Category: Spam

Posted on
by

I handle the abuse contact for an ISP’s domain name. Normally this doesn’t take up much of my inbox. Even the “Your users are spamming” messages (in response to forged senders) have dropped off.

Since last night, though, the abuse and tech support contacts that filter into my inbox have collected 42 44 spams advertising the “Body Bouncer,” which claims to “take the gravity out of sex.”* Distributed IPs, random content, 6 different subjects (so far). What they have in common are a sales pitch in an image, and a link to their website.

Ordinarily, that would be enough to tag it. Continue reading

Posted on
by

Here’s a piece of friendly advice from a mail server admin to companies that interact with subscribers and customers via email:

Pick one domain name for your business. Just one. Don’t use any other domains in your emails, even if you want to keep order confirmations separate from promotions. If you contract out for some other company to send out a newsletter or survey to your customers, insist that they send it out using your own domain name. If you’re using DomainKeys or SPF, make sure they’re authorized or send it yourself. And don’t even think of making the links through redirection scripts, even if you really want to track which subscribers are clicking.

Why?

Two words: Spam and fraud. Continue reading

Posted on
by

I found a flood of crude phishing attempts in our postmaster account this morning.

How crude?

The hook was, “Simply reply to this email with your online login and password.”

No forms, no imitation websites, no swiped logos, no links of any sort at all. One of them even had multiple recipients visible on the To: line. It’s like a throwback to the early days of spam-n-scam.

The headers were full of things like %RNDDIGIT27, suggesting a broken spam generator, and of course there’s the fact that they actually targeted the postmaster account.

Posted on
by

Here’s the WTF?!?!?!!!! moment of the day. Actual spam received over the weekend:

Sell Your Organs Online!

Reply to this message if your interested in selling your organs!

Seriously, what the hell?

Forget the fact that selling organs is illegal in the US. And I’m sure mailing them across state lines would be a felony. And you sure as heck can’t list them on eBay. Or Amazon—can you imagine? “15 new and used livers available.” “Customers who purchased kidneys also bought…”

Posted on
by

This is incredibly bizarre. Today I’ve started getting spam which is clearly coming from zombies and using fake return addresses and forged headers, but the content is a plaintext message encouraging hurricane relief donations and linking to the legitimate Red Cross and FEMA websites. There’s one further link, to arc.convio.net, but the ISC reports that the site is legit.

It literally looks like some spammer decided to encourage donations to the relief effort, picked an organization he figured most people would recognize, and plugged the message into his usual spam software.

I can’t decide what to do about them! On one hand, they’re spam. They’re unsolicited, they’re using spammer techniques, and they’re clearly not associated with the Red Cross. And we’ve always said the issue is “consent, not content.” But if the ISC is right, they’re not trying to pull a fast one like the scams and spyware installers that are leeching off of the catastrophe.

I keep thinking I should train the filter on them anyway, just like I would add political or religious spam, or an everyday charity that decided to start spamming for donations… but for some reason I just can’t bring myself to do it.

Posted on
by

If you have a website, you’ve probably seen link swap spam. People running link farms search for a keyword or phrase, then fire off a zillion emails to the contact addresses about how they’ve looked at the site, their site is clearly relevant to yours, they’ve already linked to you and they want you to link back to their site.

All this without bothering to actually look at the sites in the search results.

For example: last Saturday I posted picture of the marquee in front of San Diego’s Ghirardelli Chocolate shop. By Monday someone had asked me to link to their website about chocolate, because our sites were clearly related.

Today I got one that trips the irony-meter. I’ve made four posts over the past year about targeted—or mistargeted—advertising. Just four. This morning I received three copies (one to my webmaster address and one to each DNS contact) of this message:

Hello,
I have found your website hyperborea.org by searching Google for “targeted advertising”. I think our websites has a similar theme, so I have already added your link to my website.

Continue reading

Posted on
by

Why do some spammers insist on prefacing their junk with statements like “THIS IS NOT SPAM?”

Some idiot just posted a bit long letter offering to let me put my “products” on their online store. No, they didn’t send me an email about, say, the comic book collection I’m selling. No, they didn’t offer to sell prints or digital copies of my photography. No, they didn’t offer to publish my writing or Katie’s writing. They certainly didn’t look for contact information on any of those pages, because if they had, they would have found it and used proper channels. (Well, probably. I occasionally get comments on my Flash site via eBay’s “Question to Seller” feature because people don’t see the email address at the bottom of the page, but they do see the link to my eBay profile.)

They posted a very generic form letter—so generic that I can’t tell what they’re offering to resell—as a comment on a two-year-old blog post in which I remarked on some new comic books I had started reading.

And you know what? That’s spam. You can yell all you want that it isn’t, but when you post a completely off-topic advertisement on someone’s site, when you send someone a (supposed) business offer without checking to see whether it’s relevant—particularly when you claim to have checked them out, but clearly haven’t bothered—that’s spam.

And denying that fact won’t make me accept the offer (or leave the comment visible) any more than the “Please do not discard” statements on credit card offers will get me to fill out an application.