Forgot your password?
typodupeerror
Spam Microsoft Your Rights Online

Microsoft Will Sell Whitelist Services For Hotmail 380

Posted by timothy
from the get-what-you-pay-for dept.
Ec|ipse writes "Looks like Microsoft has found another way to make money, this time from spam. Microsoft has adopted a "whitelist" program (Bonded Sender by IronPort) which will allow marketers to pay Microsoft so that they are included on a special whitelist, guaranteeing uninteruptable delivery of their messages to Hotmail and MSN users. You can catch the full article at Excite. I especially like the nice naming for spammers, calling them 'marketers' sounds so much more legitimate." mgibbs adds "Hopefully the $20K fine that results from abuse of this system is enough to deter spammers."
This discussion has been archived. No new comments can be posted.

Microsoft Will Sell Whitelist Services For Hotmail

Comments Filter:
  • Spam the hell out of everyone, sue the spammers for profit, and then profit from the whitelists.
    • O.K. - I'm not an MS zealot (quite the opposite), however - IronPort [ironport.com] is not a Microsoft [microsoft.com] company. So, actually, Microsoft is paying for something that they feel has value.

      Since a vast majority of SPAM that I get are from throw-away domains, I see some value in this as well. It would, for instance, be nice if I didn't have to comb through my JUNK box looking for missing Emails from one of the many product specific Mail lists that I'm a member of.

      However, Mail lists are usually on independant and under-fun

    • My old employer (a web-hosting company which shall remain nameless) did almost the same a few years ago. They hosted hundreds of "marketers" (yes, we used the same euphemism), who spammed like crazy from our boxes, then they turned around and sold spam filtering services to their other clients. Nice to profit off the problem you helped create.
    • by Moryath (553296) on Wednesday May 05, 2004 @10:44AM (#9063462)
      Believe it or not, there ARE groups out there that advertise via email - but aren't spammers - that are arguably upset about spammers who clog inboxes.

      One of them I buy stuff from infrequently - Overstock.com. I get an email from them every day, usually delete it right off, but I don't mind getting it because I did, indeed, sign up for it when I bought something from them the first time.

      Ironport's service isn't just a "pay us lots of money and we'll look the other way" thing - the people in question do indeed have to stick to decent ethics about what they're selling, and to whom, and make sure it's damn easy to get off the list. So I view this as a relatively ambivalent thing.

      It's not good, in the sense that spammers may manage to sneak in. But it's not bad, because the spammers will likely get zapped pretty fast, and because the idea of REAL companies putting up a bond of trust, "their money where their mouth is" so to speak with regard to a code of conduct, is a GOOD THING.
  • by Anonymous Coward on Wednesday May 05, 2004 @08:42AM (#9062277)
    Get a hold of the whitelist, and you can immediately add it to your OWN spam filter! Nice of Microsoft to offer to collect all, umm, marketers in one place...
    • by Allen Zadr (767458) * <Allen.Zadr@gmailMOSCOW.com minus city> on Wednesday May 05, 2004 @09:25AM (#9062612) Journal
      Great Idea!

      Except that IronPort, not Microsoft, is running this list. IronPort are the same people who purchased SpamCop. IronPort's business is SPAM prevention.

      There are plenty of legitimate companies that don't SPAM that have IronPort bonds. Especially where these companies are sending out 'Technical Errata' or trying to run product support over E-mail.

      Now you can argue that 'Technical Errata' sometimes has embedded ads (usually not), and sometimes is unsolicited (usually not) - but most people who ask for it think it's useful. If I send a company an Email asking them about how to fix thier broken product, I surely wouldn't want the reply to be stuck in a SPAM filter (this happens to me once or twice a month).

      If you want to use IronPort's whitelist service, inquire at thier web site [ironport.com].

    • by fiber_halo (307531) <fiber_halo&yahoo,com> on Wednesday May 05, 2004 @10:10AM (#9062992)

      I believe the intention of the whitelist is for companies like airlines, Fedex, etc to send legitimate email notifications to their customers without having to worry about SpamAssassin throwing their email in the trash.

      Presumably there is some sort of due diligence that is done before bonded status is granted so that any ol' spammer can't just pony up $20k and get on the list. One thing is for sure -- they wouldn't stay on that list if they are found to be spamming.

