Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Hotmail Implements Spam Filter System 183

emerson writes "News.com is reporting that Hotmail has finally taken the plunge and decided to implement the MAPS RBL spam "blackhole" list. The article notes that they have seen a marked decrease in spam in just a short time. Read the whole article." More and more ISPs seem to be jumping on the MAPS RBL bandwagon. It's a very good thing IMO, especially for the "free" e-mail services that attract spammers the same way picnics attract ants.
This discussion has been archived. No new comments can be posted.

Hotmail Implements Spam Filter System

Comments Filter:
  • Because this is still a good thing. Not everything that Microsoft does is bad. Their OS monopoly sucks, but all prejudice aside, they have some really nice products. I have quite a few pieces of Microsoft hardware, and they are all excelent. Powerpoint is a fairly good product. Though I'm somewhat afraid of the flames I'll get for saying it, Internet Explorer (4 or later) is pretty good. Running in windows, it's fast and way more stable than Netscape.

    I think it's unfortunate that many people seem to lose sight of many of the main objections to Microsoft and just slam the company as a whole. I think Windows leaves lots of room for improvement. However, that doesn't bar them from releasing other quality products. We don't like Microsoft because of some of their business practices, but how much better are we if we just automatically say "It sucks because it's from Microsoft," without even investigating what "it" is.

    A spam filter on hotmail is a good thing. I'm not above saying, "Way to go, Microsoft!" when they do something good.

    Way to go, Microsoft!

  • because the RBL becomes more effective the more systems implement it. If an ISP suddenly finds it has been RBLed, and therefore it's customers can't reach half the e-mail addresses on the planet, it'll shut down its spammers or secure their mailserver pretty sharpish ;-)

  • This means ISPs who have been lazy about closing their spam relay holes will have to take the RBL seriously now. If you are running a server and want to make sure you don't have any holes that will put you on the RBL telnet to mail-abuse.org [mail-abuse.org]
  • by J1 ( 98359 )
    Wow. Hotmail just shot up 10 points on my esteem-o-meter. Basically, the last paragraph sums it all up: "Functionally, the RBL is a way of saying you're not holding up your end of the bargain. Isn't that a good reason for you to fix what's wrong with your system?" This whole issue has nothing to do with freedom of speech, it's a technical matter: if you haven't configured your server in a way that prevents abuse, you should expect to be shunned by other providers. Hotmail adopting this viewpoint may well give the anti-spam movement a push in the right direction.
  • by J1 ( 98359 )

    Wow. Hotmail just shot up 10 points on my esteem-o-meter.

    Basically, the last paragraph sums it all up:

    "Functionally, the RBL is a way of saying you're not holding up your end of the bargain. Isn't that a good reason for you to fix what's wrong with your system?"

    This whole issue has nothing to do with freedom of speech, it's a technical matter: if you haven't configured your server in a way that prevents abuse, you should expect to be shunned by other providers. Hotmail adopting this viewpoint may well give the anti-spam movement a push in the right direction.

    ObSneer: Something good from Hotmail. What next, pigs with wings?

  • by Anonymous Coward
    My hotmail account has been getting about 10-30 spam mails a day for a while. Usually I will use spamcop.net [spamcop.net] to report offenders - but hotmail has allowed the spammers to send mails with no sender, no recipient - basically, no headers but the subject and a fake from line. No way block those has existed. Wonder if they will do something about that now ??
  • Wouldn't it be neat to have a centralized database that would collect the hashes of various spams. Email clients could query the database to see if a message was spam before presenting it to the user. When a user receives spam, just forward it to the database and it would be blocked for everyone else. 'Course its probably been patented already.
  • I have an account that i use to filter all my spam through.. the account that i use when i need to get a mail.. but i know will get sold to spammers.

    That account is usually getting about 20-40 spams a *DAY*.

    That same acount was empty when i checked it this morning.

    That has never happened before. Thank you RBL.

  • Well, I guess in one way it's nice, but wouldn't it be better if hotmail customers can decide for themselves what to filter? OTOH, hotmail accounts are free, so people get what they pay for.

    It isn't making me removing hotmail.com from my procmailrc file though...

    -- Abigail

  • by VSc ( 30374 ) on Tuesday November 09, 1999 @11:13PM (#1547187) Homepage
    Well for 'the best of us' who are lucky enough to have a real account, HotMail seems to always have been a spam trapper - a way to indentify yourself on newsgroups, registering on a free account (NYT comes to mind) or registering on nearly anything else: you would surely get something of the sort:
    • In order to do that / download that / go there please fill in this simple 35 step form, required fields are marked with * (e-mail is marked with an * of course)
    • "Thank you for you registration, here is your password" + spam spam spam (buy that buy this). The last line says "This is not spam because we include unsubscribe information" (Their concious is not clear already I see ;-)
    • "Half an hour ago you displayed an enormous interest in our product so here are some news for you" + spam spam spam
    • You be polite you unsubscribe
    • "We are awfully sorry that you would have to leave us" + spam spam spam (this is already interesting - they spam you while you try to unsubscribe!). In order to unsubscribe, go to URL:blah.blah.com
    • Being the patient soul you are, you go to the URL
    • Unsubscribing, you get the (hopefully final) e-mail stating "You've been unsubscribed, we don't know how we can go on living without you" + spam spam spam.

    So, just trying to make it as painless as possible yields you at least 5 spam emails, all trying to unsubscribe. They sure don't waste their tim with that.

    All spam starts with the line: "THIS IS NOT SPAM"

  • Right! We use it a lot on our servers.. Also I wanted to make note of how late they are in doing this I mean look at NetAddress(USA.net [usa.net]) they have had it since.. Well as long as I can remember.. and that's a long time over 3 years.
    ------------------------------------------ -
  • I had a hotmail box for anonimity reasons. It is spammed to hell and back (mainly becuase I made 2 mistakes in the early days - I put the unmangled email address on a web page, and I wrote angry replies to spam).

    About a month ago I moved over to webmail.co.za becuase I was sick of deleting 40 useless messages every week. Praise to hotmail, it's just to late.
  • by gad_zuki! ( 70830 ) on Tuesday November 09, 1999 @11:21PM (#1547191)
    Spammers using Hotmail will be happy to have a mailbox that won't fill up with their competitor's spam right before it gets canceled.

