Go to Making Light's front page.
Forward to next post: You Hate To See That Kind Of Thing At This Level Of Play
Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)
I woke up this morning to the cheery sight of over 2500 new spam messages in my inbox. On closer examination, most of them appear to be delivery-failure notices in response to email from nonexistent addresses at nielsenhayden.com. I had our account set up so that email to any otherwise nonexistent address at this domain defaulted to me. I’ve reconfigured the system to discard such messages, which seems to have stanched the flow.
I have no idea whether someone is specifically trying to mess with us, or if (entirely likely) some giant semi-automatic spam system just happens to be using “nielsenhayden.com” as its domain de jour. I do know that the actual original messages aren’t being sent by the real nielsenhayden.com; we’re just getting their delivery-failure bounceback.
However, it’s taking a while to clear all this stuff out of my inbox, and in the process it’s entirely possible I’ll accidentally delete some real mail, so if you’re expecting to hear from me and you don’t, please be forbearing.
My sympathies. Have a bowl of oranges.
I have it set up to default all emails to me as well because I have been using a certain technique to staunch spam: using a different email address for each website I register at, and then letting it be delivered to my normal email address. For example: makinglight-at-mauricereeves.com
There are circumstances, such as yours, where it does suck getting a ton of spam in a single day, but I have identified several companies that have sold off my email address and use it for spam, so I don't do business with them anymore.
Yeah, way back in the day when I first
bought greglondon.com, I thought it would be
cool to have any unhandled email addresses
sent to my real email. That way, I could
tell people to email me at
TheBomb@greglondon.com
LifeCoach@greglondon.com
contact@greglondon.com
etc
It seemed like a good idea at the time.
A month or so after I set up my site,
I start getting floods of emails.
My spam filter was catching a lot
and throwing them to trash, but it
was so bad that I kept having to go into
trash and delete everything there so I
wouldn't fill up my quota.
After a week or two, the flood was only
getting worse, so I shut it off completely.
YouRock@greglondon.com goes to the bit
bucket immediately and automatically.
It doesn't go to trash, it doesn't get saved.
It gets tossed and forgotten completely.
Spammers want to hide their email address,
so they'll use anything they can find to
replace their own. But it also helps if
the recipient recognizes the fake name,
and reads it, thinking it might be legit.
And as an added bonus, if the spam is sent
to a bad address and bounces back, it bounces
back to you, not the spammer.
Just make sure you set your email to
discard email to bad addresses, not just
put them in a trash folder somewhere.
I made that mistake, and then it was
slowly eating my hosting quota instead
of my email quota.
Yeah, these spamming crap-holes who use innocent people's email addresses for their delivery failure notices have really defined the term "New Low". I was alarmed the first time I got a ton of these, peering closely at all the headers and so forth. Now whenever I log on and see failure notices, all with message size of "41K", I just start deleting. I never got 2500 at a time, though. That's impressive.
You really have to stand in awe at the narcissism of these people. I mean, it's a wonder they don't bitterly resent the air all the rest of us use up by, you know, breathing. Come to think of it, they probably do.
It's almost certainly nothing personal: I'm currently receiving a steady trickle of returned mail in all languages and character sets, because someone has taken it into their heads to spam as if from a variety of alphabet soup ids at a domain I look after.
I don't think they are doing this to fool the unwary that they really exist - a) because they aren't using real names and b) because anyone who checked that domain would see that it has no relevance to what they are selling. Does it spoof automated filters (i.e. do any of them check that mail bears the address of a real domain?).
What I'd like to know is, how can any company be gullible enough to pay someone for distributing their advertising, labelled SPAM in large friendly letters, to all these nonexistent addresses?
That Sir, would be an attempt at a DNS or denial of service attack via e-mail bombing. Though, I'd check the time stamp on the emails to see if they were indeed shotgunned at your site.
-=Jeff=-
When your address (or in cases like these, nonexistent addresses that resolve to yours) are used as the faked "from" address in spam, that's called a "Joe job." Sometimes this is done maliciously, but often it's (as they say in the mob) nothing personal. I've received my share of these bouncebacks, and even angry mail from people who thought I'd spammed them.
Normally I'm against torture and the death penalty, but I might make exceptions in some cases.
I had the same thing happen this week. The total bounces that showed up in my mailbox were about 4500.
I also think it's personal, even though I have no proof and know that this kind of thing happens all the time. I don't think it's a coincidence that the more popular site my becomes, the more attempts are made at comment spam on my site, the more I receive form-letter will-you-link-to-me emails (for sites that have nothing to do with my site's topic), the more attempts are made to spam my email list, the more attempts are made to hack the site, and the more messages I receive wanting me to send money to Nigeria. These scumbags are going through directories of popular sites accumulating domain names, email addresses, domain registration info, and anything they else they think will help them. No doubt those accumulated domains are later fed into mailers. They never cull their lists. I still get spam to email addresses that have not been used in ten years.
It's not their narcissism that bothers me. It's that they've forgotten what their goals are. There goals are to sell product, yet they spend all their time on trying to game the system. Legitimate advertisers have shown repeatedly that if a company spends a relatively small amount of time and money crafting a short, well-written email and then sending it to double opt-in email subscribers, sales will beat those resulting from black-SEO and spam operations every time, even for the same products. EVERY TIME. If they spent more time accumulating legitimate addresses from people who have truly chosen to receive such messages—and, sadly, there are tens of millions of people who have—then they wouldn't have to do any of the tricks. They could spell normally, use real SMTP servers, use full-quality image ads, all resulting in better fulfillment rates.
