Log in

View Full Version : Hotmail & Spam


Jason Dunn
11-15-2002, 09:00 AM
I often here this accusation bandied about - "Microsoft sells your Hotmail address to spammers, how else could we get so much spam?". To be honest, I pretty much believed it. I wanted proof, however, so I registered a new Hotmail account three weeks ago. I log in every few days, but the email address I used doesn't exist <u>anywhere</u> online. <br /><br />The results? No spam at all. <br /><br />I was quite surprised, because I thought even from brute-force username guessing the spammers would have found me. There are ways in which you open yourself up to spam vulnerability however, usually without knowing it. How? Keep reading. <!><br /><br /><img src="http://www.pocketpcthoughts.com/images/web/spam.gif" /> <br /><br /><span><b>Don't Confirm Email Address</b></span><br /><br />You know how some spammers have a "click here to remove" link at the bottom? Be careful about clicking on that - some spammers will use a link like that to harvest legitimate email addresses, because if a link gets a click, that means the email got to someone on the other end, and that's valuable information to spammers. Ditto for "reply with REMOVE in the subject link - we'll take you off our mailing list, promise!". When you verify that your email address is active, spammers will in turn sell that valid email address to other spammers, and the amount of spam you get explodes. If it's a legitimate newsletter that you signed up for, un-subscribe - almost all newsletter owners will honour un-subscribe requests and often have automated systems for doing so.<br /><br /><span><b>Spam Trap Your Way to Happiness</b></span><br /><br />What can you do to protect yourself from spam? The first thing is to register a "spam trap" email account. <a href="http://www.hotmail.com">Hotmail</a>, <a href="http://www.yahoo.com">Yahoo Mail</a>- anything free will do. When you sign up for ANYTHING online that asks for your email, whether it be a Web site or a trial software download, use this spam trap email address. Check it every week or so to keep it active, but don't use it for any real email correspondence (if you do, you'll be forced to check it more often to keep up with legitimate email). Only give out your real email address to other people - not to forms on Web sites. <br /><br />If you own a domain and control the email aliasing on it, you can even get clever by using a specific email alias for each forum or program download - and when you start getting spam on that alias, shut it off of bounce it from your domain. This has the side benefit of allowing you to figure out who is selling your email address if you start to get spam to a specific address.<br /><br /><span><b>Spam Filtering Helps</b></span><br /><br />The other thing you can do is get a spam filtering solution. I've tried out many of them on the market, but I found that every filtering solution I tried would catch the "good" email, put it into a folder, and I'd miss it. Or I'd spend more time going through the "suspect" folder than I would if I just deleted the spam in the first place. Spam-fighting tools that take up more time than the spam itself are useless to me. I found one application that I've been happy enough to keep however: <a href="http://www.cloudmark.com/products/spamnet/">Cloudmark SpamNet.</a> It's a free application that plugs into Outlook (and only Outlook so far, which is a bummer), and it works quite well. I'm so confident in it that I have it set to mark my spam as read as soon as it arrives, move it to the Delete Items folder, and upon exit Outlook purges my deleted items. There are days that go by when I don't see a single spam message! Spamnet isn't perfect (lately I'm seeing more spam), but it's the best I've found and conceptually it's amazing:<br /><br /><i>"Imagine, a spam email message lands in your email, you click delete and it disappears from your Inbox - and the Inbox of your family, your friends and the entire world. Cloudmark SpamNet is a worldwide spam-fighting community that gives you spam-free email just for deleting the spam from your own Inbox. Join SpamNet now and contribute to the global fight against spam. Although spam seems to be invading everyone's email, only a relatively small number of spammers send out the billions of spam messages polluting the Internet. By reporting the spam you receive, you will contribute to the growing community of spam fighters dedicated to eradicating spam. Just like Napster allowed us to share a central list of our favorite music, Cloudmark Spamnet allows us to share a central list of spam. Individually this reported spam isn't very powerful, but the collective reports of millions of email users networked together blocks virtually all spam on the Internet."</i><br /><br /><span><b>Spam Can Be Minimized</b></span><br /><br />Spamnet and a spam trap email account are two tools that have kept my spam under control for a while now. If you have an overwhelming amount of spam, you may want to consider doing the same. You can <a href="http://www.cloudmark.com/products/spamnet/download/">download Spamnet for free from their site.</a> It's not a perfect solution to stopping spam, but it's a step in the right direction towards spam-free living.

