Planet Antispam
November 21, 2008
33452 patterns, 11399 right anchor strings, 112490 test IPs.
Contribs from yesterday.
Was asked to start tracking couplets (pattern class and tech, taken
together as a sort of meta-identifier); there are no new couplets
in this release.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20081120
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20081120
November 21, 2008 12:39 AM
November 20, 2008
FTC: Court Orders Halt to Sale of Spyware: “According to the FTC’s complaint, the Florida-based CyberSpy Software, LLC marketed and sold RemoteSpy keylogger spyware to clients who would then secretly monitor unsuspecting consumers’ computers. The FTC seeks to permanently bar the unfair and deceptive practices and require the defendants to give up their ill-gotten gains.”
November 20, 2008 11:22 PM
Spammers seem keener than ever to customise their messaging and value propositions to the differences in their various target markets. Nowhere is this clearer than in the pharmaceutical spam sites and their most well-known protagonist Canadian Pharmacy. Not only does the page — which is often hosted on a hacked webserver — attempt to recognize [...]
November 20, 2008 05:22 PM
33436 patterns, 11397 right anchor strings, 112477 test IPs.
Contribs from the past few days, as well as several more from trap
hits analysis.
Was asked to start tracking couplets (pattern class and tech, taken
together as a sort of meta-identifier); there are 2 new couplets
in this release ('static/satellite', 'outmx/antivirus'). Also, I
retired dynamic/gprs; new mobile telephone links will simply be called
'wireless'.
Download them here:
sendmail:
http://enemieslist.com/downloads/sendmail_access_db
http://enemieslist.com/downloads/rightanchors
postfix:
http://enemieslist.com/downloads/postfix_regexp_table
http://enemieslist.com/downloads/postfix_regexp_table-20081119
exim:
http://enemieslist.com/downloads/exim_hosts
http://enemieslist.com/downloads/exim_hosts-20081119
November 20, 2008 02:06 AM
November 19, 2008
Direct: Top Firms Fumble Opt Outs: Return Path Email Study: “More than 10 years since e-mail became a viable sales-and-marketing channel, many of the best-known marketers in the U.S. handle opt-outs poorly….”
November 19, 2008 10:51 PM
New Scientist have a great article up this week entitled ‘Dumb eco-questions you were afraid to ask’, including:
Q: Does switching from bus to bike really have any effect? After all, cycling isn’t completely carbon neutral because I’ve got to eat to fuel my legs.
A: You are much better off cycling. A 12-kilometre round commute on a bus or subway train is reckoned to generate 164 kilograms of carbon per commuter per year. Somebody cycling that distance would burn about 50,000 calories a year - roughly the amount of energy in 22 kilograms of brown bread. A kilo of brown bread has a carbon footprint of about 1.1 kilograms, so switching from public transport to a bike saves about 140 kilograms of carbon emissions per year — although this only really works if enough people cycle to allow public transport providers to reduce the number of buses and trains they run.
Also included: ‘How clean does the pizza box/can/bottle have to be for it to be recyclable?’; ‘Are laminated juice cartons recyclable?’; ‘What’s worse, the CO2 put out by a gas-fuelled car or the environmental effects of hybrid-car batteries?’; ‘Can I put window envelopes in the paper recycling?’ and many more. Check it out…
November 19, 2008 02:51 PM
My 'travel book for nerds' book, The Geek Atlas: 128 Places Where Science and Technology Come Alive, will be published in April 2009 by O'Reilly. As part of the process of writing the book I had to come up with a title. I had three titles that I liked: A Voyaging Mind, A Mind Forever Voyaging and A World of Discovery.
Ultimately, O'Reilly came up with the current title after doing their own market research, but before that I wanted to figure out which of the three titles would work best.
To do that I bought ads on Google AdWords that were relevant to the book (such as when people search for 'science museum') and set up three ads that would appear randomly. The ads all had the same text except for the main title which was one of the three possible book titles.
I let the campaign run for 30 days and then analyzed the results to see which one had the greatest clickthrough rate. There was a clear winner: A Voyaging Mind.
And for a long time A Voyaging Mind was going to be the book's title.
It seems to me that Google AdWords could readily be used for other such experiments: it's cheap, it's simple to target your experiment based on keywords so that you can choose the type of people exposed to the experiment and by setting up random display of a set of ads you can try out variations of an idea easily.
Obviously book titles are just one possibility. What other things could be tested using Google AdWords?
