Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo's then-share price.
Leaving aside the question of whether or not this is a good deal, and what Microsoft's true motivations are for buying Yahoo (namely, to become the number 2 player in the search market), I'd like to look at it from an anti-spam point of view. What are some of the things that the two companies can do to work together from an email delivery vantage? Here are some of the things that I can see:
Of course, the downside to this is that I can't make fun or criticize Yahoo anymore. Wait a minute, yes I can, I just have to do it quickly before Yahoo accepts the bid.
My ISP recently turned its email service over to Yahoo (or their Australian subsidiary, since it's now hosted there), and from the point of view of spam filtering it's been an unmitigated disaster.
I now get many more spam messages every day, and what's worse is that a non-trivial proportion of valid emails are incorrectly flagged as spam.
These problems emerged overnight with the transition, so I would have to call Yahoo's mail management basically rubbish.
If it weren't for all those Viagara spammers, the stock spammers could have got their message across to us when they were telling us to buy Yahoo.
Regarding Yahoo and SPF: I'd like to hear your opinions on the arguments presented by Douglas Otis of mail-abuse.org, and others, to the effect that SPF is a potential vector for distributed denial-of-service attacks.
I have a HOTMAIL account, and recently received a spam from email@example.com.
I tried to reproduce it with the following commands (Please see bellow), where I'm claiming to be firstname.lastname@example.org (EHLO viff.com), but sending it from my home computer. And although HOTMAIL queued it for delivered, it never showed up in my inbox.
Why was the original spam from email@example.com received, while not my fake one? viff.org doesn't have SPF records. So, is HOTMAIL comparing the IP address of the sender with the IP address returned by a DNS query for the domain stated in EHLO viff.com?
In this case, the IP address of the viff.org's email server (mail.viff.org) would match the one returned by nslookip -querytype=mx viff.org, and the original spam would be validated. While my computer's IP address would not match the DNS query for viff.org, and my fake email would be rejected.
andre@kirchner:~$ telnet mx4.hotmail.com 25
Connected to mx4.hotmail.com.
Escape character is '^]'.
220 bay0-mc7-f2.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Sat, 2 Feb 2008 12:16:29 -0800
250-bay0-mc7-f2.bay0.hotmail.com (184.108.40.206) Hello [220.127.116.11]
MAIL FROM: firstname.lastname@example.org
250 email@example.com....Sender OK
RCPT TO: firstname.lastname@example.org
354 Start mail input; end with <CRLF>.<CRLF>
Subject: SMTP test
SMTP test body
250 <BAY0-MC7-F2kzYDGj9C000b5882@bay0-mc7-f2.bay0.hotmail.com> Queued mail for delivery
221 bay0-mc7-f2.bay0.hotmail.com Service closing transmission channel
Connection closed by foreign host.
The inconsistency between viff.org and viff.com probably didn't help that experiment.
Also if the sender's IP address is included in a list of addresses from which it is known that mail is not supposed to be sent, a recipient's mail server might recognize that. Such lists come from organizations that control the actual IP address, not from viff.org or viff.com.
I'll reply to your comments in a future post.
Did you receive a spam from email@example.com or firstname.lastname@example.org? In your telnet example, you say that the MAIL FROM is email@example.com. The SPF record for viff.com is:
That means that it doesn't send any mail. That is probably enough for Hotmail to reject it as spam.
Now, there's the question of why Hotmail accepted it but didn't deliver it anywhere. Hotmail's spam filter assigns a spam confidence level (SCL) between 0 and 9. If it hits 5-6, it goes to your junk folder. If it scores 7-9, it is dropped. That's probably what happened in this case: it failed an SPF check and was assigned a high SCL level.
> If it scores 7-9, it is dropped.
Instead of bouncing? That surely explains why some Yahoo users remain unaware that their mail to Microsoft users didn't get delivered.
Keep this up and it will be extended. Some Microsoft users will remain unaware that their mail to some Microsoft users didn't get delivered. (Unless the merger falls through.)
Correct. It is silently discarded.
It's actually something I don't really care for but I'm not in charge of delivery for Hotmail. At least in our service, we don't discard any mail without notifying the sender or recipient.