|
|
|
|||
 Spamhaus Blocks Gmail? Report Was Not True. Canned Spammer: "The Godfather" Alan Ralsky locked up Approaching 100% spam block: Spamhaus releases the Domain Block List State of Maine AG OKs Spam List DarkMarket "loner" soon to have many new friends Congratulations to CNNIC (China) Comcast guarding users helps protect all of us Two month "snowshoe" trek results Older News Articles:  Spamhaus News INDEX |
The one thing that plagues Hotmail users more than any other Internet problem is the amount of spam hotmail.com addresses receive. Often within days of creating a new Hotmail account the new address starts receiving spam, almost as if the spammers have a hidden link directly into Hotmail's database and are able to siphon email addresses at will. In fact, that's almost exactly what spammers do have. The method by which spammers harvest email addresses directly from mail servers has been known for years, it's called a 'Dictionary Attack' and both Hotmail.com and MSN.com are highly vulnerable to it due to the sheer volume of email traffic their servers handle each day, traffic in which spammers conducting dictionary attacks can hide undetected literally for many months at a time. Spamhaus has proof that at least one spammer has been conducting a massive dictionary attack against the mail servers of both Hotmail.com and MSN.com, at the rate of 3-4 tries per second, 24 hours a day, continuously for 5 months. Dictionary Attacks work by spammers using software which opens connections to the victim's mail server and automatically submits millions of random addresses, such as "michaelFxy2@hotmail.com", "marla1892@hotmail.com", recording which addresses succeed. These are then added automatically to the spammer's list, which is then resold to spammers world wide. In early August 2002 Spamhaus became aware of two spammers conducting a large dictionary attack against the mail servers of both Hotmail.com and MSN.com. Spamhaus advised Hotmail and the MSN Service Operations Centre and the attack was partially stopped, but soon resumed from new sources. Thanks to a slip-up by the spammers conducting it, Spamhaus was able to see into the entire attack in progress and log it daily. At the publication of this article, 5 January 2003, the massive Dictionary Attack Spamhaus is watching on both Hotmail.com and MSN.com's servers is still in full swing and has now been going for just over 5 months. The source of the attacks, servers in Beijing (China) operated by American spammers (whose names and addresses have been passed to Microsoft's lawyers), have been blocked by the Spamhaus Block List (SBL) since August 2002. Modern ISP mail servers such as CommuniGate Pro have built-in protection against Dictionary Attacks, the modern mail server counts how many times the sending server hits Unknown addresses within a given period and then automatically shuts the attacking server out. But large mail systems such as Hotmail and MSN are difficult to protect because of the sheer volume of email traffic making it difficult to detect Dictionary Attacks in progress. For users of Hotmail and MSN, until Hotmail/MSN find a way to prevent the attacks, a solution to not having your address harvested by spammers is to use a long Username with plenty of random characters interspersed with digits, which even Dictionary Attack software trying billions of random combinations would probably not guess. |
Press OfficeSpamhaus News IndexSpamhaus in the mediaAbout SpamhausSpamhaus Official Statements |
Permanent link to this news article: Spammers Grab MSN Hotmail addresses http://www.spamhaus.org/news.lasso?article=6  Subscribe to RSS News Feed |
Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|