Spam from outlook.com has gotten worse (well, for me)

September 20, 2015

Microsoft's outlook.com has been a spam sewer for me for some time, which is not really surprising for Microsoft but still annoys me. Recently things got a bit worse and more annoying than usual, for a simple and nominally trivial reason: spammers have started sending spam through outlook.com with a null sender address (a MAIL FROM of '<>').

(The spam itself was ordinary advance fee fraud spam.)

This irritates me for several reasons. First, a null sender is an administrative MTA level thing. Microsoft has almost no reason to allow users to send email through them with it, and there are a lot of reasons to disallow it. The second issue is that many mail configurations apply less checks to null sender addresses (usually for historical reasons), so allowing people to use null sender addresses for real mail just helps spammers get their spam past checks. And third, given that outlook.com itself is a multi-tenant thing (as I've found out in the past), allowing tenants to use the null sender makes it that much harder for people on the receiving end of outlook.com's spam cannon to distinguish between bad and potentially good email from outlook.com. Now we don't have even the MAIL FROM domain as a signal, because there isn't one on the null sender.

Microsoft doesn't care, of course, If Microsoft cared at all, their outlook.com operation would look rather different (and they would have a different response to abuse complaints); why, they might run outgoing email through a spam detector and then refuse to send obvious bulk advance fee fraud messages. Instead Microsoft has clearly taken the overall attitude that they're too big for people to block email from and so they'll do more or less the minimum amount of work to avoid people revolting.

(As readers may have gathered, I do not have very positive views of basically any large email provider (I'd say 'free', but I believe Microsoft charges for some email hosting they do).)


Comments on this page:

I have also seen more spam from outlook.com lately. It is a bit scary, if they really stop caring about mail abuse: One cannot really block outlook.com, given how many users they have.

By Edward Berner at 2015-09-21 14:58:10:

They do at least some outbound filtering. We have our student email accounts hosted at Microsoft and get occasional messages that an account has been added to a sender block list for sending too many spam-like messages.

Written on 20 September 2015.
« Experimenting with Firefox's 'Reader' mode (or view)
When chroot() started to confine processes inside the new root »

Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Sep 20 01:22:55 2015
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.