The null sender spammers now seem to be entrenched on outlook.com
A bit over a month ago I wrote about how
spam from outlook.com had started showing up with a null sender
MAIL FROM of '
<>'). It will probably not surprise
you to hear that this spam has continued, and in fact has likely
intensified. Based on what I've seen in our logs and in a spamtrap
that I enabled in order to collect samples of this spam, a number
of spammers appear to have worked out that Microsoft will let them
get away with this and are happily spamming away.
(One of the spam samples I captured was a reasonably targeted phish spam, which makes me even more annoyed with Microsoft.)
Our anti-spam appliance keeps logs, of course, and this gives me a way to assess just how much null sender spam has been showing up here. Based on logs from the past ten full days, it breaks down like this:
- 490 null sender messages sent to us from
.protection.outlook.comhosts, out of 2,570 messages from them in total. So about one in five.
- 249 had a 90% or higher spam score; 30 had one in the 80% range and
17 in the 70% range, which is roughly our cutoff for scoring something
as spam. So more than half were spammy enough that our system saw them
as clear spam.
- Out of the outlook.com messages without null senders, only 23 scored 90% or higher, 16 in the 80% band, 4 in 70%, and 3 in 60%. In fact, 1860 of the 2080 scored under 10%.
Now, this doesn't mean that our anti-spam appliance has scored these correctly either way (and in fact I suspect that almost all of the null sender messages were actually spam). But it does strongly suggest that the messages with null senders are very much skewed towards spam instead of legitimate email (and obvious spam at that), and thus that this is a signal that Microsoft should be looking at and doing something about. If they cared and paid attention, that is. Which they clearly don't.
(Someday they will, when sufficiently many spammers figure this particular trick out that the wave of spam becomes a real problem for Microsoft. But that's probably going to take a while and in the mean time Microsoft's corporate indifference is subjecting the rest of us to a steadily increasing barrage of spam from their servers.)