In a statement that was widely circulated earlier this year, Microsoft CEO Bill Gates called spam a "maddening waste of time."
Apparently they don't feel the same way at the Microsoft Network (MSN). This week, the online service was targeted by anti-spam activists as one of the worst enablers of junk email. As a result, millions of furious MSN customers have found their emails lost in cyberspace -- innocent casualties of a powerful and far-reaching spam boycott.
On Tuesday evening, following months of warnings and communications, MSN was placed on Paul Vixie's notorious Realtime Blackhole List. RBL is a mass Internet boycott tool aimed at Internet service providers and other companies that ignore repeated requests from Vixie's team to make their servers more resistant to spam.
Vixie, a California consultant and engineer, runs the RBL with a team of volunteers, as part of the Mail Abuse Prevention System (MAPS).
The project is voluntarily supported by thousands of ISPs throughout the world to lessen the flood of spam across their networks and simultaneously pressure those companies that tolerate spam into doing something about it. This mainly involves closing any "open relays" on email servers that spammers can use to launch their floods of bulk email.
The boycott effectively makes a given range of network addresses "invisible," and email sent to a such addresses is bounced back to the sender with a message explaining the purpose of the black hole.
On 12 January, the MAPS team first contacted MSN to alert them to what they said were spam floods being launched from their unsecured mail servers. After little was done, the following month, one of MSN's IP address "blocks" was added to the RBL as a warning. But the relays were still not closed, and this week, following a breakdown in communications, Vixie felt he had to place all of MSN's mail servers in the black hole.
On Thursday, following three-and-a-half days in email limbo, MSN was removed from the list, after Vixie received assurances that Microsoft mail servers would be secured to prevent their outside use by spammers.
"MSN has been very good about not allowing its own customers to send out spam and should be applauded for that," said Vixie. "The problem has been outside third parties who use MSN's mail servers to relay spam."
MSN has refused to comment on the issue, despite repeated requests from Wired News. As of May 1997, the last time such figures were available, MSN had 2.3 million members. According to Vixie, MSN has not taken responsibility for allowing so much spam to be launched off their systems.
Once added to the black hole list -- and doubtlessly drowning in customer complaints -- Microsoft's first response was to move the mail relays to different network addresses in an effort to evade the blockage. "We wouldn't have noticed," said Vixie, "but we started getting spammed from the new addresses."
Next, MSN informed its customers that MAPS was responsible for the outage, without mentioning that the problem related to spam on their systems.
"I have visited the [MAPS] Web site that the message referred you to and regret to inform you that we can do nothing from MSN as far as configuration settings to your system to stop them from blocking the mail," read an email sent to one MSN customer from MSN member support.
"I apologize for the trouble, but if anyone can stop this domain from blocking users mail transport it is the domain itself. Hope this helps explain things," the MSN support mail concluded.
Once forwarded the text of this form letter, Vixie said he was only further bolstered in his cause.
"Until I saw the above text, I was worried that maybe we shouldn't have black-holed MSN," Vixie wrote in a post to the North American Network Operators Group mailing list.
"Whenever we have to black-hole something large, we get mail from RBL subscribers asking 'Are you crazy?' or [something] similar. I hate to shake the tree too hard all at once -- the wrong things fall out. But when I saw what Microsoft was telling their customers, it became clear to me that this was a battle we could not avoid," he wrote.
Dave Rand, a MAPS administrator, said that MSN management contacted him to discuss the situation at 12:20 pm PST Thursday. With assurances that MSN servers would be adjusted to prevent their use by spammers, the ISP came off the service five minutes later, Rand said.
Vixie said that the actual technical adjustments have not yet been made, but that MSN management had told MAPS when to expect it to be done, "and so we've removed them from the RBL until at least that time," he said.
Vixie added that MAPS is receiving about two complaints per minute from the backlog of msn.com customers who are only now finding bounced mail in their email boxes.
"Hopefully it'll level off soon," he said.
MSN is the largest ISP to be added the the black hole list since December 1997, when Vixie and the MAPS team placed Netcom on the real-time black hole list for a month. They were removed after the company agreed to secure its servers against abuse by spammers.