My favorite (for highly sarcastic values of the word) version of the Joe job is that perpetrated by e-mail propogating viruses of the last several years. An infected individual's computer winds up sending virus-laden e-mails to the addresses of the people in their address book, but instead of using the address of the infected individual as the "From" address, it uses a different e-mail address from that same address book. Further, the new virus payloads often contain those newly harvested addresses, which can then go into the rotation of "From" addresses on a box whose actual user never had you in their address book. IOW, all it takes is one of your friends or family getting infected for your address to wind up sending out hundreds or thousands of viruses and/or spam messages from machines belonging to people you've never heard of.
I hate spammers and virus writers sooo much...
I've been suffering with this for the past month. Some of it is bounce-back from spammers faking my address. But some of it is a New and Improved virus scheme. The virus is distributed as an attachment to an apparent "bounced spam" message. The victim, all concerned to see what's being sent out under their email address, opens the attachment.
So don't ever open the attachment.
I've gotten spam addressed to me with my own address as the sender, on an account I don't send anything from. It goes into the trash.
My (paid) e-mail service has been getting a lot of spam with random-word subjects lately. The epidemic before that had long subjects pulled from news stories.
That's very odd. This morning, my gmail account was filled with 20 spam messages, where at most I get one or two a day.
Has something riled the spammers?
2,500 is an impressive, indeed horrifying, number of spam messages.
What I'd like to know is this: is the appropriate punishment for spammers shooting, hanging, baking, broiling, or frying?
It's happened me to several times, including my own valid personal email address. It's called Joe Jobbing, and you can find reference to why it's called that here (with apologies to a Wikipedia link):
http://en.wikipedia.org/wiki/Joe_job
Thus, I've pretty much given up trying to conceal any of my email addresses. I've never had catch-all email addresses enabled due to (a) what you've experienced and (b) it attracts spammers who just send to anything @domain.com in the hope that somebody has catch-all email facilities.
Are these attacks personal? Difficult to say, I have done a lot of anti-spam work and have always reported spammers wherever possible, so it might be retribution. However, more than likely you've been chosen purely at random.
Spam Kings (http://spamkings.oreilly.com) by Brian McWilliams was an interesting read into the thinking about spammers. There is also another book (whose title I forget at the moment) which delves much more into that.
These days, I have a multi-tier solution to spam for my web sites and personal domain. The first line of defence is a Barracuda Spam firewall which filters out the obvious stuff first. Anything it isn't sure about, it sticks it into quarrantine and sends me an email every few hours with a list of messages that I can then flag up as deliverable, spam, or whitelist the sender. The second line of defence is SpamAssassin running on the mail server which performs even more checks against the message and then delivers it, or drops it entirely.
The system works well for me, and I've not had any false positives because of it. However, it's a pain and in an ideal world I wouldn't have to do this at all.
Perhaps what really hacks me off with spammers more than abusing my own domain name and email address is the use of putting excerpts of popular books into the bottom of messages to get around the various rulesets. I think I might have collected half of Harry Potter and the Half Blood Prince at one point.
Grant, what publishing platform are you using for your weblog? I swear, if we didn't have MT Blacklist to automate the process of clearing out comment spam, there are times I'd've been tempted to just shut down Making Light.
The worst comment-thread spam infestations I've ever seen were in The Tough Democrat, a once-popular weblog whose owner got a hot job and suddenly had no time for weblogging. He left the site standing open for about a year. It still had Googlejuice, and his comment threads were undefended. This thread accumulated 397 spam messages before the site was finally shut down.
I was on the receiving end of a nasty Joe Job a couple of years ago -- some spamming asshat specified charlie(at)antipope dot org as the "From" on their spam ... in Turkish. They were hitting on the customers of a Turkish ISP, an ISP which happened to have no English or other non-Turkish language contact pages anywhere on their website. (Ever tried to find a Turkish translator in a hurry?)
The big new thing is social engineering attacks delivered via worm. The worms take over a Windows box, search the address book, and compose messages from address (a) (someone in your address book) to address (b) (someone else in your address book) with a plausible sounding subject. A riff everyone's expecting to crop up soon is for the content to look like a continuation of a legit email thread -- for the worms to do Markov chaining based on the contents of a victim's mailbox so as to insert their malware into an ongoing stream of conversation. Very hard to spot indeed ... and the payload is probably an open SMTP server to add to the spammers' botnet.
I'm typically getting about 400-500 spams to the above account per day. It's only a matter of time before I have to vacate it for good. As for the blog, I've had ass-hats cutting and pasting spam into a hand-rolled mail feedback form, just so it would reach one pair of eyeballs. (Never mind the buffer overrun script kiddies who seem to think I'd be stupid enough to run something out of Matt's script archive, rather than writing a safe'n'sane version myself -- I get a load of them every week.)
Moving to Movable Type this weekend, I think. Hopefully it won't be too bad ...
I've been joe-jobbed a couple of times. And yes, several thousand a day for a few days is par for the course. :-(
The weird thing? The address used was a made-up one at my Demon sub-domain. And that made-up address has been getting its own spam ever since. Presumably it was scraped from the bounceback messages, or from an address book on a computer belonging to someone who'd set it to add addresses from all incoming mail. Nowadays the forged address gets the occasional virus as well.
i used to have a wide-open domain on my business site, where *everything*@mydomain.com was funneled to a single account. that lasted for quite a while until spammers discovered my domain, and i started getting hundreds of spams every day. so now i funnel everything to /dev/null except for a handful of adresses that i explicity forward to my own account.
i can still create a new address for a particular business, if i want to play that game. but at this point, if i get a message from "retailer_spam@mydomain.com" there's no way to know if the online store sold that address, or if a spammer just auto-generated the address and got lucky.
i still get a few dozen spams every day, even with three layers of filtering software. luckily, i get a kick out of the Dadaist word-salad subjects spammers are using these days. my wife and i like to see who can get the funniest subject.
