Thursday, July 8, 2010

Anti spam filtering in free email services

Anti spam filters are provided as a part of the free email services that are provided by Hotmail, Yahoo, Gmail, and a host of other free email service providers. All you have to do is to make the Spam filter ON in these accounts for the spam filter to be in action. You can also train the spam filter to identify the spam and genuine emails.

Monday, July 5, 2010

Canadians are getting less spam

According to this article, Canadians are getting less spam now and because of that are more likely to sign up for permission based mailing lists and generally use email more.

So what are the Canadians doing differently than the rest of the world? Maybe they just don't buy the stuff advertised in the spam, so spammers are giving up on sending to them?
The articles claims it is due to a large increase in users with spam filtering software on their systems.

419 scams impact on legit Nigerian email

BoingBoing has an entry up relating the story of a software developer from Nigeria who was having a hard time getting his email taken seriously.

It seems possible that Nigerian Internet cafes are full of emailers with names like Mr. John Richard who use yahoo email addresses and who come from a culture where it is common to write subjects in ALLCAPS. When they write to people they don't know, they -- quite sensibly -- start mails apologizing for the fact that they may have surprised their readers with an unannounced missive. Spammers and scammers put all these more upstanding folks at a real disadvantage when it comes to getting their message out.

I wonder what net behavior that I follow might be considered rude or spam-like in other countries?

Missouri To Tackle Spam

State legislators in Missouri are looking to pass a bill to make spam of a certain type (that which has a misleading subject) a felony, allowing prosecution of those sending from out of state.

"We would have the ability to go out of state and bring someone in,” Klahr said. “Obviously, until we pass this law, it will be hard to know if what they are doing is illegal or not, but we have some targets that we would like to follow through on.

”The only opposition to the bill in the hearing came from Michael Grote of the Missouri Chamber of Commerce. He urged the panel to examine what constitutes a deceptive e-mail. His department, for example, sends out a weekly e-mail newsletter that does not contain the chamber’s name in its header.

“Even though it says Missouri Chamber of Commerce all over the body of the e-mail, we would be in violation because of that header information,” Grote said, “If those situations are resolved, which I think the sponsor is willing to do, that would change our position on the legislation.”

Ohio, Virginia and Maryland have passed similar legislation.

Three points come to mind:
1) The opposition raises an excellent point. While it is fantastic to try to stop spam, I am not sure how they are going to be able to word this so that it only focuses on spam and doesn't limit freedoms of people who are doing nothing wrong. While I doubt it would really limit freedoms, I think that it would be feasible to use any uncertainty to get spammers out of trouble when charges are brought forward. Which is pretty much where we stand as it is now.

2) The article mentions "AOL Lobbyists" and how they are saying the spam is out of control. While I completely agree that we should do all we can to limit/stop spam, I always cringe a bit when I see something is coming about due to lobbyists. That should always set off a flag to see how this would benefit the group lobbying in a monetary sense. If AOL wants this through, is it for the good of its members? For the reduced cost less spam would allow them? Or is there a way they would actively make more money because of this?

3) If spam is being sent from outside of the US, does this law help in any way? If someone spams you from China, does a law in Missouri make any difference to that person? Reverse the scenario - if someone in China gets spam from someone in Missouri, does the fact that China has a law which says they have the right to torture and kill that spammer mean that they can do that to the person? Granted they don't really have that sort of law that I know of, this is just an example, and also granted we would probably love to see that done to some spammers it seems - it is a sketchy area to have to be forced to follow the laws of other countries. I suppose it largely depends on our relations with that country and what extradition treaties we have signed.

The cost of spam

About once a week there is a news article up about how much spam costs businesses. They each have a different figure, of course due to a different way of calculating the costs. But the one constant seems they all stand to benefit from the figure being as large and as scary as possible - that way businesses will then authorize more money to be spent to trap spam, and that is good for those involved in stopping spam.

Incidentally, that link we provided claims that "spam costs UK businesses £1.3bn a year".

New Mobile Device Virus?

Gizmodo has an appropriately skeptical view on what is thought to be a new MMS/Bluetooth virus, and a company which happens to come out at the same time with a solution for it.

