SPAM

More unexpanded spam macros

I posted one simple example of this a while back, but this one’s much better. (I’ve removed some uninteresting stuff like the actual routing.) From ... Received: ... Date: ... Received: from 192.168.0.%RND_DIGIT (203-219-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for <%TO_EMAIL>; %CURRENT_DATE_TIME Message-Id: <%RND_DIGIT[10].%STATWORD@mail%SINGSTAT.%RND_FROM_DOMAIN> From: "%FROM_NAME" <@FROM_EMAIL> To: undisclosed-recipients:; %TO_CC_DEFAULT_HANDLER Subject: %SUBJECT Sender: "%FROM_NAME" <%FROM_EMAIL> Mime-Version: 1.0 Content-Type: text/html Date: %CURRENT_DATE_TIME %MESSAGE_BODY That Received: line looks like a nice template for a SpamAssassin rule, if you use SpamAssassin.

Spam stats redux

My spam stats page was broken for a while, but I’ve fixed it. Looks like I’m rejecting about 10,000 spam attempts per day, which is significantly less than I expected given the rate of growth when I last checked the numbers a few months ago. It’s possible some of this reduction is due to the fact that I’m no longer collecting spam via spamtrap addresses, with some of those addresses (which accounted for about a third of my total spam volume) falling off the lists of spammers who actually check for deliverability.

Bad news for Spamhaus?

The anti-spam operation Spamhaus, based in the UK, is being sued in an Illinois court by an individual named David Linhardt, who is listed in Spamhaus' Register of Known Spam Operations (ROKSO) database. Spamhaus has been responding like this: … Spamhaus, which as a British organization not subject to Illinois court orders is continuing to list Linhardt’s IP addresses on its SBL spam blocklist as usual … the Illinois ruling shows that U.

Spam, del.icio.us spam

Like every other web site/service/app/community/thingy that allows individual user contributions, there’s spam on Delicious too. The perp I came across today was “mcloan” – check the page out for yourself – and there are many more. Fred Stutzman has a good post on the subject, and I came across an exchange with naive Delicious spammers on Brian Dear’s weblog from last year. But what’s Delicious/Yahoo doing about this? Where’s the Craigslist-style “flag this user as a spammer” button?

Is Akismet broken again?

In the past 24 hours I’ve seen a wave of comment spam resembling the late August outage. Mostly porn spam. Is it just me? I’m using the Akismet API from my homebrew code (negatives are simply rejected), but maybe this is a sign that I should start using the feedback part of their API to report false negatives. This also gets me thinking about the need for an Akismet-like service that is run cooperatively, with multiple servers to avoid the single-point-of-failure problem.

I filled up my GMail box

This actually happened two months ago. I learned of my achievement via a mail administrator wondering why thousands of pieces of mail (spam, it so happened) getting forwarded to my GMail account were bouncing back. The bounce messages didn’t say “mailbox full” or “user exceeded quota” or anything like that, so even I didn’t know what was going on at first. When I signed up for GMail, I bought into their “never delete anything” philosophy, just to see where it would end up.

Comcast's blacklist

So, there’s a bit of a stink brewing about Comcast’s SMTP blacklist. Once again, Comcast decided to block mail forwarded from the Well to Comcast addresses, and they have been raising similar havoc elsewhere. Nothing gets people pissed off like messing with their email. It’s possible that Comcast’s admins are well-intentioned, but it’s also possible that this is part of a business strategy to push people from small ISPs (who sporadically get blocked by Comcast) to Comcast itself (which happens never to get blocked by Comcast).