Sea of Noise

Thu, 10 Nov 2005

Hotmail Considered Harmful

The time has arrived for Internet email providers to consider blocking all traffic from Microsoft and its associated services.

The and networks have long been among the biggest originators of spam email in the world (even well beyond the generous amount one would expect them to generate given their size). Once upon a time it was just that they handed out accounts indiscrimately, leaving the rest of the Internet to clean up after them and deleting accounts for abuse after the fact. Eventually, it became obvious that cared so little that they wouldn't even take the simplest steps to prevent future abuse, such as applying content filtering to block recurring spams that were being sent from and reported to their network on a daily basis.

Over the past year, though, it has become obvious that Microsoft, as a company, either has a policy of being completely irresponsible or is incompetent on a scale that would be hilarious if they weren't running one of the larger networks on the Internet (not to mention selling the operating system that runs on most desktops), or both!

Here's a demonstration of how Microsoft makes it impossible even to report most abuse from their network. The story is true. Only the IP and email addresses of the victims have been changed, to protect the innocent.

First, the victim (OK, the victom was me in this case) receives a spam with a subject line of "EMAIL LOTTERY WINNING NOTIFICATION !!!". According to the Received: header and mail server logs, this spam was sent to the victim's server from the IP address A reverse lookup reveals that this IP is named "". Of course, while actual reverse IP address forgeries are rare, they're certainly possible. But double-checking with the whois server at confirms that belongs to "Microsoft Corp", with a listed abuse address of "" and phone number of "+1-425-882-8080". So, the administrator of the email server (me again) sends an email to, which is both the address listed in whois and the address that the relevant RFC prescribes.

In response, Microsoft's server sends an automated message that claims, "Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to:". Well, that's true. The return address on the spam was in the domain. But, never mind that belongs to the same company, it's not relevant. The abuse came from Microsoft's network, for which is the correct abuse address, and anyway spammers can forge any return address they like.

What would have happened if the return address had been in the domain? Here it gets even funnier (or sadder, or perhaps criminal, depending on your perspective). Hotmail's email robot would then forward the email (e.g. to and the email would be rejected as spam! ("Your e-mail was rejected by an anti-spam content filter on gateway." Gee, thanks.) Yes, that's right. Microsoft is even dumber than the US military. So, it's impossible to report spam properly to Microsoft, as most of the time it will be ignored one way or another before it even gets to a human. And I know what you're thinking, hey, even though you shouldn't have to, you could try,,, or some other logical address. Sadly, they all suffer from the same lack of clue. In fact,,, and have all been listed at for a long time. In fact, the entry for shows that this situation is at least partly a deliberate act by Microsoft, as the bounce message shown includes the statement, "Please note that the e-mail address you have contacted, '' will be retired on April 29, 2005." That's right. The same Internet standards that apply to everyone else on the Internet apparently don't apply to Microsoft. (But, then, anyone who has used MSIE ought to know that already.)

The mail servers I run receive hundreds, and reject thousands and thousands, of spam emails and other abuse attempts from every single day. I only bother even to report a fraction of the relevant spam that arrives in my personal mailbox. Even so, I'm getting tired of the vast majority of them not even getting delivered to a human (never mind how little good that might do). After scanning the spam-l discussion list and confirming that I was not alone in experiencing this problem, I decided it was time to pick up the phone.

Since Microsoft's ARIN whois listing explicitly gives a phone number for making abuse complaints, I called it. After working my way through an annoying automated prompt, I spoke to a polite operator who told me that they had no specific department to deal with this issue, and that I should contact MSN tech support at 800-386-5550. At that number, you can "enjoy" a conversation with a rather rude automated voice system that refuses to do anything until you speak the last name of your MSN account. (What do their mute customers do, I wonder? And why do I think MSN would care?) After "speaking" with this robot for a few minutes, with no success, I gave up.

What does all this mean?

Maybe next week I'll take a day off from reporting spam and spend the time calling the local Attorney General instead.

[/internet/spam] permanent link

Syndicate Me via RSS!

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

Powered by Blosxom!