I've been seeing multiple spams a day in the fake 'bounce message' format Beth Meacham described above.
On the blog spam front, I use Akismet with my WordPress blog, and it does a remarkable job of containing the garbage. However, I assume that there must be a great deal of coordinated effort by spammers going into 'solving' Akismet.
Add me to the list. I suspect that it's bots running on compromised machines. I'll get a burst in one day, and then nothing for months. Then I go through it all again.
I don't think it's personal. Your domain probably ended up in the cache or address book of a compromised machine and got picked up by the bot.
2500 spam messages?) Oooh, sorry, Patrick. I will never complain about my 30 or so a day again. I get the usual crap: the strings of words, the Nigerian stuff, the strings of characters in whatever alphabet, and because I teach martial arts I get martial arts spam at the website address which then comes to me. But it's easy to recognize and I delete it all. About 2 years ago a virus from an attachment fnked up my computer for several weeks until I got professional help to remove it, and after that the old computer never ran quite right...
Teresa: You might want to check out Bill's link to Akismet above. It turns out that Akismet, while primarily designed for WordPress, has a plugin interface that works with Movable Type. I've just read the docs, and it looks very promising: installation took about ten minutes (I had to register a Typepad account in order to get the magic cookie to plug into their system) but the setup is very straightforward.
For months, my AOL and Comcast accounts were virtually free of "random sender pharmacy spam," although not of phishing spam.
Just the last few days, they've started creeping in again.
Some kind of major offensive must be underway.
Normally I'm against torture and the death penalty, but I might make exceptions in some cases.See, that sounds funny until you realize that it actually happens.
As for being joe-jobbed - I once saw a bizarre joe-job where some spammer was not only using the email address of someone else, but also had wrapped their spam with a PGP signature block belonging to that person. (the signature didn't validate agains the message, of course, but any anti-spam software that knows about the string "BEGIN PGP SIGNATURE" is almost certainly going to count that as a message being less likely to be spam)
My Yahoo account (they host mavarin.com) has hundreds of items in the Bulk folder every time I look at it. I've given up looking through the folder, in case there's anything legitimate there. I think it catches stuff from whatever my original Yahoo email address is, plus anything to [whatever]@mavarin.com. I should really look to be sure. Of the items not in the Bulk folder, most of them are from Yahoo or a church in NYC, promoting events I won't be traveling 2500 miles to attend. It makes me not want to check my email there at all.
All this being the case, if anyone legit wants to reach me at mavarin.com and doesn't hear back, I suggest trying the AOL address.
Yeah, I've been getting more and more of the undeliverable spam myself. I'm still reluctant to turn off the catchall feature, though lord knows why: I can count the amount of legit email I've caught through it on one hand.
Good luck with it, and I wait with baited breath if you discover any way to correct the situation without turning off catchall.
I used to have a catchall on my domain, pointed to my address. Minor joe-jobs and lots of spam were just the price of having throwaway addresses that would tag who sold my address off.
Then I got a dictionary spam. [word]@mydomain, and [name]@mydomain. Looking back, it appears that I got 50k spams in a month. That was the end of my catchall.
I still have throwaway addresses, but they're in a much more constrained format, and unfortunately one that doesn't seem to work with any hosted mail providers out there.
Nabil:
Please, the term you're reaching for is "bated" breath.
"Bait" is something you catch fish with..."bated" is a shortened form of the word "abate" which means to cause to cease. Formal phrasing would be be, "I waited with breath abated..."
In other word, "bated breath" means you're holding your breath in anticipation of an event.
About a year ago I was joe jobbed and I remember posting about it on Making Light and being educated about the whole thing on this very blog. I basically had to quit using my old email address and I still hear from people who lost touch with me as a result. It was a total bummer, and I still wonder if it was personal. There were thousands a day for me as well, and my domain was then added to some filters as a result, so I couldn't send emails for a while without them ending up deleted or labeled as spam.
Their goals are to sell product, yet they spend all their time on trying to game the system.
Not quite. Their goal is to make money; product has nothing to do with it. Most of the spam you get is not being sent by the company whose product is being advertised -- that company has hired and paid a professional spammer, thinking they're getting legitimate access to "thousands of e-mail addresses!" In many cases, the spammer falsely represents his list as opt-in, and whoever is doing the marketing for the company isn't net-savvy enough to check. The more addresses the spammer uses, the more money he can get from the company, and that's his income source. And by using stolen proxies, he minimizes his own cost.
Another frequent occurrence is the "product" spammer who's actually a phisher, the goal being to get people to order the "product" and pay using a credit card. Bingo -- now you've got a name, valid cc#, and the 3-digit security code on the back of the card! It doesn't matter how fast the website gets shut down, as long as they get at least a few dozen cards out of it first.
About the Russian spammer who got offed... I don't really have a problem with that. I consider spammers to be in the class of "professional predator" -- someone who either makes their living or gets their thrills from hurting other people -- and the only thing that stops a professional predator is death. I have a hard time developing any sympathy for someone who has chosen to live by hurting other people and gets killed for it.
Lori: The cat deliberately ate cheese and then waited beside the mousehole with baited breath.
Appropos of nothing much, the problem with having "Chelsea Morning" stuck in my mind is, "Crunchy Granola Suite" comes next on the album and I don't enjoy that earworm nearly so much. Even if the tune can be sung and the words all rhyme.