  • And then (Score:5, Insightful)

    by GarbanzoBean (695162) on Wednesday May 05, 2004 @08:42AM (#9062280)
    And then they will charge users extra for "adv free" service. Oh wait, I thought they were talking about phone companies.
  • by Richardsonke1 (612224) on Wednesday May 05, 2004 @08:44AM (#9062290)
    Sorry to give you one less reason to hate MS, but they are taking the money as a BOND, not as payment. MS only gets the money if the spammers don't follow their rules. Probably something like "must use real return address and have a unsubscribe link that doesn't add you to more lists."
    • by rixstep (611236) on Wednesday May 05, 2004 @08:48AM (#9062335) Homepage
      What difference does that make? They're still spamming. I don't care if they do have a valid return address: 'unsolicited' is still 'unsolicited'.
      • by jtwJGuevara (749094) on Wednesday May 05, 2004 @08:58AM (#9062415)
        I concur. Isn't this fighting what Microsoft has allegedly stated they want to stop: the unsolicited sending of marketing based messages through the inboxes of every consumer and business employee? I didn't RTFA but judging from the gist of the summary I have to call major bullshit on Microsoft's stance on discouraging spam and creating technology to reduce/eliminate spam, and then pulling a tactic such as this to allow "marketers" who are legitimate to still send marketing emails in mass. Perhaps I missed something over the past 5 years regarding the definition of spam. I always under the impression that spam was the sending of any unsolicated message by a for profit agency in mass to a multitude of internet users. If that isn't what it is then I'll be eagerly awaiting Microsoft's marketing department to enlighten me on the subject.
        • by Allen Zadr (767458) * <Allen.Zadr@gmailMOSCOW.com minus city> on Wednesday May 05, 2004 @09:13AM (#9062526) Journal
          The bond is to IronPort and is relinquished to IronPort.

          IronPort [ironport.com] is NOT Microsoft [microsoft.com]! IronPort is selling a service which Microsoft has purchased for the purpose of using on Microsoft's Hotmail (and MSN) mail service.

          • by Anonymous Coward
            Fron the list of Directors at Ironport.com:

            JACK SMITH: CO-FOUNDER AND INVENTOR, HOTMAIL CORPORATION

            "...After the acquisition, Smith worked as Director of Engineering at Microsoft...then leading a team developing next generation Internet software infrastructure."

            DOUGLAS C. CARLISLE: MANAGING DIRECTOR, MENLO VENTURES
            Former board memeber of Hotmail.

            SCOTT BANISTER: CHIEF TECHNOLOGY OFFICER
            "Scott started his career as a pioneer in the email business. He was founder and VP Technology of ListBot...Lis
        • by Croaker (10633) on Wednesday May 05, 2004 @09:18AM (#9062557)
          The original poster assumed that Microsoft is opening the door to spammers. What is unsaid in the article is if these e-mails were actually solicited.

          I could see that legit ads (i.e. you definitely signed up to recieve them) might be tossed out with the huge amount of spam. What Microsoft *might* be doing here is saying "OK, you say you are opt-in, we'll let your stuff through, but we're gonna take a bite out of you if you are lying to us."

          Unfortunately, the author of the article didn't bother to state exactly what the rules are that Microsoft is imposing. Roast the journalist, not Microsoft (at least, not yet).
      • by nodwick (716348) on Wednesday May 05, 2004 @09:05AM (#9062454)
        What difference does that make? They're still spamming. I don't care if they do have a valid return address: 'unsolicited' is still 'unsolicited'.
        It actually could make a difference, if it makes spam economically unprofitable for spammers. Spammers make their money from the fact that they can send out a bazillion emails and survive on very tiny response rates. By increasing the cost of sending spam, in the form of seized bond funds, Microsoft can make it infeasible for spammers who post bonds to profitably send unsolicited spam. This is also the idea behind those "internet postage" and other proposed spam-defeating measures.

        The beef I have with this scheme is that since it's the user that's inconvenienced by the spam, the bond money should be sent to them in the event of a violation. The fact that Microsoft is the one getting the funds is what makes it seem like a money grab.

        • The beef I have with this scheme is that since it's the user that's inconvenienced by the spam, the bond money should be sent to them in the event of a violation. The fact that Microsoft is the one getting the funds is what makes it seem like a money grab.

          Well the users are getting an email account for free with Hotmail. If they were paying for their accounts then i can see some logic in that.
      • Well, actually, I think the point of this is to curve spam. No illegitimate (read: v1agr3) spammer will try to get on this whitelist. They'll be fined into oblivion. MS is basically saying "Here's a semi-more-legitimate group of spammers than usual. We can probably trash the rest of the messages we get".
      • Well, with a valid return address you can get in touch with them and ask them to stop, and/or hit them under CAN-SPAM, right?

      • by Jaywalk (94910) on Wednesday May 05, 2004 @09:39AM (#9062740) Homepage
        They're still spamming.
        No, they're not. It's bulk email, but it's not unsolicited. Looking into my junk mail folder -- the one that picks up the bulk email -- I see updates from ParentCenter.com, HomeDepot.com and PublicKnowledge.org. These are all organizations that I signed up for to send me regular updates, so it's not unsolicited email. But the company spam filter doesn't know that, so it sweeps them into my junk mail folder along with the Viagra and penis enlargement crap. If these companies were on a white list of companies that post a bond $20k against a promise to only send "opt-in" bulk email, the mail filter could be programmed to assume they're legitimate and I wouldn't have to keep checking to see how much legitimate mail I'm losing.
        • I think a lot of anti-SPAM pundits on /. are actually anti-marketing pundits. Meaning they consider ALL email selling ANYTHING to be SPAM.

