at most.
In theory, in some extreme cases, the recipient might never get the message. If it retries once an hour for a week (fairly typical), that would effectively cap the number of HoTMaiL recipients of a single message at 10 * 24 * 7 = 1680 recipients. Of course, a proper sending SMTP server should already be able to split messages into batches of a hundred or less because a limit of 100+ is considered acceptable behavior by the receiving server. Thus, in effect, because 1680 is larger than 100, short of a very long term net outage after the initial connection attempt, all the recipients should receive the message in every case. If this does not occur, the sending SMTP server is broken.
This is, of course, just my opinion.
Re: (Score:2)
Re: (Score:2, Informative)
"""
recipients buffer
The minimum total number of recipients that must be buffered is
100 recipients. Rejection of messages (for excessive recipients)
with fewer than 100 RCPT commands is a violation of this
specification.
"""
which is only a couple of paragraphs above what you quoted.
You're also m
Re: (Score:1)
Errors due to exceeding these limits may be reported by using the
reply codes. Some examples of reply codes are:
452 Too many recipients (see below)
RFC 821 [30] incorrectly listed the error where an SMTP server
exhausts its implementation limit on the number of RCPT commands
("too many recipients") as having reply code 552. The correct reply
Re: (Score:2)
I think the important part is the longevity that this filter is in place. Does anyone have any first documented cases with a nice time stamp?
I am not one to defend MS, but sometimes shit happens, if they are providing a correct code to identify a temporary action, then the clients should react appropriately with a next queue. However, I don't know how I would feel if they did this on purpose, logged were all those 522s
Re: (Score:2, Informative)
4xx rejections are temporary, "try again later."
Easily worked around (Score:2)
In Postfix you can set this using default_destination_recipient_limit [postfix.org]. Setting this to 10 would solve the problem as after 10 recipients, Postfix will deliver the DATA part and then start a new session for the remaining recipients. I am sure other MTAs will have a similar setting. (and if they don't they should)
Re: (Score:2)
I wouldn't worry about it...
Too many? (Score:3, Funny)
"552 Too many first posts."
E-mail is dead for mass communication (Score:2)
Re:E-mail is dead for mass communication (Score:5, Interesting)
All MS is doing is cranking up bandwidth costs now. Instead of one copy being sent to all 68 subscribers on the server, my listserv now has to send them 68 copies of the same damned thing. Incredibly inefficient, but the subscribers want the email, so that's what'll happen.
Re: (Score:2)
When my wife was corresponding secretary of an organization with a mailing list in the low hundreds, I had to send out the e-mails. I experimented and found that e-mails with 8 recipients would go
The bandwidth difference is negligible (Score:2)
So yeah, it's annoying in theory, but that just means you need a
Re: (Score:2)
Simple solution: don't allow subscriptions from Hotmail accounts.
Re: (Score:2)
Re: (Score:3, Interesting)
At UMBC [umbc.edu], almost all student organizations, many classes, club teams, etc. etc. all use a mailing list system powered by Sympa [sympa.org] to communicate. It's way more convenient than logging into our blackboard site, browsing to the class, finding the discussions forums, and finding the right thread in the mangled excuse for organization.
With the mailing list, all I have to do is check my email. Email is easier to centralize to the individual
Re: (Score:3, Insightful)
Re: (Score:2)
gmane.org!
Re: (Score:3, Insightful)
Because web forums suck.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
1) How does RSS save bandwidth? The images are loaded when each user checks their newsletter? Assuming the newsletter is legit, then te read rate will be high, and the bandwidth gets used anyway.
2) The newsletters I persona
Hotmail is unreliable anyway (Score:5, Interesting)
Our (100% legitimate, double opt-in) mailing list gets a few Hotmail addresses added to it every now and then. We frequently get people complaining about missing mails and so on. Invariably, it's because of something silly, usually spam filtering that has been set to be so ludicrously aggressive that practically anything not white-listed (i.e., nothing on a new account) gets through.
We have now reached the point where we consider Hotmail an irrelevance. We don't even advise complainants to use another mail client any more, we just ignore them. The list is not run for profit, and the effort of supporting Microsoft's not-playing-ball freebie mail system just isn't worth it for what is basically a hobby set-up run for the benefit of our community.
Re: (Score:1)
It took a day to get a test message to yahoo to one user.
