Category Archives: spam

Mail Hiatus

I am likely to be subject to email hiatus in the immediate future.

On seeing a suddenly-filled default inbox folder (customarily where spam lands, as procmail sorts non-spam), I find an address for me has been used as “From” in what is evidently a big spam run.  The unexpected messages are mostly out-of-office auto-replies.  A handful are from mailinglists that have been spammed but need “me” to subscribe before “I” can post.  Happily my own spam filtering has caught most of the other big class: bounce messages from servers so misconfigured as to accept the spam before identifying it as spam and “returning” it to the victim – me.

After a bit of firefighting to reject the autoresponses and moderate the server load, I instead just deleted the address they’re targeting.  Since it’s an address that is publicly advertised, I can’t make that a permanent solution[1].  I shall keep an eye on the mail log and re-enable it when the flood abates.  Also to relieve the load on the server, I’ve turned off greylisting.  It appears to be OK now, but if necessary I may intervene further.

Interestingly the lists spammed include a lot of my current and former hangouts at and  Happily the “from” address isn’t one I’ve used to subscribe to any of those lists, so nothing should’ve sneaked through there as “from” me.

[1] Or maybe I can.  But that’ll be as part of a general revamp of my mail addresses, and needs planning.

Dealing with text and phone spammers.

The good news: two text spammers to be fined.  Probably wholly inadequate, but better than nothing, especially in terms of sending a message.

The bad news: this is such a rare event as to be newsworthy!

I’ve long wanted to propose a better system.  Give me a single button I can press on my phone to flag an incoming call or message as spam.  If I hit the button then the caller is charged for it: say, £1 per call.  To be operated by the telcos, in much the same way as their regular call charges.  A truly effective way for spam victims to convey our response to the spammers, as the £1s mount up.  Or if the spammers are right and most people don’t mind, then they’ve nothing to worry about.

Of course we need some basic safeguards against malicious (or accidental) use of the £1 button.  A threshold to pass before any charges are incurred.  And there should be no perverse incentives: I don’t get the money, neither do the telcos (though they might take a small administrative charge, to be determined by the regulator).  Any proceeds go to charity (not that there’ll be any: it’s a deterrent)!

It’ll also need some minor barriers to technological workaround: a cost to getting millions of phone numbers and keeping the number of spam messages per number below the threshold, including setting up a telco specifically to create such numbers.

Given that it’s the party conference season, who will offer us an effective protection against these spammers?

Benign spam

Can you spam without being evil?

A local tech (‘puter/etc) shop seems to have found a way.  A notice on his door tells me that if I ‘like’ his facebook page, I get entered monthly for a draw.  The monthly prize is £15, so just a small incentive, but then it’s only a one-man business.

I guess that’s another manifestation of the same popularity/visibility game that gives us link farming and worse forms of spam.  But this one seems pretty-much harmless: it’s just playing the rating systems.  When ratings get gamed and subverted (like the once-useful TripAdvisor) it seems to me more a weakness of the system itself (insofar as the system rewards the gamer) than anything else.

OK, I’m probably hopelessly behind the curve here, observing something you already knew.  Hmmm …

Comment spam

Back in May I mused idly about hair in a very brief blog post.  For months now I’ve been plagued with a torrent of comment spam on that particular post, and I’m now disabling comments on it altogether.

This is the most unsubtle form of spam, full of utterly blatant keywords and phrases like “nude teens”, “pre-teen sex”, “lolitas”, “hairy pussy”, “nymphet incest” linking to the spammer’s sites.  So surely it should be trivial for a spam filter like akismet to deal with them?

Akismet can tend to be over-zealous with legitimate comments, and regularly tends to caution when posts contain links.  For example, Andrew’s recent comment on my Mac troubles includes helpful links which caused Akismet to send it to me for moderation.  Most regular spam just gets automatically binned without my ever knowing about it unless I actively take the trouble to check.  So how the heck does this particular crap get past it?  If Akismet were human, I’d have to suppose (s)he was either being blackmailed or taking backhanders!

