AntiSpam Vigilantes and Worse
Late July had some rough days for spammers.
Early morning, sipping my coffee and reading news sites, I find this…”
Russia’s Biggest Spammer Brutally Murdered in Apartment”
Then a little later in the day (of course still drinking coffee), I check the news sites again and come up with this item… “
Spam protest service criticized as vigilante”
Certainly the extreme fringe here… murder and vigilantism.
While we can’t be sure the murder was due to spam (even though the company involved was a very well known and disliked), we can be sure that the second “vigilante” instance is due to pure annoyance, frustration and of course, turning a buck off of others annoyance and misfortune.
Get a piece of mail that you deem as spam (perhaps others don’t but apparently there’s no need to care about others) and automatically initiate a “Denial-of-Service” (DoS) attack.
Wild West justice lives.
“
We don’t need no trial marshal, we’ll string the varmint up ourselves”.
Initially the DoS service is free but and I quote from the article… “
[They] might eventually charge new users”. Surprise.
We need to “
get the school marm” and “
learn these folks” that there’s better ways to do things. The Wild West disappeared a century ago.
Now excuse me. I’ve got to "
circle the wagons" and then
"brand” some software.
AAS
I Think I'll Click on UNSUBSCRIBE
Should be a class somewhere “SPAMMER TACTICS 101”.
It would ignore fancy addressing schemes to make mail appear from servers far apart from the email actually originated. It wouldn’t address sophisticated email-borne viruses that turn your PC into a zombie spamming machine.
Instead, lesson #1 would be “DON’T CLICK ON UNSUBSCRIBE”. Class dismissed. See you next week.
From a Detroit News article… “He's been duped by spam e-mail that told him to "unsubscribe" -- only to result in more spam e-mail”. And this item was referring to an educated person, a pharmacist.
Let’s see…
- It’s known the email is spam
- It’s known that spammers thrive on information (addresses, names, etc.)
- It’s known that in general, spammers are unethical.
Why would anyone believe that a spammer would honor the “UNSUBSCRIBE” link?
In fact, I've seen some “UNSUBSCRIBE” links take you to an advertising page anyway when you click them, so...
- You’ve validated your email address to a spammer
- You’ve still been subjected to the undesired ad
Don't UNSUBCRIBE.... IGNORE
Now it's time for recess and don't forget an APPLE (Power Mac G5 will do just fine) for the teacher.
AAS
Redux of "Blacklists End"
Following up on my earlier blog about spammers tricking blacklists, I received this information from CMS' CEO...
"
The diminishing importance of blacklists can be seen from CMS' own experience.
In 2004 we consistently saw DNSBL filtering out 65-75%, but now (2005) that has dropped to 50-55%. This is a significant drop.
Indeed our (CMS Praetor's) Bayesian filter has been picking up the spam increasing from 10-15% to 25-30% these days".
Case proven... "
Blacklists end? Further rise of the Bayesian".
AAS
Blacklists End? Further Rise of the Bayesian?
From an
item found on MSNBC comes concern about new spammer tools that can confuse filters using blacklists of spammer addresses...
“The feature allows spammers to make their zombie-sent e-mail appear as if it were sent directly from an Internet service provider's systems. Since it's not feasible to filter out an entire Internet provider's e-mail, the new SendSafe program foils the entire blacklisting system”.Does this negate Blacklisting services? Good thing most filters provide layered email message analysis. Looks like more of the “Is-It-Spam” load will be carried by other filtering tactics like Bayesian analysis, weighted word lists, heuristics, etc.
This makes Bayesian training of a company’s email filter even more important. The tweaking of Bayesian tokens to match a corporation’s unique needs requires an administrator’s diligence. Bayesian training is done frequently when a filter is first installed but tapers off as a better picture of corporate email is programmed into the Bayesian token database.
I’ve often found it amusing to imagine a legitimate company that deals in “small OTC stocks” or even areas of legal “adult entertainment” having all of their email quarantined because a badly trained Bayesian filter tags all of their business email as spam.
It’s the opposite of 99% of everyone else with email but does demonstrate how every business’ email in unique.
One man’s spam is another man’s new OTC order.
AAS
Pay-To-Play In the Spam Filter Ratings Game
My company, CMS, recently received an offer from a respected magazine to add our product, Praetor, to an antispam report that will, as they put it “
feature a detailed technical analysis on the performance of a number of the world's leading products and services”.
Sounds great doesn’t it? CMS is confident that
Praetor would measure up well against any list of antispam products and filtering technologies.
The catch… It costs $14,000 to join this club. Pay-to-Play or watch the game from the other side of the fence hardly seems objective and thorough.
Using an analogy based upon the auto industry...
Suppose a major automotive magazine offered the same deal, $14,000 to test your model of car. Then suppose that the only cars submitted were “Yugos” and “Ladas”.
The report would then create a ranking based upon a very small sampling. BMW, no mention. Cadillac, no mention. Ferrari, no mention. Get the drift?
Rankings are fun and I must admit I do like "top 10" lists but be sure the sample is large enough to get a true, unbiased picture.
Incidentally, in defense of the
Lada, I spent many hours in them during my trips to Russia. While cramped, they always got me where I was going in a utilitarian but definitely not luxurious manner.
AAS