We dont run mail list but hotmail, and yahoo are not really in very good shape. Theres better free email out there.
Re: (Score:2, Informative)
Re: (Score:2)
It's not just silent, it's unpredictable.
I've just sent two emails from my own server to my Hotmail account. The first was with one of those short .wmv videos as an attachment (3.5Mb), the second was the same email, but without the attachment.
The email with the video went through, while the second one, with identical text but no attachment, has vanished.
Re: (Score:2)
No, they don't even show up on the "Spam" folder, I've checked. I don't know if this is random, but it's very suspicious.
Re: (Score:2)
Headers of the dropped mail were all pretty legit - in the case of ISP mail, person's PC SMTPs it to ISP, the
Re: (Score:2)
Between being blocked and email going to hotmail junk boxes, we gave up on complaints.
We got on a few other blacklists from time to time, but it usually had to do with other users in the IP block our ISP had us on.
Wouldn't using bcc fix
Re: (Score:2)
If you started dissing hotmail (which I just tested with a 50 recipients list and stopped checking after the 11th) for "abusive SPAM filtering", maybe _you_ need to check how you send emails and/or the clients (scripts hopefully better then client for massmailing) to achieve your goals.
We send out our mails using a standard issue mailing list manager, which deals with confirming all the addresses before they are added to the list among other things. All mails we send come from recognisable addresses, include a recognisable keyword in the subject line to help people wanting to use mail filters, include appropriate headers to indicate that the mail is a bulk message, and contain only content of the kind a list subscriber would expect.
We do not use SPF, Sender ID, DomainKeys, or any simi
Re: (Score:2)
What specifically is your beef with SPF? I'm just a jack of all trades system admin and not a "mail server" admin by any stretch of the imagination, so excuse any perceived ignorance here. SPF seems to be picking up traction in Europe. I work for a major art museum and they are communicating with people around the world. I recently had to add an SPF record for our outgoing server because more and more recipients were bouncing mail back. On the surface it seems like a good system and i
Re: (Score:2)
SPF is, IMHO, a flawed implementation of a worth-a-try idea:
Re: (Score:2)
Re: (Score:2)
The organisation that runs the mailing list I've mentioned elsewhere has a large organising committee, which changes fairly frequently (each post changes hands at least once per year, more frequently in some cases). On that committee, there are several different people who would want to send a mail to our announcements list at times. We have no mail server of our own, but always send mail with a From: header set to our general contact address. Thus we can have several people, each of whom will post to the l
Re: (Score:2)
In one way I feel for the position you're in. You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there. You are free to continue doing things the way th
Re: (Score:2)
You probably feel like you shouldn't have to invest in your own email server, or you shouldn't have to pay an ISP to host your mailing list traffic. You might have a point there.
Might? We're talking about a non-profit organisation, running a mailing list as a service to the community. There is no question of "investment", because there is no money to invest.
However, if you don't want to play by the rules that others are setting up, you can't expect your mail to be delivered.
Perhaps I wasn't clear. For the overwhelming majority of people on our list, everything works just fine. It is only those who choose to use substandard mail services that lose out. Our position — and this was discussed — is that this is their problem, not ours.
You might not have spammers who have appropriated your domain name for their purposes. I'm honestly surprised that you're able to change the From: header and have it work.
It's funny: I hear that a lot, yet not one of the
Re: (Score:2)
Thanks for the suggestion, but I don't think the Spamhaus-recommended terminology is any better. "Double opt-in" has been the common name for our approach since a long time before anyone heard of Spamhaus, and I don't see how "confirmed opt-in" is any less vulnerable to word-twisting abuse according to the argument they give. They even acknowledge on the page you cited that "double opt-in" is a term in use by legitimate mailers (unlike some of the other suggestions they mention, which frankly I've never hea
I'm shocked (Score:2, Funny)
*incoherent wheezing and laughter*
What's the bid deal? (Score:4, Funny)
Re:What's the bid deal? (Score:4, Funny)
People still use hotmail? (Score:3, Informative)
Re: (Score:2, Funny)
Yes.
I use it due to integration with messenger IM.
Despite the fact I use gaim/pidgin most of time, the email/IM integration provided by their service led me to the decision of keeping my account, which is the same long before hotmail was purchased by microsoft.
I think the service fits my needs, to provide a reliable account for registrations/memberships elsewhere.
