Cybercriminals: Microsoft’s X-EIP is your friend.

Since January 2013, and without any fanfare, Microsoft has stopped including the originating IP address of Hotmail emails in the headers. Instead, an ominously named X-EIP has appeared in its place, consisting of random characters.

Originating IP addresses are the only means to verifying the source of an email. This is important to prevent fraud, detect crime and block spam. It can’t be used by a recipient to positively identify a sender, but by contacting the relevant ISP about it, the location can be pinpointed relatively quickly and the ISP can take action against a customer based on a complaint. Even home users can check that the IP address their friend’s email came from is in the right country, rather than a cyber-café in some remote and lawless part of the world.

So why has Microsoft done this? After much waiting for a reply, this is the best I have got:

My name is **** and I am a Senior Support Analyst for Microsoft. I am part of the Hotmail Escalations Team handling this issue.

In the pursuit of protecting the privacy of our users, Microsoft has opted to mask the X-Originating IP address. This is a planned change on the part of Microsoft in order to secure the well-being and safety of our customers.

Microsoft is in the path of continuously improving the online safety and security of its users. Any feedback regarding this concern would be treated with utmost attention.

We appreciate your patience and understanding regarding this matter.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Thank you.
Best Regards, etc.

Note the “wellbeing and safety of [their] customers” in the above. Which of their customers need this protection? Well paedophiles wishing transfer material with their mates anonymously will love it. As will fraudsters, cyber-bullies and anyone else wishing to send untraceable emails.

Having analysed the new encrypted codes, they’re not a one-to-one encryption of an IP address. Two emails from the same address will have different codes, so decoding them won’t be easy at all. It’s likely that it’s a one-way hash, meaning Microsoft will need to go back through its records to find out where an email came from, and they’re only going to do that with a court order, I suspect.

And that’s not good enough – tracking cybercrime is an immediate activity, so such things can be shut down quickly. The Internet is self-policing; there’s no time for court orders, and no point if you’re crossing international boundaries. If you know the IP address some malware came from, it’s possible to get hold of the sender’s ISP and have the feed quenched within minutes, or if coming from a commercial or academic institution, the network administrators could be around to catch them in the act. Microsoft has extended this process from minutes to weeks, losing any reputation for responsibility it had with Hotmail (not much I’ll grant you) and promoting its service to the cyber criminal.

However, Microsoft is not alone. Google has been doing this for years with Gmail. Is this a cynical attempt by Microsoft to follow Google’s shameful lead?

There are some cases where anonymous email is a good idea, such as when sending emails from a country where free speech is aggressively discouraged. There is no need for this with a mainstream email service; it’s just a feature provided to encourage new users with something to hide.


2 Replies to “Cybercriminals: Microsoft’s X-EIP is your friend.”

  1. “Microsoft will need to go back through its records to find out where an email came from, and they’re only going to do that with a court order, I suspect.” – This is a reply received by a law enforcement agency- ”
    We do not have the history of the IP Logs”. (Logs request for the period April 2013

  2. Estimado Frank:

    Totalmente de acuerdo contigo.

    Creo que quienes podemos ser afectados por cualquiera de las personas que se encuentran detrás de un correo electrónico, tenemos derecho al menos a contar con “una esperanza” de encontrar al remitente. Digo esperanza porque no es un hecho que lo encontremos, sino una pista para seguir buscando.

    A quien le afecta que sepan la IP ORIGEN? Como lo comenta Frank, a delincuentes, malechores, ladrones, personas de dudosa reputación que no desean que se sepa quienes son. Si no tienes nada que ocultar cual es el problema?

    En defensa de la libertad de expresion?
    Libertad de expresion “Si”, pero con responsabilidad … haciendose responsables de lo que dicen o piensan …

    Leí en algunos lugares que la encriptación se debe, por ejemplo, a que los “Delincuentes” podrían conocer el lugar donde me encuentro de vacaciones. ¿y? van a ir a ese lugar a hacer algo? (tomará un avión y desplegará una logística inmensa para hacerlo, y si puede hacerlo es porque tiene dinero y por ende lo que va a conseguir es mucho más, por lo tanto, la victima debería ser una persona muy adinerada, que seguro ya toma otro tipo de precauciones). Pensemos que se enteran que estoy de vacaciones en otra ciudad, entonces irán a robar mi casa? “mejor así”, al menos no estaré presente y no podrán hacerme daño …

    No han escuchado del facebook? no cada vez más las personas que lo usan publican su ubicación a cada paso …

    Hay muchas maneras de conocer donde se encuentra una persona físicamente y esta sería solo una más, por lo tanto, el ocultar esta información solo beneficia a los DELINCUENTES que están detrás de cada anónimo …

    Si alguien tiene razones para que la IP-ORIGEN sea una información que se debe OCULTAR, por favor ilústrenme; si sus razones son más fuertes tendrán a un aliado más.

Leave a Reply

Your email address will not be published. Required fields are marked *