Follow Slashdot stories on Twitter


Forgot your password?
Spam Your Rights Online

80% Of Incoming E-mail At Hotmail Is Spam 422

The Llama King writes: "According to this AP story at The Houston Chronicle, 80 percent of the e-mail that makes its way into Hotmail's user inboxes is spam. And that does not include the UCE caught by Hotmail's filters. This is the first of a three-part series the Associated Press is doing on spam."
This discussion has been archived. No new comments can be posted.

80% Of Incoming E-mail At Hotmail Is Spam

Comments Filter:
  • dah ? (Score:3, Interesting)

    by Anonymous Coward on Sunday August 04, 2002 @08:41AM (#4007507)
    Most people use their Hotmail account to sign up for newsletters, do posts to news servers, give it out to people they only just met 2 minutes ago..

    Of course most of it is spam. That's not Hotmail's fault.

    Most spam is the result of an account owner's own actions (direct and indirect).
    Other spam is just broad coverage, i.e. people sending to aaaaa1@hot/ aaaaa2@hot/ aaaaa1hot/ and so forth.

    I hardly have any spam on Hotmail, the spam I do get I mostly get from auto-forwarded e-mails to an address I had 2 years ago.
    • My wife, for example, created a Hotmail account, even though she already has her own email address with my ISP. The only reason she created the additional Hotmail account is to serve as a junk box. Many web sites that you don't really trust ask for your email address so they can send you a login/password to use their message forum or what-have-you. Why give them your primary email address, and risk them reselling it (or endlessly spamming you themselves)? She can just use the Hotmail account whenever she's not sure about the people on the other end.

      How much of the spam in there is actually Hotmail's own fault? Who knows.... We don't really care either. She just deletes everything in it, each time she signs on, after retreiving anything of value buried in all the junk.
    • Re:dah ? (Score:2, Insightful)

      by ericman31 ( 596268 )

      Most spam is the result of an account owner's own actions (direct and indirect).

      So, my 8 year old son, who is not allowed to use email without supervision, is responsible for all the pornographic spam he gets in his Hotmail account? My wife specifically set his account up as being a minor. He gets to send email to family only. And yet he receives 30+ unsolicited emails a day, 90% of which are pornographic in nature. And yes, we did set all the privacy options available on Hotmail. I'm guessing that our direct actions of trying to protect our son's email account so he can stay in touch easily with his grandparents is the issue. We have since switched to cable internet access and our son now uses one of our ISP provided emails (we get 6, which is a bit of an overkill). No difference in email patterns. Voila, suddenly he gets no spam.

    • yes and no. I created a hotmail account two years ago while i was travelling - so that when I got emails from people tha thad attachments that i could not look at at the time, due to the fact that i was on dial up connections in various south-east asian countries, I could forward them to my hotmail box just to store them there until I got back.

      I NEVER had given the address out to *anyone* - and I de-selected the "list me in the hotmail phone book" option or whatever its called when I signed up.

      I got about 100 spams a month in that box. now the only thing I use it for is give it to sites that require a response to their email for verification of something - like craigslist postings etc...

      so yes - it is hotmails fault in that I had never told anyone of that account and still spam was getting through. also - they added me to the public user listing at a later date without telling me... and I ahd to go back and re-de-select that option.... lamers..

  • 80% Of Incoming E-mail At Hotmail Is Spam

    Judging from my inbox it seems that 80% of outgoing email at hotmail is spam.

    Where's that mentioned in the article?

    Cost effective attractiveness []

    • by Rick_T ( 3816 )
      > Judging from my inbox it seems that 80% of
      > outgoing email at hotmail is spam.

      If you read the message headers, you'll probably discover that most of this spam isn't actually *from* hotmail. It just shows a hotmail address in the "From:" line. The "From:" line is no more accurate than a return address written in the top left-hand corner of a letter you'd get in the mail. In other words, it can say whatever you want it to say.

      And as someone who has more than one e-mail account, bring able to change "From:" without trouble is a *good* thing ...

    • 56

      Well, i have a filter on my mail programm which redirects all mail from,, and to the trash.
      And that is enough to get rid of almost 90% of all the spam i'm receiving.
      • that's quite foolish. you're probably also filtering a high percentage of the e-mail you actually want to receive.
        • > that's quite foolish. you're probably also
          > filtering a high percentage of the e-mail you
          > actually want to receive.

          Quite right. I use e-mail for (among other things) communicating with my students. If I filtered out all those providers, 90 percent of my students' messages to me would get dropped. Looking over one of my classes, that guys filter would block 17 students out of a 19-student class! (Okay, so that's 89% :) )

          Of course, my main spam problem (I'm not on hotmail) is still the Korean spammers, which *are* rather easy to filter out without alienating my students. Although it still is annoying when the Koreans send me 50+ spam messages overnight and I'm checking my mail with a dialup connection...

  • My first reaction (Score:5, Interesting)

    by Alien54 ( 180860 ) on Sunday August 04, 2002 @08:46AM (#4007522) Journal
    My first reaction, cynical as it is, is that the reason that this is happening is that no one really uses hotmail except as a junk mail account, something to use when entering an address into a form online etc.

    Still, there is promised security of the MS passport system etc. In this case it looks like more like a spam enhancement system. since this is supposed to be something to verify your login across the net. This means that most email addresses there have been preverified by MS as being valid.

    a gift to spammers everywhere.

    • Actually, I use a account for my junk, since their spam filters are better.

      Since I still have a Windows machine, I have Outlook Express installed and check my Hotmail through that, usually.

      What's really stupid, IMHO, is that the best way to prevent excess spam is to block the domains, which I can do through the Hotmail web site, but not via Outlook Express.

      • Actually, I use a account for my junk, since their spam filters are better.