The lack of baynesian spam filtering (such has gmail and others) is a shame.
The interface (yes, I tried Live) sometimes simply sucks.
T
You gotta pay up! (Score:2, Interesting)
Of course, it's not the exact, same thing, but the similarity between the two situations is spooky, to say th
Re: (Score:2)
Dont worry! (Score:5, Funny)
Benefits include :
1) Spam whomever you want, bypassing all spam filters!
2) Send e-mails to more than 10 recipients (Also called the "I run a mailing list you fucktard" option)
3) Free "Upgrade to Vista (Please)" coupon.
Microsoft doesn't deny it (Score:2, Informative)
Oh NOES! (Score:3, Funny)
Re: (Score:2)
an RFC is not automatically a 'Standard' (Score:2)
Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. Formally SMTP is defined in RFC 821 (STD 10) as amended by RFC 1123 (STD 3) chapter 5. The protocol used today is also known as ESMTP and defined in RFC 2821.
The only thing the Sender sould care about is the first digit of the response code, per RFC 1123:
Whenever possible, a sender-SMTP SHOULD test only the first digit of the reply code, as specified in Appendix E of RFC-821.
an
I'm in violation too... (Score:4, Insightful)
Great idea (Score:1)
And WHAT excuse do our fanbois here have for this (Score:2)
RFCs are not laws (Score:3, Insightful)
I love the way the OP makes this sound like a serious criminal violation. Microsoft (or you, or me) is free to violate RFC 2821 till the cows come home. Whether doing so is the best way to handle whatever problem they're trying to address is another matter, but they're not drowning puppies or breaking laws, they're violating voluntary standards, which is not exactly a newsworthy activity for Microsoft.
Re: (Score:3, Informative)
None of the customer mail servers I look after will accept more than about 50 recipients per message from internal users, let alone external users. Otherwise, I get too many calls from customers complaining that their internet access is slow, only to find out that t
RFCs ARE laws (Score:2)
no surprise, violation comes from microsoft. they dont hesitate to violate laws in any country they do business in, why should they hold back from rfc ?
Re:RFCs are not laws (Score:4, Insightful)
I love the way you just make shit up. All I got from the summary was that they are violating the RFC, I can't imagine what kind of synaptic misfire would lead anyone to think "criminal" when they read that.
Is overzealous MS reverse-bashing the in thing now?
I'm not TERRIBLY pro-MS, but... (Score:5, Insightful)
Granted, security through obscurity isn't really effective, but why should they bother telling spammers how small to make their batches in order to get things through? Make the bastards work a little bit.
Wow, I've gotten cynical.
Re:I'm not TERRIBLY pro-MS, but... (Score:4, Interesting)
I would be pissed off if i were subscribed to something and I were the 11th hotmail user on their list.
Re: (Score:2)
You clearly do not understand what `obscurity' refers to in `security through obscurity does not work'.
Excellent! (Score:1, Flamebait)
Re: (Score:2)
Re: (Score:2)
Sure
Hotmail is just one sign (Score:3, Insightful)
Because of spam, you can assume only that if you send an email and do not get a response that it never got through. If the only contact you have with a customer is an email address, you aren't going to get anywhere. Mail can be blocked at any point between the sender and the recipient without the knowledge or consent of the recipient - telling the recipient that they need to unblock your email is pointless as they may have nothing to do with the blocking.
Face it, email is suitable for sending threatening letters to georgebush@whitehouse.gov, love notes to your girlfriend and jokes to others in the office. And that's about it.
Meh.... (Score:2)
It seems a bit silly for Microsoft to have such a strict policy and then lie about it.
RFC 2821 is not (yet) a standard (Score:5, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
There was a time when hotmail started pulling shit (Score:2)
what happened ?
many providers, including hosting providers have started to refuse hotmail addresses being used for account signups, and warned customers that they should get an email from another provider to sign up with.
go figure what effect did this have. a hint - hotmail dropped the whitelist crap shortly thereafter.
Oh well. (Score:2)
Further, why does anyone use Hotmail any more, any way? There aren't enough other free providers out in the world yet?