November 19, 2008 01:50 PM
Last week, I wrote about a study conducted by researchers at the University of California on the economics of spam. They had determined that the spammers were obtaining a conversion rate of less than one in twelve million from their botnet-sourced spam. That is, the spammers had to send twelve million spam emails for every customer they snagged.
I concluded that "just hit delete", educating the users, improved filters, or trying to use the legal system just were not going to work to stop spam.
This week, I'm going to talk about something that apparently does work: not tolerating the bad actors responsible.
If you follow spam issues in the news, then you may have heard of the takedown of a black-hat ISP in San Jose, California known as "McColo". You can read all about it in Brian Kreb's Washington Post article Major Source of Online Scams and Spams Knocked Offline.
In a nutshell, McColo was one of the prime bad-guys of the internet. Child porn, phishing, credit-card processing for criminals, you name it. We're talking the Dr. Moriarty of the internet here. As part of all that, they were knowingly hosting the command-and-control centers for major botnets.
McColo had been well-known to a number of internet security experts and spam-fighters. Attempts to get them disconnected by their upstream providers, Hurricane Electric and Global Crossing had long fallen on deaf ears. Finally, it reached the point where their support of McColo was going to reach a wider audience. Faced with a public shaming, they finally did the right thing and gave McColo the boot.
Here's what's significant: The shutdown of McColo resulted in a 60-70% drop in spam worldwide overnight.
Let me say that again: A 60-70% drop in spam overnight. Worldwide. From disconnecting just one bad actor.
This chart, courtesy of SpamCop shows it best:
Other spam-tracking sources are reporting similar reductions in spam. It is reported that detections of the Srizbi botnet (the biggest, at 60 billion spams/day) are down by up to 95%. Similar reductions in activity have been seen in several other botnets, including Mega-D, Bobax, Rustock and possibly Asprox.
I don't have any illusions that this drop is permanent. The spammers and bot-herders will be looking to rebuild their networks almost immediately. I've already noticed an increase in virus spam lately, as have others.
(Note: This may be a good time to remind your friends and relatives not to click on any attachments they receive — especially anything in a .zip file.)
Also unfortunately, McColo had a backup plan in the form of Swedish internet service provider TeliaSonera who, not knowing what was going on, left McColo connected to the internet. McColo was savvy enough to wait until the weekend before taking advantage of their backup connection. The problem was discovered within hours, but getting them disconnected again required CEO approval, which took even more time. All told, McColo was back online for about twelve hours. Enough time, unfortunately, to transmit botnet control updates to servers in Russia. More details can be found in the U.K. Register.
It will probably take time for the spammers to get the botnet up and running, but we should see spam levels begin to rise again shortly.
Other articles on this takedown:
Next: You can fight spam by disconnecting bad actors
November 19, 2008 12:12 AM
November 18, 2008
Three simple techniques that are used as inputs for filtering spam are the following:
- Check to see if the sending domain in the SMTP MAIL FROM has an MX record
- Check to see if the sending domain in the SMTP MAIL FROM has an A-record
- Check to see if the sending IP has a reverse DNS
The point of the first two is see if the sending domain exists. Spammers don't care about receiving answers to their messages (except in the case of 419 spam) so the theory is that if a sender does not have a domain that exists, it is probably a spammer. In the third case, spammers will often hijack IPs with no reverse DNS so as to avoid reputation filters, so no reverse DNS = suspicious.
Customers have often requested why we do not have outright blocks on mail that meet any of these criteria. My answer is always the same: these techniques are not reliable enough upon which to block mail.
There are plenty of examples I can name where someone might legitimately do this. People sometimes misconfigure mail servers. People send automated reports. Companies that are small might not know enough to set up their reverse DNS, and so forth. It doesn't matter how many people you correct to fix something, there will always be more. Rather than attempting to save the world by fixing everyone else's settings, my philosophy is to avoid being overzealous in spam filtering. In other words, I acknowledge that people out there do silly things, and I avoid being overly harsh when I encounter them. The FP headaches are not worth the hassle.
To support this assertion that the above three techniques are not enough to block on, I revert to statistics. Prior to the McColo outage, about 64% of all mail that hits our inbound filters (after IP rejects, which accounts for the bulk of all total mail) is marked as spam. Here are the numbers for each of the above rules:
- No sending domain MX record - 17% spam rate
- No sending domain A-record - 16% spam rate
- No reverse DNS of sending IP - 29% spam rate
Spam rate means "When this rule hits a message, what percentage of the time do we mark it as spam?" To interpret this, if spammers exclusively used a technique, we should see a higher spam rate. For (2), we should see a 90-95% spam rate (the rest being false negatives and tiny corner cases). If it was evenly split between spammers and misconfigured users, then we should see a 64/64 split, or thereabouts.
