Re: Why is hot mail requiring passwords for E mail accounts.

[Gary VanderMolen]

It's fraudulent.
Microsoft would not communicate in that fashion.

--
Gary VanderMolen, MS-MVP (Mail)

"peterhawaii" <1750 Kalakaua Ave 1608, Honolulu Hawaii 96826> wrote in message news:2F07891E-E7F6-45B4...@microsoft.com...
> Today received E mail from nurse...@msn.com. She claims to work for
> hotmail. She says hotmail has too many users and it is deleting as many
> customers as possible. To keep my account from being deleted I must send her
> the pass words to my account. This sounds like some kind of Fraud, but the
> E mail sure looks like it is an official hotmail E mail and like the request
> is from Hotmail.
> --
> peterhawaii

[N. Miller]

On Fri, 13 Mar 2009 13:11:01 -0700, peterhawaii wrote:

> Today received E mail from nurse...@msn.com. She claims to work for
> hotmail. She says hotmail has too many users and it is deleting as many
> customers as possible. To keep my account from being deleted I must send her
> the pass words to my account. This sounds like some kind of Fraud, but the
> E mail sure looks like it is an official hotmail E mail and like the request
> is from Hotmail.

That fraud is as old as Hotmail, itself. I've seen it a few times over the
years. The sender says she is from Hotmail, but I'd bet a dollar that the
source IP address of the email does not belong to Microsoft, as a genuine
communication would be. They are counting on the purloined graphics to fool
you (as does the counterfeiter, disbursing his phony $20 and $100 bills).

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

[Earle Horton]

Send a copy of the message including all headers to ab...@msn.com. If you
are savvy enough to decipher the headers yourself send it to the culprit's
real email provider and ISP too. If you are using Outlook Express, Windows
Mail or Windows Live Mail you can right click the message, Properties,
Details, Message Source and see the headers and all content as source.

This is NOT a suitable avenue to contact Hotmail, Microsoft or MSN.

Earle

"peterhawaii" <1750 Kalakaua Ave 1608, Honolulu Hawaii 96826> wrote in

message news:AAB15FF5-1016-47F8...@microsoft.com...
> My intent is to get this information to HotMail / Microsoft and I am told
> I
> can not communicate directly and this is the only way a user of hotmail
> may
> contact Hotmail. I hope this gets to hot mail/ microsoft and they can
> take
> action to stop it.
> --
> peterhawaii

[N. Miller]

On Fri, 13 Mar 2009 13:23:02 -0700, peterhawaii wrote:

> My intent is to get this information to HotMail / Microsoft and I am told I
> can not communicate directly and this is the only way a user of hotmail may
> contact Hotmail. I hope this gets to hot mail/ microsoft and they can take
> action to stop it.

Unless the email was sent through Windows Live (formerly MSN) mail servers,
using an account that they can shut down, there is little that they can do
to stop this kind of email. Just because the email claims to be from a
Hotmail user, doesn't mean it was sent by a Hotmail user. Spammers do forge
sender email addresses.

To forward an abuse complaint to Windows Live, you would have to provide
them with the full, raw code, of the abusive email. That requires using,
"Forward As Attachment", in order to preserve the full headers of the
original email. When they examine the raw code, they will be looking for
evidence that an actual Hotmail account was used for sending the email. If
no Hotmail account was used, then Windows Live will not be able to take
action.

Here is an example of an email sent using a Hotmail email address as the
sender, but not touching a Hotmail server at any point from end to end:

| Return-Path: <%User_ID%@hotmail.com>
| Received: from rly-de12.mx.aol.com (rly-de12.mail.aol.com [172.19.170.148])
| by air-de08.mail.aol.com (v123.3) with ESMTP id MAILINDE082-51b49bb2dac68;
| Sat, 14 Mar 2009 00:08:21 -0400
| Received: from smtp115.sbc.mail.sp1.yahoo.com (smtp115.sbc.mail.sp1.yahoo.com [69.147.64.88])
| by rly-de12.mx.aol.com (v123.3) with ESMTP id MAILRELAYINDE122-51b49bb2dac68;
| Sat, 14 Mar 2009 00:08:13 -0400
| Received: (qmail 74126 invoked from network); 14 Mar 2009 04:08:12 -0000
| Received: from unknown (HELO hotmail.com) (%User_ID%@68.126.42.1 with login)
| by smtp115.sbc.mail.sp1.yahoo.com with SMTP; 14 Mar 2009 04:08:12 -0000
| X-YMail-OSG: RFyH33wVM1mimCMYEizddu9l99BPwoRYD6gl7HW7fBVTvCXx9Cr9toFE1PcQrXh_60fn99pPJUYz3W1kWtBQaDz3gp9AaLNOZ7OHRTHp327ZtuDYITEZm1Fg8xrmsbEpuYhs4iyvx0ud0OhLBZ1tTXhW
| X-Yahoo-Newman-Property: ymail-3
| From: %User_ID%@hotmail.com
| To: %User_ID%@aol.com
| Date: Fri, 13 Mar 2009 21:08:07 -0700
| MIME-Version: 1.0
| Subject: [TEST] A sample of misdirection
| Message-ID: <49BACB37.24283.4164258@%User_ID%.hotmail.com>
| Priority: normal
| X-mailer: Pegasus Mail for Windows (4.41)
| Content-type: text/plain; charset=US-ASCII
| Content-transfer-encoding: 7BIT
| Content-description: Mail message body
| X-AOL-IP: 69.147.64.88
|
| Not all email from a Hotmail email address was delivered by Hotmail
| servers.

If Windows Live were to cancel the Hotmail account apparently used to send
this email, I would be highly irate. I have not done anything in violation
of the Windows Live Terms of Service (or even the Yahoo! Mail Terms of
Service) in sending this email.

I would not expect the average end user to know how to interpret email
headers, but I would expect Windows Live abuse to know how. I learned how by
doing just what I have done here; sending myself email between different
accounts and learning how to interpret the headers.

[Earle Horton]

Hotmail abuse has gotten more specialized. Now they have ab...@hotmail.com,
ab...@msn.com, repor...@msn.com and a few others too.

I copied an abusive mail to ab...@hotmail.com because I was under the
impression that they handled MSN complaints, but they bounced it back. I
resent the complaint to "repor...@msn.com" because it looked like spam
and came from an "@msn.com" address. Today I finally got a reply from this
mouthful, "Microsoft Customer Support
<WEBCS.WLHM.00.00.EN.SY...@css.one.microsoft.com>"
telling me that they had finally nuked the bastards' account, because "It is
a strict violation of the TOU for our members to send objectionable material
of any kind or nature using our service."

"Actual Hotmail accounts" are quite frequently used to send "objectionable
material", because let's face it they are real easy to get. I am sure it
was only a minor inconvenience to the objectionable parties involved, but it
was still worth it.

Earle

"N. Miller" <anon...@msnews.aosake.net> wrote in message
news:mmkck47m0wf0$.dlg@msnews.aosake.net...

[...winston]

Nurse Kari is feeding you a dose of bad medicine.
Delete it or report it

--
...winston
ms-mvp mail

[N. Miller]

On Fri, 13 Mar 2009 23:22:34 -0600, Earle Horton wrote:

> "Actual Hotmail accounts" are quite frequently used to send "objectionable
> material", because let's face it they are real easy to get. I am sure it
> was only a minor inconvenience to the objectionable parties involved, but it
> was still worth it.

Which totally misses the point that a complaint about abusive email won't
result in an account being nuked if the tracking headers don't show that the
email was sent through the servers.

FWIW, when I was reporting abusive email, most complaints to MSN weren't
"from" Hotmail accounts, and most abusive email "from" Hotmail accounts did
not result in abuse complaints to MSN.

[©LarryEº]

So if I just Forward an e-mail, they don't get the raw code? All abuse
e-mails must be sent using "Forward as attachment"?
--
ŠLarryEş

"N. Miller" <anon...@msnews.aosake.net> wrote in message
news:mmkck47m0wf0$.dlg@msnews.aosake.net...

