Network News

X My Profile
View More Activity

Spamhaus: Microsoft Now 5th Most Spam Friendly ISP

Microsoft is rising quickly on a running list of the Top 10 Worst Spam Service ISPs as maintained by, a group that tracks unsolicited commercial e-mail.


The software giant debuted on the list earlier this month at number 9 (one being the worst), and has slid over the past few days down to number 5. Spamhaus says spammers and scam artists are abusing Microsoft's and properties to redirect visitors to sites that peddle fake pharmacy products, porn and Nigerian 419 scams.

Spamhaus explains how entities wind up on its Top 10 list:

Although all networks claim to be anti-spam, some network executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations. Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines.

Richard Cox, Spamhaus's chief information officer, said spammers advertise the links at Microsoft's properties by the tens of thousands at a time, because they know anti-spam groups are unlikely to block Microsoft properties outright.


"We have been notifying Microsoft about this for some months now at a high level that the abuse at we believe now exceeds any genuine use of that service that may exist," Cox said. He added that while Spamhaus has not yet listed any major Microsoft properties on its block list, it has listed a couple of smaller Microsoft domains to get their attention.

Cox said Yahoo! until earlier this week was listed high in the Top 10 list for the very same activity, but that the company quickly took steps to remove or shut down the offending domains.


"It should not be difficult for a company with Microsoft's resources to identify and mitigate that abuse in-house without any external input, but so far this has not happened," Cox said. "Microsoft's system has for some time been supporting an illegal drug sales operation, and Microsoft has known this."

Microsoft declined to make someone available for an interview about this. But the company e-mailed Security Fix a statement from John Scarrow, general manager of safety services at Microsoft. Scarrow wrote:


"Spam and other abuse scenarios are not Microsoft-specific. Microsoft offers Windows Live, a suite of software and services that provides opportunities for customers to post and share their own content through Windows Live Hotmail, Windows Live Spaces, Windows Live SkyDrive and other free services. As such, spammers have multiple avenues to target consumers with malicious activities. We take protecting our customers' security and privacy seriously and are continually working to improve their experiences while making industry leading progress to mitigate such attacks through both oversight and technology advancements. Using Windows Live services for spam is explicitly prohibited by the terms of service, and Windows Live accounts that are found to be used by spammers are aggressively removed."

The accuracy of that last statement may be open to interpretation: Some of the properties listed by Spamhaus that were used by spammers more than a month ago are still active.

What's more, other security companies have been publicly warning about upticks in spam and scam activity hosted by various Microsoft for many months now. In January, McAfee's Chris Barton wrote about the exact same problem. Last month, U.K.-based security firm Marshal said it was seeing large numbers of spam campaigns abusing Microsoft's service (previously known as Windows Live Folders).

Have a question or comment about this post or other computer security matters? Join me today at 11 a.m. ET for a live Web chat.

By Brian Krebs  |  November 21, 2008; 10:24 AM ET
Categories:  Latest Warnings , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Peculiar Patch Pits iPhone Security vs. Safari
Next: Felony Spyware/Porn Charges Against Teacher Dropped


I have been complaining to Microsoft for months about their domains, particularly I have even emailed and received emails from a real person at Microsoft stating that they have no control over what a person puts on their pages there. Since most of these pages list only links, they said they won't do anything about it. I have even filed a complaint against Microsoft about this with the FTC. Nothing is ever done.

Posted by: stephke | November 21, 2008 11:00 AM | Report abuse

I have a conspiracy theory:

Microsoft and it's various operating systems were specifically developed as a front for the spamming, phishing, and virus industries that have flourished on their software for decades.

Posted by: Keenobserver | November 21, 2008 12:16 PM | Report abuse

If Microsoft doen't or can't stop this on their servers, then we should STOP purchasing their products. This kind of crap puts us all in a spending loop that seems endless, which we don't deserve.

Posted by: citigreg | November 21, 2008 12:30 PM | Report abuse

M$ reeks of smugness.

We've got a cool product, "Live whatever", no one would dare use it for spam purposes.

Everything about M$ is dirty...