    Maybe from now on all spam will be from Hotmail.com to Hotmail.com.

    "Who needs open relays when you can get a free mailbox in 96 seconds?"

  • Spam filtering is easy! Heck... even Outlook can do it!
    1. Create a rule to move all mail that doesn't contain your email address in the "To" header.
    2. Create another rule (with a higher priority than the one above) to skip certain messages that you do need (mailing lists, etc.)
    3. Voila! Enjoy a spam-free life!
    If you're afraid that some important email may be accidentally deleted, make the messages go to a temporary "Spam" folder, and check it once in a while.

    Actually, my Hotmail accounts are the only ones I didn't do this with, as Hotmail doesn't allow filtering by the "To" header.


  • I logged in to one of my old hotmail accounts after reading this article, and if there's really been spam reduction efforts, I haven't noticed. I have about 15 spam mails dating from last week (I did not sign up for any mailing lists or register anywhere with this address. I did sign up for webspace at some odd site, but I put its spam domain on ignore already). I took a look at the domains and saw about 8 emails from various obscure/unlisted domains which I assume to be open mail servers. Moreover I had 2 emails from RealNetworks, which had supposedly been blocked according to the article. Another problem I noticed is that the rest of the spam came from major 'legit' domains like yahoo.com, aol.com, and hotmail itself. There's no way hotmail will block these huge domains off, and since a LOT of spam is generated by such sites, the spam problem will still be in effect. Despite hotmail's and MAPS' best efforts, I really don't see anything a e-mail provider can really do to fully prevent spam.

    So I guess spam handling is still more of a personal issue than anything. My advice for spam control would be as follows:

    1. Don't give out the adress for your main ISP account... I never even use mine since I learned my lesson with my old ISP. I gave out the account to every sleazy signup site and ended up with about 100 msgs on the server at one point... which is a real pain when on your main account.

    2. Either use an extra e-mail account from your ISP, an account on a friends domain, or a low-profile free mail service for your main email adress. You most likely won't be placed on any mass spam list if you only give the adress to people you intend to communicate with. Plus you have a greater level of anonymity should you need it or desire it.

    3. Hotmail accounts do have a purpose after all. My advice would be to register one or more and keep it/them as a spambox... use it to sign up for accounts, mailing lists, newsletters etc. You'll expect spam anyway, and if it gets flooded to hell, it's just a free hotmail account, so no big loss.

    4. If you don't need to recieve a reply email (like website passwords or account verification) from a site that expects you to give them your adress, use a fake one. It's easy, and allows you to exercise your creative juices... I always like using root@ :)

    Let's just face it, spam is always going to be an issue regardless of the efforts of MAPS and the like. It can be annoying, but if you just use an extra moment of time and some common sense, you'll save yourself a lot of annoyance. (I'm actually to the point where I check my hotmail inbox just to see all the new spam since I never get any mail in my personal box :D )
  • I've kept a hotmail account for awhile now as it's nice to have web-mail when on the move or when I don't want to give out my real e-mail for whatever reason. I only access it every week or two, and good god, the spam is amazing. After two weeks I'd easily have over 100 spammed e-mails to sift through - it was barely usable. Hopefully this will help out...
  • Actually hotmail does have its own share of filter options. Just log into your hotmail account, go to options, and you will find a filter option. There, you can add e-mail adresses to a list of "blocked senders," and any e-mail from the specific sender will be sent directly to the trash can. Also, you can also direct incoming e-mails to a certain folder (including trash can) by telling it to look out for certain keywords in the subject, sender's name, or sender's e-mail. Or if you're really lazy, and you already have some spam in your inbox you can just go to the messgae and tell it to block the sender of that message from now on. Granted, it won't keep your hotmail account spam-free, but the option is there should you wish to use your hotmail account for standard e-mail purposes. But personally I would stick to one of my current POP3 accounts instead of bothering to configure my hotmail account :)
  • Actually you can overcome hotmail's infantile filters, hotmail lets you use an email client to check your mail. (Yeah, I couldn't believe they'd do something this cool and not announce it either) The servers are pop.hotmail.com and smpt.hotmail.com. Just use an email client with the filters you listed above to check your hotmail, and voila.

  • It's amazing features like this that make outlook the wonderful program it is.

    Here's another method. Simply let the spam go straight into your inbox and delete it yourself as you read through. That way you wont have to check the 'spam' mailbox all the time and you wont send messages from mailing lists into the bin (unless they're from the N30 mailing list of course).

    Still no match for RBL tho'.
  • by freakho ( 28342 ) on Tuesday November 09, 1999 @11:59PM (#1547198) Homepage
    4. If you don't need to recieve a reply email (like website passwords or account verification) from a site that expects you to give them your adress, use a fake one. It's easy, and allows you to exercise your creative juices... I always like using root@ :)

    An even better one is putting in the site's own abuse@ address. If they have one, they'll get the joy of spamming themselves; if they don't, it'll bounce. Nobody gets hurt but the jerks. :)

  • Choose My-Deja as your free email provider, and don't worry about spam--they've used spam filtering for a while now.

    The only thing wrong with it is that I don't know what their filter criteria is, nor can I ever peek at those filtered messages. I use that account as my newsgroup account. I use a usa.net account as a sign-in account that nobody ever needs to contact me at, but I can check if I ever forget a password somewhere and need it sent somewhere.

    And of course a main account that isn't listed anywhere except for my friends' addressbooks.

  • Not really a good idea. Imagine the horrendous amounts of hits that one would get every day. Also delays would be quite horrendous and make reading e-mail a pain.

    Just make a deal with Russia and send all the spammers to Siberia :-)

  • It's apparent that you don't get 10 or more spam messages per day, and that you haven't looked at the headers of the spam mails.

    Sorthing through the spam is a tedious and annoying process. Almost all of the spam I receive (so far, no exceptions in nearly a month, with 10 to 20 mails a day) does not have my email address in the "To" header. Maybe some Sendmail hackers can explain this to you, as I don't know it well enough to be sure that my ideas are true.

