Microsoft Will Sell Whitelist Services For Hotmail

Ec|ipse writes "Looks like Microsoft has found another way to make money, this time from spam. Microsoft has adopted a "whitelist" program (Bonded Sender by IronPort) which will allow marketers to pay Microsoft so that they are included on a special whitelist, guaranteeing uninteruptable delivery of their messages to Hotmail and MSN users. You can catch the full article at Excite. I especially like the nice naming for spammers, calling them 'marketers' sounds so much more legitimate." mgibbs adds "Hopefully the $20K fine that results from abuse of this system is enough to deter spammers."

It all makes perfect sense now.

[Trigun]

Spam the hell out of everyone, sue the spammers for profit, and then profit from the whitelists.

The UK

[Anonymous Coward]

I wouldn't mind spam so much if it actually had any relevance to me.

I live in the UK and nearly almost all my spam offers me services in the UK.

My email address does end in .uk so it shouldn't be too hard to work out

Yet another brilliant oxymoron from MS

[Anonymous Coward]

WASHINGTON, May 5 (Reuters) - Microsoft Corp. (MSFT) said on Wednesday it has adopted an e-mail "whitelist" program by IronPort Systems Inc. that will allow legitimate marketers to thread the gauntlet of spam filters protecting its inboxes.

From the company that brought you "Microsoft Works" now comes the new oxymoron, "legitimate marketers".

FogHorn LongHorn Plug

[webzombie]

One can only imagine what is being built into LongHorn to ensure this kind of business model continues.

So, everyone just blocks MSN and HotMail period! So long "marketeers" and their funny little noses and tails.

Is it me...

[Schmurgs]

or is everyone completely against MS making any money whatsoever? The Bonded Sender program looks like it will actually be really useful for 90% of Hotmail users, the ones who use it for their normal e-mail address, rather than the ones who just use it for MSN access. I've used Hotmail for the past 5 years, and have only ever had problems with spam from companies that really have nothing to offer, or cba with writing decent adverts. I think MS, if it has any sense (there goes my argument), will start refusing access to those kind of companies, and the spam that is actually put through will be of a higher quality and maybe even relevant (in a GMail kinda way?) Then again, I might be completely wrong.

If only they would share the proceeds

[G4from128k]

I'd accept all the spam in the world if they paid me 15 cents per message. That would make spam much cheaper than bulk mail and would weed out marketers who aren't serious.

If a company is going to sell my resources (time spent downloading/reading/procesing email) they had better share the revenues with me.

Re:You know,

[noelmarkham]

Gotta love the parent sig.

not a terrible idea - not a great one either

[netfall]

As has already been pointed out, this is a bonding service - not a straight for profit medium for Microsoft.
My biggest questions is When a company breaks the rules, where does the bonded money go??
My other problem is that this in an opt-out service. I would prefer to see an opt-in only service, but that would pretty much invalidate the idea of a global whitelist, wouldn't it.
I just hope that microsoft doesn't think this is the end all answer to spam filtering. Bill Gates stated in the Washington Post back in November that MS would eliminate spam within I think the next 2 or 5 years (something like that). This certainly is NOT the answer.

Good luck getting bonded... I tried!

[Anonymous Coward]

I am an engineer in charge of a large email system. We send millions of emails per week to our members. I have contacts in the top 10 ISP's and we're on no RBL's of consequence (the big 10 RBL's are clean, we are not concerned about the RBL run by sn0rky in his dorm room). Rarely do we have a delivery problem, however we did decide to get Bonded since it looks like a good program for responsible mailers.

The BondedSender process looked us over and saw that we had, *gasp*, 50 complaints with a volume of 20 million messages sent. One complaint per million is their threshold for acceptance into the program! This is unreasonable. People complain about messages from their own damn family in my experience. The geeks here wont understand because they are literate of the issues surrounding the politics of email... but your average citizen is going to flip out and start whacking the "report as spam" button for anything they don't want to receive: their buddy sending them a dirty joke they don't want, an alert from their bank about their account being low, mailings from their girlfriend breaking up with them, etc.

This is absolutely true. I've heard the horror stories from my contacts at the aforementioned top 10 ISP's. The number of complaints they get about private emailings to and from their own contact lists rivals the number of messages that are actually spam.

I have an associate that works at large-bank-corp and they get about 1 per 10,000 complaints for their goddamn credit card statements!

BondedSender will be short lived unless they relax their restrictions. Any spammer sending pr0n and v|agra mailings is going to not be interested in this deal simply because of the costs and hassle of getting bonded. It's cheaper for Ma Bulker to just switch ISP's every two weeks or scam open relays.

Anyway... that's my say... Good luck if you try getting Bonded.

