Categories
anti-spam

Ann Elisabeth – Norwegian spam huntress

Just thought I would let you know about a cool blog (if you are a sysadmin or webhead, such as myself)

Ann Elisabeth’s blog contains a lot of information about various referrer, trackback and comment spammers. She has gotten really good at digging them out from their hiding places and finding all the sneaky ways they go about their business.

If you are a sysadmin you will really love her blog. Go read it now.

Categories
anti-spam weblogs

The Register interviews a link spammer

If you own a blog, you have probably experienced it: Spammers who fill your comment sections with ads for Viagra, porn and gambling. Its the new nuisance of the web: Link spammers.

The Register has gotten a hold of one of them, and bring us this informative interview:

Interview with a link spammer

So how and why do “link spammers” – as they generically call themselves – do it? Are they the same as the email spammers? What do they think of what they do, ethically? And what can stop them? If you’re affected by this spam, say because you run a blog, or a website, or like the other 99.9 per cent of Net users just come across the stuff, Sam explain the important thing to remember is it’s nothing personal. They’re not targeting you personally. They’re just exploiting a weakness in a system which blossomed just at the time that Google cracked down on the previous method that spammers used, where huge “link farms” of their own web sites pointed circularly to each other to boost each others’ ranking.

[Via Ann Elisabeth’s blog]

Categories
anti-spam

Nigerian Scam as comment spam

This is a first, at least for me. I got this as a comment spam to one of my blog articles today:

Categories
anti-spam

Fighting comment spam, linking without google juice and other reasons to use the new href attribute

Its nice to see the largest search engines come together for this one:

Categories
anti-spam software

A few good tips on how to battle spam with Eudora

  1. Install Spamnix, this anti-spam tool comes as a free trial and doesn’t cost much to buy
  2. Make sure that images in spam e-mails are never shown, most of them are linked with information about who you are – if you open them, they will give you away and verify your e-mail address. You can fix this in a couple of ways:
    1. Disable preview of e-mails by going to

      Tools -> Options ->Viewing Mail -> Preview Pane

      and un checking “Show messages in preview pane”

      While you are in that window, I would also recommend un checking the “Use Microsoft’s viewer” in the Message Window part of the screen. That will make you safer against viruses.

    2. Go to

      Tools -> Options -> Display

      and un check the “Automatically download HTML graphics”

      This is a move I highly recommend! – It will stop Eudora from downloading images included in formatted e-mail, thereby making it impossible for spammers to use images to verify e-mail addresses.

BTW: If you don’t have it already, Eudora is available for download at Eudora.com, and comes as a light version (no ads, fewer functions), sponsored version (free with all functionality available, but with ads), and as a for-pay version with all the features and none of the ads. They even have an Internet Suite including e-mail and a lightweight browser for the Palm OS.

PS: No money changed hands for me to praise Eudora like this, I just feel that Qualcomm has made a great job with their tools and deserve some praise now and then. :-)

Categories
anti-spam software

Spamnix for Eudora evolving

Eudora has always been my favorite mail application. It (almost) supports standard mailbox format (one mailbox = one file) so its easy to port mail from one platform to another, if configured right its virtually bulletproof against viruses, and it just works. My one gripe with it is that its only available for Windows and Mac.

I have written about how Eudora 6 will make it even easier to battle spam with Eudora, and I have to admit that when I saw in which direction Qualcomm is going with Eudora, I was also wondering how it would affect companies such as Spamnix that supplies anti-spam tools for Eudora.

While Eudora 6 is being designed to allow easy implementation of third party anti-spam applications and services, it is also taking a slice out of the market with a very simple anti-spam tool included in the mail application itself. One that should work for most people right out of the box. The little tests I’ve done shows that the anti-spam feature of Eudora 6.0 has a hit-rate of over 90% straight out the box – without any work needed. Pretty impressive if you ask me, and the added benefit of a tool that is hooked right into the mail application, makes it easy to white list everyone in your address book.