But that's decidedly not what we see. We mark almost 2/3 of inbound mail as spam, but when this rule fires, only 16% of the time is it marked as spam. The fact that there is a nearly 40-point spread makes this unlikely to have occurred by chance, noise, or false negatives.
This means that a very highly disproportionate amount of legitimate mail sends with no A-record for the sending domain. The conclusion? Blocking mail from senders with no A-record will be prone to false positives. The situation will be the same for the other techniques.
Even throttling on this technique is prone to false positives. Throttling on misconfiguration is almost as big a problem as blocking on it. If one user screws up and sends mail with no A-record, they're probably going to send a lot of mail. Worse, if they script it, they're probably going to send a ton of it. So, simply because a user has sent a lot of mail with no A-record, it doesn't mean they are spamming. More analysis is required, like seeing if the domains are all different and who they are sending to. Simple blocks on these three techniques is a bad idea.
November 18, 2008 09:41 PM
Terry Zink: Categories of problems in outbound spam: “We’ve implemented a number of solutions and incrementally have started to tighten the screws in what we will allow customers to send out without any interference from our side. We have discovered that the following about outbound spam from customers….”
November 18, 2008 05:33 PM
The U.S. Internal Revenue Service isn't the only taxing authority to be abused by scammers (here, here, and here). The Canadian equivalent, the Canada Revenue Agency, is also on scammers' hit lists.
Here's one I saw today:
From: security@cra-arc.gc.ca
Subject: Canadian Revenue Agency - Online Refund Form
Canada Revenue Agency
Online Refund Form
After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 386.00.
Please submit the tax refund and allow us 3-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here>>
Copyright Canada Revenue Agency. All rights reserved. www.cra-arc.gc.ca
Astute Canadian recipients would be suspicious with the Subject: line, which refers to the agency as "Canadian," rather than the start of its official name, "Canada." The body of the message gets it right.
The link, of course, was not to the agency, but to a domain originally registered through EstDomains (ugh) by a person claiming to be in Russia.
Although the site was quickly taken down, the template obviously exists for repeat transmissions of this phishing spam when they set up the site elsewhere. While the CRA may, indeed, find that a citizen is due a refund, the announcement won't come in the way of an email message with absolutely no reference to the recipient's name as it appears on the tax return. For what it's worth, in the U.S., the IRS simply mails you a check or direct deposits a refund before you're even aware that you were due the refund. There is no form to fill out to claim your refund. They have all—and I mean all—necessary personal identity information without you having to supply an ounce of data in some stupid form.
November 18, 2008 04:05 PM
Zoominfo -- a company that has created some sort of business contact database where you (you probably being "spammer") can buy lists of email addresses. Ken Magill talks about them here, quoting deliverability consultant Laura Atkins at length.
Here's my take on this.
Problematic? Yes.
Permission-based? No, don't think so. Zoominfo has claimed that CAN-SPAM compliance is followed, but I don't
November 18, 2008 02:57 PM
Yesterday, Microsoft did its big launch of Online hosted services, opening it up to SMEs as well as large organizations. These are “in the cloud”, or software-as-a-service (SaaS) implementations of Exchange and SharePoint (not to be confused with Exchange Hosted Services, which is the hosted email security service formerly from Frontbridge).
Microsoft first announced this about 18 months ago, and has been offering it only to large organizations for several months.
The services run in Microsoft’s own datacenters, on shared hardware — or dedicated hardware for larger customers.
In June I saw a demo of the tools to migrate users from an in-house Exchange network to the service. It looks comprehensive. The most useful aspect is that a customer can choose a subset of their users to move to the service, retaining other users on the in-house system.
Naturally, the service allows customers to synchronize their Active Directory (AD) forest between their in-house AD servers and the ones in the cloud.
Of course, this puts Microsoft into direct competition with their partners who are already offering hosted Exchange/Sharepoint — often using market development funds from Microsoft itself. However, this does at least validate the market. Microsoft will also allow partners to resell the Online services, with some attractive affiliate kickbacks.
For the combination of Exchange, OCS, LiveMeeting, and SharePoint Online, Microsoft announced the price would be $15.