Malware with huge download potential

Slashdot has a post which points out malware that will see if your machine has what it needs (.Net in this case) and if not will download it to your machine... which is a 65-100MB download.

N.C. Government anti-tax spam

Government lawmakers in North Carolina were recently hit by a massive volume of anti-tax spam:

An e-mail message to members of the General Assembly designed to publicize an anti-tax sentiment and promote cuts in government spending seems to have missed its mark.

Instead, the e-mail ignited protests from North Carolina legislators and staffers as the unsolicited e-mail was repeatedly duplicated through internal settings and automatically forwarded to other staffers and aides.

The volume of about 450,000 messages nearly overloaded the General Assembly's e-mail system.

The North Carolina branch of Americans for Prosperity, a Washington-based special interest group, set up a Web site that generates e-mail messages to state legislators automatically with the push of a button.

A legislature spokesman said officials are working with the group to find a way to deal with the problem.

Sounds like a bug in the software there somewhere (or what someone is claiming), but even after reading that a few times, I am not entirely clear what happened there.

Hardware solutions

I had just mentioned that a hardware solution may be the way to go for ISPs in this post here. One of the hardware options for that sort of thing might be something from IronPort - here is a review of one of their bits here, the IronPort C60.

The review looks to be overall favorable, but when reading through it a bit, I cringe a little since it uses Symantec's Brightmail. At one time Symantec was a great company and it has built up that name to have fantastic recognition and penetration into the computing market.
The problem is, every single IT person I know these days hates Symantec and their products have really slipped over time. So I would be very hesitant to go with this particular product personally, but do keep in mind that the reviews look good on it - so perhaps this is quite good. I haven't used it, so I can't say.

We do use Symantec's Norton Anti-Virus Corporate Edition in the office and it works well enough for us. It isn't great, but it isn't bad either. The main issues that I have with it are that it is missing a few of the stats that I would like to see on the data it processes (not a big deal as long as the anti-virus part actually works), and the fact that its exclusion lists routinely ignore whatever you tell them to look at - especially if you are using another company's anti-virus to scan a e-mail.
The biggest issue that I have seen with Symantec is that while their website has a support section, they are hiding more and more of it in a section for which you have to pay in order to get access. And then frequently the "support" will note a problem and then have a "solution" which does nothing more than acknowledge that some people have that problem and some don't - no fixes though.
On a side note, generally the absolute worst Symantec product, by far, is WinFax. As long as this IronPort hardware doesn't ever have WinFax on it, it may just be okay after all.

Note that IronPort is its own entity and not Symantec - I am only pointing out that it contains an anti-spam solution from Symantec and warning as to previous experiences I (and the IT groups that I deal with) have had with Symantec over the years.

Spammers are using ISP mailservers

Not entirely new news, but this article tells of spammers sending spam through ISP mailservers via zombied machines on that ISPs customer network. The article does note that "it is official". Perhaps before it was merely speculation?

In the past, through malware, a spammer would get control of a machine on the net and then send out spam emails directly from that machine. ISPs caught on to this and started throttling using different ports for email and blocking the standard ones which the zombied machines used.
So now this new step, nothing terribly advanced, is the malware grabs the ISP mailserver settings from the machine and uses those to send out mail like a regular email client on the machine. Except that it is sending much more email out than most normal users would do.

The obvious solution for this is for ISPs to throttle the bandwidth allowed for mail from each account. But they can only do that so much before they are limiting their customers who are doing completely legitimate things and have no reason to be punished.
Another option would be to look for mail duplicates and after N number of times through for the same message, it starts to get blocked. Again, this is tough to actually implement because what about mailing lists, and also the spammers can add in random data into each message to make it slightly different than the last.

There is a good side to this, although not for the ISPs. The best ways to stop spammers is of course to prevent them from sending spam in the first place. One of the best ways to do just that is to put in hardware which tracks the mail for spam (there are hardware devices that have SpamAssassin on them, or variations of that sort of software) and then stops letting it through if it is spam. Both in AND out of the network - which is exactly what would help here.
The problem is that this hardware is not free, so ISPs have been slow in adopting it since they are like any company and want to maximize profits.