[Gary VanderMolen]

Correct. A plain 'Forward' will not include the full set of headers.

--
Gary VanderMolen, MS-MVP (Mail)

"©LarryEº" <m...@nowhere.com> wrote in message news:OeVX9PKp...@TK2MSFTNGP03.phx.gbl...

> So if I just Forward an e-mail, they don't get the raw code? All abuse
> e-mails must be sent using "Forward as attachment"?
> --

> ©LarryEº

[...winston]

Correct...since it retains the headers/source content independent of the message to which it is attached.

--
...winston
ms-mvp mail

"©LarryEº" <m...@nowhere.com> wrote in message news:OeVX9PKp...@TK2MSFTNGP03.phx.gbl...

> So if I just Forward an e-mail, they don't get the raw code? All abuse e-mails must be sent using "Forward as attachment"?
> --

> ©LarryEº

[N. Miller]

On Sat, 14 Mar 2009 07:54:17 -0500, ŠLarryEş wrote:

> So if I just Forward an e-mail, they don't get the raw code?

Correct. A simple forward sends the email as a "new" message from you; it
does not preserve the original message code.

> All abuse e-mails must be sent using "Forward as attachment"?

Correct. It is the only way to preserve the original email encoding.

[Earle Horton]

"N. Miller" <anon...@msnews.aosake.net> wrote in message

news:yrf0iexl...@msnews.aosake.net...

> On Sat, 14 Mar 2009 07:54:17 -0500, ŠLarryEş wrote:
>
>> So if I just Forward an e-mail, they don't get the raw code?
>
> Correct. A simple forward sends the email as a "new" message from you; it
> does not preserve the original message code.
>
>> All abuse e-mails must be sent using "Forward as attachment"?
>
> Correct. It is the only way to preserve the original email encoding.
>

Right click, Properties, Details, Message Source... You can select and copy
this to paste in your complaint. I do it that way because I like to look at
the headers first and see who might be interested.

If you don't actually look at the headers, and "Forward as attachment" to
for example ab...@hotmail.com, nine times out of ten they are going to
decide based on header information that it isn't their concern. It is
advantageous to do as much detective work as possible on your end, prior to
forwarding the abusive mail, no matter which method you choose.

Earle

[N. Miller]

On Sat, 14 Mar 2009 16:09:44 -0600, Earle Horton wrote:

> If you don't actually look at the headers, and "Forward as attachment" to
> for example ab...@hotmail.com, nine times out of ten they are going to
> decide based on header information that it isn't their concern. It is
> advantageous to do as much detective work as possible on your end, prior to
> forwarding the abusive mail, no matter which method you choose.

I use SpamCop.net. Forward as attachment, and let them do the detective
work. They try to stay current on the notify addresses, so you don't usually
send a notify to the wrong place.

[N. Miller]

On Sat, 14 Mar 2009 16:09:44 -0600, Earle Horton wrote:

> Right click, Properties, Details, Message Source... You can select and copy
> this to paste in your complaint. I do it that way because I like to look at
> the headers first and see who might be interested.

I doubt that the casual user can figure out who would be interested from
examination of the headers.

[Earle Horton]

"N. Miller" <anon...@msnews.aosake.net> wrote in message

news:z4rgk6rp...@msnews.aosake.net...

> On Sat, 14 Mar 2009 16:09:44 -0600, Earle Horton wrote:
>
>> Right click, Properties, Details, Message Source... You can select and
>> copy
>> this to paste in your complaint. I do it that way because I like to look
>> at
>> the headers first and see who might be interested.
>
> I doubt that the casual user can figure out who would be interested from
> examination of the headers.
>

The casual user has less chance of getting some abuser's account terminated
too. ;^)

Earle

[©LarryEº]

Well, that's great information. I hope everyone is reading this. And thank
all of you for your answers. I appreciate it.
--
©LarryEº

"...winston" <winst...@gmail.com> wrote in message
news:#IZwXJIp...@TK2MSFTNGP03.phx.gbl...