MSN/Hotmail Closing the Barn Doors

While Microsoft should be applauded for actions that protect their subscribers' mailboxes, this strikes me as a case of closing the barn doors after the horses ran off. Microsoft wasted earlier opportunities to act, thus allowing the problem to escalate to a considerable magnitude. Remember, the Spamhaus Project reported MSN/Hotmail ignored all their efforts to report dictionary attacks, even ones lasting over five months.

Dictionary attacks can be detected and averted. Microsoft's failure to implement these measures allowed spammers to harvest thousands--if not hundreds of thousands--of email addresses. Microsoft could have invested in technical staff to harden their servers against spam. By failing to do so they are now confronted with an enormous spam problem and are forced to pay for a much more expensive legal staff to pursue these lawsuits.

In a recent essay, Microsoft called for new laws to prohibit address harvesting, for which they should be commended. Nonetheless, they will have to argue these lawsuits in terms of existing law, such as the trespassing claims of the Computer Fraud and Abuse Act of 1986. Hopefully they will prevail.

In the meantime, Microsoft, how about hiring a few engineers to instrument your mail servers to detect and avert future dictionary attacks?