    As for accidental deletions, I think I covered that in #2. Usually, if not always, the mailing lists will either come from the same email address, contain a certain string in the "Subject" header, or both.

    Again, in the little-more-than-a-month of the filters being in effect, I have had no accidental deletions whatsoever. And I do get a lot of email, including some from mailing lists.


  • Same token, I opened up my account today that usually receives 3-5 spams a day, and today, no spam.

    The disturbing part is that the account I created to specifically give out as a semi-bogus e-mail address for registrations and whatnot gets less spam than my preferred mailbox.

  • Officially (at least last time I checked) Hotmail charges for these services. I have tried them a few times, with months in between, and found them very unreliable and slow. If you want a free POP3/SMTP account, try HotPop [hotpop.com], which even gives you a choice of a few different domains.


  • But then, about 30% of my spam is addressed to my own e-mail address...

    I've released a product (yeah, yeah, here comes the commercials) called spamstop, which does this and has many other rules. Couple it with the RBL, DUL and others (if you can -- not everybody runs their own SMTP mailer, you know!) Check out its Appindex record [freshmeat.net]. (Well, calling it a product is a bit too much, but it's effective enough.)

    Anti-spammers, unite!

    /* Steinar */
  • by david.given ( 6740 ) <dg@cowl a r k . c om> on Wednesday November 10, 1999 @01:22AM (#1547205) Homepage Journal
    There's a really easy way for an ISP to protect itself against people using it to send spam: introduce a one or two second delay before accepting each message. This is insignificant to the normal user --- my mailer, exmh, takes about five seconds between my pressing `send' and control returning to me --- but would stop spammers dead. Two seconds per message means 30 per minute, less than two thousand per hour. It means that they can no longer blast thousands of messages into the server. If you like, you can also implement something that checks for, say, more than a few hundred messages in an hour and automatically disables email.

    The effort needed to implement this is trivial.

    (You would need a normal mail server to handle mailing lists, of course. But that's not a problem as mailing lists tend to be handled purely at the server end, without the messages been sent down the dial-up link.)
  • Actually, hotmail.com is in my SPAM list. That means that in my domain nobody can use hotmail.

    When hotmail.com wasn't forbidden there thousands
    of spam messages coming from them.

    Hard for my users, but they have learned not to use hotmail ;-)
  • They should take a look a the spam filters at yahoo mail [yahoo.com]. I have an account there for over two years,that I give to people or websites I don't trust and I have not received a single spam-mail on that account.
  • Great! Now maybe they can work on there customer service and support a little! I've been waiting almost two weeks for them to fix my account (or the machine it is on), contacted support about 12 times, and I keep getting "We're working on it; don't know when it will be fixed...." SO WHO CARES ABOUT SPAM FILTERS IF THEY CAN'T EVEN TAKE CARE OF THEIR ACCOUNT HOLDERS!
  • by emerson ( 419 )
    So talk to the MAPS people about the offending domains -- subscribing to the RBL is no guarantee of spam freedom -- the RBL has to be maintainted constantly by volunteers and people in the community.

    If the RBL isn't decreasing your spam, it's at least partly because you're not doing your part to help MAPS.

  • Exellent to see the market pressure do something good here. Since there are many freemail hosts, why would anybody use the one without spam control.

    However, my biggest "spam" problem has never been the pure spamming (gee I compiled this adress list from a web spider. I bet they all want to hear about my amazing new porn site) All of you who reads /. allready know how to deal with these jerks. No, my problem is those who abuses the fact that I actually signed up for some mailing list at one time. I might have bought a server component at one time, and of course I want to know of any upgrades or bugfixes to it. However I don't want them to send "valuable information" about their other products. In the same manner there are a lot of mailing lists with some really valuable info, but a low signal to noise ration. And then there is that nice feature "company wide messages" Oh thank you mister manager for sending your 3 meg power point presentation to everyone here! I really loved to wait for it to pass through my modem. Unfortunalely there are some really valid uses for that group adress so I cant just block it out.

    Any of you who have any nice solutions to this sort of semi-legitimate spamming?

  • Of course, if the spammer puts 100 addresses into the BCC header, you get 180,000 messages an hour. Granted this is less than is possible without timeouts, but it still is a lot of messages. I suppose you could get around this by varying the delay based on the number of recipients (maybe use an exponential relationship?).
  • I can't understand why the average site would want to act as a mail relay for other sites, after all,
    bandwidth == money (at least, here in the UK, where my co-location deal is £50 per month for 1Gbyte data transfer, and that was the best one I could find).

    As for spam, my yahoo site has been taken to being spammed by yahoo addresses, my hotmail one has loads of @hotmails, and my usa-net account is ridiculously full of porn spams (I only put that address up on one silly free page and that's what I get for it!) Actually, I wondered if usa-net was actually giving out my address to spammers because the amount of junk was so excessive, so I set up a spam-box account there a while back, checked it yesterday, still not a whimper.

    The most annoying thing about spam e-mails is that half of them say 'to get off this list, you must phone 1-800-AMERICANNUMBER', and I'm like, er, yeah right! So I have a filter at yahoo that gets rid of e-mails containing American phone numbers and the permutations of the phrase 'Zip Code'.

    At least web-based accounts don't actually spend hours downloading the spam onto your machine, (significant while we still pay for dial-up calls in the UK).

  • I was so excited when i got outlook express 5 from microsoft, which allowed me to both download my email directly from Hotmail just like POP mail and also to do spam filtering. I was a little worried at first that the spam filtering would go too far, so I just set it to highlight spam and let me do the deleting. The first piece of spam i received was from Hotmail itself! Even Microsoft's own email client can recognize spam when it sees it...even when it's from Microsoft. I assume Hotmail is exempt from its own spam policies, which given the large user base of Hotmail, might make this more of a problem than a solution. suddenly Hotmail is the most attractive service for spammers, as they filter mail from everyone else, but not themselves...
  • I don't really see why everyone bitches about hotmail's spam problem. I lived there for quite a while, put my address out carefully, and never had more than two spammails a month.


