Hotmail's antispam measures snuff out legit emails, too

No warning, little recourse


Hotmail users and email server admins, beware: you may be unknowingly caught in the crossfire of Microsoft's war on spam. Unintended casualties include legitimate emails from domains with well-established reputations, which are systematically blocked with absolutely no notice and little recourse.

The chief culprit is the inaptly named SmartScreen, a proprietary spam control technology the software Goliath rolled out to great fanfare several years ago. While the filtering mechanism appears to be making some headway in eradicating Viagra come-ons and nasty phishing attempts, the victory comes at a price: an untold number of legitimate emails are blocked with no warning to either sender or intended recipient.

Compounding the indignity in this well-intentioned campaign, these aggrieved admins say, are Microsoft support people who offer canned responses that acknowledge a domain's email is being blocked but lack the resources to fix the problem.

The complaints come as the spam epidemic continues to fester, with unsolicited email comprising as much as 80 percent of all email, according to some studies. The price we pay in lost worker productivity and increased expenses for network providers are well documented. Less understood is the toll spam is taking on perfectly legitimate communications that go missing with nary a word. Microsoft managers say the spam threat requires they take drastic action and they are working to ensure their new techniques don't block benign messages.

El Reg has corresponded with two admins affected by SmartScreen and has run web searches - here, here and here - that suggest there are plenty others who are experiencing the same problem. In the cases we've checked, these servers are behind domains that are a year or more old, are correctly listed in the DNS and have solid SPF records - excluding the most common reasons a mail server might get blacklisted. They also run on a variety of platforms (including Sendmail and hMailServer), suggesting technical problems with a particular server are not the cause.

One of the admins is James Firth, founder of a UK-based IT consultancy, who began noticing emails sent from his company's relay were uniformly failing to be delivered to recipients with Hotmail accounts.

"They weren't going to a user's Junk mail box, nor were they being bounced," Firth says. "They were simply disappearing!"

So Firth began corresponding with Hotmail support people. After five days of back and forth, a Microsoft employee named Bobbi confirmed that emails sent from Firth's domain, daltonfirth.co.uk, were being "hard filtered" by SmartScreen. And not because they violated some documented technical requirement or contained suspicious phrases that triggered content filters. Rather, they failed to pass conditions buried deep inside SmartScreen that support people declined to share with Firth - out of concern the disclosures would allow spammers to bypass the defenses.

The support team suggested Firth confirm the emails complied to Hotmail technical standards. Firth checked, and they did. The support people also suggested Firth consider enrolling in a fee-based, third-party accreditation service called Sender Score Certified (price tag, according to a different source: $1,400 for the first year). He declined because Microsoft made no guarantees that doing so would solve his problems. More than a week after first discovering the problem, Firth still can't send emails to customers with Hotmail addresses.

"I simply can' believe that someone thought that this was a good idea, and think Hotmail users should be warned that Microsoft are choosing not to send their emails to them!" he says.

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021