Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Save the inbox, save the world

Save the inbox, save the world

  • Comments 6

One of the differences that webmail services like Hotmail has is the ability that it does not deliver mail to the end-client, users have to login to their accounts and view their mail on the web (unless, of course, they POP their mail).  Exchange Hosted Services, on the other hand, does deliver mail to the inbox and we don't store it where customers have to login to see (other than spam in their quarantine).

This ability to store mail for users gives Hotmail an advantage.  If a spammer suddenly appears and starts hammering users with spam, many spam filters will fail to pick it up because the spam content is new and the sending IP has no reputation.  It's hard to do reputation-based filtering on an IP that has no reputation, and it's difficult to filter content that you haven't seen before.  What would be ideal is if after a reputation for the IP has been built up, if the IP is a spammer, to go back into the users' inboxes and if they haven't read the spam email yet, delete it.  We may not catch the spam that has already been viewed by some, but we are catching the stuff from the same spammers that has not been viewed by others.

Recently, Hotmail has started doing this.  I think they only started experimenting with it a few weeks ago so it's a very new technology (relative to Hotmail).  I like the idea because if we don't catch a spammer at first, then at least we can go back and catch them later.  We call this concept "Time-Travelling." We're effectively going back in time and fixing something that caused pain later on.  Just like Hiro Nakamura.

Leave a Comment
  • Please add 8 and 1 and type the answer here:
  • Post
  • you say unread spam from the past, I'd think it would be nice to be notified that I've; in past, read what would be considered in the future to be spam. Something about the "time space continuum" is starting to hurt my head!

    is this why we had the "back to the future" video at the keynote this year?

  • It would be nice to accept spam reports from users who already did POP their mail.  For example if they already downloaded a message and now forward it to something like spam@hotmail.com then it would still be recognized in future calculations of reputation.

  • The problem with forwarding messages to an alias like spam@hotmail.com is that forwarding the message removes all of the original headers that comes with the message.  Hotmail's filters require the message in its original format (if you submit via the Junk Mail Reporter).

    In Exchange Hosted Services, we have a spam plugin for Outlook - it's intended to be used by EHS customers.  That allows users who have already "POPped" their mail to submit their mail via a one-click solution.  The advantage that we have for that tool is that it preserves the necessary information that we need in order to block the spam in the future.

    AFAIK, Hotmail has no such plug-in for mail that users POP, and I am not aware of any plans to introduce one.

  • > The problem with forwarding messages to an alias

    > like spam@hotmail.com is that forwarding the

    > message removes all of the original headers that

    > comes with the message.

    Not when I forward a spam  ^_^

    But yes I did forget that that part of it isn't automated, since I still have muscle memory for it.

  • Heh, you're one of the 5% of users who actually bother to include headers.  Nice.

  • Wondering if you know where that plugin for EHS can be found?

Page 1 of 1 (6 items)