Hotmail Adds More Spam Blocking and Management Features

October 16, 2011

Microsoft has announced plans to introduce better spam blocking functionality by the end of the year.  Building on the series of spam-fighting technologies the Hotmail team has already rolled out this year, Microsoft says the upcoming tools will target ““gray mail” – defined as email that isn’t necessarily spam, but it is email that you personally don’t want to receive.

New features include:

Changes to the Sweep feature. Sweep gave users the ability to move messages in bulk from one mailbox to another based on preset criteria. Now, you can schedule clean-ups and mass delete messages.

Better newsletter filtering.   A new filtering feature will automatically identify inbound newsletters and put them into a folder which can be deleted. Users can also leverage this feature to get removed from mailing lists and block additional newsletters by selecting Unsubscribe which triggers a Hotmail notification to the company asking them to remove you from their email list.

Enhanced folder management.  This feature will allow users to create and apply their own categories to individual email messages inline as opposed to the current two step process. Users will be able to right-click on a message to rename, delete, empty or mark as “unread.”

Better Housekeeping. Users will be able to set auto delete parameters on old emails  – like after 10, 20 or 30 days, and they will be able to choose whether to keep a whole thread of emails, or just the last message from the sender.

Keep high priority emails on top.  You will be able to flag messages and have them stay at the top of your inbox no matter how many new emails come in.

Make real-time choices. You will also be able to see buttons for common email tasks when you hover over a message. This allows you to delete, flag, sort, etc. in one step rather than two.  You will also be able to customize the buttons you see, or turn of the ‘Instant Action’ feature.

“Back in the day, Hotmail was the number one. But we lost our way a little bit. Gmail came on board, and suddenly we were getting things like storage all wrong, and not really focusing on users as much as we should, piping quite a few advertisements into Hotmail and not putting good enough controls around spam. We really are [now] focusing heavily on making the fundamentals — the non-glamorous stuff like spam protection, privacy, security and performance — are all best in class,” said Mark West, Microsoft product marketing manager for Windows Live, told ZDNet UK.

There’s something to look forward to.



Responding to Spam Volumes, Hotmail Adds “My Friend’s been Hacked” Feature

July 21, 2011

Sending spam from legitimate user’s email accounts has become rampant as spammers switch from using botnets. This week alone, I’ve received spam sent via my mother’s and two friend’s email accounts – and received frantic calls asking how to fix the problem. Read more on fixing the problem later in this blog.

To address the nearly 30% of Hotmail generated through compromised accounts, Microsoft has launched a new feature in Hotmail. Called “my friend’s been hacked” and found under the “Mark as” dropdown, a simple click allows friends to report compromised accounts directly to Hotmail.

Microsoft’s Dick Craddock explains that “when you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise.”

Once Hotmail has marked the account as compromised, two steps are taken:

  • The account can no longer be used by the spammer
  • You (or your compromised friend) are put through an account recovery flow that helps them take back control of their account.

What’s really cool about the work the Hotmail team has done is that it can be used to report problems with accounts hosted by other email providers as well. So for example, Yahoo! or Gmail receives a notice from Hotmail if one of their user’s accounts has been compromised and can take action.

Additionally, the Hotmail team has recognized that weak passwords are a large part of the problem – it’s just too easy for spammers to hack flimsy passwords. To address this, the service will soon roll out a new feature requiring stronger passwords. If you’re currently using a common password, you may be asked to strengthen it in the future.

Changing spam tactics

The takedown of the Rustock botnet dealt a telling blow to spammers and dropped spam volumes by almost 30% overnight (see Kudos to MSFT for Strangling the Rustock Spambot) and highlights a vulnerability in the botnet approach. Not only did spammers have to pay to rent the botnets, their distribution method could be shut off in one well-researched swoop.

A report out this month by Commtouch explains this shift in tactics sayingThe move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.

The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.”

What to do if your email account is hacked

  1. Check your security. Most hackers collect passwords using malware that has been installed on your computer or mobile phone. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference
  2. Change your password and make it stronger after your anti-virus and anti-malware programs are updated. Learn how to create stronger passwords in my blog Safe passwords don’t have to be hard to create; just hard to guess.
  3. Practice greater safety online.
    1. Learn to spot spam and scams
    2. Secure your home’s wireless network
    3. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker
    4. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware