Category: Spam

Posted on
by

By way of Justin Mason and the SpamAssassin mailing list comes this post about writing add-ons for Outlook.

Seth Goodman writes of Outlook’s contact list:

This feature was apparently added for the convenience of virus writers, who it appears were one of the key groups that set the design requirements for this product

Ronald F. Guilmette replies:

So if I want source code for a software tool that can extract addresses from a personal Outlook address book, I guess that I should just go out and hire a virus writer! Hummm. I would have no problem with that. At least this would give them some honest work for a change… keeping them off the streets and out of trouble for a short while.

So now, where does one post a ‘HELP WANTED’ ad for a virus writer?

Posted on
by

Last week I started looking at ways to cut down on false positives in our spam filters. I’ve only seen two in my own mailbox this year, but of course everyone gets different kinds of email. I’ve been trolling the server logs for low-scoring “spam,” looking for anything that looks like it might be legit, particularly if the Bayes subsystem has already identified it correctly but isn’t enough to counteract the score assigned by other rules. (Unfortunately, it’s hard to tell when all you’ve got is the sender, subject, and list of spam rules.)

One item I noticed was a copy of the Microsoft Technet Flash newsletter. I thought this was odd, since I’d gotten a copy of the same newsletter and it hadn’t been labeled. In fact, it turned out that my copy only scored 0.3 points, and the other hit 6.4! (5 points indicates probable spam.) What could explain such a disparity?

Answer: two very small differences. Continue reading

Posted on
by

I don’t usually post in this category, but the latest Nigerian clone to hit my inbox was worth it. It claimed to be from a British barrister, acting on behalf of a recently deceased French national, attempting to relocate funds from Saudi Arabia. The contact information was an email address as “Barrister Lindsay Smith” was currently in Ireland. I think this one’s winning the “Most Countries Invoked in a Single Spam” award so far as my inbox goes.

On a side note, the only information requested was a name, address, and phone/fax number–not a bank account or credit card or anything of the sort. Maybe the spammers are figuring that asking for financial info is rapidly becoming suicide. Or maybe they think it’ll work better if you establish a rapport first?

Posted on
by

I’ve seen my share of angry complaints about spam with forged sender addresses, but this is amazing: Aunty Spam’s Slam a Spammer Blog is reporting that Sunnyvale resident Charles Booher called up the “sender” of some spam and threatened him with torture and death.

Of course, (a) death threats are criminal, and (b) the callee was not the actual sender but a third party whose address had been forged. Booher is now facing criminal charges with up to five years of prison and a quarter-million dollars in fines.

“Aunty Spam” didn’t provide any further information, but a quick Google search turned up articles suggesting this isn’t the entire story. Mercury News reports [archive.org] that the person Booher threatened, Douglas Mackay, worked at a call center that handled calls for, among other companies, the one that did send the spam. Metroactive reports on an even closer connection: it seems that the spamming corporation was registered to Mackay’s brother. A DOJ press release is (appropriately) matter-of-fact about the allegations. This all went down last November. In my brief search I haven’t found anything about the current status of the case.

Back on the subject of forgery, the SPF website has gotten a major facelift. SPF, or Sender Policy Framework, is a scheme that lets domain name owners identify which servers they use to send mail, so that receiving servers can pre-screen incoming mail for forgeries. Aside from cutting down on phishing attacks, at least with SPF there’s a better chance you’ll be complaining to the right person!