        Not only are Yahoo's spam filters very good, but either they fight back at the isp level, or they just plain block some spam. I don't seem to get repeated spam like I do with conventional email addresses.
  • Forgeries (Score:3, Informative)

    by olman ( 127310 ) on Sunday August 04, 2002 @08:47AM (#4007525)
    Not only that. Since Hotmail implemented one-click filtering, spammers have been using to: and cc: instead of bcc: so the commercial messages you have requested get throught into your mailbox. Annoying as hell. One reason I went over to Yahoo. Later I changed to spamcop, since yahoo aka large-intrusive-popup-ad-parlour sucks :-)

    No, spam does not have to work because there's so much of it. What does work is selling harvested email addresses to assholes.
  • Cindy (Score:3, Funny)

    by chicoy ( 305673 ) on Sunday August 04, 2002 @08:47AM (#4007528) Homepage
    I quite like getting Cindy's email.

    Makes me feel good.

    It's pretty much the most interesting thing that happens in my day.

    hmmm.. I think I need a new job.
  • Yay. (Score:5, Interesting)

    by standards ( 461431 ) on Sunday August 04, 2002 @08:50AM (#4007531)
    Finally, a well-written article that highlights the downside of spam.

    Yeah, we all know that email is a "powerful new marketing tool", but few have written about how much negative impact it has to the economy and our everyday lives.

    I have an email address that I've never given out, and 90% of the messages I receive are spam. The email address on this posting ONLY receives spam... mostly in some funky character set that I can't bother to being to read. This address gets about 40 a day (and likely more after this posting).

    So, industry self-regulation? Well that doesn't seem to work - and it didn't work with Enron (or WoldCom or Andersen or ...)

    So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.

    They passed laws to control the misuse of FAX machines... and although not perfect, they do help. Then again, how many people do you know that have a fax machine at home? Betcha most people have unplugged theirs due to FAX Spam.

    • Re:Yay. (Score:4, Insightful)

      by anthony_dipierro ( 543308 ) on Sunday August 04, 2002 @09:33AM (#4007617) Journal

      So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.

      What good is that going to do? Do you actually know the identity of the person spamming you? You can't sue John Doe defendants in Small Claims Court.

      • Do you actually know the identity of the person spamming you?

        The laws should require that ISPs provide you with any and all contact information for the person assigned the IP address from where the spam originated (provided that you can provide reasonable proof that the headers are legit). I'm sick of complaining to ISPs and having them say "pay $150 to get a subpeona and then we'll tell you who spammed you -- *if* we even know."
    • At least they are paying for the long distance phone call when they send me FAX spam.
    • Honestly, if 90% of your new messages received are spam and this is with an email address you never gave out - you have issues with your particular ISP.

      I, for example, have an account with Southwestern Bell, and last time I checked - they don't even have any spam filtering in place on their end.

      I try not to give this address out, but I have accidently posted a message once or twice to Usenet with my real email address in it. (This was due to freshly re-installing my OS and applications, and forgetting to change a couple defaults before I posted.)

      Even having done this, I only get 2 to 4 emails per day of spam. I receive quite a bit of email each day, too - so this isn't a bad ratio at all, IMHO.

      Every time I've had real problems with spam on an email account, I can trace it back to something stupid I did myself. (Most often, it had to do with leaving it up on a web site for a long time, under one of those "click here to email me" links.) Those email harvesting bots will eventually find it and add it to spam lists if you do that.

      For what it's worth, legislation rarely solves problems. Our knee-jerk reaction of "there oughta be a law!" every time we're upset usually causes our country more long-term harm than good.

      I will say, however, that laws have been in place for quite a long time that may already apply to spam email. I just saw a Supreme Court ruling yesterday, while perusing a list of older "free speech/free press related" rulings. It basically stated that anyone receiving an article in the mail that they consider to be offensive or obscene (and the receiver can make this determination on their own) can legally ask the post office to block any further articles from that recipient. As you also pointed out, there are laws in place governing unsolicited fax transmissions.

      We may not really need any *additional* laws to handle the problem.... only the courts interpreting existing laws in such a way that they cover electronic mail as well.
      • by mosch ( 204 )
        Honestly, if 90% of your new messages received are spam and this is with an email address you never gave out - you have issues with your particular ISP.
        In a word, no. Spammers often engage in what's referred to as a rumplestiltskin attack, where they just try to send mail to, and then they see if it bounces. If it doesn't, bingo, that address is being resold.

        Additionally, for major providers like AT&T, Hotmail, etc, they'll take every single username that they know of at hotmail, and try it at AT&T, and see what bounces.

        Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.

        • Add to this the fact that they often do these tests while bouncing through 500 open relays that they don't control, and you have an extremely hard to detect, hard to control wardialer.

          How difficult/time consuming would it be for someone with a decent commercial internet connection (DS3 or better) to run a scan of the entire IP address range, sending a test e-mail back to himself through all discovered open relays (perhaps with the e-mail address used for easy identification)? This list could then be used either to contact address owners and perhaps creating public blacklist for those who refuse to plug the holes.

          Simplifying the math, with about 4 billion total addresses (I'm not factoring in private ranges), and one attempt per second, I get 134 computer years. Divide this by a corresponding increase in the number of possible attempts per second, and it slices down rapidly. For example, 100 attempts per second would be 1.34 computer years, and that could be further lowered by either faster or multiple computers (or both). Factor in the private address ranges and it drops even further. The main problem I see in this is the possibility of a perceived attack, though this could be moderated by randomizing the address listing so a large block owner doesn't get hundreds of probes a second.

          I'm sure spammers already do these kinds of things anyway, so why can't we? Or does someone already do this?
    • I have an email address that I've never given out, and 90% of the messages I receive are spam.

      What could the other 10% possibly be, since you've never given the address to anyone?

    • > I have an email address that I've never given out, and 90% of the messages I receive are spam.

      Do you mean "never given out" except to family and friends? I only give my primary account to family and friends, and I still receive hella-spam.

      I have a feeling I get added to lists when unsuspecting friends send me e-cards or click those "E-mail this article to a friend" links. I tell them never to enter my e-mail address into a web page, but they forget since it is seemingly harmless to them (and they trust "the Internet" for some reason).
    • I use an Anti-Spamming tool. And because it is based on Fuzzy logic and ratings of email it works VERY WELL. This will also continue on in the future since it filters out anybody who wants to sell me something or etc...