$15 is too expensive. Here’s two reasons why:
First, compare that price with Google Apps at $50/year ($4.17/month). At one third the price, the combination of white-label Gmail, Google Calendar, Google Sites, and Google Talk may not provide 100% feature equivalence — but in most cases it will be more than good enough. Don’t forget that Google offers 25GB of email storage at that price, versus Microsoft’s 1GB, which is paltry by comparison. Some organizations may even find the free version of Google Apps is sufficient for their needs, assuming they can live with the lack of a service-level agreement.
Second, Microsoft doesn’t seem to have learned from the mistakes of others. Over the past ten years, we’ve seen vendor after vendor try to offer hosted Exchange — many of them backed by substantial Microsoft resources — but few have survived. Again, the problem is one of cost. Although the vendors would make a coherent, well-argued case that an organization should migrate to its hosted service, few IT managers believed it would save them money.
These vendors would tell potential purchasers that they could provide the service for less money than it was currently costing to run it in-house, but when it came time to actually quote for the service, most IT managers simply didn’t believe it cost them that much.
For fans of Economics 101, the hosted providers were charging more than the market would bear. Looks like Microsoft is making the same mistake. It’s a pity: Exchange 2007 is much more suited to offering the required economies of scale than previous versions.
November 18, 2008 10:36 AM
Being a hosted service, we have a number of customers who share an outbound IP range. If one of those customers starts to misbehave, their actions can affect everyone else.
We've lot about outbound spam this past year. We've implemented a number of solutions and incrementally have started to tighten the screws in what we will allow customers to send out without any interference from our side. We have discovered that the following about outbound spam from customers:
- The techniques used for inbound filtering don't carry over quite as well for outbound mail scanning. The false positives are higher for outbound than they are for inbound. This remains a puzzle.
- The spam problem is in reverse; for inbound mail, it's mostly spam with some legit mail. For outbound, it's mostly legit mail with some spam. Detecting spikes in mail doesn't work very well because the day-to-day data is so noisy, a blip in traffic from one customer doesn't stand out in the overall scheme of things.
Going from the above, we've had to deconstruct the problem down into a series of smaller problems. In roughly the following order of difficulty, here are the scenarios when dealing with outbound "spammers":
- Outbound spam that we detect from spoofed senders
When a customer sends spam from a domain that we don't know about (ie, *@yahoo.com, *@paypal.com, etc), we catch and handle this case. It is permissible for customers to send mail as sending domains that they have not registered with us but we will treat that mail differently if they do and we detect it as spam.
- Outbound spam that we miss, from spoofed senders
This is somewhat similar to the above, except that our normal filters miss the message and don't detect it as spam. This doesn't occur often, but it happens enough to be a nuisance. To that end, we decided to treat this mail differently as well and apply some heuristics to it. Borderline mail gets nudged over the spam threshold if it's outbound and the sender isn't registered. We don't block it, but we do detect it and treat it differently.
- Outbound spam that we detect from good senders
Originally, we thought we'd give our customers a break. If you are sending mail from a domain that is registered with us, we'll treat you well. You're doing something you are supposed to do - send mail from presumably locked down accounts. Well, as it turns out, it only takes one bad apple to ruin it for everyone in that domain. Users get their accounts compromised all the time (and it's a different user each week). So, outbound spam from supposedly well-behaved domains is a third case that must be handled.
- Outbound mail that isn't spam but is still getting us blacklisted
This is the most difficult case. When users do something that is legal according to SMTP but considered bad practice in the real world, that's a problem. We recently had a user send out a bunch of mail using a domain that had no A-record (ie, test@example.domain.local). It looked like an admin or programmer or something had an automated report sending a whole pile of mail to his home ISP account (hmm, how many of us have done that?). Well, guess what? That ISP detected that sending domain didn't exist and throttled our outbound IPs. Sending without an A-record isn't illegal, but it is bad form.
Our filters did not say that the message was spam (and it wasn't). But someone else's filters said that doing stuff like that is enough to block our IPs. It ended up hurting us because our filters didn't detect it, and that's the case that, in my opinion, is the most difficult one to solve. I avoid FPs like the plague, and I think that this was a case of an FP.
We started off with a liberal implementation of outbound spam filtering. Over time we have slowly and incrementally started clamping down even more and I suspect that we will get to the point where we are very conservative in what we send out. I don't particularly like that approach but I guess that's the reality of where it's headed.
