Death to Hotmail

A large fraction of the spam that gets through my ISP’s filter these days appears to come from addresses. Are these real Hotmail accounts? Who knows. Who cares. My life improved when I blocked all email from domains.

Then I remembered that I had emailed a new year’s greeting to an acquaintance who uses a Hotmail account. Groovy. So I sent a follow-up message along the lines of, “Hello again. If you replied to my message, your reply got lost because I am an idiot. Please reply again. Unless of course you didn’t reply, in which case I just put you on the spot. Sorry about that.” Now I feel even better about Hotmail.

Remember: You can trust Microsoft for all of your computer- and Internet-security needs! Or not, in which case you might be better off using Google or Yahoo.

22 thoughts on “Death to Hotmail”

  1. Domain-based or even header-based filtration isn’t very effective because it’s too easy to spoof, as you’ve learned. The right answer is to use a Bayesian filter on the content. That’s extremely effective.

    May I recommend K9? It’s free, it’s easy to set up, and it works really, really well.

  2. Are you sure? It works with any POP3 email program. In fact, I myself use one (Agent 1.93) which is quite old.

    It won’t necessarily auto-setup an old email program (it didn’t for me) but it works fine if you set it up manually, which wasn’t very difficult at all if you follow the instructions.

  3. I am not aware of any way in Eudora Light 1.5.4 to have incoming mail directed away from the in-box. (This is what I meant by primitive.) Maybe one day I will upgrade to Thunderbird or whatever, but I prefer to stick with what I have been using. Thanks for the advice, though.

    Also, it occurs to me that since I prefer to review email headers in webmail before I download them, I wouldn’t save anything by using K9. Maybe I should try a different approach and filter all of the Hotmail messages that reach my webmail into their own folder.

  4. I’ve been using the Thunderbird mail tool from It also uses Bayesian filtering. It learns quickly is amazingly acurate in ID of spam after only a week or two. Recommnded.

  5. People have switching costs on email accounts.

    That said, hotmail risks losing customers because hotmail has been slow to add functionality, and may charge too much for certain functionality.

    The Google Pak may be a move toward a Google operating system.

    It seems that Google may be moving faster and with more gusto toward a Microsoft core business (operating system) than Microsoft is moving toward a Google core business (search, on-line advertising, email). Microsoft has had huge opportunities to keep people happier on hotmail and they arguably have not done it.

  6. Are the emails coming from or is the reply-to or the from field just has Those fields can be spoofed, and most likely the mail is coming from another source. Only the replies are set to hotmail where they can always open up a new account as often as needed.

  7. I am sure that many of the accounts are spoofs. But why does this seem to happen more frequently with Hotmail than with Yahoo or Google? If somebody forges checks under my signature it’s my problem even though I didn’t cause it and have nothing to do with it. Microsoft is in a similar situation. My impression is that they do not take security seriously. (Not that I trust Google or Yahoo, but I think they handle Internet security better.)

  8. The forging can be done without involving Microsoft at all. Someone could forge an email as coming from me, however the headers would tell a different story. An email coming from me would have a certain signature. Someone else could forge up to the point they pass off the mail to a host they do not control. That host will then record which machine it got the mail from.

    This is different from your checks, since a person would need to physically obtain a special piece of paper in order to cash that check. The spammer only needs to get some leads, but otherwise is only using Hotmail after the fact.

    As far as why Hotmail? Mindshare perhaps. I have never had a yahoo account, and I have one hotmail account. As long as they don’t make it difficult to get a free account, there may be no reason to change. Google is too new to the email scene to have any possibility of being well known.

  9. The point about checks is that someone can damage your reputation without your involvement. It’s in MSFT’s interest not to be known as clueless about security, even if its negative reputation is based on false information.

    I’ve been using Yahoo email accounts since the late 1990s with very few problems. Hotmail, by contrast, has had numerous major outages and significant revealed security vulnerabilities during the same period. Gmail is newer, obviously, but seems to be better administered from a security standpoint. More to the point, I receive few spams from apparent Gmail addresses. These are anecdotes to be sure, but I think they reveal why Hotmail has a reputation for technical and security shoddiness. Even if that reputation is not currently deserved, MSFT has an interest (one would think) in shutting down spammers who use Hotmail return addresses.

  10. To be a contrarian on this post and in defense of MSFT: MSFT did make a spreadsheet program, Excel, that I use all the time. MSFT also makes other software that has made life more fun and that was perhaps better than the competition. MSFT products do cost money but are not out-of-reach for most people.

    To support earlier posts: I knew at least one other person who switched to a yahoo email account from hotmail due to disgust with hotmail and junk email.

    People and companies that maintain databases (eg, customer loyalty programs at airlines or hotels) may be part of the spam and security problem. Do these people safeguard email addresses of program participants? Did they safeguard the lists historically? People and organizations that sell lists of names and contact info are not my fave.

  11. I use Hotmail, Yahoo, and gmail and am happy to report that I have no problems whatsoever with any of them. Ps: perhaps you ought to write (you know, by hand) greetings and well wishes and thus be more personal and less This-is-so-friggin-easy so I will send out a batch of stuff to people I think I may have as friends.

  12. There is a sense that MSFT improved a little on security (XP Service Pack 2). There is also the sense that hotmail may be improving.

    At the CES show this year, Gates focused on Vista (new operating system) per my very cursory attention to the CES news. This is a departure from last year’s focus by Microsoft (it was more new media, gadget-type stuff last year per my fuzzy recollection).

    So it looks like MSFT may be focusing on fundamentals. The new operating system should be interesting. It may be good for the economy (not sure).

  13. Jonathan,

    Smtp and Pop3 protocols are store and forward protocols. Spoofing is easy to do via open relays. Before blaming domains for your spam, analyse the headers. All major internet portals (MSN, AOL, Yahoo!, etc) have initiatives designed to ease spam filtering. Much of the current spam is worm generated from hosts who have not kept their systems patched, firewalled and free of programs that ease the spread of junk like far too many peer-to-peer file sharing systems. Too many people run services that they don’t need that can be exploited as open relays and don’t secure their home networks. I get more spam from the domains of the major broadband ISPs than I do from the major internet portals. Reading the headers and using utilities like Sam Spade help me locate the true source. I do not pay much attention to the from line or the reply to line.


  14. From:Malick Ali

    Dearest ,

    I got your contact after my prayers and i believe you will not disappoint me.
    My name is Malick Ali.I am the only child of late Dr.Ibrahim Ali, who was a cocoa businessman here in Abidjan,cote d ivoire before he was assassinated in November 2003 with my mother by an unknown assassins following a business disagreement with his relatives.
    My mother died instantly during the attack but my father died five days after in a hospital here in Abidjan. On that fateful afternoon that my father died, I didn´t know that he was going to leave me after I had lost my mother. But before he gave up the ghost, it was as if he knew he was going to die. He (may his soul rest in perfect peace) informed and disclosed to me that he deposited the sum of $5 million U.S dollars in a Bank here in Abidjan cote d ivoire.That the money was meant for establishing his businesses.
    Though, according to my father he deposited this money in his own name and mentioned me in the documents as his next of kin and beneficiary of this money in event of his death. He gave me the documents and necessary information and instructed me to seek for a trust worthy person abroad who will help me invest and manage this money for me until i am capable to handle it due to the crisis here in Cote d ivoire.
    Now I have succeeded in contacting this BANK and confirmed that this fund is still there. Now I am soliciting for your assistance to help me lift and secure this money out from This Bank to your account so that you can manage and invest it in any lucrative business venture in your country for me since i am just 15 years old and lack the ability to handle this money and so that I can contiune my education which i stopped since my parents death.
    I expect your kind reply so that i can give you the necassary information for this money so that it can be transfered to you so that i can come over to your country to continue my education and life.You can reply to me with in my

    Thanks for your understanding.May God be with you.
    Best regards.
    Yours son
    Malick Ali

  15. Dear Malick,

    Wow, what a story! Send the money.



    P.S. Very impressed that you do not use Hotmail.

  16. Oh my god who is this fucking basterd thats doing this to ppl nobody fall for this ridiculous shit i’ve been a victim of this fraud all they do is tell you that you need to pay this lawyer some money to fill out some documents and the fees just keep coming. I’m in debt thanks to whoever is doing this. Anyone want to make a donation plz send it to: 526 Oaklawn Rd Simpsonville, SC 29680
    the money to Dilovan Mohammed.

    and again dont fall for this shit.

  17. Recently my boyfriend recieved an e-mail similar to this story. Names were slighlty different and the MOTHER was the one telling the story. She kept replying back saying how sick she was and the money needed to be transfered to us by this Friday because of some surgery…? The sad thing is, is the “mother” stated she only had a few months left to live and sent a lot of Muslim blessings. They find e-mail addresses with names that are similar to them. Knowing that a good Muslim will reply and find simpathy towards the boy. No way should you believe this!!! They keep sending this story out and changing little things so it’s harder to look up these names online!!! One major thing to look at if you get one, is the bank name they put. None of those banks are real!!! I feel sorry for those who fell into this and may God give them what they deserve!!!!!!!!!!!

Comments are closed.