Category Archives: spam

Naming and shaming spammers

Time to name and shame a couple of should-know-better spammers who have afflicted me recently.

  1. dabs.com. I bought a couple of e-book readers from them, carefully selecting every “don’t spam me” option. Nevertheless, they started sending regular spam. That’s a shame: I’ve had good service from dabs over the years, and I really didn’t want to have to blacklist them.
  2. Google. Specifically, googlemail.com, but that’s google’s mailservers. In this case, it’s not actually them spamming, but they’re just (unexpectedly) one of the clueless admins sending backscatter from a (thankfully, not large) joe-job.

Bah, Humbug 😦

Mailing me

If you emailed me this afternoon, it’s possible I might have lost it.  So if I owe you a reply, it’s not necessarily just me being inefficient.  Bug me!

I came back to the ‘puter this afternoon to find my inbox clogged with several hundred bounces from a joe-job.  So I added a postfix rule to reject the buggers, and set about a mass delete of what was already there.  But I’m on the mac laptop, whose mailer expects me to do things individually, and gets a bit sluggish and unresponsive on a mass-delete.  It’s possible I may have overlooked genuine mail somewhere in there.

I did spot two non-bounces in there, one of which was a genuine message.  And the stuff in the intray excludes my mailinglist mail, which is auto-sorted into per-list folders on arrival.

Greylisting

I’ve just installed postgrey at webthing.  So I’m (experimentally) greylisting incoming mail.

Since people say greylisting is so effective, I’m also dropping the more fallible part of my existing spam filtering as part of the experiment.  Blacklist access restrictions and sbl-rbl remain in effect, along with basic SMTP well-formedness checking.  But all pattern-matching on message headers and bodies is suspended, as part of the experiment.

If greylisting is as effective as many folks claim for it, I’ll make that a permanent change.  Time will tell!

email hassles

So, I arrive in a hotel in forn parts, and read my email.  It’s in several places, for different incoming addresses.  But most of it is being forwarded to my ISP’s mailserver, where I can access it by imap.  So no problem there.

On the other hand, outgoing mail has been going nowhere.  That is to say, replies sent to mailing lists: my (shiny new) sun.com email is working just fine relaying outgoing stuff through sun’s mailserver.  I just got around to looking at the logs, and it appears the hotel’s IP address is blacklisted by spamhaus – hence my inability to send.

Now that’s mildly interesting, because my mac mail’s configuration shows this stuff as relaying through my ISP’s outgoing mailserver (with password access).  Evidently this is not happening, and I have to blame MacOS for being bloody confusing.

If anything’s important enough to merit it, I can always ssh in to webthing.com or apache.org and use pine from there.  But as for just attempting to help RandomBodOnnaMailinglist, that’s just not worth it so long as I’m here.

Text message joe-job

Having just blogged about spam, here’s another puzzling thing that’s been happening in the past week or so. I’ve had several messages from people claiming to have received text messages “from” webthing.com, and asking to be removed from “your list”. One of them described the text message as obscene. One mentioned a voicemail.

They look genuine, and most of them come from the contact form, which makes it particularly unlikely to be automated crap. The senders seem to have taken some trouble, to visit the site and fill in the form, and they include (US) phone numbers that are probably genuine. Most of them were also polite, which is interesting if they thought they’d been spammed.

What really puzzles me is how any text message can be seen to come “from” a website. For the record, even if some cracker had pwned the server, it doesn’t have the physical hardware (whatever that may be) to make phone calls to anywhere. I understand US phone systems are different from ours: maybe they include something akin to SMTP headers, and perhaps equally easy to forge?

Talking of which, is UK caller ID tamper-proof, or can it be spoofed? Yes, of course it can be withheld, but that’s different.

Sabotaging spamassassin

Over the past few days, there’s been a new storm, of email spam comprising just random words. Not (as has been common for years) tagged onto the spammer’s message, but in isolation. No message at all: the random crap is the entire message contents. And unlike a lot of spam that follows predictable patterns, this stuff looks like human-written paragraphs of text.

My best guess as to why this is happening is that it’s aimed at crippling statistics-based filtering software such as spam assassin. Human recipients will classify them as spam, thus training the filter. But statistically they’re closer to real mail than to the spammer’s usual \/|@gra, m0trgages or St.ron`g Buys, so telling a filter these are spam may in practice weaken its ability to distinguish email from crap. Of course that’s just speculation: I haven’t done the experimental work to test it.

The same thought has crossed my mind in the past when I’ve received empty or one-gibberish-line spam messages, but on the whole I was more inclined to attribute those to incompetence than anything clever.

Today there’s a story in El Reg about a round of spam promoting an obscure american presidential candidate (I never saw the actual spam). The motivation for it was unclear: neither the candidate nor his opponents could expect to gain from it.  If it was indeed someone with an interest in the subject, then either it was a “stalking horse” experimental run, or just a complete nutter.

