Anti-spam activists called the move long overdue, saying it will drastically reduce the estimated 10 billion spam messages carried on MSN annually. Known as port 25 blocking, the measure has been adopted by most major Internet service providers as a way to prevent spammers from using random ISPs to ply their trade.
Even though port 25 blocking has become an industry standard, however, the filter can create problems for noncompatible e-mail software, leading Microsoft to delay the implementation.
"Almost everyone else including EarthLink and MindSpring implemented this a year ago," said Steve Linford, an anti-spam advocate at the Spamhaus Project. "MSN was dragging its feet in doing this presumably because the longer it took to do, the more consumers would eventually update their software. But of course, it's quite a big technical support event."
ISPs have become ground zero in the war against spam, with many adopting filters aimed at blocking out unsolicited messages as a service for their customers. These efforts have increasingly sparked disputes over whether the filters go too far, blocking legitimate e-mail as well as spam.
In a high-profile clash last year, for example, Harris Interactive sued anti-spam group Mail Abuse Prevention Systems, AOL Time Warner's America Online and several other ISPs over their use of a controversial filter known as the Real Blackhole List (RBL). Harris claimed the filter blocked thousands of legitimate messages sent to its e-mail list subscribers.
At the same time, some ISPs have cozied up to spammers by selling lucrative "pink contracts" that expressly permit customers to send unsolicited commercial e-mail or put up spam-related Web sites. A recent example forced AT&T to pledge an internal crackdown on the contracts, which would violate its stated customer policies. ISP PSINet has also found itself embroiled in pink contract controversies.
Although port 25 blocking is relatively uncontroversial, Microsoft found itself facing some irate customers Wednesday. To comply with the industrywide endeavor, Microsoft added another layer of authentication to Outlook Express, becoming one of the last major ISPs to implement the industry-accepted blocking mechanism.
Microsoft admitted that it was concerned that the filter adopted this week might affect customer service. Mark Wain, product manager at Microsoft, said the company waited to implement port 25 blocking in an attempt to "minimize the negative impact to our consumers."
Even so, the move caught some Outlook Express users off guard when the new authentication caused some to lose settings for this type of service.
"Their customers are trying to send mail, but they're getting error messages saying that the server doesn't exist when in fact it does, and Microsoft is just filtering the traffic," said Pete Norloff, senior network engineer at Norloff Computer, whose company offered support to Microsoft users.
"Blocking legitimate e-mail is not an industry-standard approach to solving the spam problem."
Microsoft is not offering support services to consumers who need to change settings, according to its Web site.
Microsoft's MSN Internet service typically allows customers to route e-mail from other ISPs' servers using SMTP (simple mail transfer protocol)--or the language used to send e-mail--as a convenient means to view multiple accounts in one in-box. For example, a customer using MSN at home could direct corporate mail onto the home computer using Microsoft settings, thereby maintaining a company address while sending messages.
All e-mail sent via the Internet is routed through what's known as port 25--the channel used for communication between a computer and a mail server. The fundamental problem with port 25 SMTP is that it allows anyone to connect to a server other then their own, e-mail experts say. In other words, spammers can use another ISP, bypassing their own, to send bulk messages, thereby duping their current provider, which in the event of spam would most likely shut off their service.
"We're trying to keep spam out of our users' mailboxes. It's security for our consumers," Microsoft's Wain said. But "users now have to reconfigure Outlook Express to authenticate" themselves if they want to send and receive messages from third-party e-mail accounts.