But that makes Usenet less useful

[mccalli]

I've never really had a problem from spam.I've never given my email address out on usenet...It just seems to me that if people looked after their email address...they would reap the benefit of a spam-free inbox sooner rather than later

However, that makes my email address less useful, and Usenet a less useful resource.

I've never disguised my email address on Usenet or anywhere else (with the exception of some of the more pointless web site registrations). There have been plenty of times I've gone back to ancient archives digging for answers, come across someone who solved almost what I'm trying to do, and sent them an email asking if they'd mind helping me. And the converse has happened too - many people I don't know have emailed me over the years after coming across old posts, and I've helped out where possible.

I'm pretty defiant over this one. I refuse let low-life scum dictate how I can use my address. I am not going to jump through hoops at their behest - my email address is a contact point, and people should be able to use it to contact me.

Cheers,
Ian

Re:If only they would share the proceeds

[mikeboone]

I handle bulk emailings to people who signed up at my client's website. They are a legitimate business and unsubscribe those who reply or use the web form. But you invariably get spam bounces and other errors (here are some numbers [boonedocks.net]).

I was amused to find in the bounce mailbox one day an auto-reply from a person who offered to read our message if we'd deposit $5 into his account via Paypal. I don't remember the website, but I wonder if anyone has ever paid $5 to have their email delivered.

Some real companies might be willing to pay $0.05 to $0.15 if it really meant their message was being read. Our small business probably couldn't afford it though. And I'd hate to see the whole email system become pay-per-view.

Who uses hotmail anyway?

[condensate]

I mean, if I am to enter my mail somewhere on the internet, it's my (long deactivated) hotmail account that I am using exactly for this purposes. And on my everyday mail account, I don not get much spam on that one. I mean, come on. If you were thinking that free online services will stay free, then you did never think about the money one can make of advertising. So this is rather natural, I suppose. Why not move to another provider? There are lots...

Re:This is a BOND, not a payment

[SilentChris]

Well, actually, I think the point of this is to curve spam. No illegitimate (read: v1agr3) spammer will try to get on this whitelist. They'll be fined into oblivion. MS is basically saying "Here's a semi-more-legitimate group of spammers than usual. We can probably trash the rest of the messages we get".

7 years of feast, now 7 years of famine

[auburnate]

I have had an account with hotmail long before Microsoft bought them out as reported in Cnet Jan. 3 1998. It has survived moving to new locations and outsurvived other email accounts I had at various universities. It even survived moving to Colombia for two years while I was a missionary. Hotmail has been good to me in those 7 years. I can even say that I have be blessed not to get all the junk mail clogging up my inbox. I may get one or two a day that don't get blocked. Yet I see 7 years of famine on the horizon. If Microsoft thinks it can start whitelisting its own (without any compensation going into my wallet [ I wouldn't mind getting a "whitelist" email now and then if my paypal account was augmented accordingly] ) then they are kissing my account goodbye. All it takes is one mass email (spam?) to all my friends and family and I have a new email account.

My $0.02 worth! The more you tighten your grip, Gates, the more star systems will slip through your fingers. -Princess Leia (modified)

Re:It all makes perfect sense now.

[the chao goes mu]

My old employer (a web-hosting company which shall remain nameless) did almost the same a few years ago. They hosted hundreds of "marketers" (yes, we used the same euphemism), who spammed like crazy from our boxes, then they turned around and sold spam filtering services to their other clients. Nice to profit off the problem you helped create.

Very low complaint threshold

[Teppy]

I read thru BondedSender's terms of service. Their allowed complaint rate is 1 per 1,000,000 messages sent. Each complaint over that limit deducts $20 from the sender's bond.

As someone that does legitimate commercial mailings (opt-in, for our MMORPG [ataleinthedesert.com], about 15,000 messages per month to current and past players), this strikes me as slightly expensive, and somewhat dangerous. Some math...

Typically I get about 10 angry letters per newsletter, so that's $200 to send each newsletter. A cost of 1.3 cents per email isn't bad, since I know that most people read what I send.

Two problems. First, most newsletters go through now. Maybe 10% get spam filtered (I should probably set up a way to track this). So reaching those additional people costs 13 cents each. That is expensive.

Second, I worry that if the system becomes well known, it would be griefed: A single player with a bone to pick would sign up under a bunch of email addresses and "complain" from each. I'm not sure how to resolve this.

Microsoft at odds with... Microsoft

[Fringe]

Sometimes I think Microsoft is too large to have internally-consistent policies. I've met lots of Microsofties at all levels; most of them really seem to believe in reducing spam, viruses and security holes. And then there's the bean-counter divisions that see potential revenue and just can't pass it up.

