Microsoft ranked fifth worst spam service ISP

Microsoft is listed fifth in the Top 10 list of the worst spam service ISPs compiled by Spamhaus.org.

Spammers are advertising links to sites that "peddle fake pharmacy products, porn, and Nigerian 419 scams" on Microsoft's Live.com and Livefilestore.com sites because they know that the Microsoft sites won't get blocked by antispam groups, writes Brian Krebs on his Security Fix Blog at the Washington Post.

Spamhaus has been alerting Microsoft to the problem for some time, but to no avail, Richard Cox, Spamhaus' chief information officer, told Krebs. Other security companies, including McAfee and Marshal, have also been warning about increases in spam and scams on Microsoft-hosted sites.

A Microsoft spokesman responded to a request for comment with this e-mailed statement:

Spam and other abuse scenarios are not Microsoft-specific. Microsoft offers Windows Live, a suite of software and services that provides opportunities for customers to post and share their own content through Windows Live Hotmail, Windows Live Spaces, Windows Live SkyDrive, and other free services. As such, spammers have multiple avenues to target consumers with malicious activities. We take protecting our customers' security and privacy seriously and are continually working to improve their experiences while making industry-leading progress to mitigate such attacks through both oversight and technology advancements. Using Windows Live services for spam is explicitly prohibited by the terms of service, and Windows Live accounts that are found to be used by spammers are aggressively removed.

Interestingly, Verizon.com is listed at No. 9.

Microsoft's Live.com and Livefilestore.com are riddled with spam and online scams, Spamhaus.org says.

(Credit: Spamhaus.org)

[Mr. Dee]

Windows Live Spaces is the worst hit, I wrote to the Spaces Craft Team (Windows Live Space team) about this issue. They said improvements are coming, but its like its falling on def ears. If you check my Windows Live Space, you would see hundreds of Spam comments from persons in China with crap like "Wholesale Nike Shoes, Wholesale Jordans, Wholesale handbags, Cheap Jordan shoes Jordan shoes Cheap Jordans for sale ".

Microsoft, you need to do something about this comment spam and speed up the service too, its like molasses. The Windows Server 2008 HPC needs more RAM.

[Pishkado]

Security only gets Redmond's attention when they're dragged, kicking and screaming, into doing something about it. Until that point it takes a back seat to just about anything else - whether we're talking about ISP services, operating systems or applications. It's a matter of desire and priorities, not of resources or capability. Granted, I don't think anyone will ever be able to get rid of this sort of thing completely and permanently, but Microsoft could do a much better job if they cared enough to try.

[AdeBarkah]

Microsoft's problem is mostly livefilestore.com which is heavily used by spammers to hide their links. They should just shut this service down.

Google has a similar issue with their services. In fact if you count hosters of malicious software (instead of just spam) then I believe Google networks still rank #1.

A third problem are sites like TinyURL.com, again used by spammers to hide / redirect links.

[tacit]

tinyurl.com and other URL redirection services generally act pretty quickly against abuse. I've sent abuse complaints to tinyurl.com five minutes after receiving a spam message and seen the link go dead in less than fifteen minutes. That's why such a tiny amount of spam uses tinyurl; they shut down abusers pretty quickly.

Livefilestore.com, on the other hand, is a mess. It's a sewer of spam redirectors, viruses, Nigerian 419 scams, and malware. What's worse, every time I've ever sent a complaint to any of Microsoft's spam or abuse reporting addresses, it always bounces back with the same error message: "Unfortunately, in order to process your request, MSN Support needs a valid MSN hosted account." I can't even figure out what that means; is it trying to say that you must be a Microsoft customer in order to provide a spam report?

I've seen viruses and malware redirectors stay active on Livefilestore.com for weeks. It's clear that dealing with abuse is simply a very low priority for Microsoft. They could stop a lot of the abuse very simply: don't permit Javascript redirectors, run virus scans on uploaded files, and respond to abuse reports in a timely manner. So far, they seem unwilling or unable to take any of those actions.

