Hotmail/Outlook.com - The #1 Choice of SEO Spammers
In the past, we've written a number of articles about SEO & web development spammers, primarily based in India. As we've written previously, SEO & web dev spam is substantially less dangerous than many other types - for example "phishing" scams that attempt to steal sensitive login details (E.g. for online banking access), or virus scams that attempt to trick people into infecting their computers with malicious software. But on the flip side, SEO spam is much closer to the line between legitimate & junk EMail than those other types of spam, making it harder to block than more-dangerous types of spam, and it seems to be much more common. So despite the "mostly harmless" nature of SEO & web dev spam, it can still end up being more of a nuisance simply because of the sheer volume.
The fact that SEO/web dev spam often comes from large, free webmail providers makes the problem even more annoying, because those providers can't be simply blocked (at least not without blocking large amounts of legitimate EMail in the process - which is undoubtedly WHY spammers use those services). And today, the largest provider supporting & enabling (even if unintentionally) the bargain-basement, fly-by-night SEO & web dev "industry" is Microsoft - via their Hotmail/Outlook.com webmail service.
Interestingly, this wasn't always the case. Up until about 2 years ago, GMail.com accounts were far & away the largest source of that type of spam. But around September-October of 2015, it appears that those spammers migrated en masse to Microsoft's free EMail service instead - probably because Google finally stopped ignoring spam complaints & started to actually terminate the offending accounts. Of course, that doesn't mean that Google has completely gotten their act together in terms of addressing the use of their services for spamming & malicious purposes - as evidenced by the malware they continue to distribute via Google Drive, more than a month and half after it was first reported to them. And to Microsoft's credit, they at least provide easy-to-find information on how to report spam from Hotmail users; while Google seems to go out of their way to hide that info - just try doing a Google search for the term "report spam from gmail", the actual page to report spam from GMail doesn't even show up in the first page of results. Instead, the page is titled "I would like to report a Gmail user who has sent messages that violate the Gmail Program Policies and/or Terms of Use" - which looks like something written by a lawyer, who's primary goal was to avoid making any acknowledgement that Google's servers are (or could be) a source of spam.
Sadly, despite giving the appearance of taking spam/abuse much more seriously than Google, the amount of spam from Hotmail/Outlook.com accounts has steadily increased in the past two years - and today, we receive substantially more spam from Microsoft's servers than we do from Google's (almost all of it being SEO/web dev spam). To give a more concrete idea of the extent of Microsoft's spam problem, here are some quick numbers for received in the past 24 hours: out of a total of 151 spam messages caught by our filters, 31 of them of were SEO/web dev spam or similar (E.g. spam advertising mobile app development services) - the rest are a mix of the usual junk, EMails hawking weight loss & hair regrowth snake oil, "advanced fee fraud" scams, and a smattering of links to fake articles about Megyn Kelly. And out of those 31 SEO/web dev spam EMails, 22 were from Hotmail.com or Outlook.com addresses - compared to a total of 2 from GMail.com addresses.
In other words, SEO accounted for roughly 20% of the total volume of spam we received today - and of that SEO spam, Hotmail/Outlook.com addresses accounted for just under 71% - or roughly 15% of the total spam received today. So not only is Hotmail/Outlook.com the single largest source of SEO/web dev spam EMails (which is arguably the single most common/numerous type of spam we receive), but they also the single largest source of ALL the spam we receive. And today is not an anomaly, those numbers are consistent with the steadily-increasing volume of spam we've seen from Hotmail/Outlook in the last few years - granted, a few providers do sometimes surpass them on individual days, but even for the most notoriously spam-friendly large providers (OVH, etc), those are usually only momentary spikes. Over longer periods of time, the volume of spam received from Hotmail/Outlook accounts easily dwarfs that of other providers combined.
And if that weren't bad enough, it appears that Microsoft's turnaround time for addressing spam complaints is even worse than Google's (though neither of them hold a candle to OVH). As a quick test, I put together a list of all of the Hotmail.com & Outlook.com addresses that we received spam from last month - and then sent an EMail BCC'd to all of them, to see how many of those accounts were still active. Out of the 160 spam EMails we received either from Hotmail/Outlook addresses, or at least using Hotmail/Outlook addresses as their reply-to, 136 were unique (meaning 24 were duplicates/repeat offenders) - and of those, not a single bounce/"message undeliverable" error was received. In other words: as best as I can determine, despite us having sent reports to Microsoft of spam from those addresses. Most of them we reported at least twice, both via Spamcop reports & sent directly to Microsoft via abuse@outlook.com (or four times, for the duplicates/repeat-offenders).
While I haven't had a chance to run the same experiment with older spam received from Hotmail/Outlook addresses (to get a clear idea of what the actual turnaround time is), I did perform a more basic test by going back through past Hotmail/Outlook spam & randomly picking one from each month, to see just how far back I would have to go in order to find a spammer address that Microsoft had actually terminated. Amazingly, even when I went back more than a year & did the same test with spam from August 2016, I didn't get a single bounce... so I went back to August 2015, and still none of the spammer addresses I tried bounced... then I went back to the oldest SEO/web dev spam I have from a Hotmail/Outlook address (from February 4th, 2015 - and even that address still appears to be active!
So while it's hardly a definitive test, I haven't been able to verify that Microsoft EVER acts on spam reports - and if they do, the turnaround time appears to be on the order of months (if not years). And it's also worth noting that the volume of spam (as well as it's steady increase) is almost certainly linked to Microsoft's horrendous track record for addressing spam complaints: spammers are likely aware of those same details, and choosing/sticking to Hotmail/Outlook because they know there's a greater chance they'll be able to continue spamming having to continually open new accounts, etc. And as it becomes more widely known that Hotmail/Outlook.com is basically a safe-haven for spamming, then more spammers will use it - leading to the continually increasing volume of spam we've seen from their servers. At this point, the issue will almost certainly continue to get worse unless Microsoft does something about it - and they don't appear to have any desire or incentive to do so, unless/until the situation gets bad enough for Hotmail/Outlook to be listed in Spamhaus, Spamcop, or one of the other major RBLs (spam blacklisting services).
