[Asrg] News Article - Microsoft and spam
2003-06-26 08:16:50
Just ran across a new article from News.com
(http://news.com.com/2100-1032_3-1021166.html) discussing the difference
between Microsoft's actions and words on spam.
---snip---
Microsoft urged to fry its own spam
By Paul Festa
Staff Writer, CNET News.com
June 26, 2003, 4:00 AM PT
http://news.com.com/2100-1032-1021166.html
Microsoft recently launched a high-profile campaign against spammers, but
some critics say the company should be more introspective if it is serious
about reducing the scourge of unwanted e-mail.
The software maker and some of its competitors that provide Internet
service and Web-based e-mail are outdoing one another with highly
publicized antispam campaigns. These have ranged from lawsuits to
technology and policy initiatives.
In the most recent example, Microsoft Chairman Bill Gates sent a letter
Tuesday to customers in which he explained some steps his company is taking
to reduce spam. The letter came a day after The Wall Street Journal
published an antispam column penned by Gates.
But some companies and organizations working to curb spam accuse Microsoft
of grandstanding, saying that the Redmond, Wash., company has demonstrated
a preference for splashy press events over difficult technology fixes or
product sacrifices. These critics have seized on the company's own
statements that it is focusing on reducing the amount of spam its users
receive, rather than the spam its users and servers send.
"Microsoft is behind the times," said Laura Atkins, president of the
SpamCon Foundation. "In general it's nice to see them finally catching up
with everyone else--and they are working hard to rein in abuse--but they
have to work a lot harder," Atkins said."Microsoft has its own spam problem."
Microsoft, however, rejects those contentions, citing recent projects and
the long-term nature of any effective solution.
"Spam is a central issue for our customers and we are taking a multifaceted
approach to address the problem," a Microsoft representative said. "We did
not get here overnight. It will take time to see the impact of the efforts
we are making across technology, legislation, enforcement and self-regulation."
In February, Microsoft announced a series of lawsuits against spammers. In
March it imposed a 100-message cap on users of its free Hotmail e-mail
service (the restriction does not apply to paid Hotmail accounts). In May,
Microsoft unveiled more antispam features for Hotmail and its MSN online
service and submitted to the U.S. Senate written testimony by Gates urging
legal spam restrictions. And last week the company called an international
press conference to publicize more suits against spammers.
Critics: Spam traced to Microsoft servers
But even such a busy antispam schedule has failed to convince Microsoft's
critics that it is doing enough to help stem the spam tide.
Deficiencies in Microsoft's spam behavior range across a number of its
divisions that offer e-mail services, according to Atkins and others. These
include the company's small-business-oriented bCentral portal; MSN, which
has its own e-mail service; and Hotmail, a separate, Web-based e-mail
service that uses many of the same systems as MSN but operates under
different rules.
Perhaps the loudest hew and cry against Microsoft emanates from some
network administrators tracking the spam problem, who claim that a sizable
chunk of the spam now clogging the Internet's arteries emanates from
Microsoft's own servers.
These spam watchers complain that while Microsoft has implemented badly
needed controls on Hotmail, such as technology designed to identify
software robots and prevent them from registering for accounts, Microsoft
has left loopholes large enough to run rivers of spam through the related
MSN e-mail service.
"Hotmail has the combination of daily limits and having to prove you're
human, which makes it not useful for sending spam," said John Levine,
author of several computer technology books and a board member of the
Coalition Against Unsolicited Commercial E-mail (CAUCE). "MSN has neither
of those, so we're seeing a lot of spam."
MSN e-mail is available for a free two-month trial. As a result, Levine
said, someone could use a purloined credit card number to open the account,
send torrents of spam, and then cancel the account before the credit card
is charged and subsequently determined to be stolen. That process could be
repeated several times a day by a single person, he said.
Levine and others further isolate the MSN spam problem to a protocol that
Microsoft uses to integrate its various e-mail services and e-mail
management applications, including Outlook. Called WebDAV, the protocol
lets people write their own interfaces to an e-mail system, and it is
through this protocol that Levine believes spammers are jacking up MSN's
spam output.
Methods of using WebDAV to send e-mail through Hotmail's servers--but
without going through the Web site or Outlook--are well documented online.
"With the right tools, a smart network engineer would be able to see that
almost all of the e-mail coming from the Hotmail/MSN servers that are used
for WebDAV is spam," wrote one spam expert who requested anonymity. "We
have seen direct evidence of this."
Worse, WebDAV critics say, the protocol makes it easy for spammers to alter
their return addresses and other header information--a chronic headache for
network administrators trying to identify spam and its origins.
"If you have a Hotmail or MSN account, when you set up your account in
Outlook Express, you can set it up with any return address you want, and
the Hotmail/MSN mail servers cheerfully send mail with any old return
address you want," Levine said. "Hence the problem."
Microsoft: We're working on it
However, MSN has its own outbound e-mail limit, said Larry Grothaus, MSN's
lead product manager, declining to disclose any details. He also contended
that the credit card registration safeguarded MSN e-mail against
unauthenticated abuse, and that the credit card system prevented serial
registrations under the same card.
"We agree that it's a very large issue for the entire industry, so we're
doing what we can on both the incoming and outgoing basis to help
customers," Grothaus said. While not disputing the technical details of
critics' WebDAV complaints, he called the notion that most of MSN's
outbound DAV e-mail was spam "absolutely incorrect...a very far stretch."
The degree to which Microsoft is working on the outbound spam issue remains
a matter of debate. In a May 29 interview published on the company's Web
site, the general manager of Microsoft's antispam technology and strategy
group, Ryan Hamlin, said the company had prioritized incoming spam over
outbound spam.
"Outbound is something we're looking at," Hamlin said. "We've had
conversations both in Hotmail and MSN, and I would say that it's not
something that probably in the next couple of months you'll see us be super
aggressive about, because we feel like solving the inbound problem is a
much greater issue right now than solving the outbound problem."
The amount of incoming Hotmail spam dwarfed the amount of outbound Hotmail
spam by about 10-to-1, Hamlin said.
"So we're going after the big fish first and solving the inbound problem
and then absolutely we'll turn and start to address the outbound issue," he
said.
That philosophy doesn't sit well with the SpamCon Foundation, which accuses
Microsoft of failing to regulate spam sent by its own customers.
"BCentral.com sends a lot of mail that is not necessarily solicited, and
often they continue to send it even after you've told them to stop," Atkins
said. "The problem is that bCentral has a number of customers who send mail
through them, but Microsoft doesn't police them at all. They don't take
action against their customers."
Microsoft-owned bCentral sells software and services such as e-mail to
small businesses. A representative declined to comment on the issue of spam
from the service.
While network administrators complain about the volume of spam originating
with Microsoft servers, at least one e-mail provider sounded a sympathetic
note.
"We continually have to improve what we are doing on our side as well,"
said Josh Mailman, vice president of marketing for Everyone.net, which
hosts free sponsored mail for 35,000 domains.
"People will try to exploit free Web mail even to the extent of hiring
people to go through human interface test--which we all have--and then send
spam out one by one. Think of spam sweat shops," Mailman said. "Providers
like Hotmail, Yahoo, AOL and us have to continually improve and be vigilant
to the threat and work to keep e-mail clean."
Copyright ©1995-2003 CNET Networks, Inc. All rights reserved.
---snip---
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] News Article - Microsoft and spam,
Yakov Shafranovich <=
|
|
|