November 18, 2008 02:12 AM
November 17, 2008
Joho the Blog: Is the Net dangerous for kids? The research shows …: “Actual research, not scare stories or assumptions…” (which will be published in January) appears to show that “…the increased popularity of the Internet in America has not been correlated with an overall increase in reported sexual offenses; overall sexual offenses against children have gone steadily down in the last 18 years.”
November 17, 2008 10:14 PM
CyberCrime & Doing Time: Enlisting YOUR BANK to steal your identity: recent malware hijacks your browser and adds fields to your bank’s web forms, then steals the results
November 17, 2008 09:41 PM
Spam Wars: Falling Hard For a 419 Scammer: when smart people won’t listen to other smart people — who also don’t listen in return — nobody wins.
November 17, 2008 09:34 PM
Oh what a tangled web we weave,
When first we practise to deceive!
-- Sir Walter Scott, Marmion, Canto vi. Stanza 17
It starts with a spam message that appeals to a potentially desperate audience of people hounded by personal debt:
At first glance, it looks to have some blessing from Microsoft, despite the intentional misspellings to get the message past some content filters. All of the links—including those at the bottom that look like they'd point to Microsoft—take you to a domain registered a few years ago to an address in Saudi Arabia. The domain, by the way, is flagged from here to Timbuktu as being a baaad place by multiple malware-detection services (e.g., Finjan).
But the links in this email message (they're all to the same URL) are to a page within that site, a page that redirects attempted visitors to a different domain that was registered a couple of days ago to someone claiming a Moscow, Russia address. The page hosted there shows no company name or other identity, but serves as a lead-generation page for (possibly) debt "elimination" services. A form on the page asks for minimal personal information, and no account numbers or passwords. It does say, however, that by submitting the form, you grant permission to be contacted, including by telephone.
Anyone filling out that form would be dealing with yet another deceiver weaving a tangled web. This page includes three logos at the bottom boasting protection by VeriSign, review by Trust*e, and compliance with the CAN-SPAM Act of 2003. Absolute lies on all three counts!
These are tough financial times for lots of families. That spammers and scammers target the most vulnerable is, to all but crooks, unconscionable. Be careful of any lifeline thrown your way via spam: The other end of the line is most likely tied to an anvil.
November 17, 2008 05:41 PM
I think I just got my first spam from a government body! Specifically, VisitWicklow.ie spam from Wicklow County Tourism. It says:
Wicklow County Tourism is launching its sparkling 2008 Christmas campaign this month, with an extensive festive section on our website www.visitwicklow.ie/xmas . Here you will find all the information you need about what is happening in the Garden County this season including Christmas parties, seasonal events, carol singing, festive markets, Santa visits, great accommodation packages etc.
It was sent to a spamtrap address, scraped from an old mail archive. This address is a dedicated spamtrap; I’ve never used it for non-spam-trapping purposes, nor has it ever opted-in to receive mail. So there was no question that I granted permission to anyone to mail it.
The address delivers mail to my personal account — that’s what I do with my spamtraps, until their volumes get too high. So it still qualifies as a “personal email address”. Here’s the full spam with all headers intact.
It appears the message originated at IP address 87.192.126.62:
inetnum: 87.192.126.32 - 87.192.126.63
netname: IBIS-PA-NET
descr: BreezeMax-KilpooleHill-Comm-E 3MB 24:1 (2)
country: IE
admin-c: IRA6-RIPE
tech-c: IRA6-RIPE
status: Assigned PA
remarks: Please do NOT send abuse complaints to the contacts listed.
remarks: Please check remarks on individual inetnum records for abuse contacts, or
remarks: failing that email abuse reports to abuse@irishbroadband.ie.
mnt-by: IBIS-MNT
source: RIPE # Filtered
Kilpoole Hill appears to be south of Wicklow town, just the right spot for a wireless tower used for Irish Broadband access from The Murrough, Wicklow Town (mentioned as the address for Wicklow County Tourism in the mail).
Suggestions? Did anyone else get this? How do I report spam sent by the Wicklow County Tourism Board?
Update: they also hit the Irish Linux User’s Group submission address. I wouldn’t be surprised if they scraped the addresses of other ILUG subscribers, then…
November 17, 2008 02:59 PM
In 2006, spammers started in a big way to use image spam to try to push through all of their stuff. While this technique is still used today, it isn't quite as effective because spam filters caught up.
