Spam at Microsoft

A major challenge for Microsoft IT and pretty much all other IT organizations around the world is how to handle spam. Microsoft literally handles millions of spam emails a day. It’s a major concern because the sheer volume of spam now has caused it to become a serious headache whereas in the early days of the internet it was more of a nuisance. I thought some people might find it interesting to learn more about the kind of spam issues we have to deal with.

The basic process looks like this:

Spam Funnel

Connection Filtering:

Connection filtering is useful and the “hammer” rather then the “scalpel” approach. It blocks all email regardless of content from known or suspected SPAM mail servers. There are various organizations on the Internet that track these servers so getting this list of IP’s is relatively easy. The jump in effectiveness around 9/30 in figure 2 is because we were able to increase the frequency of updates resulting in us being better able to block newer suspicious IP’s.

Sender / Recipient Filtering:

This basically does what you’d expect it to do, it checks to see if the person that the email is addressed to actually exists at Microsoft and also to see who actually sent the message and if it seems “spammy”, it will be filtered out.

Intelligent Messaging Filtering:

This is basically a “smart” filter that looks for and removes messages that appear “spammy” by content instead of sender. So lots of dollar signs, promises of unnatural bodily growth etc. will be removed at this layer.

Outlook 2003:

Any message that does get through all of the above will be sorted by Outlook as well; things that you may very well have signed up for are delivered but sorted into your Junk Folder. Items in the Junk folder are converted from HTML to text, all pictures & tags being stripped.



  • Blue: Connection Filtering
  • Purple: Sender/Recipient Filtering
  • Yellow: Intelligent Messaging Filtering

Figure 2 is interesting just to see the sheer numbers of the problem, not to mention that closer to the holidays; Microsoft can average 25 – 30 million emails a day (mostly spam!).

Spoofed Headers & Zombies

We also regularly get questions about Spam ORIGINATING at Microsoft (specifically Hotmail). One thing that you should know is that it is very very easy to make an email look like it originated from anywhere you want, and spammers like to make their emails look like as if they came from a valid individual’s email (e.g. This does not mean that Microsoft allows this to happen or that the email even started from Hotmail! See here for more info on spoofed headers.

Spoofed headers however, are not enough to send huge amounts of spam. The problem spammers run into is that most ISP will note the increased email volume (remember a spammer needs to be sending hundreds of thousands if not more emails regularly for it to be worthwhile) and block the offender. Therefore spammers either need to have their own or access to someone else’s zombie network. Zombie computers are computers that have been hacked, usually with a Trojan, virus or some other malware and then are being used without the user’s knowledge to send out spam. According to this site, close to 40% of spam originates in the US, with Korea and China being the other top two offenders.

What Microsoft is doing & How to protect yourself

Microsoft has been at the forefront of proposing several technical and legal initiatives to stem the tide of spam. Admittedly a lot more work is needed and we’ll keep fighting the good fight started back in 2003 and is ongoing.

To reduce the amount of spam you get individually in your inbox, check out this article: “Top 10 spam-fighting tips” for more details, here’s the quick gist:

  1. Use Outlook to manage junk e-mailers

  2. Avoid replying to the sender

  3. Alter your e-mail address when you post it

  4. Don't give out your primary e-mail address

  5. Make use of laws against spam

  6. Don't post your address on your any Web page

  7. Review Web sites' privacy policies

  8. Don't list yourself in Internet directories

  9. Ditch that clever profile

  10. Do not forward chain e-mail

I’m not sure if I agree with all the suggestions, and there are definitely some worth more then others but overall not a bad guide. If you’re a corporate Email Administrator, or work for an ISP and need help with Hotmail issues, check out the Hotmail Postmaster site.

To ensure your PC doesn’t get hijacked into a zombie, make sure that all the latest patches are applied (set it to automatic if you can’t be bothered to go to Windows update regularly), use a firewall, don’t trust unknown senders and websites, have an up to date anti-virus scanner running, use an anti-spyware tool like the Microsoft Anti-Spyware software. Also something new, IE 7 will have a built in anti-phishing filter, if you can’t wait for it, you can download this add-on for the MSN toolbar.

Ahmad Mahdi

Security Technologist

Microsoft – ACE Team