What I'd like to know is this: is the appropriate punishment for spammers shooting, hanging, baking, broiling, or frying?In Hawaii, the favorite treatment is to fry them, coat them in teriyaki sauce, cover them in sushi rice and role them up in seaweed. At least, that's my understanding of how Spam Musubi is done.
...there are times I'd've been tempted to just shut down Making Light.That's it, Teresa, go ahead and give us all cardiac arrest. See where it gets you.
Xopher: I love it!
Nicole: I'm to the point that I'd rather be haunted by "Crunchy Granola Suite" than have "I Think It's Going to Rain Today" playing over and over in my mind.
(That last was courtesy of the avian flu scare film one of the networks aired recently.)
I'm using WordPress for my blogging software, and I've been very happy with the Bad Behavior plugin... Stops most comment spam robots dead in their tracks.
What I'd like to know is this: is the appropriate punishment for spammers shooting, hanging, baking, broiling, or frying?
In Hawaii, the favorite treatment is to fry them, coat them in teriyaki sauce, cover them in sushi rice and role them up in seaweed. At least, that's my understanding of how Spam Musubi is done.
One spammer, one bullet. If you're feeling nasty, make it two bullets, one for each kneecap. Don't go for the arms; they'll need them when they're sitting at the really dumb terminals in the pen, pressing the delete key once a second for eight hours a day.
Yes, I was joe'd recently. Why do you ask?
This has happened to me on several occasions over the last ten years. One of the disadvantages of having your e-mail address in a document that's the manual of a piece of software installed on a fair few thousand users' Windows PCs.
One defence I've found useful is to configure my mail server to reject anything that looks like a delivery failure message and doesn't include either the subject or recipient details of a message I've sent in the last 4 weeks. I very rarely get these now.
On the subject of catch-all e-mail addresses: I allow anything starting with the letter 'j' at my domain (with a few exceptions that I get a lot of junk on). Seems to work better than just taking everything, and still allows me to just make up an address when I need a new one for a different site to track the spam from.
Isn't it "du jour"? I'm not sure why, unless it's a gender thing. Or it's like 'au' which is a true portmanteau of 'á le'. Is 'du' a portmanteau of 'de le'? Victim domain of the day.
Someone who speaks French, help me out here. Serge, are you there?
Did someone express a desire for French pedantry?
You're right, Xopher, it should be "du jour" for exactly the reasons you state. (Except that it's à.)
France was great, BTW. Dijon is my new favorite French city. (This opinion is not in the least influenced by its having a yarn shop, of course.)
Speaking of Hormel, a Welsh firm has managed to register a text trademark containing the word 'spam'.
See The Register for more details.
Memo to cleek:
"mydomain.com" is an actual, active domain. They provide me with email forwarding from my cheap vanity domain to the actual address at my ISP (and to a couple of other addresses, for other usernames at redbird).
The canonical example domain is example.com.
I'd've
wow. double apostrophed. I don't think I've ever seen such a thing. It's almost like voluntary self-disemvowelation.
;)
Whenever this happens, I change my password. That usually fixes it.
Well, I had to give my email of nearly 15 years, because the spam-to-email ratio was well beyond 100-1, and was pushing 1000-1.
I lie about my email address often, because anything on the web get spammed quickly. Forget giving a real email address on a posting board -- the one in this post above was spammed one day after I first used it here.
Indeed, never *EVER* use a real email address on any blog thread. The first thing the blogspammers do is scrap the threads for emails, then they dump the spam.
Sucks if you want to get a hold of me directly, alas, but that's just the way it is, and the gain of you contacting me directly is not worth the amount of ensuing spam -- and it isn't like you can't figure out an email address that I do read. (BTW, don't send to the one linked above. Anything emailed to that gets the mailserver sending it blocked.)
I've started blackholing entire countries. The rule is that if I can't get one real email out of a thousand, I'm no longer will to let my mailserver accept email from that country. China, Korea, and Blugaria are now told to Go Away if they connect to my mailserver, and Taiwan is on the borderline.
For all intents and purposes, the spammers have won. Nobody talks about stopping them, we all merely talk about how we shuck and jive and filter and block to keep email a valid means of communication, and more and more people are deciding that this is way too much effort for way too little gain.
I'm still fighting, with my own mailserver, but this domain will be my last one ever. If it gets spammed into oblivion, then I'm off the net, because I have better things to do than maintain block lists and spam filters, and fuck if I'm paying for bandwidth so that the spammers can spam me.
"I'd've" is perfectly legit.
A Joe Job is an intentional targeting of the victim. A mere 2500 blowback messages is not evidence of a Joe Job, nor a DoS attack; it's just your turn in the barrel as spammers rotate the domains they forge. It's also easier to handle than a real attack, because you can block the (typically, relatively few) misconfigured sites that send it.
Warning to all: there's a new version of Bagle out, with even better social engineering to get victims to open it. (Stuff like "woman driver" or "identify this rapist" or "Please check this article we're about to publish about you".)
I use "wouldn't've" in normal (written) speech all the time. Nice to know that it's legit. :)
As for spammers. Someone had it pegged earlier - the people doing the spamming are middlemen, not those who are actually trying to sell something.
If they ARE trying to sell something, spamming is profitable if even one person buys - because the cost of marketing is nil when you're using someone else's resources to do it (servers, networks, bandwidth, etc.), without paying for any of it yourself.
As for me, I have an email address that I use everywhere (including here), which I never check unless I know someone has sent me something. Then I only have to look at the top of the list for the legit one. Otherwise, if I don't know, it might be a month or two before I get back to you...
