You are here

Spam

Are botnets run by spy agencies?

A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not?

Spam turns 30, The eCheck is in the eMail

Been getting a bunch of calls from reporters this weekend. Our good friend spam turns 30 in a couple of days, and a few years ago I did some research and became an authority on the history of the term and the phenomenon. Since everybody else is doing it, I though I should point to my various articles on the history of spam, as well as some updates I just wrote for the 30th.

Topic: 

29th anniversary of spam

I wasn't going to make any special commemoration, but it seems a whole ton of other blogs are linking today to my articles on the history of Spam, so I should blog them as well.

Many years ago I got interested in the origins of the term "spam" to mean net abuse. I mean I had lived through most of its origin and seen most of the early spams myself, but it wasn't clear why people took the name of the meat product and applied it to junk mail. I knew it came from USENET, so I used the USENET search engines to trace the origins.

Topic: 

Tempfailing for spam -- where does it lead

One growing technique for use in anti-spam involves finding ways to "fail" on initial contacts for sending mail. Real, standard conformant mail programs try again in various ways, but spammers, in writing their mail blasters, tend to just have them skip that address and go to the next one in their list.

Two common approaches include simply returning a "temporarily unavailable" status on any initial mail attempt that might be spam. Another approach is to have dead MX records both at the "try first" and "try last" end of the MX chain.

Topic: 

Now you have to have the right reverse-DNS

Update: Several of the spam bounces of this sort that I got were traced to the same anti-spam system, and the operator says it was not intentional, and has been corrected. So it may not be quite as bad as it seemed quite yet.

I have a social list of people I invite to parties. Every time I mail to it, I feel the impact of spam and anti-spam. Always several people have given up on a mailbox. And I run into new spam filters blocking the mail.

Topic: 

The comment spammers are going manual, it seems

Some time ago I modified this blog softare (Drupal) to ask a very simple question of people without accounts posting comments. It generally works very well at stopping robot posting, however the volume of spam has been increasing, so I changed the question. Volume may have dropped a touch but I still got a bunch, which means the spammers are actually live humans, not robots.

Topic: 

EFF Debate on Charging for E-mail Dyson v. O'Brien in SF

TONIGHT, April 20th, there will be a debate on the issue of per-message charges for E-mail, sparked by the recent debate over Goodmail and AOL.

The debate will feature former EFF Chair Esther Dyson, who has become a surprising supporter of pay-to-send E-mail, and EFF Activist Danny O'Brien, NTK author and coordinator of EFF's involvement in the efforts against Goodmail. Esther is also publisher of Release 1.0, host of the PC Forum conference and former chair of ICANN.

Baby Bells announce new "GoodPackets" program to charge for access

New York, March 22, 2006 (CW) Bell South and AT&T, two of the remaining Baby Bell or "iLec" companies announced today, in conjunction with GoodPackets Inc., a program to charge senders for certified delivery of internet packets to their ISP customers.

William Smith, CTO of Bell South, together with AT&T CEO Ed Whitacre, who will be his new boss once the proposed merger is completed, made a joint announcement of the program together with Dick Greengrass, CEO of GoodPackets.

Demand junk mail by PDF

Who could possibly imagine wanting spam? Well, I just read that in the USA, 100 million trees are felled every year for junk mail. 28 billion gallons of water used to process the paper. And 350 million dollars spent to throw it out. That doesn't include I presume the other costs, including postage and wasted time, this is just the paper part of it.

Topic: 

New Essay on Autoresponder practices

I wrote earlier this week on the discovery that people were blacklisting sites with email autoresponders. More thought and debate on the issue has led to a number of thoughts over how to solve the issues around autoresponders, in particular the concern that they will respond to messages with forged From addresses.

Topic: 

Spamcop blacklists autoresponders

I learned a couple of days ago my mail server got blacklisted by spamcop.net. They don't reveal the reason for it, but it's likely that I was blacklisted for running an autoresponder, in this case my own custom challenge/response spam filter which is the oldest operating one I know of.

Topic: 

Getting the top spammers

A recent item posted on politech and Farber's IP mailing lists caused some controversy, so I thought I should expand on it here.

The spam law debate has been going on for close to a decade. There are people with many views, and we've all heard the other side's views many times as well. The differences lie in more fundamental values that are hard to change through argument.

Because of that there are giant spam law battles among people who are generally all on the same side -- getting rid of spam. Each spam law proposal has people who feel it does too much and chills legitimate speech on one side, and those who feel it does too little and legitimizes some spam on the other. (With many other subtleties as well.)

It's commonly reported that most spam is sent by a relatively small group of hardcore, heavy volume spammers. In theory much from a group of 20, and the bulk from a group of around 200. I have never known if this is true or not, but a recent conversation with a leading antispam activist gave evidence that it was. Antispammers have tracked down a lot of spam, seen billions of spams come into spam-traps and even infiltrated spammer "bulker" message boards to learn who's who and how they operate.

So let's assume for the moment that it's true that most spam comes from this core group. Let's focus spam law efforts on a law designed just to get them. A law so narrowly targetted that nobody need fear a chilling effect on legitimate speech, that everybody can get behind. (A law that also makes it clear that it's not precluding other laws or giving blessing to lesser spammers.)

I would see such a law demanding many criteria. It would require the spammer send millions of spams. It would require the spammer do this with wilful disregard for the consequences -- ie. a malicious intent. It could require the spammer have made $10,000 from their spamming. It would also provide funding and direction for law enforcement to actually go after these spammers. It would fine them into bankruptcy (all they ever made from spamming plus punative fines) and possibly jail them, particularly if other criminal actions like fraud, sale of illegal products and computer breakins were involved.

This wouldn't stop all spammers, but it might well put a real dent in the volume of spam, and scare off many from entering the upper echelons of spamming. This is a great deal more than any other spam law has managed to do.

Topic: 

More on entertainment.com

In my quest over the leak/sale of the entertainment.com mailing list, I have some amusing updates.

After telling them you don't respond to a "You sold my name" complaint with a request for all of the person's personal information, I got back yet another stock message, "Here's how you can get off our mailing list." I'm getting a lot of companies who use customer service reps for E-mail who clearly never read the E-mails. Yes, I also get software that auto-responds, but amazingly we also get humans who auto-respond.

Topic: 

Some folks don't get it.

When I give an E-mail address to a web site, I give a different one to each site. I have many domains, including one where all addresses are forwarded to me unless I turn them off.

Topic: 

Viagra spam

Thought of the day...

Spam is there to teach us just how many different ways there are to spell Viagra.

Challenge/Response, good or bad

I've just put up a new essay on my web site on whether challenge/response anti-spam systems are good or bad

As some may know, I've been running such a system longer than anybody, having written one in 1997. I wrote a white paper on best practices for such systems that some have found useful.

Topic: 

Antivirus bounces a curse of their own

I often talk about Challenge Response spam filters because I wrote the first one. One complaint people make is that the filters will challenge even forged mail, causing a challenge to be sent to the forgery victim. While this is not a DOS attack window as some people believe (since you can as easily DOS the target directly as get others to do it for you) it does need more consideration.

Topic: 

Stop spam without demanding ID

There's a growing and dangerous movement to try to stop spam by forcing all mail senders to provide ID with each mail they send. Signing mail is not a bad idea, in fact it's quite useful, but to stop spam you have to make everybody sign their mail.

In the past this was a non-starter because this means forcing everybody who mails you to get new mail sending software, or at least to have their ISP do this. But spam has made us so angry people are talking about doing this, even though we don't demand ID for paper mail that, in theory, can contain white powder that can kill you.

Topic: 
Subscribe to RSS - Spam