So how does Spamnix meet the future competition, by giving up? Not at all. Today, in an early beta/alpha release their new version sports more muscles than ever with the inclusion of a Bayesian

machine-learning system. (And I was just wondering when they would come around to that!). According to Spamnix software they have archived a 99% accurate spam filtering with this version already. That my friends are almost as good as a challenge-response system such as the one implemented by Earthlink earlier this week, but without all the disadvantages (with senders having to verify themselves before their mail goes through).

Look out for public betas of Spamnix for Eudora 1.2, coming for Windows and Mac OS X soon!

Psst: David Mertz has written a good article about spam filtering techniques, among them Bayesian filtering – if you are wondering what it is.

Categories
anti-spam

Spam convention

Good to see the spammers are taking time off from making all our lives miserable to actually have a convention. The DM Days New York Conference and Expo was held on the 2nd to the 4th of June, and gathered spammers from all over to discuss ways of reaching people through spam, and words that can no longer be used. (Including: limited-time, free, opportunity and only)

I think such events are excelent ideas. Next year I hope to be there to do some LARTing with 2 by 4s. ;-)

Categories
anti-spam software

Spam fighting tools: Eudora 6.0 Beta

I have been following anti-spam tools for a while, and in the latest year there has been a boom of services and programs to fight spam – for reasons obvious to anyone with an e-mail account. But what has become painfully obvious is that the e-mail programs themselves have to change in order for user-friendly solutions to spam fighting to appear. Apple was one of the first to launch such an e-mail program with their OS X mail application, supporting Bayesian filtering.

Eudora is about to take it to the next level, with Eudora 6.0 they are making it easy to integrate spam fighting tools directly into the mail program. Qualcomm claims that Eudora 6.0 will catch most junk mail and quarantine it with their SpamWatch, whose large dictionary of words can be simply added to by the user. Add to that Eudora’s junk mail system that is open to third party developers, which allows other anti-spam tools, including those running at your site or ISP, to simply and smoothly be integrated.

Seems like a good start and a concept that is sure to be copied by others in the future.

Eudora 6.0 is still in early beta stages, but public betas for OS X and Win 32 are available on Qualcomms site.

Categories
anti-spam webstuff

Automated Denial-of-Service Attack Using the U.S. Post Office

Interesting way of fighting spam, spans real world “Denial-of-postal-Service-attack” (From Crypto-Gram Newsletter)

In December 2002, the notorious “spam king” Alan Ralsky gave an interview. Aside from his usual comments that antagonized spam-hating e-mail users, he mentioned his new home in West Bloomfield, Michigan. The interview was posted on Slashdot, and some enterprising reader found his address in some database. Egging each other on, the Slashdot readership subscribed him to thousands of catalogs, mailing lists, information requests, etc. The results were devastating: within weeks he was getting hundreds of pounds of junk mail per day and was unable to find his real mail amongst the deluge.

Using all the people of Slashdot might work to some degree, but as Bruce Schneier of the Crypto-Gram Newsletter writes in his newsletter – it gets really interesting when you automate the process of adding someones address to requests for catalogs etc.

If you type the following search string into Google — “request catalog name address city state zip” — you’ll get links to over 250,000 (the exact number varies) Web forms where you can type in your information and receive a catalog in the mail. Or, if you follow where this is going, you can type in the information of anyone you want. If you’re a little bit clever with Perl (or any other scripting language), you can write a script that will automatically harvest the pages and fill in someone’s information on all 250,000 forms. You’ll have to do some parsing of the forms, but it’s not too difficult. (There are actually a few more problems to solve. For example, the search engines normally don’t return more than 1,000 actual hits per query.) When you’re done, voila! It’s Slashdot’s attack, fully automated and dutifully executed by the U.S. Postal Service.

Somehow I think spammers such as Alan Ralsky will be very careful about giving out their mailing addresses in the future.

Categories
anti-spam fun

Funny mail exchange

This is a funny e-mail exchage. Or more like a funny response to a not so interesting spam-mail from Amazon.com:

[!CrackMonkey!] [evan@prodromou.san-francisco.ca.us: [pigdog] Re: Important test at Amazon.com]

Well worth a read!

[Via Doc Searls]