          I grew up with publications that were, essentially, advertisements. Remember Computer Shopper? You never read the articles, did you? I sure didn't...but I read the ads. Same with RC Hobbiest. Nowadays, I get all sorts of cool publications and catalogues in the mail...VW Trends, Road Runner Sports, JC Whitney for Volkswagens, Crutchfield, Campmor, Victoria's Secret...and you know what, I look through them all. I don't always buy stuff, but I always find interesting things I didn't know existed (especially in that last one). Believe it or not, I enjoy that.

          Now, email has opened up the door even further. I get catalogs from teeny tiny agencies that would never be able to offer them offline for the expense. I like that...I like looking through the clearance items at some obscure Bug shop in Tampa Bay that I'd never find out about otherwise. I just wish these mails would make it through my spam filter!
      • If you go to their website, http://www.bondedsender.com, and look at their rules, you will see that they do have somewhat reasonable rules that must be followed. There are many more rules than just this, but here is the part under the section called "Consent."

        Consent

        V. Participating Senders must ensure that consent with appropriate disclosure or a prior business relationship exists prior to sending Commercial or Promotional Email Messages.

        Acceptable forms of consent include:

        Double Opt-In: (somet

    • Sorry to give you one less reason to hate MS, but they are taking the money as a BOND, not as payment. MS only gets the money if the spammers don't follow their rules. Probably something like "must use real return address and have a unsubscribe link that doesn't add you to more lists."

      What, you mean that a Slashdot submitter would put in something that wasn't meticulously researched and accurately summarized? :p

      My bit of I-hate-early-mornings sarcasm aside, I fail to see how this being a bond makes an

    • So what? It's essentially a $20,000 fee to guarantee getting past the antispam filters of 170 million people.

      That's cheap, and thus economically feasible.

      It will keep out spammers who have a low-margin product that gets a low (.0001%) response rate, but for spammers that have a high-margin product or a high response rate, it'll be seen as a fee.

      If the response rate is even .001%, it'll be profitable for things like penis enlargement pills.
    • by wayne (1579) <wayne@schlitt.net> on Wednesday May 05, 2004 @09:15AM (#9062538) Homepage Journal
      Sorry to give you one less reason to hate MS, but they are taking the money as a BOND, not as payment. MS only gets the money if the spammers don't follow their rules.

      MicroSoft doesn't get the bond, bondedsender gets the bond. Bondedsender has an incentive to whack spammers quickly so as to get the bond money. This discourages spammers from using bondedsender, which encourages ISPs like MSN/Hotmail to use them.

      If you get a spam from somone on the bondedsender program, just report it via spamcop.net. The report automatically goes to bondedsender. If you are not sure if the spam came from someone using bondedsender, just report it via spamcop.net and let them figure it out.

    • The bond is held by BondedSender, i.e. IronPort, not Microsoft. According to their site [bondedsender.com] "Proceeds from bond debits are not retained by IronPort Systems and are instead shared with third-party non-profit organizations."
    • As someone else noted ... 'unsolicited' IS 'unsolicited'. In fact ... the only reason to hate them less would be if they *DID* take the money and then pass on feature enhancements or work out legitimate discounts on legitimate products sold by those advertisers.

      Think about it .. the way you describe the BOND works better for M$ and there's less work for them. I'm sure there's details I'm omitting/overlooking, but humor this conspiracy theory for a moment ...

      1. Spammer (errr ... Marketer?) signs up for whi
  • by mike_diack (254876) on Wednesday May 05, 2004 @08:44AM (#9062291)
    Looks like they've just pointed a double barrelled gun at their feet. If they were trying to avoid wholesale migration away to either:
    - Google's Gmail OR
    - Novell's MyRealEmail....

    Then this is a f***ing dozey way to do it!
  • You know, (Score:4, Funny)

    by mcc (14761) <amcclure@purdue.edu> on Wednesday May 05, 2004 @08:44AM (#9062298) Homepage
    I was *just* recently sitting here and wondering if there was anything Microsoft could have done to squander the product, userbase and public goodwill MS inherited when they bought Hotmail that they haven't done already.

    I couldn't think of anything

    I guess I'm just not as imaginative as MS.

