Archive for October, 2006
Do people still fall for spam?
Oct 28th
Unfortunately yes, they still do. According to a study conducted by the University of Oxford and Purdue University, the latest lucrative spam practices are stock spamming. You know those messages that warn you that company Xyz is hot right now and will make you a fortune? It turns out that spammers buy up stock before they send out the messages, then whilst people fall for the scam and buy the stock the spammers sell theirs at a profit. It sounds so simple (not to mention highly illegal) and yet people are falling for it. According to the survey, on days that no spam messages about the company stock were circulating, there was a 6% chance of this stock being traded. On days when spam messages were sent out urging people to buy the stock, the chance of the stocks being traded rose as high as 81%. The study also calculated the percentage that investors are losing. On average, investors who fall for the scam are losing 5.25% in the two day period following the stock touting. However for the top 20% of stock scams, investors lose as much as 8% value. . Unfortunately people are still falling for spam, and as long as they do, spam will keep on coming.
Spamhaus litigation: Will spammers get a second wind?
Oct 15th
‘No doubt you have already heard about the court case against Spamhaus by emarketing firm e360Insight. Regardless of the merits of e360′s claims, shutting down Spamhaus cannot be a good idea. Spamhaus currently has 650 million users (including many corporate users) and blocks 50 billion spam messages per day. The majority of these messages are illegal, containing offensive content or propagating scams and phishes. Spamhaus is currently deemed to be one of the most effective and accurate black lists currently available, with a near to 0% false positive rate. If Spamhaus were to be shut down, not only will this cause spam to leak through spam filters, but it could also mean that spammers will get a second wind. Knowing that Spamhaus is no longer blocking their messages, spammers could start firing off spam with increased urgency, in the hope that their messages might now reach a greater audience. I just hope that Spamhaus and e360 are able to sort out their differences, since the community at large only stands to lose if Spamhaus is shut down.
Here is a quick sum up of the Spamhaus litigation events:
June 21: e360Insight, a marketing firm based in Wheeling, IL, files suit against Spamhaus (a UK based organization run by volunteers) for erroneously listing e360 on its Register of Known Spam Operations, the ROKSO list. The plaintiff argues that they only send emails to recipients who have subscribed to their lists and have ‘opted-in’. Also, the plaintiff states that according to the Spamhaus website, to be listed on the ROKSO list a spammer should be terminated by at least 3 ISPs for Acceptable Usage Policy violations. e360Insight claims that they have not been blocked by even one ISP. Spamhaus at first defended the action but then withdrew its answer and has taken no further action to challenge Plaintiff’s allegations. Spamhaus claims that according to U.K. laws e360Insight are sending unsolicited emails and will therefore continue to include them on the ROKSO list. Spamhaus also states that a US court has no jurisdiction over an organization based in the UK.
September 13: Since Spamhaus failed to respond, the Court enters a default judgment against Spamhaus in the amount of $11.7 million.
October 5: e360 submits an order to suspend www.spamhaus.org since Spamhaus failed to comply with the court’s previous order. If signed, the order will call for ICANN and/or Tucows (Spamhaus’ Registrar) to take the Spamhaus website down.
October 9: ICANN makes a statement warning that they do not have the ability nor the authorization to suspend www.spamhaus.org.
Top 10 spam characteristics (#1-5)
Oct 2nd
‘In a bid to stop spam, Red Earth Software has compiled a list of the most commonly found characteristics in current spam mails. Last week we saw the top spam characteristics in position #10 to #6. Today we are counting down to the #1 spam characteristic, the characteristic that Red Earth Software has found to be the most common in today’s spam messages.
#5. From: and Reply To: address are different: This is a common feature of spam mails, but it is also very common with newsletters. The importance of this characteristic should be minimized since it is also found in legitimate emails.
#4. Message body contains remote image: In order to avoid spam messages from being blocked by word filters, spammers include an image in their message that cannot be filtered for words. In addition, upon opening the email message the image is downloaded from the spammer’s website. Since each message contains a unique ID, the spammer will know exactly which recipient has viewed the mail. This indicates which email addresses are ‘live’ and can be sent even more spam.
#3. Message contains only HTML body: HTML messages usually include a plain text version of the email so that recipients with email clients that cannot read HTML can still view the message in plain text. However, many spammers tend to send HTML messages without this plain text body part. This is done to save on size and to force recipients to read the HTML version which automatically opens an image and connects to a web site when the message is opened. Newsletters also tend to send messages without a plain text body part, so it is important to use a white list of allowed newsletters so as not to catch any false positives.
#2. Message contains many or only tags: Some spammers try to circumvent content filters by placing lots of HTML comment tags within the email body text. In this way, content filters will not recognize the spam words since they are separated by comment tags. The recipient however, will not see the comment tags since these are not displayed when viewing the message in HTML. Therefore it is important to use an email filter that can filter emails by removing HTML tags first.
#1. Recipient’s email address is not in the To: or Cc: fields: Red Earth Software found this to be the most commonly found characteristic in current spam messages. The reason for this is that the recipient’s email address is hidden in the Bcc: field or X-receiver field, along with a substantial number of other email addresses. Spammers do this in order to conceal the fact that the mail was sent to a large number of recipients, and presumably so as not to publish their email list. Some persons might add recipients to the Bcc: field for sending out ‘legitimate’ mailings, but these will tend to be of a more personal nature (which you might wish to block anyway) since most professional companies do not use this method for sending newsletters or mailings. Note however that if you do block emails without a local recipient in the To: or Cc: field, you will be blocking all bcc: messages.
Bottom line: Many spam filters check for the existence of these characteristics (and more) and use these to determine whether the message should be identified as spam. Some characteristics are strong indicators that a message is spam, others really cannot be taken into account at all since they can also exist in legitimate emails. A system checking for spam characteristics can be very effective, but must make use of a sophisticated scoring system in able to flag spam correctly, applying a different weight for each characteristic.