Jump to content
Sign in to follow this  
louisd

Contact Microsoft

Recommended Posts

The great MS beast has again show its incredible skill in botching even the simplest things. As you may have noticed MS has been trying to put a security and anti-spam foot forward since the release of XP SP2. They have put numerous pages up on fighting spam. Of course, the advice they give is most OK, but one piece is dead wrong. I have written to them and they say they will take my comments "in to consideration". I think we need an avalanche of notes to them so that they'll get this corrected before people get flooded with meaningless spam reports. That piece of advice is:

"Forward spam to the spammer's Internet Service Provider (ISP). If you get unwanted mail, the sender's address will show the ISP name after the "at" ([at]) sign. Forward the headers (following the directions above) to the abuse alias at that ISP—for example, try abuse[at]<ISPname>.com." (http://www.microsoft.com/athome/security/spam/options.mspx)

Give me a break. Their comment page is at:

http://register.microsoft.com/contactus30/...security/athome

[edited for spelling]

Edited by louisd

Share this post


Link to post
Share on other sites

Thanks for alerting us, LouisD...here's what I just posted using the comments form you linked in your message:

On your page at:

http://www.microsoft.com/athome/security/spam/options.mspx

Under "Step 2: Report junk e-mail and its senders," you suggest to "Forward spam to the spammer's Internet Service Provider (ISP)" but then you tell people that "the sender's address will show the ISP name after the "at" ([at]) sign..."

My goodness NO! Surely you know that 99.99999 percent of all spam has a forged "From" address (the "Sender"), and that the spam didn't originate from that ISP at all. In fact, many spammers forge the addresses of people they're mad at (anti-spammers) into the "From" on the spam that they send out, hoping to cause problems.

Please, oh please immediately remove this faulty advice from your website. You are doing a great disservice to the people who are trying to do their part to stop spam.

The anti-spamming community has been alerted to this mistake and we're hoping that you correct this as soon as possible (expect some "love notes" about it....LOTS of them!).

DT

Share this post


Link to post
Share on other sites

I sent a message as well.

How stupid can Microsoft get??

Or do they have some hidden agenda in getting people to reply to wrong addresses?

Share this post


Link to post
Share on other sites

I had an answer from MS. They still claim their way is appropriate for dealing with some spam, otherwise they gave me an address to contact:

I understand your concern on this specific issue. Generally speaking, spam is sent by some specific tools. The senders are invalid and can be various. The method introduced in that article is only a common way to avoid some junk mails. We are still working on the issue to provide more methods. I have forwarded your suggestions to the appropriate team. We strive to capture any feedback so as to ensure we are continuously developing Microsoft products to meet customer needs. You are also welcome to add your comments to make Microsoft products easier and more powerful to use.

<mailto:mswish <at> microsoft.com>

Edited by dra007

Share this post


Link to post
Share on other sites

And at 4:30 EDT this morning, I received from Glenn:

We appreciate your effort in pointing this issue to us and we are now

forwarding your message to the appropriate Microsoft contact for

investigation and resolution.

Hopefully, they are not blowing smoke to everyone and actually will change the wording.

Share this post


Link to post
Share on other sites

I just got a reply too. Mine says:

During our next site revision we will take your feedback in to consideration.

I wonder how long that'll be.

Share this post


Link to post
Share on other sites

They closed my case as soon as they opened it. We can only persevere and hope they correct the error, but their answer to me indicates otherwise.

Share this post


Link to post
Share on other sites
They closed my case as soon as they opened it. We can only persevere and hope they correct the error, but their answer to me indicates otherwise.

17137[/snapback]

...Hmm -- I never even received a case number (at least, not yet).

Share this post


Link to post
Share on other sites

Does anyone want to write to McAfee about their stupid advice when they delete an attachment. They always say to report it to the sender.

Miss Betsy

Share this post


Link to post
Share on other sites

Maybe you should all forward their anwer to me at the address provided and explain them why it is never a good idea to return/bounce spam to the sender, they seem to be pretty thick-skulled about holding on to their party line!

Share this post


Link to post
Share on other sites

While they fix it I am having to deal with an increase in bounced messages, fortunately some abuse desks understand the problem after the fact:

here is one reply to a bounce I got yesterday

I do apologize. Our software is not supposed to send notices on spoofed

addresses. I will take care of this during maintenance tonight.

Regards,

Russ Richardson

Ionix Internet

Now what software is that? Could it be an MS based software?

Edited by dra007

Share this post


Link to post
Share on other sites

The plot thickens, no I am getting bounces spoofing my own domain in the "From:" field, curiously they all contain viruses or mime exploits and they all come from an ISP I covered extensively in this lounge but which is now deleted...