This newer development by the spammers potentially could cause more ISPs to install this type of hardware and hopefully slow spam (at least until the next innovation on the spammer's side).

Tax software affiliate spam

I have no clue if TaxAct really does get users to spam or not, but this guy is claiming they do.

On the frequent occasions when TurboTax comes under fire here, TaxAct from 2nd Story Software is one of the tax programs readers often recommend as an alternative. So it's rather disappointing to hear a few readers sound a very different note about TaxAct -- namely, that 2nd Story seems to be using spammers to promote it.

This is happening not so much because the company is encouraging spam, but in fact because they have an affiliate program.
That is a tough call because affiliate programs themselves are not a bad thing - they are great for users and it is a good way for a company to generate more buzz and bring in customers - which is after, what a company exists to do (the service or product which they offer is the means to that end of course).

I own a company on the side and am currently torn over the affiliate issues right now. I would very much like to have an affiliate system in place for all of the obvious positive reasons, but I am nervous that people would then spam with it (even if I ban their accounts because of it, plenty of people are still dumb enough to do it anyway).

If anyone has any suggestions on how to have an affiliate system that is spam proof, I'm all ears.

Speaking of phishing... EBay

We just posted something about phishing and sure enough there are more articles out there telling us that EBay has a redirect in their system which is helping phishers collect data. It allows them to create links that look legitimate (or more legitimate than just pointing someone straight to another site) and therefore get people to click through and get scammed.

Optimmism over phishing

Forbes has an article up with a ridiculous title (Feds Feebily Fight Phising) but it raises some good points.

It first starts off with the idea that Senator Patrick J. Leahy's proposal to make specific laws against phishing might have good intentions but aren't necessarily the way to go. It then goes on to talk about ways that one might look to make money from the surge in data privacy issues, and then closes with the optimistic view that someone will soon invent a way to make data more secure (why not instead make a way that prevents users from easily giving up their information to random people... that's probably much harder).
Forbes of course comes at it from the perspective of where to invest - thinking that certain public companies may be the ones to create this new idea and therefore are good places to invest. That remains to be seen at this point.

South Korea sees a drop in email usage

According to this article, there is a drop off in the usage of email in South Korea.

The article says that people are using alternative ways to communicate with each other, especially text messages over mobile devices.

Note that the article appears to be talking about personal use and specifically younger people. It says nothing about business practices. I find it hard to imagine that businesses are moving away from email anytime soon.

Wired article on pop-up ads (with pop-ups)

This Wired article about pop-up ads being found annoying by consumers and how sites are slowly catching on is not necessarily new news.

What is new though is the update at the bottom where the author apologies for the ironic tone the article strikes (unintentionally) by having pop-up ads on the site. I didn't see any, but then I use Safari which blocks them. There is also the possibility that the people complaining have spyware which is feeding it to them.
I suspect that Wired, if they don't have their heads up their asses, are at least going to turn off pop-ups for that particular page.
Please comment if you are getting pop-ups going there. And like I said before, we will never have pop-ups here, if you are getting them on this site, it is most definitely spyware (that goes for annoying banner ads filling the top of the screen which I have seen on user machines before too).
The only ads that you will see on this site are those in the right-hand column because I have seen that they are seen as useful by enough of the audience to merit them, and are the least offensive way for me to try to make some money to cover bandwidth/server fees (trust me, not much comes in on those).

More ways to block comment spam

I had just posted the SimonG post and then in the comments on his thread, I saw reference to this page at candygenius.

They seem to indicate that most all (95%) of comment spam comes from a single proxy, and they show a way to block it (using .htaccess taking advantage of Apache's mod_rewrite I believe). Additionally they mention a few plugins for various blog types (which it notes don't resolve the bandwidth issues the way the .htaccess version does).

**Note that as this gets around, it won't work due to spammers changing to other methods/proxies. After reading around a bit more, it looks as if it is already changing.

Thorough review of anti-spam techniques for blog spam

This is really excellent and I wish I had thought some of these up myself. Over at, there is a fantastic write-up on various ways to try to block comment spam.