I remember when I was among the people up in arms over it ten years ago, involved in organizations like CAUCE who wanted to legislate it out of existence. How far we've succumbed since then. *sigh*
For some reason all this reminds me of someone I ran across a month ago, who had logged into my brother's Yahoo IM. Turned out that he makes money by hacking into Yahoo accounts with desirable aliases attached, and selling those to people who want those aliases, some of them for hundreds of dollars. And he can get away with it because there's no way to actually tell this to Yahoo, because their customer service is nonexistent.
He agreed with me that it's dumb to buy Yahoo addresses with sought-after names when one can just make a Yahoo account for free. But he was still profiting from it, so, no reason to stop. (And he offered to sell back my brother's name for $40. I passed along all the relevant info to my brother and am not sure what happened after that.)
Ahh... Bandits on the Info Superhighway. Is anyone else using these incidents to fuel their fiction?
Nicole: now I've got the earworm! Fortunately, I like Neil Diamond. You might try replacing it with "Porcupine Pie" if it bugs you, though...
WRT earworms generally, I find that it pays to have a couple of songs in reserve that I do like, and which are pervasive enough to knock out virtually anything else. My top favorite for this is a lovely Spanish waltz tune called "Cantares de me Tierra", but earworms are so individual that it might not work for someone else.
I've been using the same e-mail address for over 10 years now, including on newsgroups. I'm sure I get tons of spam, but Earthlink's Spamblocker service does a pretty good job of bit-bucketing most of it, and my filters do the rest. I rarely get more than 3 that actually make it to my in-box in the course of a day. I check the spam folder for false positives about once a month, and delete anything that's more than a month old so that it doesn't take over my hard drive.
I got one of yours today, but Avast deleted it for me.
My webhost made me get rid of my catch-all address because they didn't want to help spammers. Now things just accumulate on the webmail.
You're right, Xopher, it should be "du jour" for exactly the reasons you state. (Except that it's à.)
I'm acutely embarrassed by having made this grave error.
My usual incoming spam rate is around 1-2/hour. I referred to a period of 5-10/hour as a spamalanche. 2500/day?!? Oy gevalt!
"Wouldn't've" - pronounced approximately wudna?
Ooh, I like "Porcupine Pie"! I like that, and "Gitchie Goomie," and "The Last Picasso." (Welcome to my mix tape.)
I'm also quite fond of "I Think It's Going To Rain Today", but it's much too short, so as an earworm, yes, gotta agree with Lori--it's a bitch. About the same problem I was having with the original earworm of the morning, really.
...and now I have probably thrown out enough song titles in a single post to make everyone thoroughly disgusted.
"wouldn't've" approximately rhymes with (some pronunciations of) "substantive"
At least, in my universe.
right now I'm having issues with my Mac email program (well, I've had them since I got the machine in November 2005).
So I'm pretty much stuck with my Yahoo email client, paulahmurray @yahoo.com to SEND stuff. Which for the most part is omitting some of my spam for me.
The pisser is that the one address I get the most spam from is the email set up for LaCon IV's Site selection committee
Since I'm truly a member, I have to at least glance at the postings to make sure I'm not missing something. But to-date, about 95% of total postings are crap. When I complained, somene replied that 'these kind of lists are always vulnerable to bad people we can't do anything." so why don't I get any spam on my other LACon staff emails?
Just sayin'.
One defence I've found useful is to configure my mail server to reject anything that looks like a delivery failure message and doesn't include either the subject or recipient details of a message I've sent in the last 4 weeks. I very rarely get these now.
Jules, would you be willing to go into more detail about how you achieved this? I'll finally get around to setting up my personal, never-gonna-lose-this-ever mail server in a couple weeks, and I'm very curious how you did that. I get enough bounce-back spam that it would make a big difference.
(You talk about dictionary spam... I am, through no particular fault of my own, on e-mail lists like 'men' and 'basses' at one of the oldest domains on the Internet. My filter catches 1100 spam messages a day, and my inbox still has a 1:1 signal-to-noise ratio. I *thought* I was getting enough spam that a little extra wouldn't matter, so I was less careful with my address than I should have been, and I'm very sorry now. And there does seem to have been an upswing recently, so maybe the latest big upgrade to SpamBot3000 just came out.)
I was away on a gig with limited internet access when this happened to me. When I checked my email, after three weeks, I had 267,000 spam emails, give or take. It took the better part of three days to delete them all.
Erik: I've started blackholing entire countries.
Would that I could. Alas, had I done so, I'd have missed making book sales to Russia, Bulgaria, and Romania.
I find that spam filtering works better if it doesn't rely on a single method.
A combination of spamassassin -- local and my ISP's -- and something called "the CRM114 Discriminator" (which uses Markov chains, instead of Bayesian statistics), all added up by procmail, works very well for me; I had the first leaker in about four months last weekend. The prior leaker was about six months after the one before it, too.
Now, admittedly, I don't get much spam (about a megabyte and a half a day), I do get some false positives -- it's difficult for an HTML message from Yahoo or MSN to *not* be flagged as spam -- and I need to remember to mark things for learning if something slips past one filter but not the other, but none of this is particularly onerous. (It helps to use a mail client that can mark messages matching a pattern.)
Xopher, your pun almost made me choke on a cherry pit. You owe me an acute apology.
I don't mind beign earwormed by Chelsea Morning - but I always hear Judy Dyble singing it.
I should also note that Bad Behavior also stops many email address harvesting scripts in their tracks. Which means the level of spam I receive hasn't increased much over the last couple of years.
"I was away on a gig with limited internet access when this happened to me. When I checked my email, after three weeks, I had 267,000 spam emails, give or take. It took the better part of three days to delete them all."