    I'll bet the GMail team is doing a little dance of joy at reading this /. article right now..
  • Ok, so now someone else wants to be the trust authority which was a major issue with the X.400 nonense. This one wants to charge everyone that has a domain $375 for an application fee and then $500/yr for less than 1/2 million messages a year.
  • I cert.ainl.y H-O-P-E th4t it d0es a G o o d job
  • why using hotmail? (Score:5, Insightful)

    by Frederic54 (3788) on Wednesday May 05, 2004 @08:46AM (#9062315) Journal
    I had an hotmail address years ago, back in the day before MS buy the domain... I never really used it... and I still don't know why people need an hotmail address? passport thing? you can live without it and without MSNM you know...
    /. should make a poll to know who has and who hasn't an hotmail address, and in comments we would know why people who has one, well... has one.
    • by AndroidCat (229562) on Wednesday May 05, 2004 @09:02AM (#9062434) Homepage
      It's handy to use for Usenet posting, a web site contact address or one-shot subscription signups. People can get in touch, and if I want to, I can shift communication over to a real mailbox. And every four years when the account gets joe-jobbed by a spammer or nut cult, I just open the next account in sequence. (I'd better update my /. journal.)
    • by s4m7 (519684)
      and I still don't know why people need an hotmail address?

      Ehh, where else am I going to go for a mailbox just to collect spam from all the "email required for free reg." sites I've visited? Seriously, collecting spam is the only thing I've ever used my hotmail address for, and frankly, the service is perfect for it. I use my hotmail address for almost all my dealings on the web with sites I don't fully trust. and I get almost no spam in my work account, or my home host account.

  • Little Guy (Score:4, Insightful)

    by millahtime (710421) on Wednesday May 05, 2004 @08:46AM (#9062322) Homepage Journal
    So, Once again they get the little guy. What about that small nonprofit running their own mail server. Or that small business running their own mail server. They have to pay the same as the big business.

    Large companies can afford to drop a payment on this but the small business/non-profit sure can't.
  • by webzombie (262030)
    One can only imagine what is being built into LongHorn to ensure this kind of business model continues.

    So, everyone just blocks MSN and HotMail period! So long "marketeers" and their funny little noses and tails.
  • by Lumpy (12016) on Wednesday May 05, 2004 @08:47AM (#9062333) Homepage
    Yahoo has been doing this for a LONG time.

    they have their "spam" filtering yet there are types of spam that will not go away as they have "special" spam from their "partners" that will NEVER EVER hit their filtering rules for spam.

    I am betting that ALL free email sites will do this within this year.
  • by Saggi (462624) on Wednesday May 05, 2004 @08:48AM (#9062334) Homepage
    In Denmark the marketing rules forbid people to send uninvited marketing material. Unless you specifically accept to receive it - it will be illegal (and punishable by court) to send it. This law is not only to electronic e-mails but goes to all kinds of marketing. You are not allowed to call by phone to someone in order to sell them something (unless the user has registered his phone number somewhere and accepted to receive a phone call).

    So unless you check the checkbox somewhere in your hotmail registration, you will be able to sue MS - in Denmark at least...
    • I think this is illegal in most european countries. The european council adheres to the opt-in principle, which basically means that you have to agree to marketing mails before it is legally sent to you.

      AFAIK in the U.S. the opposite, namely the opt-out principle is in use, where, after having received unsolicited marketing stuff, you have to inform the sender that you don't want it. Rather inviting...

    • by srmalloy (263556) on Wednesday May 05, 2004 @09:21AM (#9062586) Homepage
      In Denmark the marketing rules forbid people to send uninvited marketing material. Unless you specifically accept to receive it - it will be illegal (and punishable by court) to send it. ... So unless you check the checkbox somewhere in your hotmail registration, you will be able to sue MS - in Denmark at least...
      Except for that paragraph waaaay down at the bottom of the "user agreement" that you just clicked past when you signed up for your Hotmail account, where it says something like "Microsoft reserves the right to send you advertisements from various business partners and other organizations. By accepting this User Agreement, you are consenting in advance to receiving these advertisements." You use someone else's free service, you play by their rules.
  • Is it me... (Score:2, Interesting)

    by Schmurgs (771813)
    or is everyone completely against MS making any money whatsoever? The Bonded Sender program looks like it will actually be really useful for 90% of Hotmail users, the ones who use it for their normal e-mail address, rather than the ones who just use it for MSN access. I've used Hotmail for the past 5 years, and have only ever had problems with spam from companies that really have nothing to offer, or cba with writing decent adverts. I think MS, if it has any sense (there goes my argument), will start refu
    • So you're happy to not only have adverts around your emails on the Hotmail web page and pasted at the end of every one of your emails, you are also *happy* to have adverts mixed in with your email? Man, marketing companies must dream about people like that.
  • How long until some tech leaks a copy of this whitelist... hello blocklist!
  • by G4from128k (686170) on Wednesday May 05, 2004 @08:49AM (#9062350)
    I'd accept all the spam in the world if they paid me 15 cents per message. That would make spam much cheaper than bulk mail and would weed out marketers who aren't serious.

    If a company is going to sell my resources (time spent downloading/reading/procesing email) they had better share the revenues with me.
    • by retards (320893) on Wednesday May 05, 2004 @09:03AM (#9062440) Journal
      So what if it would weed out only non-serious marketers? You're implying there is 'legit' spam out there, that there actually should be a market for this shit.