      As a result I am one happy camper. I can keep my old email address and not have to worry about the tons spam...
  • Of Course It Is (Score:3, Interesting)

    by echucker ( 570962 ) on Sunday August 04, 2002 @08:53AM (#4007541) Homepage
    Considering Micro$oft sells your address with nanoseconds of signing up, who is surprised? There are numerous mentions of this in previous comments to /. stories involving Hotmail. The most telling of these are the ones that claim the address was never given out, and still had SPAM within minutes.
    • I've had an account with Hotmail that I created in November 2001 for the express purpose of trapping spam. To this date, I have yet to receive a single spam to that account, aside from the regular hotmail notices.

      I have never displayed the address on it's own in public, so maybe that's part of the problem. It can be viewed on the web page I created for this trap test [], but nowhere else.

      Hmm, now that I mention this page, two of the links seem to be down... looks like I have a bit of editing to do.
  • One thing I always wondered is why providers of free web-based email accounts haven't started mining their users' inboxes/outboxes for more addresses.

    For instance, I've got a nice spam-free email account w/ my ISP, but all my friends have accounts with If I send them (or if they send me) messages, is my pristine address now at risk because it's now in their in/out boxes? Technically, this type of collection would seem trivial to implement.

    I'm not sure if the big guys (Hotmail, Yahoo) sell even their registered addresses (I could be wrong), but does anyone have a report of a web-based email service engaging in this kind of practice?
    • I'd have to say that while this scenario isn't out of the question, it's probably unlikely. How many spams do you get each day, and are the envelope sender addresses valid? In my case, I get 100 or more spams per day across my various boxes and typically all of them are from forged senders. If my ISP were mining the addresses of people who sent me mail, they'd have gigs of bogus email addresses by now.

      The same goes for outbound email recipients, if there's any truth in numbers. I have the AOL screen name "File," and a lot of AOLers seem to believe that CC'ing their email to "File" is supposed to save a copy to their local drive. I presume this habit comes from some email client somewhere but after years of receiving such misdirected email I haven't been able to figure out which one. (If only these people knew what they were sending to a real person, instead of to their local "File!") Anyway, I skim almost all of the mail I receive on that box - thousands a month, 99% of which are accidental carbon copies - and you should see some of the email addresses that people are sending email to:

      "jim bob example com"

      It never ceases to amaze me; there really are a lot of clueless folks out there who truly don't know how the heck to format an email address. IMO, it would be a waste to attempt to mine the recipient addresses on outbound mails, since (from what I see) so many of those addresses are bogus.

  • by fluor2 ( 242824 ) on Sunday August 04, 2002 @08:58AM (#4007550)
    This article itself is pure spam . . It contains information we allready knew about, and it contains a commercial for Associated Press. If slashdot had a block article button, I would have pressed it.
  • by blowdart ( 31458 ) on Sunday August 04, 2002 @08:58AM (#4007551) Homepage
    OK so filtering doesn't stop spammers sending, but hotmail could do the simple things,
    • Use blacklists, [] if you want to be really careful, or [] or [] to stop open relays connecting for a start
    • Check the sending domains exists when mail is sent.
    • Drop the common abusive domains
    • Increase the amount of blocked domains you can have. 250 is not enough when people use, and so on
    • Data mine the individual block lists. If more than 20% of hotmail users block a domain, then it should be looked at

    All these things are pretty standard these days, but webmail providers (not just hotmail) don't actually seem to bother. Remember, the more times you check your inbox, the more ads they have viewed.

    • As soon as a filter picks up a message as spam, the originating server should be probed to see if it's an open relay, and added to a blacklist network if it is. More agressive, probe every server that connects! (Hey, there's less than 2^32 of them :-)

      This way a spammer would only be able to relay _one_ message onto hotmail, and if they do the must expect the server to get blacklisted everywhere within hours.

      Instead of defining spam, hotmail could define spam combating.

  • I set up a Hotmail account on Sep 10, 2001. I needed to get a couple small files for a job, and since I had a cable modem I didn't have any internet access unless I was home. (Dial-up is so much more convenient in that regard...) Until that point, it was a small point of pride that I had not succumbed to Passport and all its' evil empire connotations. (So much for that...)

    We soon realized there were more than a couple small files missing, so they FedEx'd a CD from Massachusetts to South Carolina. While I waited for the truck, I was reading /. -- and learned right here of the terrorist attacks. I ended up staring at CNN for an hour before the package came and I went to work.

    Not a very auspicious start...

    That hotmail account was spam-free for a month or so... I never used it other than to give the address to one person. I know for an absolute fact she didn't give it out or sell it or whatnot.

    Let's see now... I haven't checked it in 2 days, so I wonder how much crap is in there?

    • 73 Messages -- all spam, of course
    • 362 KB
    I don't know why I don't just let the account expire... morbid curiosity, perhaps?

  • by smnolde ( 209197 ) on Sunday August 04, 2002 @09:07AM (#4007566) Homepage
    And we all know that. Technical solutions will curb spam. Solutions for users and consumers like Brightmail ans spamcop are steps in the right direction.

    Now if only all the mail server admins (corporate and private) of the world get their collective brains together and start blocking all the spame using any combination and permutation of RBL possible, spam might not make it into our mailboxes.

    SPEWS blocks ISPs. I like that. I don't receive crap from certain domains anymore since using SPEWS. I also don't accept mail from hotmai, yahoo, lycos, and many other free web-based email services except from whitelisted users.

    At work I get about 15-20 spam emails daily from an old work email address when the company changed named two years ago. If only the HMFIC of email would block off that domain i'd receive none. Laws won't help in this case because the email server is located in another country. Only a technical solution.

    I'm so sick of spam I run my own mail servers and filter the crap out of all mail. I receive on average 1 spam per week in my inbox. All the rest gets rejected or filtered into a spam filter that i oly perue occasionally, but I don't see it in my inbox.

    Keep going SPEWS - it's a great system.
  • by Captain Kirk ( 148843 ) on Sunday August 04, 2002 @09:10AM (#4007576) Homepage Journal

    Scott and Larry said you would like to know about this.

