Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Microsoft offers to buy Yahoo

Microsoft offers to buy Yahoo

  • Comments 9

Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo's then-share price.

Leaving aside the question of whether or not this is a good deal, and what Microsoft's true motivations are for buying Yahoo (namely, to become the number 2 player in the search market), I'd like to look at it from an anti-spam point of view.  What are some of the things that the two companies can do to work together from an email delivery vantage?  Here are some of the things that I can see:

  1. Spam filtering algorithms - Hotmail's Smartscreen technology could use some improvements, I don't think anyone in Hotmail disagrees.  I'd like to see Microsoft and Yahoo get together and combine the best of Smartscreen and Yahoo filtering to improve the product.

  2. DKIM implementation - There hadn't been a major movement within Microsoft to do DKIM.  Not that anyone was opposed to it, but there was a big push to do SenderID.  Now that Microsoft is acquiring the guys who invented DomainKeys, the predecessor to DKIM, maybe we'll now start supporting it.  It makes sense to do it now.

  3. Get Yahoo to do SPF - Yahoo so far has refused to publish SPF records.  Microsoft is very big on getting customers to publish SPF.  Maybe now we can get Yahoo to finally do it.

Of course, the downside to this is that I can't make fun or criticize Yahoo anymore.  Wait a minute, yes I can, I just have to do it quickly before Yahoo accepts the bid.

Leave a Comment
  • Please add 4 and 4 and type the answer here:
  • Post
  • My ISP recently turned its email service over to Yahoo (or their Australian subsidiary, since it's now hosted there), and from the point of view of spam filtering it's been an unmitigated disaster.

    I now get many more spam messages every day, and what's worse is that a non-trivial proportion of valid emails are incorrectly flagged as spam.

    These problems emerged overnight with the transition, so I would have to call Yahoo's mail management basically rubbish.

  • If it weren't for all those Viagara spammers, the stock spammers could have got their message across to us when they were telling us to buy Yahoo.

  • Regarding Yahoo and SPF: I'd like to hear your opinions on the arguments presented by Douglas Otis of mail-abuse.org, and others, to the effect that SPF is a potential vector for distributed denial-of-service attacks.

  • Hi Terry,

    I have a HOTMAIL account, and recently received a spam from viff@viff.com.

    I tried to reproduce it with the following commands (Please see bellow), where I'm claiming to be viff@viff.org (EHLO viff.com), but sending it from my home computer. And although HOTMAIL queued it for delivered, it never showed up in my inbox.

    Why was the original spam from viff@viff.org received, while not my fake one? viff.org doesn't have SPF records. So, is HOTMAIL comparing the IP address of the sender with the IP address returned by a DNS query for the domain stated in EHLO viff.com?

    In this case, the IP address of the viff.org's email server (mail.viff.org) would match the one returned by nslookip -querytype=mx viff.org, and the original spam would be validated. While my computer's IP address would not match the DNS query for viff.org, and my fake email would be rejected.

    Thanks,

    Andre

    ************************************************

    andre@kirchner:~$ telnet mx4.hotmail.com 25

    Trying 65.54.244.232...

    Connected to mx4.hotmail.com.

    Escape character is '^]'.

    220 bay0-mc7-f2.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Sat, 2 Feb 2008 12:16:29 -0800

    EHLO testing.com

    250-bay0-mc7-f2.bay0.hotmail.com (3.5.0.22) Hello [76.77.66.100]

    250-SIZE 29696000

    250-PIPELINING

    250-8bitmime

    250-BINARYMIME

    250-CHUNKING

    250-AUTH LOGIN

    250-AUTH=LOGIN

    250 OK

    MAIL FROM: viff@viff.com

    250 viff@viff.com....Sender OK

    RCPT TO: my_email@hotmail.com

    250 my_email@hotmail.com

    DATA

    354 Start mail input; end with <CRLF>.<CRLF>

    From: <viff@viff.com>

    To: <my_email@hotmail.com>

    Subject: SMTP test

    SMTP test body

    .

    250 <BAY0-MC7-F2kzYDGj9C000b5882@bay0-mc7-f2.bay0.hotmail.com> Queued mail for delivery

    QUIT

    221 bay0-mc7-f2.bay0.hotmail.com Service closing transmission channel

    Connection closed by foreign host.

    ************************************************

  • The inconsistency between viff.org and viff.com probably didn't help that experiment.

    Also if the sender's IP address is included in a list of addresses from which it is known that mail is not supposed to be sent, a recipient's mail server might recognize that.  Such lists come from organizations that control the actual IP address, not from viff.org or viff.com.

  • Bart,

    I'll reply to your comments in a future post.

  • Andre,

    Did you receive a spam from viff@viff.org or viff@viff.com?  In your telnet example, you say that the MAIL FROM is viff@viff.com.  The SPF record for viff.com is:

    v=spf1 -all

    That means that it doesn't send any mail.  That is probably enough for Hotmail to reject it as spam.

    Now, there's the question of why Hotmail accepted it but didn't deliver it anywhere.  Hotmail's spam filter assigns a spam confidence level (SCL) between 0 and 9.  If it hits 5-6, it goes to your junk folder.  If it scores 7-9, it is dropped.  That's probably what happened in this case: it failed an SPF check and was assigned a high SCL level.

  • > If it scores 7-9, it is dropped.

    Instead of bouncing?  That surely explains why some Yahoo users remain unaware that their mail to Microsoft users didn't get delivered.

    Keep this up and it will be extended.  Some Microsoft users will remain unaware that their mail to some Microsoft users didn't get delivered.  (Unless the merger falls through.)

  • Correct.  It is silently discarded.

    It's actually something I don't really care for but I'm not in charge of delivery for Hotmail.  At least in our service, we don't discard any mail without notifying the sender or recipient.

Page 1 of 1 (9 items)