      People here should know that putting a pricetag on something doesn't make everything kosher.

      Bulk mail without opt-in should be criminalized regardless if the envelope is paper, SMTP or whatever. Bulk mail is just another form of 'I have money, I can send propaganda to anybody, you cannot stop me, muahahaha!".

      Rant over.
      • People here should know that putting a pricetag on something doesn't make everything kosher.

        A very good point, in general. Yet as an adult I feel i have the right to enter business relationships - there is nothign wrong with selling my email processing labor. As long as the consumer retains control, I see no problem with bulk e-mail. With control of the system, I can easily raise the price of spam delivery to 50 cents or a dollar per message if the 15 cents/spam is generating too much volume.

        Bulk
    • by mikeboone (163222) on Wednesday May 05, 2004 @09:03AM (#9062442) Homepage Journal
      I handle bulk emailings to people who signed up at my client's website. They are a legitimate business and unsubscribe those who reply or use the web form. But you invariably get spam bounces and other errors (here are some numbers [boonedocks.net]).

      I was amused to find in the bounce mailbox one day an auto-reply from a person who offered to read our message if we'd deposit $5 into his account via Paypal. I don't remember the website, but I wonder if anyone has ever paid $5 to have their email delivered.

      Some real companies might be willing to pay $0.05 to $0.15 if it really meant their message was being read. Our small business probably couldn't afford it though. And I'd hate to see the whole email system become pay-per-view.
  • Selling Data (Score:3, Insightful)

    by BlackHawk-666 (560896) <ivan.hawkes@gmail.com> on Wednesday May 05, 2004 @08:51AM (#9062363) Homepage
    So does that make them "trusted partners" now, and does that therefore allow them access to your personal data in at least an aggregated form? I'm not and never will be a hotmail user, so I don't know the contents of their license agreement with the users, but I'm not beyond suspecting that MS will soon be selling your data to these spammers so they can target you even better.
    MSN does not sell, rent or lease its customer lists to third parties. MSN may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your personal information (e-mail, name, address, telephone number) is not transferred to the third party. We occasionally hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, processing transactions, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service. They are required to maintain the confidentiality of your information and are prohibited from using that information for any other purpose.

    Yup, I guess it does give them the right to do that.

  • by VernonNemitz (581327) on Wednesday May 05, 2004 @08:51AM (#9062364) Journal
    When I first read that tidbit yesterday [slashdot.org], I assumed it was so Microsoft could snoop on all future Windows machines. Now in ADDITION to that potential, they can beam you uninterruptible spam!

    So, is there any chance that if those features are advertised widely, fewer people will buy Longhorn?
    • funny, yes, but I wonder...

      suppose Microsoft really had a wide-open backdoor in EACH & EVERY Windows-based computer in the world, and stored everyone's activity logs someplace, and analysed and crunched the data for whatever purpose.

      how much storage space would that require? how many computer cycles would be needed per minute?

      even the NSA doesnt store everything that goes through their servers, just the data that is somehow flagged as important...
  • Sigh. (Score:3, Insightful)

    by The Fanta Menace (607612) on Wednesday May 05, 2004 @08:52AM (#9062372) Homepage

    I fail to understand why anyone even bothers with hotmail anymore. There's nothing less professional looking than putting a free-email address on your business card or website.

  • personal experience (Score:5, Informative)

    by astanley218 (302943) <adam.nethosters@com> on Wednesday May 05, 2004 @08:54AM (#9062384) Homepage
    My company was informed of this bonded sender program by MSN/Hotmail support 2 months ago. At the time they claimed the Bonded Sender program was a third-party service with no affiliation to MSN/Hotmail or Microsoft. At the same time, they also claimed that even if you DO subscribe to the bonded sender program MSN/Hotmail will give no guarantee that your emails will be delivered!
  • mixed metaphors...
    allow legitimate marketers to thread the gauntlet of spam filters
    • run the gauntlet
    • thread the needle
    choose one.
    D.
  • I'm thinking about the one involving putting the fox to guard the chickens.
    Seriously, I hope this convinces people to not use Hotmail etc - now with guaranteed spam...
  • As has already been pointed out, this is a bonding service - not a straight for profit medium for Microsoft.
    My biggest questions is When a company breaks the rules, where does the bonded money go??
    My other problem is that this in an opt-out service. I would prefer to see an opt-in only service, but that would pretty much invalidate the idea of a global whitelist, wouldn't it.
    I just hope that microsoft doesn't think this is the end all answer to spam filtering. Bill Gates stated in the Washington Post
  • And just when I thought they couldn't sink much lower.

    I will say this much. The advertisers should be paying the END USERS if they want to get people to read their drenn. They're the ones who are getting their mailbox stuffed anyway.