    Are you tired of churning Hotmail accounts due to spam? Have you ever found yourself wondering if others have inside tips that are holding your back?

    Wonder no more. I have the answer. Move Hotmail to Debian Linux, type 'apt-get install spamassassin razor' and your problems will be solved.

    Send your credit card details now to pay for my $0.02 worth.


    • Or just move back over to your old FreeBSD servers and type 'cd /usr/ports/mail/spamass-milter; make install' (assuming Billy G doesn't mind using sendmail).

      In fact, amavisd-new (or is it -ng?) supports spamassassin/razor now, so you get 3 milters for the price of one :)
      • spamassin has a bug that sometimes it decides things are in mbox format but it drops the empty line before the ^From\ line. This can be very bad if the 1st message is spam and the second one isn't. When I tried to report this, bugzilla was having a bad week.

        Spamassin also is very bad at deciding attachments are spam because any large image will have enough 4 letter regex hiding that it hits. I figure it false positives at least 5% of time.
      • by MS ( 18681 ) on Sunday August 04, 2002 @12:35PM (#4008198)
        Hotmail still uses FreeBSD with Apache (recently upgraded to 1.3.26) on some of its servers. The Web-Frontend is entirely on W2K, but a lot of the hard work is still done by FreeBSD: []
        Same for,, and many others.

        Don't fix, what ain't broken - maybe Microsoft understood this rule.

  • Well (Score:5, Interesting)

    by Mr_Silver ( 213637 ) on Sunday August 04, 2002 @09:11AM (#4007580)
    I've found that I've always had a problem with spam to my hotmail account. I don't sign up for anything, I don't ask for anything and I certainly don't publish my email address as it was only used for a couple of months.

    Granted, a lot of spam gets through on guesswork (such as every common permutation of John Smith @ but you have to wonder if something odd is going within the company when (as a test) you register ibtgsrq at hotmail dot com and within two weeks it starts receiving the usual fake degrees, penis enlargment and general porn stuff.

    subnote: ibtgsrq stands for I Bet This Gets Spam Real Quick - and it did.

    • by anticypher ( 48312 ) <anticypher AT gmail DOT com> on Sunday August 04, 2002 @10:46AM (#4007849) Homepage
      I created a couple of throw-away hotmail accounts before my current long vacation, as something to hand out to people I really don't want to know after we say goodbye.

      There were of the form (slightly changed to protect the poor accounts) and

      not the kind of addresses a script could guess by incrementing numbers. I carefully un-checked all the "please let M$ partners spam me" boxes as well. For the first 2 weeks after creating these accounts, not a single message came in. Then they both started getting occasional spam, obviously targeted.

      A couple of weeks ago I handed out the first address to a number of people while in Spain, and then checked it regularly from cybercafes around Portugal. Within days it was getting 3-10 portuguese language spams per day. Now it gets about 20 spams per day in various languages, but the second account is still only getting 2-3 per day.


      the AC
      • by tiny69 ( 34486 ) on Sunday August 04, 2002 @12:08PM (#4008108) Homepage Journal
        I've had that happen a few years ago. I traveled to a part of the US that I'd never been to before and used Hotmail to keep up on email. Within a couple of days, I was getting spam targeted for businesses in that area. This surprised me because I didn't even know what the URL's were for the businesses in that area. The people I was sending and receiving emails from also started to receive the same spam. The only explanation was that someone in that area (an ISP?) was sniffing email addresses and then selling them.

      • When I was in Mexico, I used some Internetcafes there too.

        Back home (in Italy), I got lots of viruses from Mexico (obviously the PCs in the cafes got infected by Nimda, CodeRed, Klez and friends). A few months later I also noticed an increase in spam-mails from all over the world.

        For me it's clear: viruses also spread your e-mail addresses a lot, and finally your address ends up in some spammers database.

        Spammers obviously use *any conceivable method* to harvest addresses.

      • by Wanker ( 17907 ) on Sunday August 04, 2002 @10:21PM (#4010026)
        Have you looked at sneakemail []? It generates permanent random mail addresses that forward back to your "real" address. You can configure the name that gets inserted into the name when it forwards (i.e. "Spanish Cypercafe One") as well as the name people see when you reply ("Mr. Fly").

        It saves a lot of tedious filling out of Hotmail accounts and attracts a surprisingly small amount of spam. (And you get to find out who spammed you...)
    • by zCyl ( 14362 )
      I've found that I've always had a problem with spam to my hotmail account.

      I don't get any spam at all from hotmail, because when I click sign up all I see is this:

      Microsoft® .NET Passport no longer supports the Web browser version you are using. Please upgrade to a current Web browser, such as Microsoft Internet Explorer version 4.0 or later, or Netscape Navigator version 4.08 or later.

      (When using galeon, which should work just fine.)
  • Spam techniques (Score:5, Interesting)

    by flonker ( 526111 ) on Sunday August 04, 2002 @09:12AM (#4007581)
    Recently, I ran a script against the mail server logs, testing what email addresses receive how much mail. And I was quite surprised to find a large number of hits for mailboxes that don't exist. For example: ...
    8 -
    2 -
    2 -
    2 -
    2 -
    2 - ...

    And also, such classics as (and all numbers attached.)

    Obviously, they can't afford to do this all of the time, but do it once, and use web bugs to track who opens the message, and boom. Instant verified email addresses.
    • with only a few million domains, how do you think they came up with 150 million email addresses? They will try the 4000 or so most popular user ids with every domain name.

      I've set up wildcard dns and I only allow email for very specifc domains. I also am filtering at the sendmail level so I can say "sorry, their mailbox is full, try again" since I figure the server isn't going to be doing anything most of the time anyway, whats a simple database lookup and a few packets if it can get a spamer to reque a message. What I want is a way to get MTU discovery on their link to decide their outbound routers likes an MTU of about 52 bytes.
  • by Cato ( 8296 ) on Sunday August 04, 2002 @09:14AM (#4007583)

    One of the better articles I've seen on how to stop spam covers Social and technical measures (Google cache) [], by Richard Jones - using Google because that site isn't reachable right now. It doesn't have all the answers, but has some very good ideas. Most importantly, they can be implemented by ISPs without legislation, important though that is in the medium term.