Sometimes even earlier denial is good (Score:3, Informative)
Unfortunately spam filtering has became so complex that more often than not one there is no one-size-fits-them-all configuration. But this means that the same message might be acceptable to the configuration settings of user A but not to the settings of user B. When now a mail sender tries to send a message to A and B, it will be necessary to deny recipient B due to the differing config (at least for filters which are based on content and thus can not be run before the recipient was accepted and the message sent).
Yes, this breaks a proposed standard. But so do a lot of other spam filtering techniques like RBL, SPF and Greylisting. Thanks to the spammers we have broken SMTP quite some while ago and one is to wonder why internet mail is still quite reliable. I predict it can only go downhill from here.
You think MS is bad? Try Yahoo! (Score:4, Informative)
When I contacted Yahoo, I was referred to a broken web form that supposedly would direct me to a place where I could whitelist my domain, or at least make it less spammy-looking to Yahoo. Upon further attempts to reach them, I only received automated responses, but no answers to my questions.
I am not the only one who has had this problem sending e-mail to Yahoo accounts. Ironically, just Google for all the discussions on how Yahoo doesn't care.
Sending e-mail to GMail accounts works just fine for me. None of my messages show up in the spam folder. This is an indicator that the problem lies with Yahoo, and not with my domain.
Re: (Score:2)
Re: (Score:2)
I also can't get anything through to Un
"Admins Accuse Microsoft of Hotmail Crap" (Score:3, Funny)
Blame spammers not hotmail.com (Score:2)
It's ridiculous the volume of SPAM out there. If you've never had to think about this, it's easy to underestimate. Now, imagine my relatively simple situation and multiply it by about a million. That's w
To Limit Spread Of Viruses (Score:2)
The obligatory checklist (Score:3, Funny)
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Yahoo is just as bad (Score:2)
How Easy Is This To Test? (Score:2)
And just how easy is this to actually test? Should take a couple of minutes -- five tops -- to know if it's actually happening for average users.
Re: (Score:2)
Most people don't follow that standard (Score:3)
It does sound to me like the too-many-recipients failure should be a 452 rather than 552, but other people have commented that mail senders are supposed to know how to deal
Re: (Score:2)
It appears that the authors of RFC2821 walked around RFC2119 by mandating a minimum limit on something without using RFC2119 language, when breaking that limit doesn't actually break the system.
E.g., the maximum size of a "local part" is 64 characters. If a client generates a "local part" longer than that, the system br
Re: (Score:1, Flamebait)
Yes they can, but they think it means Redmond's Frickin' own Canon. And in that 552 reads:
And as far as I can see they implemented their RFC coherently in every single product, not only hotmail.
Re: (Score:2)
Re: (Score:1, Troll)
There, fixed it for you...
Re: (Score:2)
Sorry, posting drunk again
Re: (Score:2)
I do have more than ten friends, and often want to mail party invitations to them.
Limiting emails to ten at a time won't do anything to stop spam that limiting them to a hundred won't. Spams are in the tens of thousands, easily, often much more. Last time some [censored] sent out a spam using my domain, I got over four thousand bounce messages. I have no idea how many messages didn't generate a bounce.
Re: (Score:2)
It's not very professional, and doesn't give me good feelings about their company... I understand the convenience and ease of having the web mail accounts, but it make me that think either their company is nothing but cheap bastards, or that the salesman is shady by keeping his email separate from the company. (they are representing their company)
Now, an addr
Re:Hotmail has many worse problems than this one! (Score:5, Interesting)
me: why are you accepting my email with code 250 OK, but never delivering it?
them: we can't talk to you until you submit all the forms at postmaster.hotmail.com
me: submits the forms, which are clearly geared toward businesses (my "site" doesn't have a "privacy policy" or an "opt out form" because I don't SELL ANYTHING).
them: we can't talk to you until you sign up for our email tracking service to analyze your traffic
me: signs up. My server doesn't generate enough traffic for them to even log.
them: you need an SPF record
me: installs an SPF record
them: your SPF record is wrong. RFC blah blah states...
me: IT WAS GENERATED BY YOUR ONLINE TOOL!! And if you want to quote RFCs at me how about the one where if your server accepts email, you're guaranteeing not to drop it for frivolous reasons (RFC 2821, sec. 6.1)?
them: our reasons are not frivolous, but we won't tell you anything.
me: like how your servers drop email sent from thunderbird but let the same messages through when sent from outlook express?
them: we don't filter based on header information
Mod parent troll (Score:2)