Fighting Junk E-Mail Microsoft

http://postmaster.live.com/FightingJunk.aspx





Fighting Junk E-Mail


Microsoft's e-mail safety roadmap involves an unmatched cross-product
approach. SmartScreenTM anti-spam and anti-phishing filtering
technology is being applied across Microsoft's e-mail platforms to
provide customers with the latest anti-spam and anti-phishing tools and
innovations throughout the network. These products include MSN Hotmail,
Windows Live Mail, Exchange Server 2003, Outlook 2003, and more.
The goal for Windows Live Mail and MSN Hotmail is to offer a
comprehensive and usable e-mail service that helps detect and protect
users from junk e-mail, fraudulent e-mail threats (phishing) and
viruses.
The Challenge
E-mail has become a critical communication tool not only for consumers
but also for marketers, support staff, sales organizations, and
businesses of all sizes. As e-mail use has grown, so has e-mail abuse.
Unmonitored junk e-mail can clog inboxes and networks, impact consumer
satisfaction, and hamper the effectiveness of legitimate e-mail
communications. While technology alone cannot solve the problem, it is
a critical component in our comprehensive anti-spam approach. That's
why Microsoft continues to invest heavily in research and development
to advance anti-spam technologies, to not only stay ahead of the curve,
but eventually make e-mail fraud and abuse impractical. Simply put, it
starts by containing and filtering junk e-mail to the point where it no
longer has the effect on our users that it did in the past.
Our Efforts
As part of the commitment to our users, we offer a number of steps to
minimize the negative impact junk e-mail have on our users' e-mail
experience. For example, we've implemented a number of mechanisms to
reduce the burden of junk e-mail which currently prevents nearly 4
billion e-mail messages from reaching MSN Hotmail users every day!
Junk E-Mail Filters
Microsoft SmartScreen TM
To help reduce the consequences of junk e-mail, Windows Live Mail and
MSN Hotmail include junk e-mail protection using patented SmartScreenTM
technology which screens e-mail to identify and separate junk e-mail
from legitimate e-mail. Based on Microsoft Research's patented
machine-learning technology, the SmartScreenTM content filter learns
from known spam and phishing threats as well as from MSN Hotmail
customers who have opted to be part of its Feedback Loop program (FBL).
Both types of data help train SmartScreenTM how to recognize legitimate
e-mail and junk e-mail. Machine learning refers to the
probability-based algorithms that are used to distinguish between the
different characteristics of legitimate and junk e-mail. Ongoing
feedback from MSN Hotmail customers in the Feedback Loop program helps
ensure that the SmartScreenTM technology is continually trained and
improved.
How does it work?
When an external user sends e-mail messages to an MSN Hotmail account,
SmartScreenTM filter technology evaluates the content of the messages
and assigns the message a rating based on the probability that the
message is junk e-mail. This rating is stored as a message property
called a spam confidence level (SCL) within the message itself. The SCL
rating stays with the message as it is sent to other anti-spam
protection layers within MSN Hotmail.
Rules inside MSN Hotmail are set to handle e-mail messages with various
SCL ratings. If a message has an SCL rating lower than a certain
threshold, it is considered spam and a rule then deletes the message
rather than send the message to the users' junk e-mail folders. If
the message has a higher SCL rating than the threshold, the e-mail is
delivered to the user's junk e-mail folder rather than to the inbox.

To learn more about this technology, please visit:
http://www.microsoft.com/presspass/features/2003/nov03/11-17 spamfilter.asp
Symantec Brightmail
In addition to Microsoft SmartScreenTM, incoming e-mail is also
filtered by Symantec Brightmail anti-spam content filter. Leveraging
the Probe Network, a collection of more than 200,000 e-mail addresses
designed to attract junk e-mail, Symantec's patented technology
identifies and eliminates junk e-mail before it reaches an MSN Hotmail
users' inbox. Symantec's proven solution provides protection against
unsolicited junk e-mail by offering a dynamic technology that keeps
pace with constantly evolving junk e-mail. To learn more about this
technology, please visit http://www.symantec.com
Hotmail Filters
In addition to the anti-spam filtering technologies, MSN Hotmail also
enables each user the ability to set filter levels to further improve
the delivery of e-mail to their account. Users can easily add a sender
or domain name to the Allowed Sender List so that the e-mail from that
sender or domain is never treated as junk regardless of the content of
the message. Users can configure the settings to accept only messages
from the Contacts and Safe Senders List, giving total control over
which messages are received.
E-mail messages from a certain e-mail address or domain name can also
be easily blocked by adding the sender to your Blocked Senders List. In
addition, each time a message is reported as junk using the "Report
and Delete" function, messages from those senders or Internet domains
are automatically added to a users Blocked Senders List and henceforth
will always be treated as junk e-mail messages regardless of the
content of the message.