  • I use hotmail as a spam filter like just about everyone else. Heck even the one posted here is a spam account, but it doesn't get spammed. I have been going into my hotmail account everyday and if anything the amount of spam has increased. If they implimented anything I sure as hell can't tell. I guess it's time to use my mail filters on hotmail again, they don't work but they worked better than this RBL thing.
  • I was getting a lot of spam via my Bigfoot address which I do tend to give out, but it now diverts to my web account at www.msgto.com which checks for 'human' senders by sending them a picture where they have to pick on a given word. You can also manually add people to your acceptable list. I use their POP3 facility to pick up my mail in Outlook and I don't see any spam there now. I just check the spam folder once in a while in case a mailing list ends up there and just delete the spam.

    msgto is still in beta, but so far looks good.
  • Agreed, for me, the problem is not getting spam into a hotmail account, but preventing spammers from using hotmail to send spam out!

    I'm sick of having hotmail accounts cancelled, only to find that surprise surprise, the same person has another one the next day.

    This is even more annoying when people are being disruptive on mailing lists, and you have them banned, etc. Tomorrow, another hotmail account, another anonymous identity.
  • Owning your own domain name can help solve a lot of your spam problems. Assuming you have unlimited aliases wherever your domain is hosted. Whenever I go to a site that asks for my email address, I make up a new alias on the spot just for the purpose of that form. For instance, downloading RealPlayer, I would use RealPlayerDownload@mydomain.com. I can make up anything on the spot, it all comes to me at the default forwarding address.

    Now, if the scumbags start sending me crap I don't want I can send that alias to /dev/null and forget about it. Chances are they're not going to send me anything useful (like bugfixes) if they have to spam their customer base to get business.

    And, if by some chance they sell my email address to some spammer, I know exactly who sold it and
    can take action against the site that sold it.

    As far as cow-orkers are concerned, there's not much you can do about that except educate them.
  • Yes, as long as you don't subscribe to any mailing lists. About 90% of my mail comes from mailing lists.
    I think this is pretty funny, considering that hotmail.com was the first domain to go into my kill filter. I have it killed at my provider; I don't even receive them.
    Nonetheless, I am glad to see another major email service using the blackhole list.
  • Two more options for this:

    Yahoo.com will let you use a POP server if you agree to let them send you advertisements. This is sort of an opt-in scheme. I do not use the POP server, and yahoo has not sent me any spam, which is as it should be.

    Geocities also runs a pop server, and the accounts are free.

    mail.com will forward e-mail to another account. I use their startrekmail.com as my spam drop, which forwards to another account that I have on another service. If I ever get too much spam from startrekmail, I will just register another name.

    I've noticed that accounts at netscape.net and altavista.net collect spam even when the accounts are unused. I have pdrap@netscape.net and pdrap@altavista.net and both are full of spam though I've never used them. Stay far far away from those.

  • I can REALLY tell. This week, I have been getting an average of 40 spams per day. Hotmail even seems to be ignoring my block list. I knew something was wrong. I should have known they attempted an "upgrade".
  • Then you're lucky. I've received some. Not a lot, true, but the address doesn't have wide distribution.

  • For this kind of requirement, I use and recommend the Spam Receiving Service at www.tinaa.com/spam/index.html [tinaa.com].

  • abuse@ftp.warez.org
    Look at the A record for ftp.warez.org
  • I agree. This hasn't fixed crap. I use hotmail as my own SPAM filter. From November 4th until yesterday morning, I received 28 SPAM messages. Doesn't sound like a good filter to me...

    Tom McKearney
  • According to Netcraft [netcraft.com], hotmail is still running FreeBSD.
  • I'm certain someone does trawl /. for email addresses. I never had any spam to speak of at netscape.net and now I'm on here, it all starts flooding in. Yes, it's a spam trap, and yes, it gets used, and no, I'd never *ever* stoop so low as to use a M$loth-provided webmail service as evil as hotmail, even as a spam trap.
    So I guess they're welcome to do whatever they like with it, by me!
  • >Well, I guess in one way it's nice, but wouldn't
    >it be better if hotmail customers can decide for
    >themselves what to filter?

    In some ways, yes, since I use my hotmail.com accounts for spam reporting purposes (one is used for newsgroups, and the other sends the reports about the spam sent to the first :)

    OTOH, if something's on the RBL then the source is (in effect) a spamhaus, so I guess I'm not really losing anything.

  • Problem with this system: it punishes the 'little users' for their ISPs mistakes. I was more than a little irked to find that I couldn't send email from my professional address to my mother of all people because my hostname was on their 'blackhole' list. I went through the site and the mail server I had been using was abused by some spammer through an open relay so it was put on the blacklist.

    Now, this is a big place, and the wheels of bureacracy only turn so much so far, and this event happened months ago and our sysadmins haven't gotten around to fixing this little nuisance yet. So now because some people don't want to use procmail or hit the delete key when they get UCE, I can't email my freakin' mother.

    I hate spam as much as the next guy, but this banding together and automatic trial-by-fire via 'intelligent systems' is going a little too far. I have a feeling these RBL guys have a pang of glee as they happily restrict an entire domain from sending email somewhere... "That'll teach 'em"... that'll teach 'em what? To pester their poor sysadmins to "do something"? _They_ didn't send the spam.

  • Although Hotmail implements protections from allowing their own users to send too many emails/spams out.. There is nothing stopping me from creating hundreds of hotmail accounts and creatively spamming a bazillion users.

    How many times do you think Hotmail itself shows up on the spam blocking services available? I quit my sysadmin job for something more rewarding and aside from the user support, spam was the number two headache I had to deal with. LOTS AND LOTS of spam comes from Hotmail accounts.

    The spam issue will not come to an end by these means. I hate to say it but I really think the only thing that will stop the spammers is a world wide agreement to prosecute harshly.

  • The only spam I've been getting at my hotmail account has been from hotmail/microsoft. When I read any other message I am given the option of blocking the sender. This option is curiously missing from MicrSpam.
  • by mrsam ( 12205 ) on Wednesday November 10, 1999 @03:20AM (#1547233) Homepage

    What's really funny is that currently Microsoft itself is VERY close to being RBLed for their massive spewage of Y2K related junk E-mail. They are spamming every last E-mail address they have their hands on, and, as a result of that, are really pushing the edge of the envelope.