I definitely might be trying a few of these out here and on my other blogs. Even with MT-Blacklist, there are still a few ways that spam comments get annoying since MT-Blacklist has not enabled all of the same features in the new version that they had in the old version.

Most of the are either nothing new or overkill on top of an existing idea, but some of them are just excellent - particularly this one:

Logged the number of keypresses made when entering comments. Any comments where it’s less than two are rejected.

Now for the most part, if the spammer custom writes the bot to spam your page, then they could get around any of these. But generally speaking the spammer is just using the same bot on all sites and frequently are not even smart enough to write the code and is just using something someone else wrote.

Feel free to post up more ideas of your own if you have better suggestions.

Europe spam tide on the rise

The US has long been in the lead, and still is, when it comes to amount of spam in the email. But according to a new Commtouch report, Europe is seeing a big surge in spam.

Way to go Europe!

Note that the US held fairly steady, so the increase in Europe points to a general increase on the global level. This is bad for us end users, and fantastic for all of those companies who are "blocking" spam (the spam still gets sent, it is just a matter of how much of it you need to manually go through in your inbox) since they make money from this increase.a

Judge dismisses spam conviction

Forbes has a brief mention of a judge in Virginia dismissing a woman's spam conviction.

Ruling Tuesday, Judge Thomas D. Horne also said jurors may have gotten "lost" when navigating Virginia's new anti-spam law in the case of Jessica DeGroot. But Horne upheld the conviction of her brother, Jeremy Jaynes, who prosecutors said led the operation from his Raleigh, N.C., area home.

This came up the first time around here on Spamblogging - the first felony spam conviction.

Posted by Eric at

Spam in online communities at SXSW

If you are interested in the SXSW Festival and its conferences, then you might want to look into this one:

Spam, Trolls, Stalkers: The Pandora's Box of Community

Room 17AB
Tuesday, March 15th
3:30 pm - 4:30 pm

One of the most powerful gifts of the Internet is the ease with which people from all over the world can come together and create a virtual community. Sites that facilitate community-from Slashdot and Metafilter to the single-author blog with comments enabled-do so first by making communication easy. Unfortunately, this also opens the gates to undesirable parasites who, at best, do not care about your creation or, at worst, want to destroy it. Must all good things come to an end due to the network effect and the shadow of anonymity? This panel discusses all of the things that exposure and user-submitted content might bring and how to mitigate its effect on your site's health and growth.

Jay Allen Prod Mgr of Movable Type Six Apart
Elizabeth Lawley Professor RIT
Cameron Barrett BlogLabs Inc
Jason Kottke Writer/Editor
Steven Champeon CTO

Redundant firewalls

I was just talking to someone at a company which we occasionally deal with and they hadn't heard of this before, but they liked the sound of it:

Don't have just one firewall, but have two. Make sure they are from two different companies/manufacturers.

I was aware of this for as long as I have been in the business world, so it didn't even occur to me that others hadn't thought of it yet. (that said, due to no funding, where I work currently only has a single firewall - still works okay for us)

The thinking being that you set it up something like this:
Internet - Firewall A - Firewall B - Intranet

That way if Firewall A turns out to have a security hole in it and it gets compromised, then Firewall B is still in place and theoretically shouldn't have the same security hole in it. Of course if Firewall B has the hole, then the reverse applies and Firewall A would block people out and they couldn't even get to Firewall B to test it out.
With that, it should be obvious that it will take twice the configuration hassle and you are passing ports through between the two. Also note that you don't want your login/pass to be the same on both - if one gets compromised, you have to assume that everything on it is known. If they can get the user/pass, then if the other firewall also had that... what is the point of having two then?

The discussion I was having with the other tech person was whether or not we have hit the point where home use merits this, and also if Windows Firewall which is built in counts as a second one while on the inside.
My argument was that the Windows Firewall was useless and that for regular Joe home users, they don't need two firewalls - just one hardware home level one should do.

As should be obvious on this blog - I frequently discuss all IT things since they all interrelate - better security measures keeps out the threat of people abusing your network for a variety of reasons. From getting users lists to spam you, to getting in and spamming using your system going out.

Florida Spammer Goes to Jail

BellSouth has worked with authorities and the legal case is now closed with thespammer going to jail for a year.

