Monthly Archives: August 2008

All right, sweethearts, what are you waiting for? Breakfast in bed? Another glorious day in the Corps! A day in the Spam Corps is like a day on the farm. Every meal’s a banquet! Every paycheck a fortune! Every formation a parade! Welcome to week one of Spamfighting Bootcamp. We’re going to look at how spammers think, how they act, what their motivations are, and the cunning tricks that they play in their unending attempts to compromise our users’ inboxes. We’ll look at our own fortifications infrastructures through the eyes of a spammer, so that we can see the weaknesses that our enemy will attempt to exploit. I have seen the enemy, and he is us. He is our misconfigured relays, our slack attitudes towards secondary systems, and our disregard for technologies that are available now. He is our wide open whitelists, and our overly trusting users. He is our co-worker in marketing who CCs his entire contact list, our MTA that responds to VRFY commands. In short, to know your enemy is to know yourself. Continue reading Spam Fighting Boot Camp Week 1: Know Your Enemy»

Just about every company is all too aware of the problems that spam can lead to.

This has prompted a majority of IT departments to employ some sort of anti-spam, or spam filtering, solution to assist in keeping the inboxes of their users as spam free as possible.

But notice that the word assist is used in that previous sentence.

This is because no spam filter is going to completely eliminate spam. There are some out there that will do a great job of drastically reducing the amount of junk email that is successfully delivered, but despite the anti-spam solution’s best efforts there are users in every organization that will find a way to attract spam like ants to a picnic.

To help reduce the number of pharmaceutical advertisements and promises of great riches that fill the inboxes of your co-workers, try these hints to help involve them in the fight against spam: Continue reading 5 Ways Your Users Can Help You Fight Spam»

I do business with quite a few online retailers and services and most of them send me marketing emails and newsletters. Without fail, a few always wind up flagged as spam and redirected to my spam folder. I found out that even though they come from different senders, they tend to have a few things in common. Below are five reasons why they ended up in the spam and junk folders, and tips on how to avoid having your marketing emails meet the same fate:

1. Bad Subject Lines
Most spam filters are programmed to look for words like “free”, “sale”, “deal” and “discount” in subject lines. Since spammers love to use such words in an attempt to lure people into reading their messages, more often than not, legit emails with those words in the subject line will end up flagged as spam. It’s also important to check and double check before you hit send. I’ve received marketing emails with blank subject lines or “Type Headline Here” as the subject, indicating the person in charge of sending the marketing blast was either careless or inexperienced. Not only does this make your company look very unprofessional, but it can get your messages flagged as spam.

2. Careless Use of the CC Feature
You should never send emails to a large group using CC. This not only exposes your customer’s email addresses, but if one of them decides to respond and chooses to hit the ‘reply all’, it will end up causing an unintentional spam loop and a lot of unhappy customers. Emails with huge CC lists are also a common feature of spam generated via dictionary attacks. Use BCC or a mailing list manager like Constant Contact.

3. Sending Attachments
There should never ever be a reason for you to send your customers attachments, but I’ve gotten a couple of marketing emails with them. It was almost always caused by a poorly formatted HTML message which included the graphics as attachments. A big no-no!

4. Bad IPs
It’s important to check your IP addresses regularly to make sure they haven’t been placed on blacklist. False positives aren’t uncommon and it’s also possible to have your server compromised without knowing it. Email sent from a blacklisted IP will never make it to any recipient whose IP subscribes to that blacklist.

5. Buried Unsubscribe Instructions
There will always be people who subscribed and then changed their minds, and many will become easily frustrated and simply report your newsletter as spam instead of doing the right thing. Don’t rely on a tiny link buried at the end of the email. Make sure your unsubscribe link is easy to find.

Please read the following post with the voice of a drill sergeant in your mind. Imagine something between R. Lee Ermey and Samuel L. Jackson if you can, or maybe Stephen Lang. Alright people, listen up! Welcome to Spam Fighting Boot Camp, or what some mamby-pamby college puke might call Spamfighting 101!  Over the next nine weeks I’m going to take you through a series of briefings designed to turn you into a lean, mean, spam fighting machine. We will teach you to know your enemy, train you to anticipate, out think, outmaneuver, and out fight your opponent, and leave you with the skills necessary to defend your email systems to the last message. Our users must be protected from the enemy, and that enemy is spam!

The best defence is a strong offence, but as much fun as a search and destroy mission behind enemy lines might be, our field of battle must remain within our users’ inboxes. Our goal is zero casualties people, and no mailbox gets left behind. Here’s what you can look forward to over the next several weeks: Continue reading Spam Fighting Boot Camp: The Mission»

A new open source toolkit is designed to provide a way for companies to educate their
employees on how to spot phishing scams, but it may give scammers a lot of help as well. The open source Simple Phishing Toolkit includes a scraper that will quickly clone any website and create a phishing lure. It also comes with tools that allow administrators to track how many employees click on the lure, what links they followed, when they did so, and even their IP addresses, browser info and operating systems.

