2015-09-20
Spam from outlook.com has gotten worse (well, for me)
Microsoft's outlook.com has been a spam sewer for me for some
time, which is not really surprising
for Microsoft but still annoys me. Recently
things got a bit worse and more annoying than usual, for a simple
and nominally trivial reason: spammers have started sending spam
through outlook.com with a null sender address (a MAIL FROM of
'<>').
(The spam itself was ordinary advance fee fraud spam.)
This irritates me for several reasons. First, a null sender is an
administrative MTA level thing. Microsoft has almost no reason to
allow users to send email through them with it, and there are a lot
of reasons to disallow it. The second issue is that many mail
configurations apply less checks to null sender addresses (usually
for historical reasons), so allowing people to use null sender
addresses for real mail just helps spammers get their spam past
checks. And third, given that outlook.com itself is a multi-tenant
thing (as I've found out in the past),
allowing tenants to use the null sender makes it that much harder
for people on the receiving end of outlook.com's spam cannon to
distinguish between bad and potentially good email from outlook.com.
Now we don't have even the MAIL FROM domain as a signal, because
there isn't one on the null sender.
Microsoft doesn't care, of course, If Microsoft cared at all, their outlook.com operation would look rather different (and they would have a different response to abuse complaints); why, they might run outgoing email through a spam detector and then refuse to send obvious bulk advance fee fraud messages. Instead Microsoft has clearly taken the overall attitude that they're too big for people to block email from and so they'll do more or less the minimum amount of work to avoid people revolting.
(As readers may have gathered, I do not have very positive views of basically any large email provider (I'd say 'free', but I believe Microsoft charges for some email hosting they do).)