    I think a combination of strong filtering, strong terms of service (e.g. take credit card numbers of those who sign up for email service, and have an automatic and substantial fine for abuse), and legislation could really help. Spammers moving offshore actually makes filtering easier, for those people who don't do a lot of business with China at any rate...

    One key point is that spam-filtering should be controllable by the individual, to allow people to make sure they receive email that might look like spam (e.g. most commercial newsletters) and server-based so that nobody needs to download spam over slow dialup or mobile wireless connections. SpamAssassin is the best tool I've found so far.

    • I am not sure how an automatic fine billed to a credit card would be effective. After all, the customer could always contest the charge, and if the ISP cannot prove the charge is valid, which is actually more difficult than it sounds, the charge can be revoked. The ISP will then have lost the time and money needed to prove the charge, as well as have to pay any fees that the credit card company may charge to vendors in such circumstances. This could easily cause a negative cash flow at the ISP.

      I would suggest an alternative. I would think a large deposit from any bulk emailers would be in order. For customer who will only send out say 20 emails an hour with at most 10 addresses on each email, a no deposit account would be available. Software will enforce limits. If the customer wants to send more emails to more addresses, then the ISP can have a sliding scale deposit, which will be forfeited if the emails violate the terms of service. Again, I don't know if implementing such a scheme would cost more than makes, but it might stop some spammers. Of course, most ISPs would have to have such a policy for this to be effective.

    • by GigsVT ( 208848 ) on Sunday August 04, 2002 @11:39AM (#4008016) Journal
      I've written a grep patternfile that does a very good job as far as not causing false positives. It's not going to block 100% of spam, but I have not had it block a legitimate email yet, even corporate newsletters that may look like spam.

      If the lameness filter will let me post it, here goes:

      (I had to combine some of the shorter lines to get past the fucking lamenessfilter. Lines with a "-" in them should be broken into two lines)

      [Bb]egin[[:space:]]*[0-7]{3}[[:space:]]*.*\.(vbs |v be|js|exe|com|pif|lnk|scr|bat|shs|sh).*
      name=.*\. (vbs|vbe|js|exe|pif|lnk|scr|bat|shs|sh).*
      filename=\"?.*\.(vbs|vbe|js|exe|pif|com|lnk|scr| ba t|shs|sh)\".*

      Free Money - MyLife.scr - Pamela Anderson - Kournikova - Nasty Celebs Naked - CELEBS NAKED
      Free.VIP.Membership - LOSE WEIGHT FAST - LOSE 30-60 LBS - HOME REPS NEEDED - FREE NO OBLIGATION QUOTE - - Click here for a FREE QUOTE - tvdiscounts-online

      My Life.scr - Oregon auto loan - as well as six new vulnerabilities - Adult-Life.Com - Simply click the unsubscribe link below

      Unsubscribe Here - Penis Enlargement - hot young teen - hardcore sex - Cum inside - Uncensored Teen - bigger penis - penis longer - penis grow - Led.exe - HERMOSO DESEO

      myparty - fuck and suck - suck and fuck - x-msdownload - Content-type: application/mixed

      I send you this file in order to have your advice - Content-Type: audio/x-wav - ABC1234567890DEF - sexyfun - gone.scr - youngest teens
      tightest pussy
      Global Remove List
      inches to your penis
      youngest teen
      hottest teen
      Go to here to be removed
      Click here to be removed
      o be removed go
      The Best of the Best!
      t e e n s
      rape sex
      Snowhite and the Seven Dwarfs
      sexual enhancement
      supercharge your sex life
      amplify your pleasure
      fucked HARD
      If you wished to be removed from this mailing list
      get your rocks off
      Let these whores
      18 years old
      barn yard fun
      Rape SEX!!
      Mature Audiences
      sex with dogs
      Sex With Dogs
      Snake Fuck
      permission based messages
      permission based marketing
      Our Sluts
      To be removed from our

      Disregard the remainder of this message, it was necessary to get around the lameness filter.

      Well, now I have to type a bunch of stuff to get past the lame-ass filter. Blah Blah Blah, the cat sat on the fat rat, this is a waste of my time. The ends do not justify the means. I wonder if this line is long enough to raise the average line length yet, maybe I should keep typing. Man, I know why they call it the lameness filter, it is damn lame. 20.3 chars per line now, better type some more to raise that average. Lets see, I've wasted, what, 10 minutes of my life now because of this stupid filter? I wonder how many people just give up by this point. Blah Blah Blah, test test test. Maybe I can paste this line twice.
      lamenessfilterlamenessfilterThis is for the lamenessfilterlamenessfilterThis is for the lamenessfilterlamenessfilterThis is for the lamenessfilter menessfilterThis is for the
      Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibheuismod tincidunt ut laoreet dolore magna aliquamerat volutpat. Ut wisi enim ad minim veniam, qusnostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex eac ommodoconsequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velite ssemolestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros etaccumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augueduis dolore te feugait nulla facilisi.Lorem ipsum dolor sit amet,consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreetdolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrudexerci tation ullamcorper suscipit lobortis nisl utaliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit invulputate velit esse molestie consequat, vel illumdolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissimqui blandit praesent luptatum zzril delenit augue duis dolore te feugait nullafacilisi.Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diamnonummy nibh euismod tincidunt ut laoreet doloremagna aliquam erat volutpat. Ut wisi enim ad minimveniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquipex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit invulputate velit esse molestie consequat, vel illumdolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissimqui blandit praesent luptatum zzril delenit augue duis dolore te feugait nullafacilisi.Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diamnonummy nibh euismod tincidunt ut laoreet doloremagnaaliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exercitation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duisautem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat,vel illum
  • Since I have a mail server set up for my vanity domain, I switched for a while to giving out unique mail userbnames to websites, etc.