Can anyone come up with a solution I can convey to my technology desk, this is what they tell me:

"Spoofed" addresses are a tragedy.  Especially since you would not want

to filter any real messages from postmaster[at]MyDomain (but would for any

fake ones).  Unfortunately, there are not any filters that work on the

headers of the email (that could filter an IP address, rather that trying

to guess whether the email address is fake or real).  In your case, we do

not have any suggestions other than to allow the virus filter to filter out

virus attached emails and use the spam filter and just delete any unwanted

email.  If you suspect that our virus and spam filter system is not working

correctly, please send us the full source of any emails that contained

viruses or were spam.

  

PS. If you don't feel comfortable posting here feel free to PM me. I am having a real hard time with this help desk, but my pesistence has finally gotten their attention.

Edited by dra007

Share this post


Link to post
Share on other sites

This is the form letter I send to the abuse desk for any misdirected virus bounces I receive. A similiar one is used for misdirected bounces of spam (been meaning to combine them but that's for another day). The ISP bouncing should not be forwarding on the virus but many do a DNSBL lookup before the virus check (makes sense if they are rejecting on the DNSBL, but not otherwise).

Attention Postmaster,

The most recent batch of computer viruses and worms released upon the internet almost invariably forge the sender information.  Any alert notice to the address indicated in the "from" header usually is sent to an innocent party who has nothing to do with the original message.

We request that you reconfigure your mail gateway to not generate notifications sent by email to the from address within the message.  Rejecting the message during the initial SMTP transaction is the best way to accomplish this.

If you examine the headers of the message that you received you'll see, by researching the IP address in question, that the virus came from some other network.  Please contact *their* administrator if you wish to notify someone.

Thank you for taking the time to read this response. If you need assistance in configuring the mail gateway, please consult the software developer.

This is form-letter response.

------------------------- BEGIN HEADERS -----------------------------

-------------------------- END HEADERS ------------------------------

This was mainly picked up from these fora with slight mods along the way.

Edited by StevenUnderwood

Share this post


Link to post
Share on other sites
The plot thickens, no I am getting bounces spoofing my own domain in the "From:" field,  curiously they all contain viruses or mime exploits and they all come from an  ISP I covered extensively in this lounge but which is now deleted...

Touching a sensitive spot there .... is it actually that you need to twiddle with the settings and change the 30-day range for displaying the previous Topics? As said elsewhere a few times, deleting things around here is not something done routinely. I have recently deleted stuff from the Test Forum (requested and/or agreed to by the original poster) ... I did kill off one spam Topic (JT killed another one many months back) .. but the things I can recall deleting "on my own" in the past few months have been the "Moved" links, and that done only after verifying that the original poster had in fact visited/posted in the "new" location.

That said, does changing the 30-day limit or doing a search for the ISP involved bring back your "missing" discussion points?

Share this post


Link to post
Share on other sites

Thank you both Steven and Wazoo, helpful as always!

Steven without going into too much technical detail, is there a place/website I could direct my help desk to for them to catch up on ways to accomplish the <<rejection of the message during the initial SMTP transaction>>, one that would analyse the IP of origin that those idiots at the help desk claim cannot be filtered? I have been debating that idea and blacklisting with them for a long time, with no results.

Thanks again!

Edited by dra007

Share this post


Link to post
Share on other sites
I am having a real hard time with this help desk, but my pesistence has finally gotten their attention.

I think you're probably talking about the HelpDesk at a university, aren't you? GOOD LUCK! I stopped talking to those people years ago when they showed almost universal incompetence. My theory was (back before the technology bubble burst) that competent people were getting high paying jobs in Silicon Valley, and that universities mostly were only able to attract and hold onto the ones from the bottom of the barrel.

DT

Share this post


Link to post
Share on other sites

You are so right DT ...I just got an e-mail from them stating that the viruses my daughter gets with what appears to my e-mail address in the header's <<FROM:>> are forged and the originating IP is instead in some exotic bannana republic. This is the first time they concede to that point after a few dozen e-mails. My daughter happens to be a student at the same university where I work.

What I want to convey to those idiots is that domain names in the headers should not be used in their filtering as they suggested in the e-mail. (And as MS implicitly supports in this thread) and I quoted in the above post. Rather, they should use IP rejects and black listings. They claim no such methosds exist, so I was hoping some of the experts here could help me out with information that would change their outlook. And now I finally got their attention, they used to simply ignore or discount my requests for action.

Edited by dra007

Share this post


Link to post
Share on other sites

Hi, dra007,

...It may (I'm really not certain) help the experts hereabouts to know what type of OS and Mail Server they use.... :) <g>

...Good luck!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×