st63z
11-15-2002, 09:52 AM
My own experience is very polarized. I use my Yahoo mail as one of my main daily accts, whereas I don't use my Hotmail at all except that it was required at one time or another for some Microsoft online services (I forget which).

But while I get a lot of valid emails coming to my Yahoo (I have something like 50-100MB space there), I receive a very manageable amount of spam to the Inbox (if I'm pressed to say, perhaps as much as a few a week at most), with the VAST bulk going correctly into the Bulk folder. And from checking time to time, the only valid emails that get misplaced in Bulk are Divx's newsletters. Don't get me wrong, a lot (a lot) of spam do come in (you should see the size of my Bulk folder each week), but I never see them.

OTOH, my Hotmail's Inbox is like 99.9999% spam (even with the spam filter set at its highest setting short of Exclusive). It's actually 100% spam except for the announcement emails that Hotmail itself sends to its members from time to time (since, again I never give out my Hotmail address at all anywhere else short of the required Microsoft sites).

So two things:

- I can't express how impressed I am with Yahoo's spam filtering technologies (can someone explain how it works?). But then it's like, it's such a stark contrast to how poorly Hotmail's filtering works.

- Outside of brute spam bots, I can only deduce that the rest of the spam I get to my Hotmail comes from registering on those MS sites I'd mentioned...

Fitch
11-15-2002, 09:54 AM
I started a hotmail acct/passport in maybe january so I could use Money 2002. The username is a bit wonky, probably couldn't be guessed, and I've since used it to sign up for a couple forums, my credit card (AmEx), my Dish Network stuff, and a bunch of online retailers, all of which had some kind of privacy policy, and I have not recieved a SINGLE piece of spam.

Besides not having it be easily guessable (plain names/words) I think the secret is to
1) never put it in a position where it's published on the web. Even without a hyperlink attached to it.
2) every time you sign up for a new online forum/retailer/etc., read every single check-box you can find. Look out for words like "partners" and "offers". Once they give it away to a third party, who knows what their privacy policy is. On BB forums like this one, find the options menus, and go ahead and check-box the option to not have your e-mail address shown. If someone wants to contact you, they can send you a private message on this BBS, or ICQ or AIM or Y! you.
3) Unfortunately, you probably shouldn't give out this address to friends and/or family unless you really REALLY trust them to be spam-savvy. Sometimes they like to "send this article to a friend" or use it in one of those retarded "which one of your friends may have told us they have a crush on you" sites, or send mass-mail to you and 100 others some funny forward, only to have it eventually harvested by spammers.

So #3 pretty much means that this new spam-free account won't be your primary/personal account. But I follow these rules as best I can with my main address as well, and I've done pretty well.

One more thing (granted, if you've read this far, you won't mind more of my Spam-pinions) I will say that I do usually click the "click here to be removed" links because in my world of cautious optimism, your chances are BETTER that you'll be removed from a list than they are of being added to more. The spammer has already bothered to try these blanket-mails to random addresses, so why won't he do it again? I say, try to stop the propogation of your address to other spammers at every oppurtunity, so if 2 out of every 3 'removals' are legit, then instead of having 2 lists propogate your address to new spammers, you only have 1 (the malicious 'removal' guy)

Whew! Don't know why I spent so much time on that, but there ya have it.

Coralie
11-15-2002, 09:58 AM
I often here this accusation bandied about - "Microsoft sells your Hotmail address to spammers, how else could we get so much spam?". To be honest, I pretty much believed it. I wanted proof, however, so I registered a new Hotmail account three weeks ago. I log in every few days, but the email address I used doesn't exist anywhere online.

