Microsoft sues Hotmail spammers

Microsoft has pressed charges against some individuals, accusing them of using techniques designed to circumvent Hotmail’s antispam filters.  From the Microsoft Security blog:

Last week the Microsoft Digital Crimes Unit filed a lawsuit in U.S. District Court under the federal CAN-SPAM Act against the perpetrators of what we believe to be one of the largest-ever spam attacks on Windows Live Hotmail. The lawsuit –Microsoft Corporation v. Boris Mizhen, et al. – alleges defendants engaged in an elaborate scheme to evade Microsoft’s filters by abusing Microsoft’s Junk E-Mail Reporting Program (JMRP) and Smart Network Data Services (SNDS) to send vast quantities of spam each day. JMRP and SNDS are free services designed to help protect Windows Live Hotmail customers from spam by encouraging people to report it and to help improve our spam filters by identifying legitimate mail as such.

In our lawsuit, we allege that defendants opened millions of Hotmail e-mail accounts and hired people to manually identify spam mails as legitimate mails in order to trick Hotmail into classifying spam as legitimate mail. Such actions undermine the measures we’ve put in place to protect people. We take this abuse very seriously, and while Hotmail and our SmartScreen filter continue to work to block spam from this identified scheme, we’ll keep investigating and pursuing spam attacks to protect our network and our customers.

This is a pretty significant course of action for the spammers to take.  Microsoft’s JMRP program is used to determine if messages are spam or not.  Every time someone logs into their web account and sees spam in their inbox, and clicks “This is Spam” that information is used to train the Smartscreen filter to figure out if the message is spam or not.  Of course, it’s not 1 message that is the threshold, it is much more than that.  The SNDS program is used to assist large senders in getting email delivered to end users.  Sending bulk mail can be difficult to get through a filter.  SNDS makes the sender go through a series of hoops but once you do, you get email reports about how users view your mail and you really do get a much better deliverability experience.  In other words, signing up for SNDS helps you deliver more mail.

From what I read, these spammers hired people to open up lots of Hotmail accounts.  The spammers would then send spam to these accounts and the users would go into their Junk Mail folders and click “Not Spam.”  Doing this in bulk would ensure that the content filters classify the messages as clean; I refer to this as Bayesian poisoning (this is not quite the accurate use of the term).  A probability based filter “learns” on user classifications.  By opening up thousands of accounts, a spammer could get their content a clean bill of health before finally sending it to the rest of the Hotmail population.  It’s actually quite an extensive piece of work to go through.

Similarly, by using the SNDS, spammers could sign up a faux account and let Hotmail know that they are a good sender, when in reality they are not.  By taking advantage of SNDS they could get a window of opportunity large enough to send out a few million spam messages before finally being detected and shut down.

It looks like an inside job (in that they are getting people on the inside to do stuff), but instead, spammers are using free services designed for normal users.  They abuse them and ruin it for everybody.  This is a whole heck of a lot of manual work and it demonstrates the lengths that some spammers will go to in order to game the system.  There aren’t a lot of spammers who will put in the time and effort to do this.

Skip to main content