    Over a year ago, I started forwarding webmillion@[mydomain] to, because I was getting several spams a day to that account, and it was pretty clearly their fault.

    Last month, I was cleaning up my rules, and decided to remove that rule, thinking that the problem had passed. Wrong! Within an hour I had 4 mails. So the forward went back on.

    Oddly enough, Webmillion never contacted me about the fact that I was forwarding buckets of spam to them; I guess they are used to it because of the harvesting they apparently do, and just ignore that account.

    If everyone on Slashdot started asking sites like these about their harvesting practices, or simply forwarded the crap mail back to them, they would inevitably find the parctice more costly than beneficial to the bottom line.
  • So what does MS do to solve the problem? Punish the users. Make the mail account smaller. Disable POP access. Post your user information to "affiliates". Nag you to death about your account being to big.
  • "I think China is good place to be," Ralsky said. "You don't get the same kind of grief."

    Obviously he would prefer to live in a non-democratic country and keep on spamming (read. annoying) people. Rather then try to provide a valuable service to the general populous.

    As well, Ralsky is right, you don't get the same kind of grief, you get worse. But, that's the attitude of a con artist, no true intelligence or consideration for anyone else. I say, send the spammers to China. Hell, I'll pay for their plane ticket even.
    • Considering that a large amount of spam originates from China, I'm sure Mr. Ralsky thinks China is the place to be. Sounds like heaven to him!
    • > > "I think China is good place to be," Ralsky said. "You don't get the same kind of grief."
      > As well, Ralsky is right, you don't get the same kind of grief, you get worse. But, that's the attitude of a con artist, no true intelligence or consideration for anyone else. I say, send the spammers to China. Hell, I'll pay for their plane ticket even.

      Well, if Ralsky physically moves to China (as opposed to merely spamming through Chinese ISPs), I'm all for it.

      First - he'll have to spam through Chinese ISPs. Most of us have blocked China's netblocks at the router due to Chinese ISPs' unwillingness to terminate spammers.

      Second - I won't pay for his plane ticket. But I will gladly pay Ralsky $5000 for a spam that says "Citizens of China! Bring freedom to Tibet, and bring freedom and prosperity to yourselves by overthrowing the Communist Party and restoring power to the rightful leaders of China, currently in exile in the independent nation of Taiwan!" (I'm sure the Falun Gong would pay Ralsky to spam on their behalf too.)

      I'm equally sure that Ralsky, being such a smart entrepren00er and ethikul bidnizman, would take the money and spam from a Chinese ISP. (Ralsky's proved to himself that he's smarter than Verizon by leaving the country to escape judgement, so why should he fear a bunch of dumb Chinks? You hear that, Alan? You're smarter than a bunch of dumb Chinks, aren't you? You'll never get caught!)

      30 seconds later, I'd be watching with glee as the aforementioned "dumb Chinks" he's underestimated broke through the door of his Beijing apartment and started beating the living hell out of him for his crimes against the State. Oops, guess it's not like America after all, and they're not as dumb as you thought. Aaw, poor Ralskyboy fall down go splat.

      A couple of weeks later, an enterprising PLA soldier with a handycam would have a grainy videotape of Ralsky getting his just desserts - and Ralsky's relatives would be paying for the bullets.

      Now, considering the fact he's brainless, spineless, heartless, lily-livered, and terminally short-sighted, I can't imagine any of his organs would be useful for transplantation. (I mean, how many people need an asshole transplant? And even the most desperate colostomy patient probably wouldn't take Ralsky's asshole in a transplant. I mean, having to force your feces to slide through that for the rest of your life? Have a little respect for your own shit, man!)

      But yeah. Go to China, Ralsky. Go there, piss off the wrong people, and get your just desserts.

      (Any PLA d00dz out there wanna make a bundle? Lots of us, myself included, think government is wholly evil, but you could make up for a lot of that by webcasting Ralsky's arrest, trial, and execution. The number of Americans who'd pay good money to watch such a tape in the millions.)

  • If you use hotmail (Score:2, Informative)

    by rueba ( 19806 )
    Set Junk Mail Filter to "high" and Junk Mail Deletion to "automatic"

    And block as many domains as you can in the block sender list. Every time you receive a new piece of junk add its domain to the blocked list if possible.

    I just tried this recently and the spam I had to review went down from a 100 per day to about 10 per day which is much more manageable.

    Of course the spammers will probably get more sophisticated and we'll just have to think of something else.
    • This works well, except when you reach 250 addresses on your block senders list, then you can no longer block new addresses coming in with spam unless you remove some off your list. If we had the ability to block as many addresses as we wanted it would be more effective.
  • I think we all knew this at least subconsciously didn't we?
  • This has been said for months, but it's obvious why the spam gets through: because Microsoft lets it get through.

    If you don't check your Hotmail account for a few weeks, spam will surely push you over the 80% mailbox size limit... and suddenly you get an email from Microsoft telling you that you've nearly reached your limit, and you should upgrade for only $x a month.

    Also, don't they also have an advanced spam filter for paid accounts?

  • To all the people whining about how crappy hotmail is:

    Read aloud:
    "It's a free service, I get what I paid for".

    If you want good quality webmail/email, hook up with an ISP who delivers that webmail/email for you. Yes, that probably will cost you money, but the last time I checked, my groceries weren't free either.

    If you're dutch or from belgium: check out XS4all. This ISP has webmail, plus they have an antispam service, which lets you create a shadow mailbox which is used to dump the spam in (i.e.: you can check it if the filters have moved some mail as spam but it is legitimate). The filters use all blacklists available and some other sophisticated mailfilters. I received 25 spammails per day or so on my account there, and after I applied the filters this dropped down to 0.0. Especially the filters to block .cn and .tw originating domains was a good one. :)
    • I've used a free email service for over two years and have NEVER received spam. I'm sure it's partially because it's less well known than hotmail but also because the have a serious commitment to blocking all spam and pursuing action against incoming and outgoing spam.

      From the Myrealbox [] No Spam Policy:

      "Spam is no good.
      Don't do it.
      It causes bad karma and cancer (and perhaps some other diseases).
      Yes, this is true.
      No, it's not a joke.
      Oh, and spammers rot in hell.