The results? No spam at all.
give it time .. :?

i also have a hotmail address which doesn't exist anywhere online except in hotmail's databases. i average about three spam emails a day to it. i use msn messenger which tells me when i have new email & i've been wondering if it's possible to change the pop-up message to "you have two new spams in your inbox".

i still hold to the theory that they're selling the addresses.

they have a paid service now & i would bet the life of my dog that paid hotmail accounts receive none, or a very, very minimal amount of spam.

albsilva
11-15-2002, 10:52 AM
I've created 1 year ago an email address for my wife at hotmail so she can use messenger, and the only messages she has received until today are from hotmail... well she doesn't even know which is her hotmail address, so she doesn't use it anywhere... that should be the reason.

However, I believe that if one day one of her relatives sends an email thru MSN to her and a few other people, her address can begin to be spammed...

Regards,
Alberto Silva

Dave Beauvais
11-15-2002, 11:12 AM
I set up a (free) Hotmail account about three months ago. I was very careful to make sure all the "spam me" boxes were not checked. The address is not listed in Hotmail's directory, nor have I ever used the account anywhere. I have not sent a single message from that account since setting it up. And now I get about three to six spams a week. :x

Giving MS the benefit of the doubt, I don't think this is from them selling my address. The first spam to that account arrived less than 24 hours after setting it up. I seriously doubt that they sold my address and it ended up on a spammer's list in less than a day. Instead, I think spammers try literally all combinations of addresses. Looking at the CC list of some spams to my primary e-mail address, there are messages to davea, daveb, davec, daved, and so on. (Mine would be the "daveb" variant.) I'll also get "daveb" at about thirty or so different domains, as well.

It's just a crap shoot for them. They send out millions of messages addresses to random combinations of usernames, and at least some of them are bound to be legit.

--Dave

kfluet
11-15-2002, 11:16 AM
I've apparently had the opposite experience to most of you.

A couple of months ago, I signed up with Hotmail to get an MS Passport so I could "activate" MS Reader so that silly popup wouldn't appear every time I started Reader on my iPAQ.

I never given the address out and never intended to use it for anything, and that's a good thing because it has received at least 10 spam a day since _the_very_same_day_ I created the new account.

A useless service if you ask me...

roberto_torres
11-15-2002, 12:24 PM
Another good option is to use www.sneakemail.com

Here you can create "disposable" addresses that are forwarded by the service to your real e-mail., so you can know who is the one that sends the spam.

bitbank
11-15-2002, 01:59 PM
Jason,
There has been a major change in spam on Hotmail. I use my hotmail account as a spam catcher (use it for newsgroups and "registering" on web sites). For a while I was receiving 100 emails a day into my inbox and another 100 into the junk mail folder.

Starting about two weeks ago this flood of spam suddenly dried up. Now I receive about 15 a day into my inbox and another 10 into the junk mail folder. I'm not sure if this signals the hotmail is taking action against spammers or that spam in general is down, but it is certainly a good thing.

L.B.

ECOslin
11-15-2002, 02:05 PM
I get the feeling that Microsoft is trying to sell their 'premiere' email services so they've taken off the protection from their regular free hotmail services.

Just seemed to get 10 times worse all of a sudden.

Edward

Ekkie Tepsupornchai
11-15-2002, 03:59 PM
One more thing (granted, if you've read this far, you won't mind more of my Spam-pinions) I will say that I do usually click the "click here to be removed" links because in my world of cautious optimism, your chances are BETTER that you'll be removed from a list than they are of being added to more. The spammer has already bothered to try these blanket-mails to random addresses, so why won't he do it again? I say, try to stop the propogation of your address to other spammers at every oppurtunity, so if 2 out of every 3 'removals' are legit, then instead of having 2 lists propogate your address to new spammers, you only have 1 (the malicious 'removal' guy)

Can't say that I agree with your math here. Even if 2 out of 3 removals are legit, and 1 that isn't legit may lead to your email address being added to several more than just 2 other spammer's lists. You know, many of your spammers are guessing at your email address, but they can't sell it unless it's legit, which brings me to my next point...

