Jump to content

Contact Microsoft


louisd

Recommended Posts

The great MS beast has again show its incredible skill in botching even the simplest things. As you may have noticed MS has been trying to put a security and anti-spam foot forward since the release of XP SP2. They have put numerous pages up on fighting spam. Of course, the advice they give is most OK, but one piece is dead wrong. I have written to them and they say they will take my comments "in to consideration". I think we need an avalanche of notes to them so that they'll get this corrected before people get flooded with meaningless spam reports. That piece of advice is:

"Forward spam to the spammer's Internet Service Provider (ISP). If you get unwanted mail, the sender's address will show the ISP name after the "at" ([at]) sign. Forward the headers (following the directions above) to the abuse alias at that ISP—for example, try abuse[at]<ISPname>.com." (http://www.microsoft.com/athome/security/spam/options.mspx)

Give me a break. Their comment page is at:

http://register.microsoft.com/contactus30/...security/athome

[edited for spelling]

Link to comment
Share on other sites

Thanks for alerting us, LouisD...here's what I just posted using the comments form you linked in your message:

On your page at:

http://www.microsoft.com/athome/security/spam/options.mspx

Under "Step 2: Report junk e-mail and its senders," you suggest to "Forward spam to the spammer's Internet Service Provider (ISP)" but then you tell people that "the sender's address will show the ISP name after the "at" ([at]) sign..."

My goodness NO! Surely you know that 99.99999 percent of all spam has a forged "From" address (the "Sender"), and that the spam didn't originate from that ISP at all. In fact, many spammers forge the addresses of people they're mad at (anti-spammers) into the "From" on the spam that they send out, hoping to cause problems.

Please, oh please immediately remove this faulty advice from your website. You are doing a great disservice to the people who are trying to do their part to stop spam.

The anti-spamming community has been alerted to this mistake and we're hoping that you correct this as soon as possible (expect some "love notes" about it....LOTS of them!).

DT

Link to comment
Share on other sites

I had an answer from MS. They still claim their way is appropriate for dealing with some spam, otherwise they gave me an address to contact:

I understand your concern on this specific issue. Generally speaking, spam is sent by some specific tools. The senders are invalid and can be various. The method introduced in that article is only a common way to avoid some junk mails. We are still working on the issue to provide more methods. I have forwarded your suggestions to the appropriate team. We strive to capture any feedback so as to ensure we are continuously developing Microsoft products to meet customer needs. You are also welcome to add your comments to make Microsoft products easier and more powerful to use.

<mailto:mswish <at> microsoft.com>

Link to comment
Share on other sites

And at 4:30 EDT this morning, I received from Glenn:

We appreciate your effort in pointing this issue to us and we are now

forwarding your message to the appropriate Microsoft contact for

investigation and resolution.

Hopefully, they are not blowing smoke to everyone and actually will change the wording.

Link to comment
Share on other sites

While they fix it I am having to deal with an increase in bounced messages, fortunately some abuse desks understand the problem after the fact:

here is one reply to a bounce I got yesterday

I do apologize. Our software is not supposed to send notices on spoofed

addresses. I will take care of this during maintenance tonight.

Regards,

Russ Richardson

Ionix Internet

Now what software is that? Could it be an MS based software?

Link to comment
Share on other sites

The plot thickens, no I am getting bounces spoofing my own domain in the "From:" field, curiously they all contain viruses or mime exploits and they all come from an ISP I covered extensively in this lounge but which is now deleted...

Can anyone come up with a solution I can convey to my technology desk, this is what they tell me:

"Spoofed" addresses are a tragedy.  Especially since you would not want

to filter any real messages from postmaster[at]MyDomain (but would for any

fake ones).  Unfortunately, there are not any filters that work on the

headers of the email (that could filter an IP address, rather that trying

to guess whether the email address is fake or real).  In your case, we do

not have any suggestions other than to allow the virus filter to filter out

virus attached emails and use the spam filter and just delete any unwanted

email.  If you suspect that our virus and spam filter system is not working

correctly, please send us the full source of any emails that contained

viruses or were spam.

