Microsoft’s Hotmail and Outlook Live servers keep getting stuck on a spamming loop that is locking many students and teaching staff at UK universities out of the firm’s email service. On 18 March, Microsoft admitted that Hotmail and Outlook Live users at the University of Bath and the University of Manchester were unable to …
It's a free service
Get a grip. Mistakes happen.
Only it isn't a free service as many university are paying for Microsoft to provide it.
It's free, but ...
Sure it's free, but Microsoft isn't doing this for kindness. If they want to run a professional mail service, it needs to be reliable.
I'm an admin for an affected institution, and we've had to whitelist two entire /24 subnets so that mail can still get through.
Unless I'm mis-reading the article, unis aren't using Hotmail as their mail provider - it's an issue with Hotmail accounts not being able to send to uni email accounts, due to *@hotmail.co.uk being spamblocked. *@hotmail.com seems to be fine (I've just checked), unless the problem's already been resolved.
At DeMontfort, the student/staff email accounts are using Gmail as the service, not Hotmail. Dunno if this is the case at the other unis mentioned.
It's free so it's OK if it's crap?
Not from a FOSS organisation are you?
RE: It's a free service
Wait for an article full of crazed ranting, then reply to it with "Get a grip."
A Hotmail account of mine, which I've not used for a while started spewing spam messages to a few friends of mine which I had listed in the contact list. I've never logged on to this account for any other computer, other than my own Mac in the last couple of months. I occasionally log in to keep the account alive, and usually have all my junk mail sent there from sites that ask for a valid e-mail address.
Somehow, somebody managed to get into that account. Not sure how, scanned my computer for viruses & malware, nothing found. The password on the account wasn't weak, consisted of letters, numbers and special characters. I'm usually pretty careful with my credentials. None of my other accounts such as Gmail have been compromised. I've now changed the recovery details and password, however, I promptly forgot what I changed it too, it's not like I need the account anyway.
I think this issue goes much deeper with Microsoft and Hotfail.
I wouldn't worry about it, I've had some messages from friends (only checking the IP address can see they we not sent in the UK) and they are the type that wouldn't give their bank details etc
I had a googlemail account hacked into - heck knows how on earth they managed to guess that password, but I suspect silly things like being able to answer what is your fav colour or name of your first pet means it's probably a piece of pi$$ to reset a password.
Now I never kept a contact list, but now I delete any messages I don't need to keep (and delete my sent items) , so if there does turn out to be a googlemail backdoor - hopefully any "damage" can be kept to a minimum
The only reason that I've not dumped googlemail is that at least you can see the IP address of the last accesses to your account
You can put anything you want in the From field
"Somehow, somebody managed to get into that account. "
Did they? Did you examine the headers of the emails that had your @hotmail address in the From field to verify that they actually originated from Hotmail? Sending an email with any email address you like in the From field is utterly trivial. You don't need to access someone's email account in order to send emails that claim to be from their email address.
One possibility is it was actually someone else that had both you and the other people the spam was sent to on their contact list. The spam emails would then be sent to all that person's contacts randomly picking your email address as the source.
This happens all the time because sender and from email addresses are not validated and is one of the tricks they use to make it harder to track down who has actually had their account compromised and warn them.
I only use Hotmail for spam/advert emails.
I keep no contacts here. Hotmail is only used for emails I send where I don't care to 'know' the person. I.E. Junk Mail. I do use it for my beagle site but email from that site is rare. It's quite easy to mark email as spam. But it is funny that even email marked as spam keeps coming into my regular in box and not the spam box.
What ever. I don't buy any MS services. I use MS email to drive their costs up. EOS.
titles and candrops
Hence why you don't supply the answer to that question, you give a totally unreleated answer.
Q: "What is the name of your first pet?"
A: *randomly generated value here*
I detest password recovery questions that don't let you set your own question and think you're dumb enough to hand over your mothers maiden name or some such.
It may be security by obscurity, but it's just one extra hoop/layer for them to traverse before getting their goods. No chance of dictionary/bruteforce attack on it, no lucky guesses, no-one gets your information and you're an infinitisimally bit more secure.
Me too. And I don't think it was a forged "from" address. I have myself in my contacts list and the message is sitting there in the "sent items" folder and was sent to everyone in my hotmail address book.
Something fishy is going on.
It was hacked
How do I know this? I could see the message that was sent in the sent items folder. So yeah, it was hacked.
What a shame
Well, on the day that hotmail servers were refusing connections from ANYONE GLOBALLY FOR ABOUT 5 HOURS, I'm not suprised the uni's werent getting thier emails.
Nor were religious institutions, or charities, or health service professionals, what an affront to humanity!!!!!!!!!!!!!!
Not bad for a free service.
Stuck in a loop, you say?
Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!, Ha Ha!,
Still, a useful for lesson to students. It's MS and it doesn't work. QED
...Microsoft need to switch the Hotmail servers back to Apache.
Apache being a well known email server!
not just the U.K. ?
Our university, here in Pennsylvania, USA, had a similar lockout problem earlier this week. Resolved in about a day, I believe.
And no, it's definitely NOT free. We contract w/ MS to manage this system for the students. So our Tech. director gets his phone calls to Microsoft answered....
Before people get their panties in a bunch
The filtering software is not a Microsoft-created product, hell it doesn't even run on Windows. The product that is being used is called "Frontbridge" and runs on Redhat Linux.
obligatory spammity spam spam spam comment
...or Lobster Thermidor a Crevette with a mornay sauce served in a Provencale manner with shallots and aubergines garnished with truffle pate, brandy and with a fried egg on top and spam.
Not that I am averse to occasional bouts of Microsoft-bashing, but the article title indicates that it was somehow intentional
That is a feature not a bug.
Who in hell uses Hotmail?
Why use hotmail at all?
You don't need to use it. It's not the only webmail service. Why use it?
Fwiw I'm getting more spam from gmail addresses, particularly in Russia, that from hotmail.
UWS is ok but
Outsourcing uni mail servers saves space money and and its better isnt it.... oh wait it isnt and its a single point of failure apparently YAY
Too many clouds and the rains...
That's what happen when you outsource services: you're bound to what the service providers is willingly to do and when. Expect more cloudy days in the future...
Call me naive, or perhaps old school
I really don't get why an institution as large as a random university can't manage to attract the knowledge to run an IMAP for all staff and students. It's really not difficult with the right skilled persons to run the thing. (I'm currently looking for work, too.) Not to mention that most open-source email related software springs from university type shops' in-house development.
But then, even google has no clue of fundamentals like how DNS was supposed to work, and hotmail ran a lot better when it wasn't owned by micros~1. So let's outsource to that sort of shop then. Surely that'll work.
People are still using web-based mail?
People still use Hotmail? Wow...
Even having a favourite colour is a security fail. Pets are of course unavoidable, but you don't have to name them.
My all time favourite security question is from Nationwide- "what is your favourite pop song?" Very memorable. The kind of people who have a favourite pop song change it at least once a week.
"Who in hell uses Hotmail?"
Me, for starters. What do you use for non-work contacts? Your ISP's accounts? What if you change ISP? I have. Quite a few times. Would have to change my email address in many locations every time I did it.