Jun 21, 2010

Hacking through to hotmail's inbox

As all readers of this blog must know by now, @hotmail, @msn and @live email addresses (as well as a number of other Microsoft mail operated domains) use a reputation based SPAM filter.

This reputation is a savvy calculation based on the percentage of hardbounces, spam trap hits, complaints and positive reactions out of the overall volume of emails sent.

To be really efficient, this user oriented system keeps track of the statistics over a certain number of months.

Two weeks ago, "the Microsoft Digital Crimes Unit filed a lawsuit in U.S. District Court under the federal CAN-SPAM Act against the perpetrators of what we believe to be one of the largest-ever spam attacks on Windows Live Hotmail."

What Microsoft claims is that Boris Mizhen tried to hack the defence system by creating millions of email addresses and systematically marking hundreds of thousands of his own Spam as legitimate then contacting Microsoft to authorize their email to go through to the users inbox due to the fake legitimacy cquired in the process.

You can read the original statement on microsoftontheissues.com

Regarding the amount of work this must have represented for Mizhen and his associates and the poor result obtained, I reckon this type of  hacking attempt will not generalize itself, especially knowing how efficient the regular, known, spamming methods are.


Spamfighter said...

you might be surprised what people will try to get their mail to the inbox. I mean, apart from good mailing practices.

Unknown said...

True :)
I've seen quite surprising methods indeed