  • by Anonymous Coward on Wednesday May 05, 2004 @09:01AM (#9062428)
    I am an engineer in charge of a large email system. We send millions of emails per week to our members. I have contacts in the top 10 ISP's and we're on no RBL's of consequence (the big 10 RBL's are clean, we are not concerned about the RBL run by sn0rky in his dorm room). Rarely do we have a delivery problem, however we did decide to get Bonded since it looks like a good program for responsible mailers.

    The BondedSender process looked us over and saw that we had, *gasp*, 50 complaints with a volume of 20 million messages sent. One complaint per million is their threshold for acceptance into the program! This is unreasonable. People complain about messages from their own damn family in my experience. The geeks here wont understand because they are literate of the issues surrounding the politics of email... but your average citizen is going to flip out and start whacking the "report as spam" button for anything they don't want to receive: their buddy sending them a dirty joke they don't want, an alert from their bank about their account being low, mailings from their girlfriend breaking up with them, etc.

    This is absolutely true. I've heard the horror stories from my contacts at the aforementioned top 10 ISP's. The number of complaints they get about private emailings to and from their own contact lists rivals the number of messages that are actually spam.

    I have an associate that works at large-bank-corp and they get about 1 per 10,000 complaints for their goddamn credit card statements!

    BondedSender will be short lived unless they relax their restrictions. Any spammer sending pr0n and v|agra mailings is going to not be interested in this deal simply because of the costs and hassle of getting bonded. It's cheaper for Ma Bulker to just switch ISP's every two weeks or scam open relays.

    Anyway... that's my say... Good luck if you try getting Bonded.
  • It almost makes you want to cheer on the spammers
  • I mean, if I am to enter my mail somewhere on the internet, it's my (long deactivated) hotmail account that I am using exactly for this purposes. And on my everyday mail account, I don not get much spam on that one. I mean, come on. If you were thinking that free online services will stay free, then you did never think about the money one can make of advertising. So this is rather natural, I suppose. Why not move to another provider? There are lots...
  • by wayne (1579) <wayne@schlitt.net> on Wednesday May 05, 2004 @09:06AM (#9062465) Homepage Journal
    A classic screwed up slashdot submission.

    MicroSoft isn't selling anything, they are using the services of another company, namely bondedsender.com.

    Who are bondedsender? They are part of ironport systems, who also own spamcop.net. Spam reported to spamcop.net automatically gets reported to bondedsender.com and the spammer gets whacked.

    This is really good news because spamcop.net/ironport were recently sued by the spammer snotty scott richter. This means that ironport will have more income to not only fight the spam lawsuit but fight spam in general.

  • by RhettLivingston (544140) on Wednesday May 05, 2004 @09:06AM (#9062466)

    Anyone thinking there is a greed motive for this is wrong. There is no way that Microsoft would trade this much bad press for the paltry amounts of money that this could generate. So, here's what I think is happening.

    Microsoft has been pursuing various antispam paths, but the ultimate one, enforceable legislation to stop it, has encountered some resistance unless the legislation's effects are limited in some way. I think they are trying to counter some of this resistance.

    There are occassions that I get "spam" from software companies (whose products I've used in the past) advertising new products. I don't mind that kind of spam, yet I almost always find them in my spam box because I use a pure white list approach and forgot to put the company on my white list.

    The kind of spam that really drives me nuts and causes me to switch addresses is the spam that's looking for that one sucker in a million, the viagra spam, the refinancing spam, and the pornographic spam.

    If the guidelines a) ban the improper spam while allowing contacts from other companies and b) strongly enforce requests to remove my email from a list, I could live with this system. Especially if they implement a one stop shop to manage whose lists I'm removed from.

    But why would I want to live with this? Because it cuts the only leg of the spammers arguments that has been getting any mileage at all out from under them. If you create an enforceable system and say, "you can spam if you follow the rules of this system", then they can't argue that their "legitimate" spam is being blocked anymore and all antispam legislation suddenly gets a green light.

  • by auburnate (755235) on Wednesday May 05, 2004 @09:07AM (#9062473)
    I have had an account with hotmail long before Microsoft bought them out as reported in Cnet Jan. 3 1998. It has survived moving to new locations and outsurvived other email accounts I had at various universities. It even survived moving to Colombia for two years while I was a missionary. Hotmail has been good to me in those 7 years. I can even say that I have be blessed not to get all the junk mail clogging up my inbox. I may get one or two a day that don't get blocked. Yet I see 7 years of famine on the horizon. If Microsoft thinks it can start whitelisting its own (without any compensation going into my wallet [ I wouldn't mind getting a "whitelist" email now and then if my paypal account was augmented accordingly] ) then they are kissing my account goodbye. All it takes is one mass email (spam?) to all my friends and family and I have a new email account.

