Microsoft offers to buy Yahoo

Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo’s then-share price.

Leaving aside the question of whether or not this is a good deal, and what Microsoft’s true motivations are for buying Yahoo (namely, to become the number 2 player in the search market), I’d like to look at it from an anti-spam point of view.  What are some of the things that the two companies can do to work together from an email delivery vantage?  Here are some of the things that I can see:

  1. Spam filtering algorithms – Hotmail’s Smartscreen technology could use some improvements, I don’t think anyone in Hotmail disagrees.  I’d like to see Microsoft and Yahoo get together and combine the best of Smartscreen and Yahoo filtering to improve the product.

  2. DKIM implementation – There hadn’t been a major movement within Microsoft to do DKIM.  Not that anyone was opposed to it, but there was a big push to do SenderID.  Now that Microsoft is acquiring the guys who invented DomainKeys, the predecessor to DKIM, maybe we’ll now start supporting it.  It makes sense to do it now.
  3. Get Yahoo to do SPF – Yahoo so far has refused to publish SPF records.  Microsoft is very big on getting customers to publish SPF.  Maybe now we can get Yahoo to finally do it.

Of course, the downside to this is that I can’t make fun or criticize Yahoo anymore.  Wait a minute, yes I can, I just have to do it quickly before Yahoo accepts the bid.

Comments (9)

  1. Kevin Daly says:

    My ISP recently turned its email service over to Yahoo (or their Australian subsidiary, since it’s now hosted there), and from the point of view of spam filtering it’s been an unmitigated disaster.

    I now get many more spam messages every day, and what’s worse is that a non-trivial proportion of valid emails are incorrectly flagged as spam.

    These problems emerged overnight with the transition, so I would have to call Yahoo’s mail management basically rubbish.

  2. Norman Diamond says:

    If it weren’t for all those Viagara spammers, the stock spammers could have got their message across to us when they were telling us to buy Yahoo.

  3. Bart Schaefer says:

    Regarding Yahoo and SPF: I’d like to hear your opinions on the arguments presented by Douglas Otis of, and others, to the effect that SPF is a potential vector for distributed denial-of-service attacks.

  4. Andre Kirchner says:

    Hi Terry,

    I have a HOTMAIL account, and recently received a spam from

    I tried to reproduce it with the following commands (Please see bellow), where I’m claiming to be (EHLO, but sending it from my home computer. And although HOTMAIL queued it for delivered, it never showed up in my inbox.

    Why was the original spam from received, while not my fake one? doesn’t have SPF records. So, is HOTMAIL comparing the IP address of the sender with the IP address returned by a DNS query for the domain stated in EHLO

    In this case, the IP address of the’s email server ( would match the one returned by nslookip -querytype=mx, and the original spam would be validated. While my computer’s IP address would not match the DNS query for, and my fake email would be rejected.




    andre@kirchner:~$ telnet 25


    Connected to

    Escape character is ‘^]’.

    220 Sending unsolicited commercial or bulk e-mail to Microsoft’s computer network is prohibited. Other restrictions are found at Violations will result in use of equipment located in California and other states. Sat, 2 Feb 2008 12:16:29 -0800

    EHLO ( Hello []

    250-SIZE 29696000





    250-AUTH LOGIN


    250 OK


    250….Sender OK

    RCPT TO:



    354 Start mail input; end with <CRLF>.<CRLF>

    From: <>

    To: <>

    Subject: SMTP test

    SMTP test body


    250 <> Queued mail for delivery


    221 Service closing transmission channel

    Connection closed by foreign host.


  5. Norman Diamond says:

    The inconsistency between and probably didn’t help that experiment.

    Also if the sender’s IP address is included in a list of addresses from which it is known that mail is not supposed to be sent, a recipient’s mail server might recognize that.  Such lists come from organizations that control the actual IP address, not from or

  6. tzink says:


    I’ll reply to your comments in a future post.

  7. tzink says:


    Did you receive a spam from or  In your telnet example, you say that the MAIL FROM is  The SPF record for is:

    v=spf1 -all

    That means that it doesn’t send any mail.  That is probably enough for Hotmail to reject it as spam.

    Now, there’s the question of why Hotmail accepted it but didn’t deliver it anywhere.  Hotmail’s spam filter assigns a spam confidence level (SCL) between 0 and 9.  If it hits 5-6, it goes to your junk folder.  If it scores 7-9, it is dropped.  That’s probably what happened in this case: it failed an SPF check and was assigned a high SCL level.

  8. Norman Diamond says:

    > If it scores 7-9, it is dropped.

    Instead of bouncing?  That surely explains why some Yahoo users remain unaware that their mail to Microsoft users didn’t get delivered.

    Keep this up and it will be extended.  Some Microsoft users will remain unaware that their mail to some Microsoft users didn’t get delivered.  (Unless the merger falls through.)

  9. tzink says:

    Correct.  It is silently discarded.

    It’s actually something I don’t really care for but I’m not in charge of delivery for Hotmail.  At least in our service, we don’t discard any mail without notifying the sender or recipient.