Wow, I don't think I've gotten 267,000 e-mails of any sort in my entire lifespan.
I would just like to note that the bread machine is currently occupied by a Chelsea bun dough batch, and It's All Patrick's Fault for inflicting a certain earworm on me.
Wow, that beats the 320 spam messages I got today on one of my blogs. Bleh.
I estimate it takes roughly 3 hours from the time I put up a new blog to the time it takes a spambot to find it. The computing power to do this on an automated fashion on an internet wide scale -- crawling sites, identifying common blog and forum programs, and entering info in the appropriate fields to successfully make a post -- has to be enormous. I get hit by spambots more than I get crawled by the various searchbots.
So, a few weeks ago, I posted my first comment to Making Light. Noting the request above, "real e-mail addresses only please", and trusting our Gracious Hosts, I did in fact provide my real e-mail address. Within a couple of days, the number of spam messsages delivered to that account went from one or two a day to 15-20 a day. Certainly not as bad as 2500, and the filters are pretty good, so they're not actually in my inbox, but still...
In re Leva, "Just imagine if all that computing power was directed towards curing cancer instead of selling you hrbl Vgr..."
(self-disemvowelled to remove the "questionable content")
Jules, would you be willing to go into more detail about how you achieved this? I'll finally get around to setting up my personal, never-gonna-lose-this-ever mail server in a couple weeks, and I'm very curious how you did that. I get enough bounce-back spam that it would make a big difference.
Well, the specifics of how I did aren't much use to you because I use a weird mail server that supports a Java plugin interface for message filtering. However, the general way could be useful:
* I track every message that gets sent through the server, recording its destination address(es) and subject line, along with the date.
* I assume that all messages with a return address of "<>" are delivery failure notifications. This isn't quite true, but is close enough that it works.
* When an incoming delivery failure notification is received, I scan through it, looking for e-mail addresses in the body and a few known headers (specifically "Not-Delivered-To" and "Failed-Delivery-Address"). If there's a match to one of the addresses on the list to an address I sent to, let the message through.
* If there's no e-mail match, I look for lines in the body (or attachments) that are prefixed "Subject", and match any text on the remainder of the line against my database of subjects. If a match is found, let the message through.
* If no match is found, drop the message in the junk folder.
There may be modules for common mail servers that do this, I don't know. It wouldn't be hard for someone with a little knowledge of the server architecture and a scripting language to put one together, if not.
On the subject of getting a lot of spam from posting in public forums -- the address I use here (and here alone) gets more than any of my others at the moment.
I can't help feeling that if we're to reclaim the Internet from the spammers, there needs to be as much effort expended in shutting down the spammers as in developing new and improved methods of blocking and filtering.
I'd like to see some tough laws punishing a lot of the techniques spammers use (use of viruses and botnets for instance) with serious jail time. And I'd like to see major ISPs take a zero-tolerance attitude towards spammers and any networks that knowingly host them. If that takes Internet Death Penalties against entire *nations*, so be it.
Tim, the viruses and botnets appear to be a clear breach of the UK's Computer Misuse Act, that's been around since the mid-Nineties.
That particular law has a streak of extraterritoriality--somebody in Florida could be prosecuted in a UK court if he were to subvert a computer in the UK. But can you imagine the USA, or the State of Florida, giving up anyone to a foreign court?
The problem is that these things are hard to prove, and the cases are expensive, and, most of all, nobody cares. There's no screaming headlines to terrify the politicians into action.
And, as with so much else, when something does make headlines, and Something Must Be Done, the legislators respond with new laws, which are about as well-enforced as the existing ones. But New laws are what they do, and by God, we're going to get them.
Dave,
You're probably got a valid point there. Lots of places already have perfecly good laws, but there doesn't seem to be the political will to enforce them. Perhaps that's really what needs to change.
I wonder if serving UK based spammers with ASBOs would have any effect? I would have thought spamming falls under 'Antisocial Behaviour'.
As for Florida, I'd recommend nuking it from orbit. It's the only way to be sure.
BTW, the Making Light spam filter doesn't like my domain name, so I've had to disemvowel it in order to post :(
Dana: A 'me too' post. Did the same thing, got the same results. After the first post, it occurred to me to modify the email addr I provided ( but this is closing the barn door after the horse has bolted ).
There is a Monty Python routine on the art of camouflage. The first two demonstrators are blown up after being asked to stand up. The third doesn't take the bait, and the narrator states "Mr. [so-and-so] has learned the first rule of camouflage: Don't stand up." ( He is dispatched, however, because he has chosen an obvious cover... ).
I guess if we hadn't stood up, we wouldn't have been hit... but what fun would that have been?
Dana, and our hosts: possibly the request for real email should encourage a simple disguise that a human mind can parse. I've used what you see for some years and still get relatively few spams there (certainly not 15-20 per day).
oddly enough I don't THINK I get spam because of posting here. then again, I don't see what Roadrunner, or for that, my router, prevents. I get enough random spam right now because I'm not actually using an email client, I'm using Yahoo mail. but it's not much, because Yahoo mail also filters if you call it spam.
I had been piping my email through my webhosting provider, where I have spam assassin/clamAV, and then forwarding it to my gmail account, which has google-quality filtration.
I got lazy one day, after I realized my webhost was intermittently going down, and switched to just using my straight gmail account here. My spams didn't increase noticeably - and I don't know if I would be able to pick out a slight bump from being here out of all of the joejob stuff being sent to my domain email anyway. Gmail usually has about 2500-2000 bits in the spambox at any time (I don't manually empty it often) and about 3-8 make it through to my inbox each day. Yahoo does about the same, though who is winning varies by the day.