He hijacked BellSouth users' accounts and then used those to send out spam. Not to try to say spamming is okay, but I think the larger offense here is that he hacked the accounts of multiple BellSouth customers.

Here's to hoping that more spammers will be stopped and the more egregious instances like this continue to be jailed.

I give up: T-Mobile sales actually up

When a company shows gross negligence and generally screws up on multiple levels and puts your personal information at risk... generally speaking I would argue you shouldn't go and buy their products (I could see an argument being made as to buying their stock if you think it has crashed and will come back up as they fix things).

But, defying all reason that I can think of, T-Mobile sales have actually gone up on the news of the Hilton Hacks.

I continually need to readjust my contempt for the general public - just when I think it can't get lower...

Fox News tells us to look out for drug spam

Fox News, a true bastion knowledge, has decided that it is finally time to warn its users about the scourge of spam selling drugs like Viagra.

While it seems a bit late since this sort of spam has been going around for years now, it is still good to see more coverage of this because I have a sneaking suspicion that Fox News gets far more website views than Spamblogging does. An educated public is one of the steps we will need in order to fix the spam problem. They do some good things in that write-up - namely telling people not to buy anything from the spam mail and not to click on links.

MCI has booted the Send Safe crew

As nice as it was for MCI's UK branch to make some money hosting the Send Safe group, they have booted them after pressure to do so came on them from many directions (and for good reason).

Send Safe is a spamming tool which allows spammers to send out spam over compromised PC networks. Even though they were kicked out by MCI, they are still bouncing around to other hosts.

If those who are doing illegal things can't find a host, then it is hard for them to make any money from it. If they can't make money from it, then they aren't going to bother going through the trouble and will find something else to do.

Bagle variants coming in spam

The Register is reporting that new Bagle variants are coming in spam. It comes attached as a Zip file, and in there is an exe file with some random looking name. If you extract that exe file from the zip file and then run it, not only are you an idiot, you will install a trojan which will then download more bad things and infect your machine.

This is a very common tactic these days to get a large starting point for the virus to spread from. They used to seed them to a few computers and let it grow from there - but spamming out to millions (or even many thousands) gets them a much larger starting point, so the growth can happen much more quickly.

Ways around this of course are to keep an updated anti-virus program, a good anti-spam system, and don't open every attachment that comes to you and arbitrarily run whatever programs happen to be in them. Unless you are expecting an attachment and it is of a type which can't do harm easily (images, PDF, Word/Excel with no Macros, etc), then you probably have no reason to look into it further than just tossing it.
Also note that your anti-virus tool should be able to drill down into Zip files for several levels and check the content in there.

Mobile Text Message Spam Doubles

InformationWeek reports that Mobile Text Message Spam Doubles. Incidentally being told that something doubles isn't very helpful unless you know the time period over which it happened so you can establish the rate... and this was over the course of 2004.

The most interesting thing in the article which caught my eye was the mention that people won't stand for this on mobile messaging since they have to pay for the messages (in and out). This is interesting to me since technically all e-mail that we send/receive, we have to pay for too. But it is a much broader and abstract of the term since it is part of the bandwidth and hardware allowances people see as part of being online.

But a charge for the actual messages directly and it showing up on your bill causes even those that are the least technically savvy to sit up and take notice.

The article notes that specifically because of these fees, people won't tolerate the spam the same way that they might via email... then why the huge surge? Because it has to reach a breaking point (or a Tipping Point if you are a Malcolm Gladwell fan) before finally it reaches a level after which the demands on everyone (network resources, individual wallets, annoyance levels, etc) have been maxed out and then action will be taken.

If you really want to get a headache though, you have to remember that the ones who can best reduce the spam are the phone companies. And who gets paid for each of those messages sent AND received? Yeah, that would be the phone companies.

So it is going to become an issue of when the money is no longer made due to the amount of customer service issues they have to deal with around it, and with that there are companies who will evolve to fill the niche (and already are) to block/filter the spam at various points in the chain.

As far as I know, it remains to be seen at this point which point along the way or which company is the breakout leader for mobile anti-spam tech.