Naturally, such tools would be very useful for IT departments and system administrators to educate employees on how to spot phishing scams. Employees falling for such scams are a leading cause of corporate data breaches, and such breaches can cost a company millions.

“The whole concept with this project started out with the discussion of, ‘Hey, wouldn’t it be great if we could phish ourselves in a safe manner?’” said Will, one of the Toolkit’s co-developers. “It seems like in every organisation there is always a short list of people we know are phishable, who keep falling for the same thing every six to eight weeks, and some of this stuff is pretty lame.”

While it appears the developers had honest intentions when they created the toolkit, the fact remains it could be pretty attractive to the bad guys and they have no way of controlling that. Right now it doesn’t record any data typed into the fake phishing sites it generates, but they said future versions of the kit will have that functionality. That may make it irresistible to scammers looking for a way to create phishing campaigns that’s fast and won’t eat into any profits.

What do you think? Are these toolkits helpful or just asking for trouble?

Last September we reported on Microsoft’s actions in taking down the Kelihos Botnet, and the civil actions pending against alleged perpetrators including Czech citizen Dominique Alexander Piatti and the dotFREE Group SRO. We then followed up with a story on the settlement reached and the dismissal of charges againt Piatti. Today Microsoft announced new actions in the legal followup to the botnet takedown. Continue reading Kelihos Actions Continue: New Defendant Named»

Most adults are well aware of spam. Having encountered email spam since the early days, it is safe to say that many people over the age of 20 have at one time or another been educated, trained or have experience with regard to identifying spam and how to deal with it.

Spammers, always trying to stay one step ahead of the game, realize this. They know full well that businesses conduct trainings for their employees, IT departments spend thousands of dollars on spam filtering technologies and many of their intended victims have just grown wise to their methods over the course of time.

So, like any good criminal would, spammers have adapted.

Over the years they have ventured out into other avenues in which to launch their attacks using social media, text messaging services and even the content used by websites has become a method for spammers to advertise their products.

However now spammers have not only changed how they attack their victims, but they have changed the victims themselves. Continue reading Spammers Targeting Kids Through Gaming Sites»

This week, a phishing attack landed in the inboxes of several US government agencies, spoofing the US government’s cyber security watchdog and response agency. Complete with attachments, the e-mail’s payload was a nasty little virus that has already been tracked back to Mother Russia. To make matters a little embarrassing, perhaps, it’s not enough that the agency which was spoofed in the attack has reported a disruption of its own systems, but it’s also the government body responsible for identifying and mitigating just this type of thing. Continue reading US-CERT Hooked by US-CERT Phishing Attack»

You know that Exchange 2010 has its own anti-spam functionality, and you also know that users can set up their own safe and blocked sender and domain lists in Outlook 2007 and 2010, but did you know the two work together? Just like you can get chocolate in my peanut butter/I can get peanut butter in your chocolate, Exchange 2010 use these two great things, to provide more effective anti-spam measures at your edge. Safelist Aggregation uses data from users’ Safe Recipients Lists, Safe Senders Lists, Blocked Senders Lists, and contacts, to create a kind of metadirectory of good and bad addresses which makes the Edge Transport Server’s anti-spam functionality more effective, and also helps reduce the incidence of false positives. Continue reading Exchange 2010 Safelist Aggregation ‘Crowdsources’ Anti-spam Efforts»

If you’ve got a WordPress blog, you’ve probably come across spam. Spam in your comments, spam from your contact page, spam spam spam eggs and spam. (But I don’t like spam!) Fortunately, the world’s most popular blogging platform has one of the most diverse plug-in ecosystems, and there’s no shortage of plug-ins to help combat spam targeting your blog. If you simply search the plug-in gallery in your WordPress admin console, you’ll find (at the time of this writing) over one hundred and forty different plug-ins.

To help you out, I’ve compiled a list of five great ones; based on ratings, downloads, user comments, and my own experience with them. Take a look, and then consider adding these to your own WordPress blog if you are the victim of spam.

1. Spammer Blocker

With 4.5 out of 5 stars according to users, and >14K downloads, Spammer Blocker is more like a three strike law for spammers than anything else, save that it only gives spammers one swing. Whether another plug-in flags a comment as spam, or you manually do so, the source ip.addr of the offending comment is banned. It’s like the death penalty for spammers, in that there won’t be any repeat offence! Continue reading 5 Great Anti-spam Plugins for WordPress»