It’s not even as if links from here have obvious spam value: wordpress automatically inserts rel=nofollow to tell the ‘bots to ignore them.  And my blog is actively managed: I welcome comments but remove spam, including the traditional innocent-looking stuff that just says something bland like “nice blog”, or even spam compliments like a “thank you for saying that” where they wrap a link.  My criterion is not what someone links to, but whether the ‘comment’ contributes to discussion or is a ‘bot that’s just posting at random or at best has latched onto some key word or phrase in a post.

Talking of which, I wonder why that particular post attracted so much crap?  Is it perhaps the phrase “Long luxuriant hair” appearing in a legitimate comment?  Or maybe the title of the blog entry means something different in the spambot’s world?

Let’s see if this entry attracts similar crap.  If it does, I might (reluctantly) have to close comments here too.

Reporting ‘phone spam

Dear Lazyweb, is there an app for any kind of mobile ‘phone that’ll take the number of the last incoming call and submit a quick complaint to OFCOM?  The phone in question is a Nokia E71 (Symbian 60), but if that’s not available then an equivalent app for AN Other platform would seem a startingpoint for hacking it

I’ve long suffered from phone spam, but getting it every day on the mobile is a new affliction this year.  The computing power of today’s phones ought to bring some benefits in combating this curse!

Phishing gets more focussed

It’s a story that’s well-known in net-savvy circles, but a couple of recent personal experiences bring home how phishers are changing.

First story – on the phone.  I’ve had a spate of “sell the business” and “reduce my bills” calls.  Among them, one from a caller identifying himself as from my provider, O2.  He’d done his homework, knew my name and my company, and was an English voice, not an obvious Indian call-centre (which might, ironically, have made more sense if it really had been my provider).  Everything to put me at my ease.

He didn’t start with the ritual of security questions: that would of course alienate the mug on the other end of the line, not to mention raise who are you concerns.  Instead, he wanted to talk about whether I might qualify for a new “free” handset, and reducing my bills.  He asked about my existing handset (answer: how is that relevant?) and on the subject of bills said “you’re paying about £x-£y/month now, right?” (wrong, by an order of magnitude).  OK, you’re plausible, but if you were really from O2 you’d have access to your customer’s details and not have to ask!

After that one I tried calling O2 to confirm it really wasn’t them being daft.  The automated introductory message reminded me what security questions I’d need to answer.  Damn, I don’t have that information to hand, can’t even ask them the question!  Never mind, I went through my options in detail less than a year ago when I got connectivity for the pocket-‘puter, and I’m not looking for a change.

The second story came in a ‘phone call from my mother earlier this week, and served to remind me that not everyone finds it as easy to dismiss them as I do.  She had email about her bill from, and wondered about clicking the link.  OK, that’s an old-fashioned phish, but coming “from” a minority site that she has bought from (though not recently) gives it extra credibility over the one “from” amazon or ebay.  Or indeed “from” tesco or waitrose.  I suggested she hover the mouse over the link to see where it really leads.  Turned out to be some .exe on an unknown site.  Just as well she’s not a complete mug 😉  Googling finds a thread about the phish, and the site itself has posted a warning!  Having reassured herself about deleting that email, she then contrasted it with a legitimate email from John Lewis about an actual recent purchase: the invoice was in the mail itself, with nothing to click.

Pimp my business

Just had another spam ‘phone call to ask whether I’m considering selling the business.

This is clearly not someone who knows anything about the business, let alone wants to buy.  They’re just working through a list of registered businesses.  It has all the tell-tale signs of a junk call: a bored voice with a strong Indian accent reading from a script, the noise of the call centre making it very hard to distinguish a word of what he’s trying to say.  Oh, and an 08** number, which I wouldn’t answer at all if it came through on the landline[1], but do take on the mobile as they’re still relatively rare there and because it’s a number used for legitimate incoming work calls.

When I started writing this, I was going to ask what the **** they hoped to sell me if I’d said yes, I was considering selling the business.  But I guess that’s not so hard: if my business had fitted into some regular category they deal with, they’d have introduced me to some relevant broker and taken a commission.  Or perhaps they’d have done that anyway, and left the broker to flounder on assets they can’t make anything of.

Or maybe the right broker could: “SEO” is nowadays an asset with monetary value, and the googlerank of my webpages might still be worth quite a lot to someone prepared to abuse it.  Maybe they could even make something of my existing software/online services and turn that into revenue (yeah, right, dream on – that’s where I originally saw WebThing going before it became clear that my consultancy time was the only thing people wanted to pay for).  Though whatever value any of those things might have is certainly faded over the years they’ve been collecting dust: Site Valet would at least want updating before I could seriously recommend it for the ‘net of 2010, and older stuff is pretty-much completely lost/obsoleted.