      "For each violation of the no spam policy, users will be fined ten dollars ($10 USD) for EACH E-mail sent. This damages provision does not preclude Novell from seeking other damages as well."

      They give you IMAP, POP in addition to a nice webmail interface. I'm assuming they'll start charging for at some point but this is a good example of how it is possible to block spam if the service provider is committed.
  • What's the percentage on outgoing mail that's spam? I seemingly get the majority of my spam from hotmail or yahoo mail. Wish they'd implement a filter on that.
  • Get Vipul's Razor[1], Pyzor[2] or DCC[3]. *They actually work*.

    Done! Finished! No more spam!. Spammers are no more! And stop whining about bloody getting spam for Christ's sake!

    [1] and for Lookout.

  • reason (Score:2, Insightful)

    by outz ( 448278 )
    hotmails servers allow spammers to verify email addresses. so spammers use a program to verify every abc123 combo up to like 12 chars. Yahoo etc does NOT allow you to verify email addresses via their servers.. this cuts down on a lot of the spam.

  • I have a hotmail email address that I don't give out to anyone except my friends. Well so far, after a year of usage I've received less than ten spams.

    I also have another hotmail address that I use for absolutely everything, from registering to websites to putting it in my website, etc. Last time I checked I had 470 spams within a month.
    • I have a Hotmail address that I have NEVER given to ANYONE, and it gets packed with spam. The username is my first two initials and last name.

      Once in a great while I'll look at it and marvel at all the crap that collects in there, but since I don't want it I usually just let it go until M$ disables it so Trillian doesn't bug me with 'new mail' notifications.

  • by pgrote ( 68235 ) on Sunday August 04, 2002 @11:00AM (#4007885) Homepage
    ... with the bath water is one of the problems in fighting spam.

    I use Mail Washer as a pre-processor for my email accounts. It has now turned out to take more time to weed out legitimate messages.

    More and more of my legitimate email from distro lists I have subscribed to from cNet, Woody's Windows Watch and even obscure lists such as Amusing Facts Daily now show up in the ORBD and other spam lists it consults.

    For instance, just coming back from vacation I had 1200 messages across five accounts. 70% were tagged as spam from a spam list. 20% of those were legitimate distro lists.

    The independent spam lists do a good job of catching most of the spam, but it also catches too many legitimate lists. I try to send an email to the list admin letting them know, but typically they respond that it's not worth the effort trying to get off the lists.

    I've gone through a something just like it where I was Mudrered Electronically [] by my ISP.

    This site [] talks about what happens when a legitimate company gets on the list.
  • by Inoshiro ( 71693 ) on Sunday August 04, 2002 @11:15AM (#4007925) Homepage
    Greg Egan [] is an author, programmer, and scientist.

    In one of his short stories, he mentions having a setup where a whitelist of people you know are allowed to send you email for free, and anything else requires a minimum payment (which can be set from 0 to as high as you want). Tired of spam? I wouldn't be, for 25 cents a spam. That'd pad my bank account nicely.

    How could it be done? There are already proposed extentsions to the SMTP command set so that clients and servers could agree on an amount and pass a token to each other (be sure you're using a TLS aware MTA, like Postfix []), and it could be verified by both sides with the 3rd-party escrow server (which manages the money). Paypal is the only current online money system with enough momentum to make this work well for everyone, but maybe another one will come up :)

    Either way, it makes it easy to stop spam by removing the one thing that spammers like -- the cheapness. Only people who want spam (haha), or people who don't live in the 21st-century (MTA wise) will have to deal with the 20th century scourge known as spam.
  • Spam Detective [] can work with Hotmail accounts. What other programs can?
  • That's better than my account is doing right now. Of course, I don't get much email as I don't really use it for correspondance. This goes to show just how useless email is slowly becoming for anything worthwhile. It may very well be that in the near future we will need to design a new spamproof (or at least spam resistant) mail protocol to prevent this problem.

  • Many of you have mentioned temporary address. There is a free serivce that will give you a temporary address... very cool.
  • One of my hotmails is used for some registration sites, like a spam magnet address. 99% is spam there. On the others I have no spam at all, but that's only thanks to me blocking everything that is not explicitly allowed.
  • much of it to the reply address I use on Slashdot.

    I use SpamCop, which is quite effective. Once in a while I look at the queue of messages that SpamCop has decided are spam. About a thousand messages a week are rejected. Sometimes I hit the "report them all to their ISP" button, but usually I just let the stuff scroll off after 3 days.

  • A lot of you are asking, why Hotmail? Why not use some other free email service. Well the answer for me, and probably a lot of their user base, is that you have to use it for Passport. Since Passport is incorporated into nearly all of their web pages and services, it is necessary to have an address for this purpose. For instance, if I need to communicate with a family member on MS Messenger, even if I'm using Trillian or something, I have to have a Passport account to login and use the service. Same with games on the Zone. I quit using that site because they forced passport on users, but I bet many people still use it.

    I am currently getting around 75 spam messages a day to my Hotmail. Since I don't use that address for regular correspondence, just Passport, I just decided that perhaps its possible to get around the spam by setting my junk mail filter to exclusive, and then not adding anyone to my list of contacts. Sure I'll still get the MS crap about upgrading my account and stuff, but it should be so much better.

    Is anyone else doing this? Does it work?
  • I've gotten so fed up with Hotmail letting through 100 spams a day and then locking out my account that I decided to switch. I looked at upgrading my yahoo account to one of their for-pay services and just found it a bit too pricey and inflexible. So I started looking around for web based email providers, and found

    The domain sounds weird, but it is a web based email provider written by geeks for geeks. I paid $20 for a premium account after one day of using their free service. IMAP/POP/SMTP access, spam protection, virus protection, a really cool 'bounce' feature, 50 MB inbox, and a great 'Sieve' based filter system (you actually code rules in a pseudo-language designed solely for mail filtering), and you can receive email at The interface is simple, fast, HTML only (with lightweight style sheets) and I've yet to see it go down or lose an email.