    My $0.02 worth! The more you tighten your grip, Gates, the more star systems will slip through your fingers. -Princess Leia (modified)

  • But I wonder how profitable spam is to the spammers anymore. I can see how it may have been profitable when it was "new" ie most users were too trustoworthy of what was sent to them in the mail, however I would hope most people have wisened up, just as the volume of spam is increasing. I mean, how many times can you get a response that you were approved for a mortgage application that you never applied for or how many obscure dead relatives who work for Nigerian companies do people think they can have?
    I
  • by Teppy (105859) * on Wednesday May 05, 2004 @09:08AM (#9062483) Homepage
    I read thru BondedSender's terms of service. Their allowed complaint rate is 1 per 1,000,000 messages sent. Each complaint over that limit deducts $20 from the sender's bond.

    As someone that does legitimate commercial mailings (opt-in, for our MMORPG [ataleinthedesert.com], about 15,000 messages per month to current and past players), this strikes me as slightly expensive, and somewhat dangerous. Some math...

    Typically I get about 10 angry letters per newsletter, so that's $200 to send each newsletter. A cost of 1.3 cents per email isn't bad, since I know that most people read what I send.

    Two problems. First, most newsletters go through now. Maybe 10% get spam filtered (I should probably set up a way to track this). So reaching those additional people costs 13 cents each. That is expensive.

    Second, I worry that if the system becomes well known, it would be griefed: A single player with a bone to pick would sign up under a bunch of email addresses and "complain" from each. I'm not sure how to resolve this.
  • All the mail I get at Hotmail is spam anyway. It's my spam-catcher account. Anything I have to sign up for on the net gets the hotmail account. Anything on the net you sign up for where I actually want to receive it, goes to yahoo. Both are actually spam-catchers.
  • by Fringe (6096) on Wednesday May 05, 2004 @09:12AM (#9062516)
    Sometimes I think Microsoft is too large to have internally-consistent policies. I've met lots of Microsofties at all levels; most of them really seem to believe in reducing spam, viruses and security holes. And then there's the bean-counter divisions that see potential revenue and just can't pass it up.

    So just imagine, in a year or so... Microsoft whitelists some spammers. Then Microsoft developes Outlook enhancements to block MSN-enabled spammers, for a minor upgrade cost. Then Microsoft MSN finds a way around this, for their premium spammers for an extra fee. Then there's always Microsoft, who promptly developes new Windows and Outlook work-arounds necessarily to close the viral windows enabling the premium ones... for a minor fee to the users.

    But, ironically, I don't believe they do this on purpose. It's more like virus writers vs Norton Anti-Virus or a game of chess, with two entirely different sides that just coincidentally are under the same corporate umbrella.

  • by joshuao3 (776721) on Wednesday May 05, 2004 @09:21AM (#9062589) Homepage
    This system could potentially hurt many small hosting companies and small businesses. Businesses that have their own mail servers, or small hosts that provide mail services for their clients are now going to have to pay more just to provide basic mail service. Telling people "sorry, you can't send to MSN accounts" is simply not acceptable. It doesn't matter if it's a bond or not, the fact is that a small host now has to pay a lot of money to provide an essential service to it's clients. IronPort could essentially charge whatever they want if they own exclusive rights with MS for this service.

    This approach form Microsoft is scary as hell for small hosts/providers and I hope that it doesn't happen if there is only one whitelist that MS goes with. If there were multiple whitelists, then I'd feel much more comfortable.
  • Not how it works (Score:5, Informative)

    by mikeage (119105) <slashdot@ m i k e a g e .net> on Wednesday May 05, 2004 @09:26AM (#9062631) Homepage
    This is a very misleading summary. Basically, the bonded program (which even spamassassin recongnizes and assignes according a minus "point") requires mailers to put up a bond before their emails are allowed. They still cannot send spam, however, they may only send mail to registered users. If users complain, the company has to either prove they joined or pay up.
    • Re:Not how it works (Score:3, Informative)

      by kindbud (90044)
      That isn't how it works at all. You pay IronPort to get listed on their BondedSender DNS whitelist. Anyone, anywhere can configure their mail server to consult the IronPort DNS whitelist, in the same manner as one would use SPEWS or Spamcop BL, and use that lookup to decide whether or not to subject the message to spam filtering, or to let it pass without any filtering. It is conceivable that a ISP or mailhost could use the BondedSender DNS whitelist as a blacklist, and exclude all BondedSenders from the
  • by tramm (16077) <hudson@swcp.com> on Wednesday May 05, 2004 @09:40AM (#9062744) Homepage
    The SpamAssassin test USER_IN_DEF_WHITELIST [spamassassin.org] checks to see if the sender is in the list of companies that are on its built-in white list. Network Solutions, internic, register.com, nytimes.com, amazon.com, mypoints, paypal, the FT, Palm, Handspring and others are all on it. They don't sell access to it, so it is not the same as what Microsoft is doing. It is similar, however, in that some companies get a free pass (well, up to -15) for any mail that they send out.
  • by Trailer Trash (60756) on Wednesday May 05, 2004 @09:43AM (#9062770) Homepage
    Okay, people, there are about two clueful people who have posted so far, and about 50 idiots who are yelling "Microsoft is taking money to allow spamming". READ THE ARTICLE. Holy shit.