Phishing Protection

Phishing (pronounced Fishing) is a form of identity theft and one of
the fastest growing threats on the Internet. You can often identify a
phishing message by the fact that it requests personal or financial
information or includes a link to a website that requests such
information. Windows Live Mail and MSN Hotmail offer phishing
protection as part of the patented SmartScreenTM filter technology.
SmartScreenTM analyzes e-mails to help detect fraudulent links or
spoofed domains to help protect users from these types of online scams.


To learn more, please visit
http://www.microsoft.com/mscorp/safety/technologies/antiphis hing/guidance.mspx

How does it work?
Often an e-mail will be sent containing a link, once clicked it will
redirect users to a fraudulent web site appearing to be valid (like
your financial institution or online service). This site usually
prompts users to enter personal information like user names, passwords
and/or social security numbers. Any information entered on the site
helps the phisher steal your identity. By using well-known trusted
brand names and logos, phishers are able to appear legitimate. The
Phishing Filter technology offered in Windows Live Mail and MSN Hotmail
checks for potential phishing characteristics in e-mail. If found,
the e-mail is either deleted or a warning is given via the Safety
Information Bar.
Microsoft is focusing its anti-phishing technology efforts on two
fronts: first by helping to prevent phishing e-mail messages from
reaching our customers and secondly helping to eliminate the
possibility of customers being deceived by spoofed e-mails and web
sites. Internet Explorer 7 and Windows Live Toolbar also include
Microsoft Phishing filter technology to scan websites and warn users if
they seem suspicious and to help protect users' personal information.
Additionally, by dynamically checking the web sites using the online
service run by Microsoft, users are blocked from entering personal
information if a site has been identified as a known phishing website.

Sender ID

Spoofing is a way of replicating or imitating a legitimate e-mail
address to give a fraudulent e-mail the appearance of legitimacy.
Sender ID, an e-mail industry initiative championed by Microsoft and
other industry leaders, is designed to verify that the sender's
actual location is the same as the one claimed in the e-mail address.
Eliminating domain spoofing will help legitimate senders protect their
domain names and reputation, and help recipients more effectively
identify and filter junk e-mail and phishing scams.
Sender ID further helps prevent phishing and spoofing schemes by
verifying the IP address of the e-mail sender against the reported
owner of the sending domain. Domain spoofing can also be used by
malicious individuals in phishing scams, who try to lure consumers into
divulging sensitive personal information by pretending the e-mail is
from a trusted source, such as a financial institution or online
service. Disclosure of such information can lead to identity theft and
other online consumer fraud.

To learn more, please visit http://www.microsoft.com/senderid
How does it work?
Windows Live Mail and MSN Hotmail currently use Sender ID to provide
additional input to the SmartScreenTM junk e-mail filter process which
determines if the e-mail or sender is legitimate. Once the sender has
been authenticated, the results may then be cross-referenced to past
traffic patterns and sender reputation, creating an associate weight in
addition to the anti-spam content filters, all prior to determining
whether to deliver e-mail to the recipient.

Legislation

At Microsoft, we believe that the development of new technologies and
self-regulation requires the support of effective government policy and
legal frameworks. The worldwide spam proliferation has spurred numerous
legislative bodies to regulate commercial e-mail. Many
countries/regions now have spam-fighting laws in place. The United
States has both federal and state laws governing spam, and this
complementary approach is helping to curtail spam while enabling
legitimate e-commerce to prosper. The CAN-SPAM Act significantly
expands the tools available for curbing fraudulent and deceptive e-mail
messages. It also targets the most invasive practices and contains
strong civil and criminal penalties that add clout to legal actions
that Microsoft and other Internet service providers (ISPs) have brought
against deceptive spammers.
While legislation is important, it is only one part of a strategy to
stop spam. Other tactics include developing improved spam-fighting
technology, implementing industry best practices and junk e-mail
reporting methods, educating e-mail users, and prosecuting illegal
spammers.

To learn more, please visit
http://www.microsoft.com/mscorp/safety/legislation/default.m spx