Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Spamhaus lists Microsoft as a spam-friendly ISP - update

Spamhaus lists Microsoft as a spam-friendly ISP - update

  • Comments 1

A week ago, the Washington Post printed an article saying that Spamhaus had listed Microsoft as the 5th worst spam-friendly ISP.  There was (an is) a link to the current top 10 worst spam friendly ISPs, and while Microsoft is no longer on there, the point has been made.

Spammers have been abusing Microsoft's free web services for a long time, using a technique called Reputation Hijacking.  As I have posted before on this blog, botnets are used to sign up for free Hotmail (Windows Live Mail) accounts, create landing pages on Windows Live Spaces, and use the storage resources of Windows Sky Drive.  So, Microsoft is not really an ISP, they merely have a lot of free services to provide to Internet users.

Until recently, Yahoo was in that list as well.  It illustrates the problem that the Big 4 (MAGY) have, and that is trying to provide rich content tools to end-users while simultaneously trying to avoid the problem of abuse.  A friend of mine in Photosynth has told me the same problems - 12 hours after it went live, they had illegal x-rated images on there.

When I first saw the Spamhaus link, my heart skipped a beat a little.  For you see, a couple of months ago I saw that our services were responsible for emitting a whole pile of MAGY spam.  I was watching a presentation and I did a rough calculation in my head for how much spam we were sending out.  It was a lot.  To gauge my reaction, think of the Simpsons episode when Shelbyville steals Springfield's lemon tree.  Now, Homer and Bart, et al, are in Flander's RV in the impound lot.  Bart is running back to the RV being chased by a dog.

Homer swings open the door and says "Don't worry boy!"  He then tosses out a bunch of sausages to distract the dog, but the dog swallows them whole and doesn't miss a step.  Homer gasps a little bit and his eyes go wide.  Homer's reaction was the same as mine.

Since that fateful day when I learned about our outbound spam problem, we have clamped down quite a bit and have way better monitoring now (and still improving).  Thus, when I read that Microsoft has listed as a spam-friendly ISP, I was secretly very uneasy.  I clicked on the link and read through the offenders, and thankfully Exchange Hosted Services was not listed.  That was a relief, it demonstrated that maybe our monitoring was working.

As I said, Microsoft is no longer listed on the Top 10 list.  I do know that Microsoft shuts these things down as soon as they find them, and as time passes there will be more and more defenses in place to mitigate this kind of abuse.  However, it is actually resource-intensive and it takes a while to build a solution that actually scales to the level that Microsoft needs it to.

Leave a Comment
  • Please add 2 and 8 and type the answer here:
  • Post