Hey! My friend is sending spam Microsoft is introducing an early warning system for Hotmail users to report suspicions that friend’s email accounts have been hacked. Individual reports are checked against a compromise detection engine to determine if the account has been hijacked. If something is amiss the account is suspended - rendering it useless for a …
"the genuine account holder is asked to go through an account recovery process."
The problem is how to do that without sounding like a spammer yourself?
I get *lots* of messages saying my account has been compromised and I'll need to reset my password. Several a day. How are they going to 1> Avoid getting lost in that 2> Avoid the spammers promptly faking whatever it is that they do? This might turn out to be a gift to spammers once people know MS really does send out such messages
I guess that will be the distinction - you WON'T get messages because your account will be blocked until you have gone through the recovery process.
Kind of like the police locking your house with a big padlock if you're broken into whilst you're away, instead of leaving a note on the back of an empty fag packet telling you they know you have been broken into....
Too little, too late from MS really, but I suppose it is a start at least.
It probably wont send it as a message, afterall if you cannot login then you cannot see the message. More likely when you try to log into hotmail it will tell you that the account is suspended and that you need to do x, y and z to reenable it. This might involve phoning up MS for example, something which is not likely to be cost effective for spammers who will find another compromised account instead.
What form do those messages take? I, too, get lots of such messages - emails. What the announcement says is that you'll be told there's a compromise when you access the email account - which, given that it's a webmail system, I imagine WON'T be a message in your inbox for the very reason you give. More likely you'll be redirected to another page and won't be able to access anything at all on the site until you've dealt with the problem.
on the surface, but as Christoph pointed out, the devil is, as usual, in the detail. If it works well though, then Yahoo & Google, to name 2, should probably do something similar. I can think of a few examples where this has happened to friends, where their email account has been deluged by trojan-laden spam sent by someone on their personal contact list, & its certainly far more dangerous than normal spam, if not caught. Perhaps MS send a message to the alternative contact address of the affllicted account, for example
I despise Microsoft as much as the next person, but they are implementing a good idea here. I don't know of any other mail provider that provides this service, so they should be given kudos for something genuinely new and useful.
All these "Why didn't they do it sooner?" comments are silly. If it was so obvious, why have none of the major web email provides have done this before?
Of course, none of the other major email provides have a reputation of being a cesspool for spam and fraud, so I suppose this falls under the category of "necessity is the mother of invention".
As a network administrator we've had to block hotmail on a number of occasions from completely e-mailing our networks.
They utilize various ip's to send e-mail from as does yahoo so it's almost impossible to squash it.
We've been dealing with it for many many many years from hotmail.
And the icing on the cake is often times you have to be on a microsoft acl to report the abuse or they bounce the email. And most recently I found some e-mail I sent to a company bounced "because of a spam filter" and microsoft was doing the hosting.
So microsoft is calling my mail spam which is rather amusing.
The way to have always dealt with spam would of been after the can-spam act was implemented to of had monetary damages immediately be possible.
Then block all non-us ip networks from emailing you and let the cash roll in. Simply holding the asn owners responsible would of solved the US spam problem!
I know this would of went against the UN and other non-profits that take your tax money to put the third world online only to have the networks hijacked and sold to spammers and virus makers.
Hotmail used to be an absolute nightmare to control UNTIL MS bought it and tried to make it respectable. Their admins not only acknowledge spam reports from corporates but also always gave me nice blow-by-blow update mails on the steps they were taking to deal with it. Usually, only the first mail was automated; the others came from guys doing jobs.
Which is kind of nice.
Why aren't public webmail suppliers addressing one of the real problems - Automated brute forcing of user accounts all day, every day. Everyone can see it's only a matter of time till every public webmail account is hacked - This is the real PROBLEM!!!
Preventing automated account access, with something like CAPTCHA's (not saying CAPTCHA is the silver bullet), should be stopped in it's roots. This obviously wouldn't address weak password and general account hacking but would stem the flow quite a bit till better security is invested in by the vendors
This has happened to a friend of mine who isn't computer literate. Last Friday, she asked why she had to keep going through a password recover thing because of "some message when I try to go on my email". It seems that she gets a message, which presumably tells her that her account is being suspended as a spammer when she tries to login, and invites her to do a password recovery, which she does every time. Either she's not reading the message, or she's reading it but it doesn't mean anything to her and cant remember enough of it to explain to me, but at least now I know why it's happening and can explain next time...
She mightn't be computer literate, but she ain't thick, so this could have done with more publicity so people like me knew about it before it went live, and a better written message with some advice on why the account has been suspended and what to do about it...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