    So, if microsoft.com gets RBLed, we'll just pop some popcorn, and watch what happens when Microsoft ends up RBLing itself...

  • Orbs blocks all open relays. Use Orbs! THAT is the really effective thing against spam.... Of course some providers, like roses.de, are either too incompetent or too ignorant to secure their servers and remove themselves from the orbs... Only took a friend of mine 7 months to get them to fix their servers...
    Since there is not one valid reason that open relays should exist, the more people use orbs the better. Fight spam, shut down open relays, and draft all spammers into the landmines removal service. That way, everybody will benefit. :-)
  • Same thing happened to the evilbastard domain - our host was using a generic email server that forwarded all of their hosted domains without any identity checking. All my friends (who use evilbastard email addresses just because they look nice) couldn't send mail for 3 or 4 days. Very annoying.

    But, all things considered, I'd rather lose email for the period of time it takes domain hosts to learn how to secure their systems and be a good net.neighbour, then to continue as we were about a year ago.

    The RBL is both neccesary and bloody annoying. If it wasn't annoying, then it would get ignored. It's the next step towards ending spam.

    After this, we just have to stop the Large commercial spammers (Barnes and Noble, last week), and we'll be able to reclaim our email addresses and open our mail in safety.

    Providing they arn't in HTML, of course.
  • I have a yahoo account that has over 380 SPAM e-mails and not once have I given out that address or used it in any way.
  • I signed up for an account with them just for the hell with it a while ago....I login like once or twice a month.,....and I've never used the email address to send a message, however now I 20 spams a day, its pretty damn useless in my opinion!
  • Another problem I noticed is that the rest of the spam came from major 'legit' domains like yahoo.com, aol.com, and hotmail itself.

    Actually, almost no spam originates from these domains. They are, however, among the top favourites for fake From: addresses in spam messages.

    You need to know that the From: address in an email is purely cosmetic. The old postcard analogy can be used again when saying that the From: line says no more about the sender of a message than the signature (or lack thereof) on a postcard.

    Instead, as on a postcard you look at the stamp to derive information of the true origins, in an email you look at [zikzak.net] the "Received:" lines. Or you can simply download some script [frontec.se] to automatically extract the information and complain to the proper addresses on the guilty relays.

    Bottom line: Ignore the From:-line and instead complain to the real senders! It works. I routinely notify the relays of all the spam I get (it's a one-key operation with scripts like the above) and that results in the closing of about one open mail server per week. Less open servers means more difficulties for the spammers, which is a Good Thing.

  • LOTS AND LOTS of spam comes from Hotmail accounts.

    Lots and lots of spam has a hotmail envelope from address or a hotmail reply address, but I've never had spam which actually originated at hotmail.

    Spamming via hotmail would be really painful and slower (even with a Perl script to handle it for you) than just finding an open relay and/or a throwaway dialup account. Unless all the other ways of spamming get locked down, I don't think we'll see this happening much.

  • See Brightmail [brightmail.com], I think it is fairly close to what you are talking about. Unfortunately it is a proprietary, for-profit system. Not sure if they have patents. There is an overview [brightmail.com] of the system design. I believe the software is written in Perl!

  • My ISP's connectivity provider, Teleglobe, has started using the RBL in a special way. They simply router blackhole every host on the RBL, instead of denying incoming e-mails.

    That has the unfortunate effect of making sites such as http://members.home.com unreachable from my ISP, and all the other ISPs that use Teleglobe.

    After arguing with my ISP's CSRs, it's clear that they will do nothing to restore connectivity to such sites.

    Teleglobe provides connectivity to many large ISPs, including JA.NET which is huge in Europe, I believe, and Videotron Telecom (my ISP) which is the only Cable Modem provider is many areas of Québec.

    I've been forced to use a proxy to access some sites, which is a pain... I wish they'd use the RBL the way it was intended to, blocking E-Mail only instead of denying access to legitimate web sites.

    Ah well. Life is hard. ISPs are Evil.
  • How do you wash dishes? The answer: you hold them under the faucet and run water, a great deal of water, across them, and whatever was on the dish that you want to get rid of gets swept away in the flood.

    This is my system for dealing with spam. All I do is subscribe to two or three mailing lists, which deal with interesting subjects (for me, art and economics). From these mailing lists I get about eighty emails a day. In addition to those, maybe three times a week someone sends an email directly to me, and of course every day anonymous spammers throw a few slices of spam in the mix.

    Before I subscribed to those mailing lists, there were times when I'd log in to my mail server and almost all the new mail - say, four emails out of five - was spam, and like everybody else I found that quite annoying. But now if I get four or even ten spams in a day, I barely notice and I don't care.

    The only downsides are: 1.) if I don't log on and download the email it piles up to an alarming height; until just now I haven't logged on to my personal account since Saturday, and I had to download over four hundred messages, and 2.) that's an awful lot of stuff to think about; from where I sit at my desk I can see three open books, face down, which I am reading to try to keep up with the the current threads on the two economics lists. Beats the Hell out of watching TV, though.

    Yours WDK - WKiernan@concentric.net

  • Heh... well, it's a (large) university, not an ISP.
  • Yes, Redmond is an evil monopoly out to destroy our freedoms. But even a broken clock is right once in a while. Hotmail using RBL is a GREAT thing that will benefit EVERYONE -- an awesome boost for an underused public service.

    Hopefully the resulting buzz will be sufficiently positive that the other free email services (like my dear old Yahoo) will follow suit. I've been requesting it for years and Yahoo never replied.

    Ah, to imagine the day when I never get another email from Andrew Conru or Sam Khuri...
  • Assuming the toll free numbers are legit - why don't we just set our modems to autodial the voice number all night long - every connect will add to their phone bill - we could bankrupt somebody in a hurry!

    Seriously - why would this not be a good idea?
  • . There, I said it - and no pun intended. Most of the spam I get isn't blocked by it. Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations. So I'm alittle pissed - In the process of trying to find and neutralize spammers, they've broken several rules of netiquette - most importantly the one that says that it's a peer to peer network. Gee.. I don't feel like a peer right now - I need to go spend $1500/mo to get the 'right' connection so they take my mail seriously.