The first spam to that account arrived less than 24 hours after setting it up. I seriously doubt that they sold my address and it ended up on a spammer's list in less than a day. Instead, I think spammers try literally all combinations of addresses. Looking at the CC list of some spams to my primary e-mail address, there are messages to davea, daveb, davec, daved, and so on. (Mine would be the "daveb" variant.) I'll also get "daveb" at about thirty or so different domains, as well.

Stay away from creating email addresses that are easy to guess. I used to create email accounts named "ekkie". One day I dumped one ISP for another and was looking forward to "starting fresh" with no spam. My new account was again named "ekkie" (of course with a different domain). I began receiving spam immediately and that's when I realized that the spammers were hitting all variations of "ekkie" combined with different domains. Now what I do is create email addresses with combinations of words and numbers and never get hit by those randomizers.

cpoole
11-15-2002, 04:26 PM
What are the chances that those E Card sites harvest the email addresses and sell them. My father in law loves those sites and is always sending people E Cards.

SofaTater
11-15-2002, 04:47 PM
I do Exchange and Outlook support on a consulting basis. I have a Hotmail account I use when I need to test Internet email on Exchange servers. My original Hotmail account gets so spammed that I started a new one during my latest consulting job and used it only to send messages to a corporate email server. I got no spam for about a week or so, then it started to dribble in. I still don't get a lot of spam, but I do get some -- either Microsoft is selling the names or someone is using a random username generator and scatter-shooting spam at the Hotmail system.

Jason Dunn
11-15-2002, 04:55 PM
What are the chances that those E Card sites harvest the email addresses and sell them. My father in law loves those sites and is always sending people E Cards.

Unfortunately, quite high - which really sucks, because sending someone an e-card seems like such a nice thing to do, right? How do you explain to your well-meaning relatives that by sending you a greeting card they're also inadvertently signing you up for porn lists? 8O

Ekkie Tepsupornchai
11-15-2002, 04:56 PM
I do Exchange and Outlook support on a consulting basis. I have a Hotmail account I use when I need to test Internet email on Exchange servers. My original Hotmail account gets so spammed that I started a new one during my latest consulting job and used it only to send messages to a corporate email server. I got no spam for about a week or so, then it started to dribble in. I still don't get a lot of spam, but I do get some -- either Microsoft is selling the names or someone is using a random username generator and scatter-shooting spam at the Hotmail system.
See my post up top. If you're not using a "unique" email name, you'll get nailed by random username generators. I thought the name "ekkie" was unique, until I saw the "to:" list on one of my spams... it was hitting "ekkie" on every single domain in existence.

I seriously don't think Microsoft is selling names. The cash available for spam email addresses is likely pocket-change compared to what they earn otherwise and the risk of tarnishing their reputation with "selling emails to spammers" would be far greater than any anti-trust suit IMO. However, I do think it's possible that they're not doing a great job of keeping our information secure...

enemy2k2
11-15-2002, 05:45 PM
I make a new hotmail account every year and let the old one die out. For a week or two it's always nice and fresh and no hassle but then it starts pouring in... I'm going to try that random idea next time...

juni
11-15-2002, 05:46 PM
I average about 2 spams/day (have had the account for over a year) and they almost always end up in the junk mail folder. So, my experiences with hotmail have been very good. :)

Jonathan1
11-15-2002, 05:56 PM
My hotmail account has become a useless pile of reeking dog feces. I can't use the thing any more. Anywhere from a 2 to 5 day period I get so much spam in the inbox that it uses all of the space M$ has allotted to me. The bastards have the balls (Ya it’s a script thing but still) to send me an e-mail telling me to upgrade. Sure. I’m going to pay for more space to store spam. :-P Even with Spam filters set to high it's pretty much useless.