One technique that Microsoft developed is called Shingling. That's where the image is broken up into a series of smaller segments, called shingles. The noise is removed and hashes compared for those microsegments. Given two images, it was possible to compare if two images were more or less the same. Of course, they weren't exactly the same, they were slightly different but all spammers were doing was inserting random noise, or rotating the image or phase shifting it. By ignoring the noise one could compare and match two images.
Recently, I came across the Photosynth application from Microsoft Live Labs. This is an application where you can upload your pictures from a trip and it will attempt to create a panoramic shot of all the images. I would guess that some of the image shingling techniques are used by looking at things like edge detection. While I was in China, I knew about this application so I took a few pictures to test this out. I didn't completely succeed in getting all of the overlap to work, but some of it turned out all right. Below is a shot of Shanghai, China:
Anyhow, it's a cool application. From now on, for my future trips I shall take shots of some neat places with this app in mind.
November 17, 2008 04:53 AM
November 16, 2008
While the take-down of McColo received a lot of attention in the last few days, it seems not everyone was listening: the company came back online yesterday for a while thanks to TeliaSonera AB, a Swedish ISP that has a router in San Jose: Apparently those responsible for hooking up new customers at TeliaSonera don’t read [...]
November 16, 2008 08:40 PM
Just a couple of months ago, I wrote that people still fall for 419 scams. A sad story out of Oregon proves the point to the tune of $400,000 (TV news video story).
A couple of things about this tale are worth noting.
First, the victim is a registered nurse and sign language interpreter. While she may not be savvy about Internet scams, she is no illiterate rube. Once she was on the hook with the scammers, no one, including local law enforcement officials, could dissuade her from trying to cross the finish line. This seems to be the case when most 419 victims finally fess up in public to their situations. I've known of many cases where professionals (physicians, attorneys, university professors, successful business people) get caught up in the scams. It's almost as if the smarter they are, the more immune to scamming they feel—when in truth, their greed knows no intellectual bounds.
And, no doubt about it, the scammers are quintessentially skilled in being persuasive and supplying phony documents, emails, and photographs to keep the victim on the hook. It's like when I see film of deep sea fishing: once the marlin takes the bait, the skilled fisherman knows how to reel in a bit, then let the line out to give the fish a chance to think it's winning, and then reel in some more, each time reducing the overall distance between fish and boat. Unless the line breaks, the marlin loses every time.
A companion written article by the TV reporter was published online and open to comments, which brings me to my second point worth noting. A vast number of commenters couldn't believe that anyone falls for these "obvious" scams anymore. They are chest-thumpingly proud that they automatically delete these messages, and assume that everyone else does, too. It is simply beyond their comprehension that anyone would respond to a 419 message...or open an email attachment from a stranger.
Therein lies a significant problem in trying to educate the world about potential hazards that arrive by way of messaging (email, IM, Skype, etc.). Those who deal with this stuff on a daily basis—and can sniff out a scam before the message arrives in the inbox—can't even imagine anyone falling for such "obvious" frauds. "Education, shmeducation! Nobody falls for that stuff anymore!"
One Oregon woman has 400,000 reasons to disagree.
November 16, 2008 07:54 PM
November 15, 2008
A few months ago we had a most interesting colloquy when I posted with some
amusement a piece of spam that Postini had sent me, suggesting that a
company that claims to be in the spam filtering business should consider
using its own product, and a former Postini employee expressed bafflement
and outrage that anyone should expect Postini to bear any responsibility
for mail sent through their servers.
Well, they're back!
See more ...
November 15, 2008 01:11 PM
John Levine reports on yet another example of spam received from the servers of spam filtering service provider Postini.
November 15, 2008 11:00 AM
Al Iverson at Exact Target gives us a new acronym: D.E.A.T.H., for Don’t Email Ads To Hardbounces (a weird way of saying “don’t send mail to addresses that aren’t accepting any mail.”)
Laura Atkins at Word to the Wise gets email from a stranger, who sent it because she was “in [his] address book under Spamhaus.”
Don’t do that.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=f1a5eb54-208a-4078-9a77-efb5b7a6efd2)
November 15, 2008 12:47 AM
SearchSecurity: Web-borne malware targets unexpected industries:
“A study…analyzed how many times its Web security service blocked malware when users browsed compromised Web pages. The result showed the highest incidence in four startling verticals: energy and oil, pharmaceutical and chemical, engineering and construction, and transportation.”
(via fergdawg)
November 15, 2008 12:21 AM
CAUCE: Should I Stay or Should I Go?: “Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality….”
November 15, 2008 12:15 AM