    Not a single spam yet. Additionally, I use the anyaddress@ feature to provide better tracking in the event of spam. I gave slashdot the address - so that if slashdot ever sells out (heaven forbid) I can just block that address in my ruleset.

    Anyway, your mileage may very, but there are much better providers out there - there is no reason to stick with hotmail.

  • I admin a mail server, and I think the one thing that people here are fogetting is that on 50% of all SPAM and I'm sure an even higher percentage of SPAM claiming to have a hotmail address as the sender, the envelope sender address is forged anyway. The spammer has found some open relay that has a clueless admin that won't secure it, and they pump as much SPAM through it as they can before the relay hits the blacklists.

    This means that it actually has nothing to do with hotmail, or microsoft, other than spammers assume (correctly in most cases) that mail admins won't block the entire domain as SPAM.

    Don't get me wrong, I'm not defending anyone here, I'm just saying, be clear on what the problem is, and who the bad guy is before getting out the pitchforks and torches.

    just my .02 cents (US)

  • What's worse, you can't close your account.
    The only way to close the account is to 'leave it inactive for 60 days' --- and thus lose any 'relevant email' during those days. If i closed it, atleast the mails would have bounced so people could try my alternative addresses.

    Shoudda known! It's micros***! /Me getting out of hotmail now... by leaving it inactive for 60 days... hotmail was (hopefully) my last remaining 'connection' with microsoft!

    BTW, I saw one report on google of someone getting a hotmail notice "we hope you enjoyed your free service.. it is coming to an end.... charges will be...." ...i delete those numerous 'automatically flagged' MSN mail at hotmail so if there was one sent to me, i missed it... would be amusing to see a bill from MSN for my now-inactive hotmail account... OR perhaps they could simply insert this :) in an EULA "You agree that we will automatically charge you, when necessary, for services we provide you, by charging up your credit-card numbers we may obtain from our MSN partners and clients..."
  • Well, duuuh. What do people actually think that Hotmail, Mail, Excite, Go or other accounts are for? If you get on the Internet, you go through an ISP, which provides an email account, sometimes up to 5. That's where you get your real mail. For public exposure (signing on to news sites, etc.) email, get a Hotmail account, and just let it fill up with junk. I see it as getting a benefit from the Microsoft tax.

    Here's my strategy. My ISP: 1 email account; personal use (friends and associates). Mail(.com): identifying myself in public commentary ... forums like Slashdot, Kuro5hin [], and Fsckedcompany []; sending rebuttals to online news journalists; and mailing webmasters/programmers about their sites/programs. Hotmail: more spam-prone exposures, like logins to pr0n sites, yowza. Go and Excite: miscellaneous uses that I haven't thought of yet.

    Thus, my ISP email is utterly clean of spam. My Mail(.com) account gets a couple pieces of spam a week, with some replies from journalists, webmasters and programmers; I logon to Mail(.com) once a week to delete some spam and find some replies. My Hotmail account is a windswept and dusty wasteland of spam, getting 2-6 pieces of spam a day, and has some notices from the sites I subscribe to; I logon to Hotmail every 1 to 4 weeks to delete essentially everything, which is dozens of spam mails. The Go and Excite accounts are still being evaluated for their usefulness; I just login once a month to keep 'em active.

    So, thank you Microsoft for providing me a spam filter. Go ahead and even sell the list of your Hotmail clients ... you will just be using your own bandwidth to fill up your own hard disks. Suckers.
  • Considering the cost of Spam on the Hotmail system I wonder why a company like Microsoft won't spend a few bucks to make everybody in the world not even want to think about spamming.

    That 80% is probably only what they catch using the Junk Mail filters. I get a lot more that I don't even report because of how much of it I get.

    There would be no way I would spend a dollar on increasing my Hotmail account size considering the circumstances I mentioned. That's lost $$$$ for MS
  • by xX_sticky_Xx ( 526967 ) on Sunday August 04, 2002 @03:44PM (#4008894) Homepage Journal
    I think I have gotten about 3 pieces of spam the entire 2 years. This is about on par with the amount I've gotten in my ISP accounts. Now, my Yahoo accounts on the other hand...

    Why is this? Simply because my Hotmail account is the address I give to people and sites I trust (this one for example) that I'm sure won't share it with spammers. My Yahoo acccounts serve the opposite purpose. Whenever I register to some shady looking website that just seems to want to collect names it goes to the Yahoo accounts.

    I've said this before: People that sign up for Hotmail and get barraged with spam are either 1) using an easy to guess address or 2) using a numbered extension suggested to them by Hotmail eg It goes to figured that every numbered extension before that is a valid address. Do you think spammers don't realize this?

    Anyway, I know that /. is just running this story because it singles out Hotmail, which is owned by MS. If it was Yahoo then the story never would have been posted. On a completely unrelated note, I just saw an ad for VS.NET; I'm thinking of picking up a copy today :-)

  • You just have to laugh at what the spammer said. He's going to CHINA because the don't give you that kind of grief over peddling spam.

    Yeah man, go to China. They'll love you there.
  • by Guppy06 ( 410832 ) on Sunday August 04, 2002 @06:22PM (#4009417)
    "Sued by Verizon Communications for millions of dollars, spammer Alan Ralsky said he may simply move beyond the reach of U.S. courts to where service providers value cash more than complaints.

    "I think China is good place to be," Ralsky said. "You don't get the same kind of grief.""

    You go do that. And as more and more Chinese domains are blocked at the border Beijing will start to notice the effect it has on business there, where their businesses aren't able to reach customers that can afford such luxuries like "indoor plumbing" (with the local GDP per capita still hovering around $3600, China needs Western markets). And Beijing will start to impose new anti-spam laws with penalties ranging from all-expense paid trips to one of the interior's lovely "re-education" camps to death by an accute case of lead poisoning delivered to the back of the head (conducted in stadiums so we all had the chance to cheer them on).

    Don't let the door hit you in the ass on the way out!

Each new user of a new system uncovers a new class of bugs. -- Kernighan