Microsoft Responds to Spam


Link: Toward a Spam-Free Future

Microsoft has launched if not an all-out war, then at least a significant publicity blitz against spam. Last week, Microsoft announced a number of lawsuits against spammers. Today, the Wall Street Journal published a letter from Bill Gates attacking spam.

The focus of these actions has been spam received by Microsoft customers. What about taking care of the spam that originates on Microsoft networks? Earlier this month I described a serious Hotmail problem that is being exploited by spammers to send unwanted email.

The noted article by Bill Gates has what may be some good news on this front.

[...] spammers set up many different email accounts to avoid detection, and, once detected, they move to other services. To put an end to this shell game, we are taking steps to prevent spammers from creating fraudulent email accounts in bulk.

The Hotmail vulnerability involves scripted sending of spam using the DAV protocol. That's only half the problem, because Hotmail limits accounts to 100 messages a day. A spammer can't do much damage with one account.

So, spammers need a significant number of Hotmail accounts to do their dirty deeds. Hotmail, unfortunately, lets them do that. Spammers have scripted the signup process as well, allowing them to gather hundreds (thousands?) of bogus accounts to originate spam. If Microsoft secures the Hotmail signup process so that it no longer can be automated, this vulnerability will be reduced significantly.

There is one other part to the Hotmail spam problem: they allow forged headers, including headers that are supposed to provide an audit trail. Microsoft should address this problem too. They should stop allowing spammers to forge headers such as the From: header. They should get rid of the silly, non-standard audit headers such as X-Originating-IP: and use a trustworthy Received: header to indicate the mail source.

I am holding out hope that Gates' message means Microsoft is going to give this problem the consideration it deserves.