Anyway, that’s hardly relevant to an annoying spam call.  Suppose I had been wanting to sell my business, and had more conventional assets: for example a high street presence and a loyal customer base, or a laboratory or factory.  How might I go about realising the value of my assets?  Surely not by struggling to understand a word of what someone from a noisy call centre is trying to say?

[1] As they do most days, sometimes several in a day, despite my having supposedly opted out.

Phone spam

Dear Lazyweb, can anyone help?

Despite having long ago registered NOT to get spam phone calls, I get more of them than I do real calls.  It’s annoying enough when I’m sitting by the ‘phone (as I am when at the ‘puter – with which it shares a desk), but makes me positively angry when I run in from another room for it.  I’m getting to the point where I don’t bother to try with landline calls, except when I’m expecting them.

I tried asking BT about blocking spam numbers a while ago, but they say they can’t, or won’t.  SO I wonder, is there a ‘phone or other bit of kit I can buy, that’ll screen out incoming calls from any 08xx number (as well as withheld numbers – so I don’t have to trouble BT with them)?  I avoid answering those already, as they are reliably some-call-centre.

Flattery Spam

In recent years I’ve had my fair share of “who’s who” spam: senders calling themselves who’s who and inviting me to check my entry[1].  It seems like a descendant of one of the very oldest forms of online spam from a more innocent age “your website has won our prestigious award” (subtext: please display our logoaward and link to our site)[2].  Since I never follow the links, I’ll never find out if there’s a more sinister motive such as trying to infect my machine with malware.

The latest variant on this is new on me:

Dear Nick,

You were recently chosen as a potential candidate to represent your professional community in the 2010/2011 Edition of Distinguished Professionals Online.

We are please to inform you that your candidacy was formally approved March 15th, 2010. Congratulations.

The Publishing Committee selected you as a potential candidate based not only upon your current standing, but focusing as well on criteria from executive and professional directories, associations, and trade journals. Given your background, the Director believes your profile makes a fitting addition to our publication and our online network.

Not so bad.  Much better English than yer average spammer!  It even goes on to say

As we are working off of secondary sources, we must receive verification from you that your profile is accurate.

So they even have a reason why I should have to check my listing!   But that way I’ll never compete with the likes of Walter Mitty.  Funny then that to confirm my listing, I get to click what looks like an individualised tracking link at an unknown domain whose owners are hidden from the public whois listing.

Something to publish?  More like something to hide!

How fortunate then we have Google, where you can find information about me, or indeed about anyone else online.  And that in the unlikely event that you want to know more about me, you can research further based on what you found there, and get it for real.

[1] No, I don’t have one.  At least, not to my knowledge 🙂
[2] Come to think of it, blog comment spam is perhaps the real modern successor to the award.

Text spam

Dear Lazyweb, is there any way of fighting text-message spam?

I’ve already tried ‘phoning O2 and asking them, but they tell me they can’t (or won’t) do anything. Do any of the other UK providers offer a service that’ll block a sender, or block on a keyword in the message (like, everything that starts with FREEMSG)?

Or if I can’t block it, how about as a poor second-best, programming my ‘phone to drop them without bothering me?  The ‘phone is a Nokia E71 (Symbian s60), so any hints for that would be ideal.  Kind-of, procmail-for-text-messages or similar.  Or if I could do it on Maemo, that might help incentivise me to go out and buy a tablet ‘puter, though I’d still want to use the E71 for day-to-day use as it’s more comfortable in the hand and the pocket than something bigger.

Oh, and if any legislators are reading, how about legislating for us to be given a rejection button for junk phone calls and texts, that’ll cause the sender to be charged real money (e.g. £5 per call should mount up, though £50 would be better).  Money to be collected by the telco and donated to charity – less a small administrative fee to be determined by ofcom.

p.s. if any reader has power to do anything with it, the number that just spammed me to induce me to write this is 07833 992283 (UK) or +44 7833 992283 internationally.  If publishing the number here attracts any kind of inconvenience to that shit, then good.