I don't think it's malice on Microsoft's part so much as ignorance. In their blinding zeal to tackle Google, they're recklessly making decisions without any thought to security. It should have occurred to someone that offering a free file and Web site storage space to anyone who wanted it would result in folks trying to use that space for viruses, spam, phishes, and scam sites; everyone who has ever offered free file and Web storage space has had to deal with that. But Microsoft seems to have been utterly blindsided, as if it simply didn't occur to them.

[linneyob]

But Google and Gmail reply to complaints quickly and seem to act on them. Microsoft sends a "bug off" e-mail message....

[gsmiller88]

Well what do you guys expect, even Windows isn't secure unless you shell out a pretty penny to McAfee or Symantec.

[catch23]

Ever heard of AVG? Or several other free alternatives?
And if you run as a non-admin (like you are supposed to), even that isn't really needed.
Peddle your FUD elsewhere.

[Penguinisto]

"...even Windows"?

*snicker*

/P

[edlee19]

You have to frame the problem in a way that Microsoft will understand. You have to tell Microsoft that the spammers are competitors of Microsoft who distract potential Microsoft customers from Microsoft's own advertisements.

[linneyob]

But that assumes they actually read the messages instead of just sending an "it's not our problem" response....

[Seaspray0]

Deaf ears indeed! At this point, there may be nothing they can do other than bring it down.

[The_Decider]

Nooooo!!!!!!!!!!


Don't bring it down. I make proper use of Hotmail. Use it to create an account to sign up on websites. That way the spam gets redirected back to where it originated from.

It is an easy way to keep spam out of your email(I get ~5 or less spam messages a week) and it is a poetic solution.

[JCPayne]

So that's where all the wholesale deals are going? :-p

[Penguinisto]

Not surprised to see Verizon in the pile - they weren't fully RFC compliant w/ their mail last I dealt with them (2006), and getting hold of their mail admins (not tech support, but the sysadmins) is a trial, to say the least...

MSFT? Their mail service has been a running joke in the SMTP community ever since they bought Hotmail. To their credit, they did try raising the barrier to getting an account (to at least slow down the robo-signups), but yeah - they're a spam-pit... just block all inbound traffic from hotmail and be done with it.

/P

[clsgis]

Blocking inbound from Hotmail doesn't stop spammers from using Hotmail mailboxes. The throwaway send accounts aren't the problem, it's the reliable mailboxes for collecting responses from the soon-to-be victims.

[Penguinisto]

Agreed - but those I don't have to care so much about - getting hammered by hotmail servers clogging up the inbound queue OTOH...

/P

[AppleSuxLeo]

And Spamhaus is spam itself. You are calling the kettle black. Sounds like a slow filler-news day.

[The_Decider]

LOL

I hope you didn't get paid to write it.

[venomfang81]

Spamhaus is spam... that's a new one... do you even have a clue what you are talking about... Spamhause has been tracking spam as well as trying to help Network Admins to remove\filter spam for years.

You might want to know what you are talking about before you post comments.

[Penguinisto]

The MSFT fanboy choir is kinda notorious for not knowing what they're talking about... happens that way.

Maybe you can have fun with him and ask what an RBL is or how one works... :)

[Sumatra-Bosch]

Send out Ballmer with a truck full of chairs. He'll take care of those spammers.

[clsgis]

Spammers love live.com and hotmail.com mailboxes (and Yahoo.com) because MSFT is *SLOW* to terminate them. Spammers hate Outblaze (mail.com etc) because Outblaze terminates them *FAST*. (Google started out as good as Outblace but recently they're almost as bad as Yahoo.) Microsoft could terminate spammer mailboxes really fast if they wanted. It's a business decision for them to provide free service to the criminal gangs of Africa and Eastern Europe.

[linneyob]

When I report a scam e-mail with a "reply to" address at live.com or hotmail.com, I always get a canned reply saying they can't help because it's not a Microsoft hosted account. No wonder they have so many spam problems.

If I send a complaint to Verizon, I get a quick response telling me they'll follow up on the problem.

At least Verizon seems to be making an effort. If I were a spammer or a scammer, I'd certainly register for a lot Microsoft addresses. I could probably do a lot of damage before Microsoft could be bothered to respond....