Verified: you can get anybody you want kicked off Hotmail
It's official - the support staff don't read the emails at all
When we reported Hotmail's zero-tolerance spam policy last week we thought it just might be possible to get the innocent Hotmail user of your choice kicked off the system with a simple email to email@example.com.
But it was just a thought - the single incident we reported last week was surely just a mistake, and there's absolutely no way a grown-up operation would do this as a matter of course, right? Wrong, apparently - after reading the story, Fritz Öhman set about to duplicate the circumstances, and guess what?
Fritz simply repeated the moves that had previously led to Gareth Kitchener losing his Hotmail account. Gareth had tried to post to a mailing list that turned out to block Hotmail accounts (on the grounds that they generate MSN spam), and the list had autoresponded to him with a message explaining why Hotmail accounts were blocked, ccing it to firstname.lastname@example.org.
The staff there apparently didn't read the message, which referred to spam from MSN, not from Gareth, but they must have read "spam" and Gareth's Hotmail address, because they immediately terminated his account.
Over to Fritz for a demonstration of how to delete anybody you want. First he created a new Hotmail account, then sent an email from it to his regular POP mail. He then replied to the Hotmail account as follows:
To: "f f" <email@example.com>
Sent: Friday, June 29, 2001 1:31 AM
Subject: Re: wassup cuz
Due to MS licensing rules regarding privacy for MS Passport, our company no longer accepts mail from Hotmail.
Please find another provider. Hotmail accounts receive so much spam anyway, so you are probably better of without it.
thanks for your time,
----- Original Message -----
From: "f f" <firstname.lastname@example.org>
Sent: Friday, June 29, 2001 1:29 AM
Subject: wassup cuz
An autoresponer let him know almost immediately that: "a Support Representative will be reviewing your question and responding to you soon." Shortly afterwards:
From: "MSN Hotmail Support" <email@example.com>
Sent: Friday, June 29, 2001 5:48 PM
Subject: RE: CST36024161ID - Re: wassup cuz
Thank you for writing to MSN Hotmail.
This is Ruby and I am writing in response to the unsolicited mail you've received. I apologize for any inconvenience this matter has caused you. I appreciate your bringing this matter to our attention. I have closed the account you reported in accordance with the Hotmail Terms of Service (TOS). It is a strict violation of the TOS for our members to send objectionable material of any kind or nature using our service.
You can view our rules and regulations at:
Result? Ruby has clearly reviewed the situation very carefully, and messed up exactly as Hotmail did in Gareth Kitchener's case. Fritz then replied as follows:
To: "MSN Hotmail Support" <firstname.lastname@example.org>
Sent: Friday, June 29, 2001 6:37 PM
Subject: Re: CST36024161ID - Re: wassup cuz
I have not received any unsolicited email, and frankly I am appalled that you have decided to shut down(!) the account of one of my customers. I never requested this, not did I imply that I received unsolicited email.
Which is where the matter rests at time of writing. Fritz of course hasn't verified that you could just pick a random Hotmail account, spoof a message from it to yourself, then get it kicked by complaining, but there's no obvious reason why this shouldn't work, given the attention to detail Hotmail staff seem to give these complaints. And if they're prepared to kick people off in response to emails that don't accuse them of spamming, then surely ones that do are more likely to work, no matter how spurious they might be.
The Register, by the way, strongly urges readers not to try this on strangers, no matter how much they dislike them. There is however clearly a serious point to this; if it's possible for Hotmail users to have their accounts terminated through no fault or action of their own, without warning, investigation, or right of appeal, Hotmail clearly isn't a sensible place to put your email.
Hotmail certainly is the source of large volumes of spam, so email@example.com is going to be a pretty busy place, full of overworked Support Representatives, but if they don't have time to deal with complaints properly, then it's clearly not full enough.
However, lest we find ourselves empathising too much with the luckless support grunts, we have an email from one of them. It's published in full in this week's Vulture Central Mailbag, but here's a taster:
I once worked in the abuse department for a free web page hosting company that boasted over 1 million active accounts. Let me first say that this work blackens your heart and destroys everything good and decent in your sole. What is left is a rotten shell of a person bent on the destruction of those who anger them. And there are so many. Script kiddies from Japan who trade kiddie porn and overload the servers with chat scripts. Dickheads who buy "14 MILLION email addresses for only $99.99" and spam everyone without remorse because "they hate spam, but *I* didn't spam, Bob told me it was legal". The hundreds of narcs that write in bitching and complaining that "My children have seen this and I'm upset", with the return address of firstname.lastname@example.org. These narc emails are often the worst, incomprehensible emails you can imagen.
My point here is with all of this email/complaints/abuse issues and general anarchy why is it that you want a human to respond? Why is it that people threaten to sue? Why is it that people expect so much over something that's FREE, GODDAMNIT!!!
You pays your money and you takes your choice. Or not. ®
Sponsored: Becoming a Pragmatic Security Leader