
Well ;)
Microsoft's Outlook and Hotmail spam filters went off piste on Wednesday, dumping an avalanche of unwanted bumf in inboxes. The snafu was resolved by early afternoon, here in Western Europe. "Some users may be receiving excessive spam mail," read a warning that briefly popped up on Microsoft's Outlook.com service status page …
My Dearest Kind Friend,
I am contacting you today regarding a substantial asset available which must be disposed of with the utmost sensitivity. Today, the asset is seen as extremely valuable but a select few insiders know it is set to become worthless in the very near future, when it will be replaced with a system going by the codename "Penguin". Before this information becomes widely known, it will be possible to sell off via my associates if I can secure the assistance of a neutral unknown party such as your kind self. The assets full name cannot be disclosed yet - it has the codename WX - in case this information leaks and the value deteriorates even further. I assure you with great trust there are many people with the misguided belief this will actually increase in value, so time is of the essence.
Please kindly reply kindly with your kind agreement, you kind person you
Yours
"Am I using it wrong?"
Sadly, the vast majority of users have no idea what they are doing with email. Even using their ISP mailbox would probably be better than using hotmail and the like, but they don't know how to set it up. They probably don't even know what a mail reader programme looks like. Some may use Outlook at work, but for most users, webmail is the only mail they understand because it looks a bit like facebook.
I've even seen small businesses/sole traders who use $plumber@hotmail.com, $sparky@gmail.com etc because they simply don't understand and no one has told them differently.
Most people are experts in one (occasionally more than one) domain, and complete amateurs outside it.
It's very likely that a professional plumber or electrician could come to your home, take one look at the shower you fitted or the extra socket you installed, and realise that you have no idea what you're doing.
You probably don't even have the best tools for the job. This is because you are not trained in that area and no-one has told you differently.
You are treading dangerous ground there, E.S.
It s a well established "fact" in these pages that CS graduates are experts in all the fields they care to do their little rat dance in.
Also that it is not at all unusual to remove the back seat and carpets from a brand new car and hose it out.
"Am I using it wrong?"
No, that's what it's for. Having said that, nothing out of the ordinary here, just the usual: another spam pretending to be from Outlook themselves and making a nonsense of any claims Microsoft might make about defending their trademarks. Not even an SEO.
Isn't there a dichotomy between M$ trying (and failing) to filter out unwanted crap from Hotmail users' inboxes and foisting the Windows 10 "upgrade" on those that don't want it via the intrusive GWX app which is becoming ever more difficult to refuse?
http://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/
*sniff* do I smell gross hypocrisy? Why, yes, I believe I do!
I'm always amazed at the miracles people expect you to work when it comes to spam-filtering.
I mean, obviously, you don't accept spam from non-reverse-DNS, apply greylisting to new senders, filter attachments from unknowns, perform DNSBL for everything you can find, drop where the SPF or DKIM checks fail, etc. etc. and then keyword and Bayesian filter the hell out of what's left. But still stuff will slip through.
Yet I'm given the impression that it's all my fault whenever a new batch of spam slips through.
Sometimes I feel like saying "If I *could* write a system that just coped with all of this properly without needing to be tweaked and tuned and manually-overrode, and that could identify spam with even 99.99% accuracy, I certainly wouldn't just be working in IT any more - I'd have sold that and lived off the proceeds for the rest of my life".
Microsoft is a $400B global corporation with decades of Internet experience, huge cloud data centers, the finest minds imported from all over the world. We are told over and over how spotless is their tech cred, the creativity of their machine learning code boffins. Some would have us believe they have an organic understanding of all things programming and networking light-years beyond that of us mere mortals.
So, yeah, maybe they should be able to block spam by now.
You have to love that disconnect.
The tech press is hyping the imminent machine learning revolution, yet the public facing algorithms show no signs of being any better than 10 years ago.
Behavioural advertising is drastically more bone-headed than mere contextual advertising. Spam filtering is dumb vs. pretty obvious spammy-ness heuristics.
I call bull on their A.I revolution.
"I'm always amazed at the miracles people expect you to work when it comes to spam-filtering."
What amazes me is that the one thing Microsoft let through is the one thing they ought to find easiest to filter out: spam pretending to come from them telling me to click to here or my account would be deleted or that my mail box is full. They ought to be able to filter it because they should be able to work out that they didn't send it.
What happens at the moment is that some spam -- 1% plus? -- gets through filters erected by webmail and email service providers. So something like 98% is blocked at service provider level.
If I was a spammer, I wouldn't want to waste my bandwidth sending out email that was automatically deleted. I'd try to track the 1% or whatever that gets through, and when tracking reported that I'd been blocked, I'd stop sending email and change tactics with a new batch.
Is this how spammers and email filterers battle things out? When does the spam filter assess content addressed to a webmail address? -- when a mailbox is opened as well as at mail transfer agent level?
How has the economics of spamming changed? Some clients (notably child abuse image sellers) are untouchable even for spammers. I haven't seen a spam message for so long that I have no clue what they are selling. It's a while since I saw a generic phishing message.
"Spear phishing" -- targeted email with a payload activated by a link etc -- was common at a previous job. Bloody scary.
What bothers me is the spam that doesn't appear to have ANY purpose. A string of random sentences, stolen from some book of poems or something, without any links or images of any kind. No product messages, no weird formatting that makes the message readable to a human but easily missed by a computer, etc... What is the point?
"What bothers me is the spam that doesn't appear to have ANY purpose. A string of random sentences, stolen from some book of poems or something, without any links or images of any kind. No product messages, no weird formatting that makes the message readable to a human but easily missed by a computer, etc... What is the point?"
Probably has an invisible 1x1 pixel image in it which tells them your email address is geniune and the email was seen.
The point of those lorem ipsum style mails is.
They get through filters
If they do not bounce they know the email address is still live
If it bounces (with unknown address style bounce) they assume email address dead & remove it from their spamming database.
Often used in conjunction with random email address generation e.g. if they have a valid address of donald@bouffantbarnetry.com they will try other prefix variants before @bouffantbarnetry.com to see if they can guess other valid email addresses on that domain
If it bounces (with unknown address style bounce) they assume email address dead & remove it from their spamming database.
This does not happen.
I get bounces in my maillog. The errors are basic typos in genuine email addresses for my domain - and they are the same typos that have been attempted for about a decade now.
These attempts bounce - they have never been valid addresses for this domain. They continue to be tried...
Vic.
"If I was a spammer, I wouldn't want to waste my bandwidth sending out email that was automatically deleted."
The thing is, bandwidth is cheap, and if you're a spammer it's also quite often not YOUR bandwidth. 1% inbox rate, if you send 1 billion, is still 10 million people. Then 1 in 1000 of those click something, you still have 10,000 people on your (drive-by malware / blue pill / whatever) site.
It wouldn't matter if it was 0.00%
Spam works on the same mechanism as advertising.
"Hey, I'll spam 10,000,000 people for you, for the low low price of $100"
You pay me outright, and although your risk is pretty low you probably wasted your money.
Spam is just on a sliding scale. Google or Facebook ads are scummy as hell too, but they cost more and you get better fake analytics.