I am truly lazy - I figure that if the smart guys at Google or Yahoo can't figure out how to filter spam one day and get completely overwhelmed, then my odds aren't significantly better. I have found other things to worry about.
Like vigilante solutions to spammers.
Since the sent-from line is trivial to forge, and many spam originating computers are actually virus-infected regular user machines, blacklists aren't useful for finding individuals to punish with violence. This is what lengthy, costly, civil proceedings, and bench warrants are made for. That, and more technological interventions.
Goofy technological intervention suggestion:
get everybody to public key encode all their outgoing email. Address spoofing is eliminated because spam pretending to be from somone it's not is rendered unreadable.
-r.
p.s. note that my proposed solution doesn't account for zombie machines, and requires the cooperation of everyone to work.
MWT, I don't know about retrieving stolen Yahoo accounts, but Yahoo does have an abuse department (if you can get past the ignorebot, which isn't hard; just put something in the body of your message that looks like a header line in yahoo's domain, like
Stolen-Yahoo-Account: whatever@yahoo.com
)
I might be able to get it escalated if you can't get anywhere with them.
rhandir, you've noticed some of the problems with your proposed solution. (google FUSSP)
In general, one person can do much better at filtering spam than a domain that has to cater to many people. For instance, I can discard anything in Spanish, Polish, Russian, etc., since even if it isn't spam, I can't understand it. But google has many users who speak those languages.
Likewise, someone working for Pfizer's advertising agency needs different filters.
Seth,
Ha! Excellent call on the FUSSUP. One of those links deserves to be particled. Yes, I was trying to be funny in that last line.
That said, some kind of public key encryption might be handy for filtering ham from spam in corporate environments; you generally want you "road warriors" to not lose their boss' urgent memo in a sea of spam, and a decodeable email can be floated to the top of the inbox over any number of chain email from mom.
I'm tempted to also include suggestions for something very Web 2.0 about using different public keys for different friend groups defined in your MySpace or LiveJoural, and putting all the coding/decoding infrastructure behind the scenes in one of those ajax-enabled web portals, but I ran out of buzzwords.
(You might also want to be able to see legit bounce messages from mailservers that you trust but don't necessarily have access to their logs. There is probably a better way to authenticate bounces already, but it is late in my timezone, and I don't feel like looking it up.)
-r.
Here's a cheery example:
Below is a summary of the incoming email to our gateway mail servers for all domains that we accept email for (there are 57 domains). This summary is for the last 7 days: Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and accepted only 47,749 messages. That's a ratio of 1:34 accepted to rejected messages!
The easy way to reject backscatter (bogus bounces for forged mail) is to check bounce messages (> sender) for evidence that the message actually came from you. Simplest is probably to see if the Message-ID (in the body) is in the domain you generate for sent mail.
My favorite FUSSP is to convince the Department of Homeland Security that al Qaeda is recruiting members, sending secret messages, and gaining funds through spam mailings, and that spammers are giving material support to terrorism.
It's obvious that:
interesting Girls at hardcoore fuckinng!
Young aesthetical Schoolgirl Porrn esthetic Video!
U_N_$_U_B_S_C__R_l_B_E
is a coded message. This one clearly means: "Osama bin Laden, Ayman Al Zawahiri, meeting in Khost safe house, 20Jun06, 2215 local time. Bring covered dish potluck."
Pick up the guys who sent it (this one originated in the Netherlands -- extraordinary rendition is your friend!) and they'll confess that it's true. They'll name their accomplices and provide details on upcoming terror plots. GITMO is for "the worst of the worst," right? People who are trying to arrange meetings for Osama fall in that group.
I'm tempted to also include suggestions for something very Web 2.0 about using different public keys for different friend groups defined in your MySpace or LiveJoural, and putting all the coding/decoding infrastructure behind the scenes in one of those ajax-enabled web portals, but I ran out of buzzwords.
rhandir: Well, the only way to make that secure from most things besides viruses and social engineering) is to *only* store the user's private key on their own computer. Otherwise all you're guaranteeing is that the e-mail is definitely being sent from your friend's Yahoo account... by whoever has currently got access to it. Not necessarily the same person as the owner. It's no better than a password, really.
When you've implemented RSA in JavaScript and had it vetted by a panel of independent cryptography and security experts, then doing public-key cryptography on Webmail might be worth considering. :-)
(Or the Webmail services could implement IMAP, so you could use a local client which *does* do encryption while still leaving your mail on the server, but even Google seems to find that a hard problem...)
Regarding greedy spambots harvesting e-mail addresses from weblog comments, if you want your hosts to see your e-mail address, and don't care if the other users can e-mail you or not, place a link in the URL line. Because most blogs show *either* your e-mail address OR your web address, so giving a web address "hides" your e-mail address.
If you don't have your own website, place the URL of the site you're commenting on in that spot.
James Macdonald: I was going to raise the issue of human rights, but I'm not sure that the term human applies to spammers.
They'd have to release all the innocent people currently held at Gitmo to make room for all the spammers!
Seth Breidbart: Thanks for the offer. However, it looks like my brother has decided to take the path of apathy. He made a new account and is writing off the old one.
Of course, this doesn't make me any less curious ... what kind of escalation did you have in mind?
And anyone else on Yahoo who might be worried: The guy goes after aliases that either start or end with _ (underscore), or have more than one in a row anywhere in it (e.g. "firstname___lastname"). Apparently these names are rare and therefore valuable because Yahoo no longer allows them to be made.
MWT, I can get hold of someone high in Yahoo's abuse department (semi-private escalation address, which I use when their filters or droids need fixing).