Posted by: Roofelstoon | November 21, 2008 2:59 PM | Report abuse

Not surprising. I hope they pull down more of these spammer hideouts like they did the other week. But seems they just pop back up again. For now, I need to keep my SpamBully installed and fighting this stuff off.

Posted by: richardgreen123 | November 21, 2008 3:16 PM | Report abuse

Microsoft is not a monolithic organization with a single mindset on all issues. There is an abundance of left hand not knowing (or not caring) what the right hand is doing.

My guess is that concern for the public is taking a second seat to career posturing over the nature of the problem and the appropriate response.

It might be useful to quantify, powerpoint, and present the abuse data to the VP of Windows Live Engineering Group while the success of the McColo and Atrivo shutdowns is fresh and while Microsoft prepares for program reviews and performance appraisals.

Posted by: ams-w | November 21, 2008 8:02 PM | Report abuse

Mr. Krebs,

Do you, the WP, or any of the others who have provided data for this article have any information on how much of this SPAM actually makes it through to the clients? Isn't the objective of the tools that Spamhaus has created to block SPAM? Is that not exactly what they are doing? And if not, why not?

A) I use Windows Live Mail and receive no

B) Blocking or does not also block

C) Because and more specifically are 'social' sites, these sites are often blocked through many web filters used by organizations, just as is MySpace, Facebook, etc. and I am 100% positive that MS has no objection to that.

D) I found no data related to SpamHaus.Org that shows where this abuse is taking place. Is it in Germany, Europe, the USA, all over?

E) It's a very different thing for them to say that spammers are placing links in emails they generate than to say that they know people are opening these emails, following the links, and being exploited. SPAM may continue to flow, but an educated user base knows to not even open these emails, not to mention the great success ISP's and service providers such as Microsoft have had in filtering out SPAM.

F) People worried about SPAM should read their emails in text only (not html), not follow links emailed to them...but more importantly, if their email address is receiving SPAM, they most likely already gave their email address to spammers or have it published somewhere on the web, such as a social site. They should create a new email account and not give it to anyone but those who they firmly trust, keeping the old email address only for when you have to log into some site...never give your primary email address to an entity you do not firmly trust.

In closing, I think the WP would serve their customers best if they were to provide solutions to their perceived problems...and not just over-hype issues.

Posted by: MasterGuru | November 22, 2008 2:35 PM | Report abuse

@MasterGuru: Yes, all anyone has to do is block any emails with links to, and you won't see any of that spam. But I'm not sure why Microsoft maintains the service at all if they don't care that it's become synonymous with spam.

And it isn't necessary to wait for the spam to show up in your inbox to find the abusive pages -- you can find hundreds in a single keystroke by searching for others that contain the same text strings. If we can do that, why can't Microsoft?

Does Microsoft have a duty to avoid being a participant in causing harm to people gullible enough to give personal information and credit card numbers to spammers? They've made their fortune bringing computing to people who aren't tech savvy. Allowing spammers to use a Microsoft service in this way gives the impression that their services have been reviewed and approved by Microsoft -- it might not fool you, but it would definitely fool a lot of Microsoft's target customer base. If I were a stockholder, I would be wondering about Microsoft's ability to remain profitable in the future if they've lost interest in such a large part of their core business.

Posted by: AlphaCentauri | November 22, 2008 11:07 PM | Report abuse


I left a comment about the splogger-scrappers who scrape my blogs: and Both are still being ripped off.

As a former account executive (reseller) I managed one of the country's biggest bank's software licensing and purchasing. I managed $50m budget. The biggest complaint I heard was how a software was performing well and then Microsoft would force an upgrade before the software was obsolete.

My point is inline with the conspiracy theorists. I have been informed, by a reliable SEO consultant, that Google does not take action against scraping or splogging.

The reason, related to me, was that sploggers bring in ad revenues while my sites do not contain Google Adsense or any other advertising. I can't vouch for the SEO expert's opinion. Yet it does make sense in a monetary world where the advertising dollar is priority 1.

Consequently I could visualize Microsoft supporting spammers for the same reason Google may or may not take action against sploggers.

Posted by: dean_guadagni | November 24, 2008 11:13 AM | Report abuse

Microsoft's knowing participation in this activity is appalling! What are they thinking?

Posted by: peterpallesen | November 25, 2008 9:35 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company