    Boo, hiss! Go use something like intelligent filtering. It works a helluva lot better than the RBL, and innocent people aren't caught in the line of fire.

  • the wheels of bureacracy only turn so much so far, and this event happened months ago and our sysadmins haven't gotten around to fixing this little nuisance yet.

    Aha. This is exactly why Hotmail using RBL is such a good thing. Your local sysadmins may not care much about email being unable to reach a few small domains. But what happens when your company can't contact thousands (or millions) of clients, because your sysadmin is allowing spam?

    The squeaky wheel gets the grease, and a mountain of refusals from Hotmail will be very squeaky. If another big name like Yahoo or Earthlink joins in, the squeak becomes a roar, and your bureacracy will move quickly indeed. Which is precisely how RBL is supposed to work.

  • I own an ISP and have used the RBL with Qmail since mid-1997. It is a great service, and DOES catch many spammers - and lets them know about it.
  • I run an ISP and used to have my sendmail configured to filter out MAPS RBL spam.

    I found that it also filtered good traffic... because many other isps are black listed because they've had spammers in the past, etc.

    If all ISPs maintained their systems correctly, and kept themselves off the list, I would use it. But I lost too much business due to it.

    - Hugh
  • If your ISP didn't pay their electricity bills, they'd be cut off. Would you blame their electricity company for denying you the ability to send mail, or would you blame your ISP for not paying their electricity bills?

    Your ISP shouldn't be aiding spam in any way, be it hosting web sites, failing to deal with abusers or having mail servers that are open to relaying. It's their fault.

    To pester their poor sysadmins to "do something"? _They_ didn't send the spam.

    No, but they had an open relay. There's no excuse for this. People aren't put on the RBL purely for making mistakes - they're put on the RBL for failing to fix something that's broken after being asked to fix it. If your ISP is unwilling to behave in a responsible fashion, don't act surprised when people start refusing to deal with them any more.
  • This isn't how the RBL works. An IP/IP block that is on the list is banned from sending mail to anyone who is subscribed to the list. Well, you can choose to do special things with people on the RBL, but most sites using the RBL will just send anything from sites which have been RBL'd straight to /dev/null. Now, if you mean your ISP is on the list of people who USE the RBL, you should have been more clear.

    Tim Wilde
    Gimme 42 daemons!
  • I don't get much spam, mainly because according to most questionaires i filled in for me address show that I have _NO_ interests. ofcourse.. the autoreply might help.. at the second message I get from a site that's spam, that address gets submitted to about 100 mailing lists. only had to do that once..ofcourse.. at the third spammail, I get nasty...

    //rdj, the utter bastard
  • Someone might want to correct me but can these spammers be systematically spamming aaaaaaaaa to zzzzzzzz? Might explain why my unrevealed emails too get spammed for no reason. Unless of course those companies sell out our address.
  • Everyone repeat after me: "spam with Hotmail in the From line usually is NOT sent from Hotmail". Most spammers are abusing an open relay and forging the From address to deflect attention.

    Some spammers might use Hotmail as a drop box, but it's not a very good choice since it will get cancelled in a few days and lose most replies. These days most spams use dedicated spam-friendly domains (like conru.com) for their drop boxes, or don't give you a valid email address at all.

    If you aren't your own mail admin, go tell your postmaster to use RBL. When it reaches sufficient density, other admins will work very hard to stay off that list, and spamming will get that much harder.

  • Those "poor" sysadmins at your workplace are responsible for the way their server is configured -- they need to "do something". This is 1999, not 1992; There is no good reason for any mail server to be an open relay.

    I subscribe to the rbl-nominate mailing list and believe me, putting a site in the RBL is not something that is done without careful consideration and a lot of work. Phone calls are made, lengthy evidence is gathered and everything is researched, checked and double-checked. Most of the participants are doing all of this in their spare time. Do you think this is fun? It's about as much fun as picking up garbage along the freeway. The alternative to the RBL and similar programs is a freeway with a garbage dump running it's length.

    Oh, but poor gardenhose can't send e-mail to his mom from his work address because his lazy admins won't unfuck the mail swerver. Is this the RBL's fault? No, it's his own fault. If gardenhose can't get action on this from his luser admins, then maybe he should consider getting off his lazy ass and signing up for a free e-mail address with a responsible provider (such as Hotmail)!

  • Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations.

    Signal11 is talking about MAPS' Dialup User List [mail-abuse.org], which helps a mail server identify a connection directly from a dialup IP at a remote site. Because legitimate users generally send mail through their ISP's own mail server, mail coming direct from a dialup account is almost always spam.

    You need to learn about smarthosts (or whatever the equivalent is if you're using a trendy new MTA). If you route all of your mail traffic through your ISP's mail server, instead of connecting directly to remote MXes, your mail won't be blocked by dialup lists like the MAPS DUL. End of problem.

  • Figure it this way: You had *one* message not go through. If the relay weren't on the RBL, hundreds of thousands of spams would have gone out, many of them filling mailboxes, and a much larger number of messages woulda been blocked.

    Closing a relay takes all of five minutes.

    Also, remember, they don't list you just because you're an open relay; they list you because you're an open relay, and *multiple* good faith efforts to get you to fix it have failed.
  • Or not. You see, I have several e-mail addresses through my ISP, and have a few pseudonyms I go under. My problem is that my ISP (Mediaone) has decided to attach your full name to your e-mail address.. regardless of what /you/ set. This wouldn't be so bad, except for the fact that somebody switched my full name and password around - so whenever I send mail through their relay, my password shows up on in the #$@! headers. Yes, I've called... they deny that's happening.

    So much for 'smart' relays. I'd settle for 'smart' admins.

  • This was a perfectly reasonable post. Why did it get moderated down? It is NOT flamebait.

    Moderator: If you don't like Microsoft, than reply to Fuhrer's post in a reasonable manner. He did not post flamebait, he posted a message saying that Microsoft occasionally does good things. Would you moderate me down for posting flamebait if I said that I think Redhat does good things sometimes? I seriously doubt it.

    I sincerely hope that somebody comes along and moderates that post back up at least to 1 where it started.

  • Assuming the toll free numbers are legit - why don't we just set our modems to autodial the voice number all night long - every connect will add to their phone bill - we could bankrupt somebody in a hurry!

    Seriously - why would this not be a good idea?

    Toll free numbers have built-in caller ID. Spammers will then dump junk phone calls on you, the same way they send you more e-mail spam if you are foolish enough to reply via e-mail.

    To avoid such harassment, you want to make your complaints via a pay phone not particularly close to your home or office.

  • There are a couple of relevant comments here.

    One is that it is not easy to get into the RBL. First, someone who has received spam from your site needs to write up a nomination. [mail-abuse.org] It has to include not only a record of the spam itself, but also a description of attempts that they have made to contact your site, explain the problem and to resolve it.

    If repeated attempts to resolve the problem with the site fails, then MAPS will consider the RBL nomination. An RBL staffer or volunteer will follow up and try to explain the gravity of the situation with the responsible people at your site, and will make it clear what an RBL listing means. Only at that point is it possible to add a site's network to the RBL.

    The RBL is just about the most fastidiously maintained abuse tracking system on the Internet. In fact, that is the chief reason that it is used so widely -- a network doesn't get on the RBL unless it has proved itself to be really irresponsibly run.

    The other salient point is that participation in the RBL is voluntary. No site is required to use MAPS' abuse lists. They do so because they need to block spam and find that MAPS fills that need.

    Ultimately your complaints are better directed at your mother's ISP, for using the RBL, and (most of all) at your own ISP, for failing to run their systems responsibly. Blaming MAPS is like blaming Ralph Nader for making your seatbelt too tight.

  • An even better one is putting in the site's own abuse@ address. If they have one, they'll get the joy of spamming themselves; if they don't, it'll bounce. Nobody gets hurt but the jerks. :)

    One better, so you don't even have to bother with figuring out who is going to start sending the spam: just use postmaster@


  • Hm, I was going to say "just block it" but I found this from the FCC (http://www.fcc.gov/ccb/CID/cidfacts.html):
    800 Number/Toll Free Calls

    o Requesting privacy on calls to 800 and 888 numbers may or may not prevent the display of one's telephone number. When you dial a toll free number, the party you are calling pays for the call. Typically, the called party for toll free calls is able to identify your telephone number using a telephone network technology called Automatic Number Identification. FCC rules limit the subsequent use of this information and require carriers to inform consumers that telephone numbers are being transmitted in this way.

    Other interesting information at http://www.studio42.com/ kill-the-spam/pages/tollfree1.html [studio42.com]
  • So instead of shutting down spammers by pressuring the businesses that provide them with connectivity to stop we should just get larger servers to handle the load of "intelligently filtering" all the e-mail we handle?

    How long before we DO have to pay $1500 a month to get a simple dialup account because all the ISP's have to buy supercomputers to handle all the spam?

    If the RBL bothers you so much then get a free e-mail account or get a responsible ISP.

  • For effective anti-spam measures, they should not only use MAPS, but also the ORBS database and the Radcliffe database as well.

    ORBS is effective at fighting spam. And the nice feature, compared to MAPS, is that it's automated. ORBS automatically tests an SMTP server to determine whether it has known holes. If a hole is found, that server is blackballed right away by the software; the only way to get out of ORBS is to fix the problem. A convenient web sumission form lets you report suspected open relays, and you can track the progress that it's making in probing the site.

    To protect myself from spam, I use a procmail filter that pings *four* databases.

    The only rare spam I get nowadays is from the true ``whack-a-mole'' spammers: mostly amateurs who spam directly from dial-up accounts. The last time that happened, I complained to the ISP in question and they supposedly took action. Additionally, very rarely, I get a spam through a hitherto unknown open relay, which I promptly report to ORBS.
  • There, I said it - and no pun intended. Most of the spam I get isn't blocked by it. Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations. So I'm alittle pissed - In the process of trying to find and neutralize spammers, they've broken several rules of netiquette - most importantly the one that says that it's a peer to peer network.

    There is also the little matter of rfc974, really an machine which has an MX record pointing to it should only be rejecting already relayed email.

    Not only is the behaviour bad netiquette it's also stepping on an Internet standard.

    Note that AFAIK the model of always using a relay (as is the only mechanism available to MS Outlook Express, Netscape Messenger, etc) is not defined in any RFC.
  • The delay won't help against spread spectrum attacks, whereby the spammer sends a small number of messages to a large number of servers.

    Also, you are forgetting that spammers don't send to your ISP directly; they usually get someone's insecure relay to do the dirty work of delivery. The relay has all that time in the world.

    A one or two second delay wouldn't be enough anyway; a spammer could send mail to two hundred people in just over three minutes. That's enough to bother a small ISP.

    The delays imposed by distinct mail servers are going to be consumed in parallel, so your scheme would not do anything to stop the overall spamming. In three minutes, the spammer could send a hundred messages to a hundred different ISP's in parallel, even if each of those ISP's had the delay mechanism in place.
  • Of course, the upbeat side of this is I can say I have Seen NO SPAM WHATSOEVER in my hotmail account these past two weeks!
  • The number one reason is administrator cluelessness. Mail servers don't relay because their admins want them to, but because the admins who set them up don't have a freaking clue on how to operate a secure mail site. At least, these are the ones who have ``wide open relays''.

    Even admins who think they have closed their relays often have left some obscure hole, due to bugs or quirks of programs like sendmail.

    For example, some sendmail servers will properly refuse to forward a mail with the envelope recipient address like but if it's wrapped in quotes, like they forward it, thinking it's a local address. The deeper rule that operates after the quote stripping doesn't enforce the no relay policy or something like that.

    The ORBS system performs about a dozen or so different tests involving various obscure holes that permit mail to be routed. If you want more information, surf www.orbs.org.
  • ... because some people can't use procmail or hit the delete key when they get UCE, I can't send e-mail.

    How do you think the procmail filter is going to recognize SPAM? Mine pings the anti-spam databases using nslookup.

    Instead of complaining, you should switch to a site that has responsible administrators, not some lackeys that can't fix a simple mail server configuration problem.

    By staying with this ISP, you are endorsing their spam-friendly attitude, and their relaxed hiring policy toward incompetent sysadmins. Your continued support is giving them one less reason to modify their behavior.

