Category Archives: Spam

Spam bounces

I’ve been getting an extraordinary amount of spam bounce email. One mailbox got thousands and thousands over the weekend, and I know I’m not the only one.

Which means of course that my address is being used in vain by some git of a spammer.

Unfortunately my spam detection software isn’t so crash hot on zapping the bounces, because it’s a bounce, not an actual spam message. And there’s probably not much to be done about spammers forging my address.

After trying in vain to keep up with it all, I eventually blocked the common bounce From address, by adding them to the Plesk blacklist:

mailer-daemon@*
postmaster@*

Hardly ideal, since I’d never see genuine bounces. But it has slowed the flow.

What’s annoying is that about 10-20% of bounces come from a myriad of other addresses. These include the intended recipient’s address, and a variety of apparently semi-random addresses set up as support emails or automatic bounce processes.

There’s also a smattering of “MAILER-DAEMON@” — which isn’t even a legal address. And a lot of them come in with no date field. Very dodgy!

HOW ABOUT SOME STANDARDISATION, PEOPLE?

And maybe it’s time someone came up with a viable way of verifying sender addresses, and stopping From address fraud.

How many people still use Mailwasher?

Does anybody still use Mailwasher?

“MailWasher retrieves information about all the emails on the server. With that information (some of which is also processed by MailWasher) you can decide what to do with each individual email – download, delete, or bounce back.

If you check your account with MailWasher first, you can delete or bounce the emails you do not want. Then, when you use your email program, it downloads only the remaining emails, those that you want to read.”

MailWasher’s been around for a while, and I know some people still use it. I tried it some time ago, and it just didn’t seem worth my time to review the headers and choose which items to delete/bounce, as a prelude to actually downloading and reading my email. I might feel differently if I was still on dialup, or perilously close to my download limit. But as it is, if any spam gets through to my mailbox, I’m happy enough deleting it from my email client.

And given the spammers use fake originating addresses and rarely seem to validate the lists they use (I know this because they’ve faked my address as an originator, so I’ve seen the bounces), I’m not convinced bouncing spam back does any good.

So Mailwasher was great in the olden days of dialup, but these days… I guess some people still use it, but I don’t see the need.

Some people have taken to passing their email through Gmail (forward from your email address to Gmail, then read via Gmail’s POP or IMAP access), to make use of Gmail’s spam filters. My ISP has spam filters which work fairly well, so I haven’t resorted to that yet.

The latest splogging method

A new example: http://sl-weekly.com/

Basically an excerpt from a blog, with a random introductory paragraph up-front to make it look human, presumably in the hope that the trackback will be accepted.

Random introductory paragraphs:

  • I’ve a passion for X and keep looking for good articles. Today, I checked if I could find more info by entering ‘Y’ in Google and found this
  • People are always asking me to blog more often, well here you go, I looked up some info on ’Y’.
  • Last night I used Technorati to find more info on ’Y’ so I could post it into ‘X’. And this is one of the many results I found
  • Today I was digging for some info on ’Y’ and came across the following section

Of course, it’s pretty obvious if you look at a few posts in a row. Less so if you’re getting the occasional trackback request.

Australian PM spam

Someone’s spamming Australian email addresses with a fake news bulletin about PM John Howard having had a heart attack. It includes a link supposedly to The Australian newspaper, but which in fact goes to http://www.theau-news.org/ The spams come from a variety of addresses, with subject lines such as “John Howard, the current Prime Minister of Australia have survived a heart attack” and “Best surgeons are struggling for the life of the Prime Minister”.

The domain was registered only a few days ago, to a post-office box in Nova Scotia, Canada, and apparently the site tries to install malware.

SYDNEY, February 18, 2007 08:56pm (AEDT) – The Prime Minister of Australia, John Howard have survived a heart attack. Mr Howard, 67 years old, was at Kirribilli House in Sydney, his prime residence, when he was suddenly stricken. Mr Howard was taken to the Royal North Shore Hospital where the best surgeons of Australia are struggling for his life.

Click on the link below to get the latest information on the health of the Prime Minister:

The Australian – keeping the nation informed
Continue reading

The cost of the pitch

What spammers don’t seem to realise is that advertising doesn’t scale. Spruikers know this — that’s why every shop doesn’t have one, it would be a cacophony of noise. Junk (snail) mail people know this — if everybody’s mail box was flooded 100% of the time, everybody would get a No Junk Mail sticker. (Mind you I did once get 28 items in one day.) Telemarketers… well, they may not have figured it out yet.

In fact no, I’ve changed my mind. It’s all about the cost of the pitch. As the cost approaches zero, and assuming there’s no regulations preventing it, there’s more pitching. So those who don’t batton down the phone hatches like I do get endless calls. And spammers flood email boxes, despite that their pitch would work better if it was the only one that arrived that day. Not to mention if it wasn’t in broken English.

Which is why my Gmail spam folder currently has 2702 items in it.

Do people wanting to buy Cialis and Viagra actually wait around for a spam to arrive telling them how to get it? Why don’t they just go to the chemist?

DealsDepot.com.au is spamming blogs

People are comment-spamming blogs on behalf of DealsDepot.com.au. The comments I’m getting look something like this:

Name: mirror
E-mail: mirrorconsultancy@yahoo.com
IP: 125.22.69.34

Talking of [topic], may be if you want to buy [product] at best price, I have a suggestion to make do look up Online Shopping

I’ve had about a dozen of these today, hitting various entries, where the topic closely resembles the topic of the blog post hit, though the link to [product] is often tenuous.

Apparently (see comment 16 here) the company offers discounts from products in return for people posting blog comments about them. Certainly looking around they appear to be successfully hitting a lot of blogs.

Not mine though.

More examples after the fold.
Continue reading

Israeli Brokerage Services spam

I’m glad I’m not the only one getting endless offers of jobs from Israeli Brokerage Services Limited.

Spam from Israeli Brokerage Services

Apart from anything else I find it puzzling that they think their scam will work better if they bombard email address many dozens of times every day. Like getting ten of the same offer isn’t going to make me suspicious?

Update 10-Nov-2006: Information on this scam at the Western Australian government ScamNet.

Captchas are just Turing Tests

The comments on Jeff’s post that Software development is basically a religion found themselves talking about Jeff’s captcha, which is the word orange. Always has been. Basically, there’s a mandatory field. Fill it in wrong, and you get no comment. But because having this mandatary, when’t a spam bot going to figure that out? You may as well have the word “orange” as text, not a graphic, and then the vision impaired can play too.

I think I’ve talked about this before.

BTW: welcome to the 6th of the 6th of the 6th. Finally Americans and the rest of the world can agree on the date.