    For those too st00pid to read it, here's your list of clues. Microsoft gets no money, IronPort gets the money.

    If you're a legitimate emailer (i.e. you email to people who have asked for email) IronPort takes the $20K up front as a bond. If you spam, you get knocked off the whitelist and they take your $20K.

    It's not "pay $20K and spam all you want". It's "put up $20K to say that you won't spam".

    As someone else here said, their standards are *very* high. You must have no more than 1 complaint per million emails, which is a very low number. Having run double-opt-in lists myself before, I assure you that cluefucks will complain about something that they signed up for (and confirmed) the day before.

    As an ISP, let me say that this is a great program.

    They are very anal
  • by geoff lane (93738) on Wednesday May 05, 2004 @10:31AM (#9063273)
    If you know that a particular site is on the whitelist it makes sense to route your spam via that site if you can.

    Honeypot, flies, attract are some words that come to mind.
  • by Ra5pu7in (603513) <ra5pu7in AT gmail DOT com> on Wednesday May 05, 2004 @11:15AM (#9063889) Journal
    If you have a hotmail account, you already know you can't block or filter to the trash any email from "staff@hotmail.com". It just isn't allowed. Of course, if you're like me, you only have the hotmail account for registering and you know it will only ever have spam, therefore you have everything go to the junk mail folder which will empty automatically. Only pitfall is I have to access it about once a month to prove it is "active".
  • by mnemotronic (586021) <<mnemotronic> <at> <netscape.net>> on Wednesday May 05, 2004 @11:45AM (#9064207) Homepage Journal
    The company I work for, which makes rotating magnetic storage devices, pays what some co-workers describe as "an enormous amount of money" to be Microsoft or Windows "Certified" (I don't know the exact figure). Now, understand that MS doesn't do an bit of work here .... we buy the test platforms, run the tests, collect & collate the data, and go forth to Redmond on bended knee to present our lowly product and request "Certification". MS collects a fat check and stamps it "yea" or "nay".

    Pardon my attitude, but if you ask me, they should be the ones coming to us to see if they're ATA, Serial-ATA, FC, or Serial-SCSI compatible. We have the expertise, they just write a driver.

  • by kcornia (152859) on Wednesday May 05, 2004 @11:56AM (#9064361) Journal
    Seems to me like this is a step in the direction of entities eventually only accepting mail from "whitelisted" persons or groups, which will in all likelihood lead to a "fee" to be on a whitelist, thereby causing e-mail to no longer be free...

    Maybe I'm being short-sighted, but this sounds fishy to me..
  • by Animats (122034) on Wednesday May 05, 2004 @12:52PM (#9065046) Homepage
    IronPort wants you to install a hole [bondedsender.org] to let their stuff through. For SpamAssassin, for example, they want you to put in
    • header RCVD_IN_BONDEDSENDER eval:check_rbl('relay', 'sa.bondedsender.org.')
      describe RCVD_IN_BONDEDSENDER Received via a whitelisted Bonded Sender address
      score RCVD_IN_BONDEDSENDER -100.000

    Note that "-100.000". That says "accept this, even if it looks like spam". You might want to use, say, "-3.0" instead. Give them a little credit, but don't open the floodgates.

    Watch for spam with the "RCVD_IN_BONDEDSENDER" flag in the X-Spam-Status header line. You might want to have Mozilla (I assume Slashdot readers aren't using Outlook) move such messages into a "Bonded Sender" folder. That lets you watch what they're sending.

    As soon as you find a real spam passed by BondedSender, please post it to NANAE.

    • Well, Bonded Sender has been a default part of SpamAssassin FOR AT LEAST A YEAR now, and a quick search at google groups yields only three posts to NANAE containing either the old RCVD_IN_BONDEDSENDER or the newer RCVD_IN_BSP_OTHER, and none in RCVD_IN_BSP_TRUSTED.

      Two [google.com] of them [google.com] are phishing scams that triggered the rule only because SpamAssassin checked forged Received: lines when it shouldn't have. The other [google.com] is less clear.
      • The trouble, though, is that IronPort/BondedSender reserves the right to change the rules at any time. Already, bulk mailers are complaining the rules are too restrictive. Once they have all the backdoors in place at major ISPs, they can change the rules.

        A likely change would be to embrace the Direct Marketing Association's "Four Pillars of Responsible E-Mail Marketing". [the-dma.org]. That's opt-out, not opt-in. And it's "narrow opt-out"; you may have to opt out for each "line of business" of each spammer separatel

  • by krgallagher (743575) on Wednesday May 05, 2004 @01:53PM (#9065688) Homepage
    I opened a hotmail account once. My company decided to adopt MS Instant Messaging as a standard and I did not want to give out any real email addresses to set up the .NET Passport thingy so I createrd a new Hotmail account. I was recieving spam in the account within 24 hours.

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Working...