    When my ISP's mail machine was found by ORBS to have a hole, I sent mail to the operator and he fixed it within hours, and then thanked me for giving him a heads-up on the problem. By the way, you could always send Mom a nice snail-mail letter. ;)

  • That's not mis-use; it's one of the ways in which the RBL was meant to be used. The B stands for ``black hole''. That means creating black hole route entries for the rogue networks so to deny them access to your network.

    Kudos to Teleglobe for having the courage to take action against spammer infested cesspools like home.com.

    The RBL is far from being for blocking e-mails only. Ultimately, MAPS wants to cut off spammers from all services that they rely on. That means networks which host spammer web sites are blacklisted as well, not just networks that originate spam e-mail. In other words, the networks that Teleglobe is denying access to don't even originate spam e-mail; some of them just host spammer sites.

    There may be legitimate web sites alongside spammer websites under these networks. The idea is to exert pressure on the operators of these networks to crack down on the spammers, and get themselves un-blackholed so that access to their site is restored.

    There is no easy technological measure to block out only the spammers, and retain access to legitimate sites. Heck, a spammer site and a legitimate site could even be on the same web server machine. That sort of scalpel precision would require URL filtering, which is difficult to implement at the IP forwarding level. Doing that would also remove a lot of the incentive for the spammer-friendly operators to change their ways, and the expense of fighting spam would be absorbed entirely by the people doing the costly filtering.
    Such filtering at the TCP stream level would likely reduce bandwidth and require more hardware.
  • I can think of some reasons why Hotmail wouldn't make use of the RBL a per-user option.

    For one thing, it would require some programming in order to make a hotmail configuration web UI affect the back-end. The SMTP servers that handle incoming mail would actually have to accept connections from spammers, take the envelope address, resolve it to a user profile, retrieve the preferences and then make a decision whether to drop the connection or accept the mail. This is extra overhead that could perhaps impact the existing scalability of Hotmail.

    Anything is doable with software, it's just a question of time, money and overall feasability. Would the cost of adding frills to the service be justified, given that it is already free? Another aspect of development is the management of risks; hotmail is a live operation. Any fundamental changes have to be thoroughly tested before being deployed, even though this is being run by Microsoft. Someone also has to estimate the performance impact that the change might have.

    It's easy to forget that the function of Hotmail is to spam its users anyway---with advertisements. The real clients of Hotmail are the people that pay to have their crap appear on your Hotmail page. Thus it would probably be necessary to convince these clients that giving users extra frills would bring in enough additional revenues to justify the development costs and risks.
  • There was one curious thing about the article -- it stated that Hotmail signing on "adds legitimacy to the MAPS effort."

    I've been known to be a bit perjorative about these things, but legitimacy is one of the last things I'd ascribe to the emissions of hotmail, and most services like it.

  • I have *counts* five confirmed spammer kills. That's five reports from ISPs that spammer accounts have been closed due to my reporting them.
    How about a Slashdot poll:
    I have
    • 1-10 spammer kills
    • 10-100 spammer kills
    • 100-1000 spammer kills
    • I am Chris King
    • I am part of the problem
    • Hemos is a taco!
  • Um, BCC is handled by the mail program. In fact, all CCing is handled by the mail program. The SMTP protocol itself has nothing for multiple sends; CC is just a standard message-space header which all programs understand as meaning "this message was also sent to the following other parties." The only difference between CC and BCC is that the mail program doesn't put the BCC header into the sent message (or puts in 'undisclosed-recipients').

    The delay would still easily apply.
    "'Is not a quine' is not a quine" is a quine.

  • But some protection is better than none. Also, it'd help with the relay time (which the original poster never said it wouldn't be through).
    "'Is not a quine' is not a quine" is a quine.
  • The 'To:' header in the message itself has nothing to do with the message it was sent to. Your typical SMTP session looks something like this: (italics is what is sent to the server; username is typically gotten through the auth mechanism)

    220 some-mailserver.fred.org ESMTP Exim 2.05 #1 Wed, 10 Nov 1999 22:54:45 -0500
    HELO some-machine.bob.net
    250 some-mailserver.fred.org Hello username at some-machine.bob.net []
    MAIL FROM: bob@bob.net
    250 is syntactically correct RCPT TO: some-user@fred.org
    250 is syntactically correct DATA 354 Enter message, ending with "." on a line by itself From: Bob Loves You <bob@dobbs.net>
    To: your friend <fluffy@yellow.com>
    Subject: I love you

    I love you!
    250 OK id=11llKJ-0000we-00
    221 some-mailserver.fred.org closing connection

    Notice that the To: and From: lines in the message itself (what comes after the DATA) have nothing to do with the actual sender and recipient as far as the mailserver is concerned (the MAIL FROM and RCPT TO, respectively, in the SMTP negotiation). SMTP is a very simple, open, flexible protocol which assumes that everyone is benevolent and sharing. Sadly, this isn't so, which is why now the domain in the MAIL FROM or RCPT TO must be one handled in some way by the mailserver (otherwise it's an open relay), and why there's lots of fun authentication (such as the identd) to make tracking non-benevolent users a little bit easier.
    "'Is not a quine' is not a quine" is a quine.

  • Ah, but I run my own mail domain from my cable modem connection. Yeah, I know, it's kinda unethical, but then I have control over my mail and can setup as many accounts as I need (for roommates, spam-trapping, etc.) in my own domainname, rather than having to pay out the ass for additional mailboxes. Granted, this is a moot point, as I'll soon be setting things up where a friend's machine does a vhosted MX for me and everyone with an account in trikuare.cx will use fetchmail or whatever, which solves several problems (including the potential for being blocked through DUL). In the meantime, this is the first I've heard of DUL, and have yet to have any mail blocked (as far as I know, anyway) because of the fact that the PTR to my mailserver is obviously a dynamic IP address (though not technically a dialup one). In the meantime, I somehow doubt that my cable provider's sysadmins even care about participating in DUL anyway.
    "'Is not a quine' is not a quine" is a quine.
  • Yes, that's what I said, but only in summary. Or were you agreeing with me? :)
    "'Is not a quine' is not a quine" is a quine.

"The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972