What pisses me off most about Hotmail is that they limit the # of word filters you can apply. If I was given more then 5-10 filters (maybe 30?) I'm quite certain I could eliminate a good 60%-80% of this ****. Consequently whenever I have to use this god d@mn hotmail account to activate something or use it as a placeholder I first need to go to hotmail and clean out the hundred's of e-mails I have there. I'm about ready to say f-it and make a new account. They say you get what you pay for. In Hotmail’s case you get a migraine.

snayar
11-15-2002, 07:15 PM
I'm a Hotmail user since 1995 (long before Microsoft bought it) so you can barely guess how much spam I get on a daily basis... think of a number... nope... more... nope... more..... nope.... OK enough!... at least 200+ Spam emails A DAY!!!! 8O

Believe it or not... that's a FACT!!!

Why should I bother to keep that account you say?

Well PASSPORT it's the word... just for that %$#@! PASSPORT...

Jason Dunn
11-15-2002, 07:19 PM
Well PASSPORT it's the word... just for that %$#@! PASSPORT...

I went out and registered a Passport based on my "real" @kensai.com email address. Can't you also change the email address on a Passport?

bbarker
11-15-2002, 10:52 PM
I found one application that I've been happy enough to keep however: Cloudmark SpamNet. (http://www.cloudmark.com/products/spamnet/) It's a free application that plugs into Outlook (and only Outlook so far, which is a bummer), and it works quite well. I'm so confident in it that I have it set to mark my spam as read as soon as it arrives, move it to the Delete Items folder, and upon exit Outlook purges my deleted items. There are days that go by when I don't see a single spam message! Spamnet isn't perfect (lately I'm seeing more spam), but it's the best I've found and conceptually it's amazing...
I agree. I've been using it for several months and my spam has gone from around 40 A DAY to between zero and 5 a day. It's really amazing. I let SpamNet put the suspects into its default Spam folder rather than deleting them and I check that folder about once every couple of weeks because I do find an occasional message that shouldn't be there. But I've never found anything important in there.

The more people who use SpamNet, the more effective it will be.

I've also found a way to use it with my Hotmail account. I've set up Outlook to handle my Hotmail. SpamNet can't filter the Hotmail messages as they're downloaded, I guess because Outlook isn't really downloading them. But I can use the "Run SpamNet Now" command to go through the Hotmail Inbox in Outlook and filter what's there. Works pretty well.

Madoc Owain
11-16-2002, 12:17 AM
Well, the spammers hit my Hotmail address both by using random name generation, and by virtue of my using it on eBay. Two weeks ago, my spam was tilted towards the Junk Mail folder, with some arriving in my Inbox. This is after their new super-duper anti-spam arrangement with whatever company that was.. starting last week, I began getting maybe 2-3 messages in the Junk Mail folder, and all the rest ended up in my Inbox. It is probably not a coincidence this occurred just as M$ was touting their newest version of MSN as a way to get away from spam. Buggers.

#1 best way to avoid spam mail: set up your own domain, with e-mail service. Set up an account called "nospam" ... mailers filter accounts with "spam" in them, since they're such a common method of people avoiding giving their complete e-mail address. I've had such an account and posted it to numerous USENET newsgroups and have not had ONE piece of spam in 6 months.

#2 - any message that has your e-mail address in the subject heading should be filtered to the trash.

Happy to help,

M.O.
http://www.madocowain.com
nospam@madocowain.com :)

Marc Zimmermann
11-16-2002, 07:43 PM
I created a new @msn.com account and never used it anywhere. I carefully disabled all options that would publicize the address, but I now get about 100 spam messages per week.

Ekkie Tepsupornchai
11-16-2002, 09:19 PM
I created a new @msn.com account and never used it anywhere. I carefully disabled all options that would publicize the address, but I now get about 100 spam messages per week.
How unique was your unername though? Was it a username that you've used on a different domain? If so, it's pretty useless.

Once spammers discover a username, email generators will hit that username against every domain in existence.

I don't trust Microsoft all that much, but I doubt they'd sell email names to spammers. The money would be so negligible compared to the risk of sinking that low.

Now I think it's possible that they're not doing a good job of protecting your information...