Hotmail uses controversial filter to fight spam

An antispam tool acquires legitimacy with the addition of a new subscriber: the 800-pound gorilla of Web-based email.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
4 min read
A controversial antispam tool has acquired legitimacy with the addition of a new subscriber: Hotmail, the 800-pound gorilla of Web-based email.

Microsoft's free Hotmail service last week started filtering all email coming from servers listed on the Mail Abuse Prevention System's (MAPS) Realtime Blackhole List (RBL). The list is composed of email servers known to be used by senders of unsolicited commercial email--or "spammers."

Hotmail is using the list to reduce the amount of junk email its users receive. But the list is harsh medicine. The filter, which does not distinguish between spam and other messages, will block legitimate email that happens to be routed through the blacklisted servers.

"It's something we've been looking at for a while," said Randy Delucchi, Hotmail's director of operations services. "We implemented it last week in order to protect our users."

Delucchi said he could not quantify how much spam Hotmail has filtered since implementing the RBL, but he said there are indications that the volume of spam being received has gone down.

"My gut feeling, just by looking at internal accounts, is that there has been a significant dent in the amount of spam," Delucchi said.

Hotmail's move was welcomed by users, many of whom have complained about the high volume of spam in their Hotmail accounts.

"Congratulations!" wrote a participant in the "news.admin.net-abuse.email" discussion list in response to Delucchi's announcement that Hotmail would implement the RBL filter. "Now maybe my Hotmail account will be good for something besides a spamtrap!"

The RBL targets what are known as "open" mail servers, which are frequently used by spammers. In the early days of email, administrators left servers open in a cooperative spirit so that email could be relayed through a number of computers en route to its destination.

Now that point-to-point email connections are more reliable, open servers are seen less as useful transfer points and more as tools for spammers to send mail while covering their tracks. In fact, a "vast majority" of spam comes through open email servers, according to the Coalition Against Unsolicited Commercial Email (CAUCE).

The RBL launched in the summer of 1997, when MAPS founder Paul Vixie--president of the Internet Software Consortium and creator of a crucial piece of Internet software called BIND--found himself in a game of cat-and-mouse with spam king Sanford "Spamford" Wallace.

After Wallace's email provider bounced him for distributing spam, he took to sending email through various unsecured servers. Vixie started keeping a list to filter mail from those servers, and that list became the RBL.

Since then, MAPS has used the RBL primarily to pressure server administrators to mend their policies, according to supporters.

"The RBL is an educational tool for applying pressure more than a technical tool," said John Mozena, vice president of CAUCE, which has ties to both Hotmail and MAPS. "The wider implementation it has, the more important it becomes, because that increases the number of people your users can't reach if you're not playing well with others."

Hotmail a validation
And that makes Hotmail's adoption of the RBL a crucial win for the list. Not only does it block "black-holed" email from a potentially huge number of recipients--Hotmail boasts 40 million users--but Hotmail's size and legitimacy give the antispam organization a needed boost.

"Hotmail coming on as a subscriber indicates a definite move into the mainstream," MAPS administrator Nick Nicholas said. "The list used to be more controversial, and not everyone wanted it to be known that they were using the RBL."

The RBL has suffered some public-relations black eyes in its two years. Although the RBL and associated MAPS lists have become widely used tools among Internet service providers, corporations, educational institutions, and individuals--with subscribers numbering around 500--many users choose to keep their affiliation with the RBL under wraps and do not show up on the RBL subscriber list.

In addition to having blocked some heavyweight companies, including RealNetworks (which is still blocked) and GeoCities, MAPS this summer had to negotiate an agreement after domain name registrar Network Solutions threatened a lawsuit over its addition to the RBL.

The RBL also has taken heat for allegedly trying to exercise dictatorial control of the Internet while blocking legitimate mail in the process.

MAPS and its supporters contend that its image problems stem from misunderstandings of its mission and process. Servers nominated for the RBL must be shown not only to be transmitting spam, but also to have resisted requests to secure their servers. Before adding servers to the list, MAPS said it works with the nominees to help them secure their servers. If they refuse the help, they are added to the list.

MAPS also points out that ISPs and others can choose whether to implement the list; MAPS merely maintains it.

Some email providers use the list to tag email as suspected spam rather than block it altogether. East Coast ISP Erols uses the list for that purpose, according to MAPS.

MAPS supporters shrug off the risk of blocking legitimate email.

"It's part of the cost of doing business on the Net," Mozena said. "It's what you should expect with a host that isn't playing well with others. Functionally, the RBL is a way of saying you're not holding up your end of the bargain. Isn't that a good reason for you to fix what's wrong with your system?"