Anyway the reg’s reporter had interviewed a security researcher who had got his hands onto an instance of the software that controls the spam-sending botnets, and reports that it was well-written, and that it includes spamassassin. That looks like fairly compelling evidence that professional spammers are indeed engaged in an arms race with spamassassin, and I think lends enough weight to my speculation to merit blogging about it.

419 on paper

The first 419 letter I ever saw was on paper.  It was back in about 1995, before scammers discovered email.  And it wasn’t even addressed to me: the lucky recipient of Nigerian millions was the owner of a bar in Rome.  He showed it to me because it was in English, and he thought that I as a native speaker (as well as a regular customer in his bar) might have some insight.  I didn’t: my puzzlement matched his own, and the thoroughly international word mafia suggested itself as an explanation.

Today in the post I had an envelope postmarked Malaga.  That’s a traditional holiday destination for Brits, so I wondered who the **** might be there and sending me … not merely a postcard, but a letter.  Opening it, turns out I’ve won a nice big share of a prize, from a lottery I (of course) never entered.  Yeah, right.

It’s actually a bloody good “nothing to lose” offer.  It’s not asking for sensitive information beyond what we all routinely disclose to strangers, e.g. when we make someone a payment.  The most likely-looking catch is that there’s a 10% agents fee, payable only after I’ve cashed their cheque.  Looks like an interesting timing issue, for their cheque to bounce after mine has irrevocably cleared.

I guess if I didn’t have the spam filter, I’d be reading the same thing many times a day.  But on paper it’s still a bit of a novelty.

YouTube + Royalties = Spam

El Reg Reports that youtube has struck its first deal with a performing rights society, presumably involving royalties. So every youtube entry becomes a numbers game with potential money.

I expect that means we’ll see a great new wave of spam involving YouTube URLs, making another one for the spam filters. The only hint of good news is that google may be well-equipped to penalise spammers, if its deal(s) allow that. But from an end-user point of view, that doesn’t mean less spam, just another long battle.

Bah, Humbug.

Phone spam

Anyone phoning me from outside the UK: please use my mobile number, or contact me in advance to let me know you’re calling. Otherwise I may assume it’s spam.

There’s some wretched call centre trying to call me most days. It’s from outside the country and my phone doesn’t display the number, but I think it’s the same one persisting. If I answer, the pattern is always the same: a few seconds of silence followed by an Indian voice asking the standard “am I the owner of this phone” question.

This is my home phone number. It’s not advertised on my website, and doesn’t solicit any kind of calls. It’s for friends and family, and a small number of business contacts who I’ve given it to individually. It’s on the UK national don’t spam me list, so (in theory) any UK-based spammer abusing it could be in trouble. So they outsource their dirty work.

The last couple of times (including today) I’ve tried to get the fax machine to answer and give the bastards an earful. Who knows, they might even have a computer that notes the fax on the number and stops harassing me. But I can’t do that in the time available unless the fax machine[1] is already turned on. And I use it so rarely it can go for weeks without ever being powered up.

Can anything be done? What I’d like is a ‘spam’ button I could press when I receive a call, that would instantly charge the caller – say – £1 (US$2). Enough that it gets expensive to spam when people start using it. I don’t care who gets the money: presumably not the consumer (too open to abuse) or the telecoms provider (ditto – though I guess they could take a small admin fee). Charity would be nice, but I’d even be happy to see the government pocket it. Just so long as the spammer has to pay it.

[1] Actually an all-in-one printer/scanner/copier/fax machine.

A new rain of spam

Yesterdays and todays news is that the ‘merkins have arrested one of their top spammers in Seattle. I don’t know how much difference this’ll make, but my understanding is that it’s one or two altogether different US states that give spammers a safe haven and could really make a big difference. Along with the world at large.

Here on the blog I’ve had a recent deluge of trackback spam pointing to something called “correctserver.com”. It’s a subtle one: I first saw it when I referenced an earlier post, and saw not just the one (legitimate) trackback, but a second one appearing simultaneously. I first took that for an innocent wordpress malfunction, then realised that the trackback from “[my post ]| Server software” was spam pointing to someone’s copy of my post. Since then I’ve had a number of them from the same spammer, and they get right through Akismet.

Today I just realised it’s more subtle than that. A week and a half ago, Danny Angus referenced my blog in an entry on his own. The first I saw of that was the trackback; then I saw it on Planet Apache. OK, fine, a legitimate trackback, right? Nope, it was only just this morning it showed up in my feed as [Danny’s entry]|Server software that I realised it didn’t link to Danny’s post, but to the spammer’s copy of it at correctserver.com.

A subtle and devious technique. WordPress admin and Akismet: I hope you’re listening!