So just imagine, in a year or so... Microsoft whitelists some spammers. Then Microsoft developes Outlook enhancements to block MSN-enabled spammers, for a minor upgrade cost. Then Microsoft MSN finds a way around this, for their premium spammers for an extra fee. Then there's always Microsoft, who promptly developes new Windows and Outlook work-arounds necessarily to close the viral windows enabling the premium ones... for a minor fee to the users.

But, ironically, I don't believe they do this on purpose. It's more like virus writers vs Norton Anti-Virus or a game of chess, with two entirely different sides that just coincidentally are under the same corporate umbrella.

Re:Nice One

[1u3hr]

Bill is a business man, get used to it !

We've been used to it since 1976: An Open Letter to Hobbyists [blinkenlights.com].

Re:It's also a list to avoid!

[Allen Zadr]

Great Idea!

Except that IronPort, not Microsoft, is running this list. IronPort are the same people who purchased SpamCop. IronPort's business is SPAM prevention.

There are plenty of legitimate companies that don't SPAM that have IronPort bonds. Especially where these companies are sending out 'Technical Errata' or trying to run product support over E-mail.

Now you can argue that 'Technical Errata' sometimes has embedded ads (usually not), and sometimes is unsolicited (usually not) - but most people who ask for it think it's useful. If I send a company an Email asking them about how to fix thier broken product, I surely wouldn't want the reply to be stuck in a SPAM filter (this happens to me once or twice a month).

If you want to use IronPort's whitelist service, inquire at thier web site [ironport.com].

Re:This is a BOND, not a payment

[Tim C]

Well, with a valid return address you can get in touch with them and ask them to stop, and/or hit them under CAN-SPAM, right?

Clarity - actual sources...

[Allen Zadr]

How about the real info?

Ironport's "sender" site. [bondedsender.com]
IronPort's "receiver" site. [bondedsender.org]

Re:It all makes perfect sense now.

[TheLinuxSRC]

Actually, you don't get anything. The bond is posted by the marketer and is put in escrow. Everytime an infraction is reported you (as the marketer) are fined a relatively insignificant amount against the bond in escrow. This way, should the marketer send out a million emails and get 10 complaints, the "fine" is insignificant. If a marketer sends out a million emails and gets a hundred thousand complaints, their bond is consumed by the multitude of tiny fines and they are no longer bonded.

Re:Second side to this coin...

[Allen Zadr]

If you are interested in how it really works (and how you can take advantage of the same whitelist), go here:
IronPort's receiver service [bondedsender.org] page.

If you are interested in the rules that bonded senders have to ablige to:
IronPort's sender standards [bondedsender.com] page.

Re:If only they would share the proceeds: control!

[G4from128k]

People here should know that putting a pricetag on something doesn't make everything kosher.

A very good point, in general. Yet as an adult I feel i have the right to enter business relationships - there is nothign wrong with selling my email processing labor. As long as the consumer retains control, I see no problem with bulk e-mail. With control of the system, I can easily raise the price of spam delivery to 50 cents or a dollar per message if the 15 cents/spam is generating too much volume.

Bulk mail without opt-in should be criminalized regardless if the envelope is paper, SMTP or whatever. Bulk mail is just another form of 'I have money, I can send propaganda to anybody, you cannot stop me, muahahaha!".

I'm not sure I want the government holding my hand and deciding what is good for everyone and what is not. I don't even see how the government can regulate spam given the international nature of it and the fact that commercial email has legitimate uses such as when my airline emails me that my flight schedule has changed or tells me of upcoming airfare sales.

To me, the greatest scheme for controlling spam would be monetary -- the spammer pays the recipient an amount that the recipient decides and the sender agrees to. Add recipient-controlled whitelists, blacklists, and rebates and the system provide zero-cost email between friends and trusted parties and consumer-regulated communications otherwise. This avoids the heavy-handed, one-size fits all approach of government regulation and pays each recipient for the resources consumed by spam as judged by the recipient. If someone hates spam so much, they can set their price at $100 per email.

The big problem with the current system is that the recipient bears a disproportinate burden of the costs. The cost to send an email is miniscule. But the cost to personally accept, read and process an e-mail is large. All I seek is a means of charging for my labor.

Re:Second side to this coin...

[goatan]

If you are interested in how it really works (and how you can take advantage of the same whitelist), go here: IronPort's receiver service page.

can i use this "whitelist" as a "blacklist" it seems a handy thing to have a list of self confessed spammers

Re:This is a BOND, not a payment

[Allen Zadr]

No, it doesn't ... IronPort's primary business is network security and SPAM prevention. IronPort bought SpamCop because of the good-will and name recognition that SpamCop would provide them.

IronPort also owns BondedSender (.com and .org).

IronPort is hoping to corner the 'WhiteList' market by getting legitimate organizations to bond for this service. This is not immediate money for IronPort (but could be a revenue stream if the lax up a bit on who they allow to bond). Bottom line - it's in their interest to take the bond. So, it's also in their interest to watch carefully for violations.

