Feeds

Hotmail's antispam measures snuff out legit emails, too

No warning, little recourse

Combat fraud and increase customer satisfaction

Hotmail users and email server admins, beware: you may be unknowingly caught in the crossfire of Microsoft's war on spam. Unintended casualties include legitimate emails from domains with well-established reputations, which are systematically blocked with absolutely no notice and little recourse.

The chief culprit is the inaptly named SmartScreen, a proprietary spam control technology the software Goliath rolled out to great fanfare several years ago. While the filtering mechanism appears to be making some headway in eradicating Viagra come-ons and nasty phishing attempts, the victory comes at a price: an untold number of legitimate emails are blocked with no warning to either sender or intended recipient.

Compounding the indignity in this well-intentioned campaign, these aggrieved admins say, are Microsoft support people who offer canned responses that acknowledge a domain's email is being blocked but lack the resources to fix the problem.

The complaints come as the spam epidemic continues to fester, with unsolicited email comprising as much as 80 percent of all email, according to some studies. The price we pay in lost worker productivity and increased expenses for network providers are well documented. Less understood is the toll spam is taking on perfectly legitimate communications that go missing with nary a word. Microsoft managers say the spam threat requires they take drastic action and they are working to ensure their new techniques don't block benign messages.

El Reg has corresponded with two admins affected by SmartScreen and has run web searches - here, here and here - that suggest there are plenty others who are experiencing the same problem. In the cases we've checked, these servers are behind domains that are a year or more old, are correctly listed in the DNS and have solid SPF records - excluding the most common reasons a mail server might get blacklisted. They also run on a variety of platforms (including Sendmail and hMailServer), suggesting technical problems with a particular server are not the cause.

One of the admins is James Firth, founder of a UK-based IT consultancy, who began noticing emails sent from his company's relay were uniformly failing to be delivered to recipients with Hotmail accounts.

"They weren't going to a user's Junk mail box, nor were they being bounced," Firth says. "They were simply disappearing!"

So Firth began corresponding with Hotmail support people. After five days of back and forth, a Microsoft employee named Bobbi confirmed that emails sent from Firth's domain, daltonfirth.co.uk, were being "hard filtered" by SmartScreen. And not because they violated some documented technical requirement or contained suspicious phrases that triggered content filters. Rather, they failed to pass conditions buried deep inside SmartScreen that support people declined to share with Firth - out of concern the disclosures would allow spammers to bypass the defenses.

The support team suggested Firth confirm the emails complied to Hotmail technical standards. Firth checked, and they did. The support people also suggested Firth consider enrolling in a fee-based, third-party accreditation service called Sender Score Certified (price tag, according to a different source: $1,400 for the first year). He declined because Microsoft made no guarantees that doing so would solve his problems. More than a week after first discovering the problem, Firth still can't send emails to customers with Hotmail addresses.

"I simply can' believe that someone thought that this was a good idea, and think Hotmail users should be warned that Microsoft are choosing not to send their emails to them!" he says.

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
Google eyes business service in latest Fiber trials
Lucky Kansas City buggers to host yet another pilot program
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.