Anti-spam tool brings MSN under fire
Published: 09 Apr 2001 11:54 BST
Microsoft added a widely-used spam filter to its MSN Internet service this week in a belated decision that underscores the ongoing difficulties of striking out against unsolicited bulk email.
Anti-spam activists called the move long overdue, saying it will drastically reduce the estimated 10 billion spam messages carried on MSN annually. Known as port 25 blocking, the measure has been adopted by most major Internet service providers as a way to prevent spammers from using random ISPs to ply their trade.
Even though port 25 blocking has become an industry standard, however, the filter can create problems for noncompatible email software, leading Microsoft to delay the implementation.
"Almost everyone else including EarthLink and MindSpring implemented this a year ago," said Steve Linford, an anti-spam advocate at the Spamhaus Project. "MSN was dragging its feet in doing this presumably because the longer it took to do, the more consumers would eventually update their software. But of course, it's quite a big technical support event."
ISPs have become ground zero in the war against spam, with many adopting filters aimed at blocking out unsolicited messages as a service for their customers. These efforts have increasingly sparked disputes over whether the filters go too far, blocking legitimate email as well as spam.
In a high-profile clash last year, for example, Harris Interactive sued anti-spam group Mail Abuse Prevention Systems, AOL Time Warner's America Online and several other ISPs over their use of a controversial filter known as the Real Blackhole List (RBL). Harris claimed the filter blocked thousands of legitimate messages sent to its email list subscribers.
At the same time, some ISPs have cosied up to spammers by selling lucrative "pink contracts" that expressly permit customers to send unsolicited commercial email or put up spam-related Web sites. A recent example forced AT&T to pledge an internal crackdown on the contracts, which would violate its stated customer policies. ISP PSINet has also found itself embroiled in pink contract controversies.
Although port 25 blocking is relatively uncontroversial, Microsoft found itself facing some irate customers Wednesday. To comply with the industrywide endeavor, Microsoft added another layer of authentication to Outlook Express, becoming one of the last major ISPs to implement the industry-accepted blocking mechanism.
Microsoft admitted that it was concerned that the filter adopted this week might affect customer service. Mark Wain, product manager at Microsoft, said the company waited to implement port 25 blocking in an attempt to "minimise the negative impact to our consumers".
Even so, the move caught some Outlook Express users off guard when the new authentication caused some to lose settings for this type of service.
"Their customers are trying to send mail, but they're getting error messages saying that the server doesn't exist when in fact it does, and Microsoft is just filtering the traffic," said Pete Norloff, senior network engineer at Norloff Computer, whose company offered support to Microsoft users.
"Blocking legitimate email is not an industry-standard approach to solving the spam problem."
Microsoft is not offering support services to consumers who need to change settings, according to its Web site.
Microsoft's MSN Internet service typically allows customers to route email from other ISPs' servers using SMTP (simple mail transfer protocol) -- or the language used to send email -- as a convenient means to view multiple accounts in one inbox. For example, a customer using MSN at home could direct corporate mail onto the home computer using Microsoft settings, thereby maintaining a company address while sending messages.
All email sent via the Internet is routed through what's known as port 25 -- the channel used for communication between a computer and a mail server. The fundamental problem with port 25 SMTP is that it allows anyone to connect to a server other then their own, email experts say. In other words, spammers can use another ISP, bypassing their own, to send bulk messages, thereby duping their current provider, which in the event of spam would most likely shut off their service.
"We're trying to keep spam out of our users' mailboxes. It's security for our consumers," Microsoft's Wain said. But "users now have to reconfigure Outlook Express to authenticate [themselves]" if they want to send and receive messages from third-party email accounts.
Take me to the e-commerce special.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.
Let the editors know what you think in the Mailroom. And read what others have said.
Did you find this article useful?
70 out of 91 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