My bet... there will be very few of them.

Re:So THAT's why Longhorn will require WiFi!

[WormholeFiend]

funny, yes, but I wonder...

suppose Microsoft really had a wide-open backdoor in EACH & EVERY Windows-based computer in the world, and stored everyone's activity logs someplace, and analysed and crunched the data for whatever purpose.

how much storage space would that require? how many computer cycles would be needed per minute?

even the NSA doesnt store everything that goes through their servers, just the data that is somehow flagged as important...

Re:why using hotmail?

[pisco_sour]

I actually have two. But I have a perfectly valid excuse for that.

Here in Lima, Peru, you're pretty much stuck with it. Pretty much every beginner getting an e-mail address gets the tip from another newbie, "hey, get hotmail", and it's not because of the e-mail address itself or anything, but because of MSN Messenger. IM network usage is definitely a geographic phenomenon: Lima just happens to be an MSN Messenger city.

Which sucks, since a few years ago we were an ICQ city, and for a while we were becoming a Yahoo city. But MSN caught on and beat everyone out of it - most probably because, well, it's bundled with th OS, so it's like a no-brainer for most people. So, in any case, it's used for all kinds of communication, social, business, work, academic, people use it for everything, and if you wanna get "in the loop" and in contact with someone, you're pretty much socially forced to use it.

And of course, it has a very crappy 150 contact limit for your contact list. So when I maxed out, I had to sign myself up for another address so I could keep adding new contacts.

So, yeah, I use Hotmail, and why? Pretty much because society bends my arm to do it. Passport sucks, I use it for nothing. All my searches are Google, not MSN. In fact, I hate that horrible blue-purple MSN homepage. But if I don't wanna be a total social outcast and live under a rock around here, I've got to use that weird green-pawn thingy with the fucking butterfly, whatever it may really be.

Makes whitelist sites spammer targets?

[geoff lane]

If you know that a particular site is on the whitelist it makes sense to route your spam via that site if you can.

Honeypot, flies, attract are some words that come to mind.

It was already impossible to block their SPAM

[Ra5pu7in]

If you have a hotmail account, you already know you can't block or filter to the trash any email from "staff@hotmail.com". It just isn't allowed. Of course, if you're like me, you only have the hotmail account for registering and you know it will only ever have spam, therefore you have everything go to the junk mail folder which will empty automatically. Only pitfall is I have to access it about once a month to prove it is "active".

Being "Windows Certified"

[mnemotronic]

The company I work for, which makes rotating magnetic storage devices, pays what some co-workers describe as "an enormous amount of money" to be Microsoft or Windows "Certified" (I don't know the exact figure). Now, understand that MS doesn't do an bit of work here .... we buy the test platforms, run the tests, collect & collate the data, and go forth to Redmond on bended knee to present our lowly product and request "Certification". MS collects a fat check and stamps it "yea" or "nay".

Pardon my attitude, but if you ask me, they should be the ones coming to us to see if they're ATA, Serial-ATA, FC, or Serial-SCSI compatible. We have the expertise, they just write a driver.

Re:This is a BOND, not a payment

[Darren Winsper]

Perhaps Computer Shopper is different in the US to the UK, but I most certainly bought it for the articles.

Re:It's also a list to avoid!

[amaker4]

MS will create a whitelist.... With the pipeline of complete garbage coming into my hotmail account, I've thought for years that they already had!

Re:The hole Ironport wants you to install

[Kelson]

Well, Bonded Sender has been a default part of SpamAssassin FOR AT LEAST A YEAR now, and a quick search at google groups yields only three posts to NANAE containing either the old RCVD_IN_BONDEDSENDER or the newer RCVD_IN_BSP_OTHER, and none in RCVD_IN_BSP_TRUSTED.

Two [google.com] of them [google.com] are phishing scams that triggered the rule only because SpamAssassin checked forged Received: lines when it shouldn't have. The other [google.com] is less clear.

Re:The hole Ironport wants you to install

[Animats]

The trouble, though, is that IronPort/BondedSender reserves the right to change the rules at any time. Already, bulk mailers are complaining the rules are too restrictive. Once they have all the backdoors in place at major ISPs, they can change the rules.

A likely change would be to embrace the Direct Marketing Association's "Four Pillars of Responsible E-Mail Marketing". [the-dma.org]. That's opt-out, not opt-in. And it's "narrow opt-out"; you may have to opt out for each "line of business" of each spammer separately. Once for Viagra, once for refinancing, once for toner cartridges...

My point is that you don't want to blindly let through everything Ironport sends. You might give them some credit in the spam filters, but don't just open a hole.