The spammers are on a roll - yet another good subject line today:
"Obtain degrees from Prestigious non-accredited Universities".
The sender must be Educate America.
Seth Breidbart: Would you (they) be interested in the IM logs of the conversations I had with said hacker? It includes a few bits of identifying info (how to pay him, etc.).
Also, this probably isn't an abuse issue but there's no other way I know of to contact a live person, so I'll just say it here in the hopes it might be helpful. My brother originally lost his yahoo account because one day, he found that he simply couldn't log into it anymore. None of the password retrieval forms worked out either. There was some kind of obscure bug somewhere. I *think* the timeline had him losing access several months before the hacker claims he grabbed it, but I don't know for sure. Either way, it seems to me that it should've been returnable to its rightful owner through those forms - but it wasn't. I can send more detailed info about that, too, if they're interested in fixing it.
If you're interested, drop me an email at my listed address. It's my spam account, but it is a legit active one and I do check it when I know to expect something.
Thanks!
The spammers are on a roll - yet another good subject line today:
"Obtain degrees from Prestigious non-accredited Universities".
The sender must be Educate America.
They wouldn't be laying out fool-bait if there weren't any takers. That should tell us something about the connected world.
I got one this morning purporting to be from someone in the US military in Iraq. It was in not-very-coherent English; apparently the writer was not fluent in the language. Trashed it. (It was a 419 job anyway.)
Progress: the net used to consist of a bunch of smart people sitting in front of dumb terminals.
P J Evans: I got a 419 this morning from someone claiming to be a Russian named 'Juan Balakov' addressing me as 'Comrade'. I presume that either there's a place in Lagos which has been time-warped to 1989, or that there's been a hitherto unreported Cuban takeover, or both.
Hey! I got one of those addressed to "Comrade" too!
I am Comrade Juan Balakov personal assistant to Mikhail Khodorkovsky once rated as
the richest man in Russia and owner of YUKOS OIL (Russian largest oil company),
chairman CEO: Menatep SBP Bank (a well reputable financial institution with its
branches all Over the world).
"Juan" Balakov? A by-blow from the Cuban Missile Crisis or the Angolan adventure, perhaps?
Linkmeister: Or a leftover from the Spanish Civil War....
Hola, tovarich, me llamo Juan Balakov.
Dear Friend:
I am Ivan Vladimirovitch Brodny, Fourth Assistant Governor of the World Bank with responsibility for Liquidations.
You may are hear of our disposing sale of assets of the Union of Unaligned and Mutually Suspicious Elements (UNAMUSE, former UNITED STATES OF AMERICA) after its liquidation by Chinacore Enterpirses and Cola Works SA.
As Fourth Assistant Governor iam not allowed to handle Gold Reserves, Notional MOnuments, and other big things on the other hand there is not much oversite down here giving me direct access to many easily liquidatable objects that could, with your kind assistance find buyers world wide, bringing you large profits at essentially no risk. Examples are the Washington Post (a data service or "blogg," not the famed phallic Monument), the Bridge of Brooklyn, Mr Donald Trump, the Smithsonian Institutions Dillinger Exhibit, and other items to numinous to mention. I am sure that you are one of the Many who received mail order catalogues during the re-alignment and yard sale of Holy Russia. But I do not gloat, gloating being reserved to Second Assistant Governors and above.
As you are surely aware your governments are, as Mr Tony Blair said on his way to the Tower of Volkswagen, "out-Balkaning the Balkans," so now is the time to Act Decisively. I await your reply and relevant currency transfer information with breath abatement.
Mike, surely that's baited breath, or something? (ROFL!)
Maybe I need to read more of the spam that lands
in my mail?
Coincidentally I got one of those Juan Belakov ones today too. Perhaps the spammer got all the addresses from here?
John M. Ford: If you were Japanese you'd be declared a National Treasure.
MWT, I don't think so. I got mine through Gmail, and I don't use that address here.
Breath abatement. I immediately thought of noise abatement, personified by concrete walls around freeways in downtown sections (Hello, Phoenix!).
Mike wrote: items to numinous to mention
That's what's in all those crates at the end of Raiders, right?
Fragano: we should honor our national treasures too, but at least we bloggers here can all join together in a "Bravo, Mike Ford!" (That last "spam" post was priceless.)
Y'all really want to honor Mike? Donate a chair to the new Mpls Central Library in his name.
It now says we have to organize the $500, then tell them. I'll pledge the first $50.
[Finally a topic on ML that I can speak authoritatively on, and I almost missed it]
One of my e-mail addresses was used to register multiple domains, years ago, and so I'm on every "Millions CD" in existance, as far as I can tell. I get ~450 spam messages quarantined daily, so 2500 is just a vacation away from the computer.
For the geeky "build a server from scratch for fun" crowd, I'm one of the developers of qpsmtpd, a replacement SMTP server (written in Perl) that eliminates roughly 60% of the spam hitting our corporate servers (that includes two completely independent anti-virus scanners). And, no, it's not slow in the slightest; all incoming mail to perl.(org|com|net) and apache.org uses qpsmtpd.
I also use dspam for our corporate network. This is an adaptive anti-virus scanner (like CRM114 but with other methods) that learns what you consider to be spam. It's got a nice web-based quarantine, so even the computer averse can manage it.
I've used SpamAssassin in the past, and though I like it overall, the need to continually tweak the configuration rules became a drag. dspam just learns on it's own, so it is ideal from the admin point of view.
Ask me more if you are curious...
John
Seth, why don't you be the organizer? People can email you about donations. I've done my share of organizing lately.
OK, I'll take pledges. (I figured that people would just post here, and I'd notice when the total was $500 and submit it.)
$400 to go.