  

PS. If you don't feel comfortable posting here feel free to PM me. I am having a real hard time with this help desk, but my pesistence has finally gotten their attention.

Link to comment
Share on other sites

This is the form letter I send to the abuse desk for any misdirected virus bounces I receive. A similiar one is used for misdirected bounces of spam (been meaning to combine them but that's for another day). The ISP bouncing should not be forwarding on the virus but many do a DNSBL lookup before the virus check (makes sense if they are rejecting on the DNSBL, but not otherwise).

Attention Postmaster,

The most recent batch of computer viruses and worms released upon the internet almost invariably forge the sender information.  Any alert notice to the address indicated in the "from" header usually is sent to an innocent party who has nothing to do with the original message.

We request that you reconfigure your mail gateway to not generate notifications sent by email to the from address within the message.  Rejecting the message during the initial SMTP transaction is the best way to accomplish this.

If you examine the headers of the message that you received you'll see, by researching the IP address in question, that the virus came from some other network.  Please contact *their* administrator if you wish to notify someone.

Thank you for taking the time to read this response. If you need assistance in configuring the mail gateway, please consult the software developer.

This is form-letter response.

------------------------- BEGIN HEADERS -----------------------------

-------------------------- END HEADERS ------------------------------

This was mainly picked up from these fora with slight mods along the way.

Link to comment
Share on other sites

The plot thickens, no I am getting bounces spoofing my own domain in the "From:" field,  curiously they all contain viruses or mime exploits and they all come from an  ISP I covered extensively in this lounge but which is now deleted...

Touching a sensitive spot there .... is it actually that you need to twiddle with the settings and change the 30-day range for displaying the previous Topics? As said elsewhere a few times, deleting things around here is not something done routinely. I have recently deleted stuff from the Test Forum (requested and/or agreed to by the original poster) ... I did kill off one spam Topic (JT killed another one many months back) .. but the things I can recall deleting "on my own" in the past few months have been the "Moved" links, and that done only after verifying that the original poster had in fact visited/posted in the "new" location.

That said, does changing the 30-day limit or doing a search for the ISP involved bring back your "missing" discussion points?

Link to comment
Share on other sites

Thank you both Steven and Wazoo, helpful as always!

Steven without going into too much technical detail, is there a place/website I could direct my help desk to for them to catch up on ways to accomplish the <<rejection of the message during the initial SMTP transaction>>, one that would analyse the IP of origin that those idiots at the help desk claim cannot be filtered? I have been debating that idea and blacklisting with them for a long time, with no results.

Thanks again!

Link to comment
Share on other sites

I am having a real hard time with this help desk, but my pesistence has finally gotten their attention.

I think you're probably talking about the HelpDesk at a university, aren't you? GOOD LUCK! I stopped talking to those people years ago when they showed almost universal incompetence. My theory was (back before the technology bubble burst) that competent people were getting high paying jobs in Silicon Valley, and that universities mostly were only able to attract and hold onto the ones from the bottom of the barrel.

DT

Link to comment
Share on other sites

You are so right DT ...I just got an e-mail from them stating that the viruses my daughter gets with what appears to my e-mail address in the header's <<FROM:>> are forged and the originating IP is instead in some exotic bannana republic. This is the first time they concede to that point after a few dozen e-mails. My daughter happens to be a student at the same university where I work.

What I want to convey to those idiots is that domain names in the headers should not be used in their filtering as they suggested in the e-mail. (And as MS implicitly supports in this thread) and I quoted in the above post. Rather, they should use IP rejects and black listings. They claim no such methosds exist, so I was hoping some of the experts here could help me out with information that would change their outlook. And now I finally got their attention, they used to simply ignore or discount my requests for action.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...