To show how serious they are about their attempts to eradicate spam, fifteen companies have joined forces to help fight one of the most dangerous spam tactics of all – phishing.

This collective, known as the Domain-based Message Authentication, Reporting and Conformance (DMARC), has come together to develop standards that they promise will help combat the practice of spammers sending emails that appear to come from a legitimate organization.

According to DMARC, its work:

“draws upon a history of private industry collaboration with 18 months of dedicated work, to outline an enhanced vision for email authentication that can scale up to today’s Internet needs.”

Who Is DMARC?

The group of fifteen who have dedicated resources to this fight consists of:

• Agari
• American Greetings
• AOL
• Bank of America
• Cloudmark
• Comcast
• Facebook
• Fidelity Investments
• Google
• LinkedIn
• Microsoft
• PayPal
• Return Path
• The Trusted Domain Project
• Yahoo!

And just what exactly they are trying to do is create a specification that allows senders and receivers of email messages to share information with each other about their authentication infrastructure to make sure that emails come from the organization they claim to be.

According to their website, DMARC attempts to address this by providing coordinated, tested methods for:

Domain owners to:

• Signal that they are using email authentication (SPF, DKIM),
• Provide an email address to gather feedback about messages using their domain – legitimate or not,
• A policy to apply to messages that fail authentication (report, quarantine, reject).

Email receivers to:

• Be certain a given sending domain is using email authentication,
• Consistently evaluate SPF (Sender Policy Framework) and DKIM(DomainKeys Identified Mail) along with what the end user sees in their inbox,
• Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks,
• Provide the domain owner with feedback about messages using their domain.

So What Makes DMARC Different?

Most companies already employ some type of analysis on incoming email messages to include SPF and DKIM so this specification isn’t turning to something new. In fact, they recommend a continued approach employing other techniques such as high quality spam filters and rate limiters to form a well rounded solution to fighting spam.

What DMARC is trying to do is to standardize and streamline the process of analyzing messages because participating companies can rely on the coordination of the group to establish trust when it comes to determining whether or not a sender is legitimate.

In plain English, DMARC looks to form a conglomerate of cooperation between email senders and receivers (the organizations like Google, Microsoft, Yahoo!, etc. not the individual users themselves) who share information about the emails they send to each other. Turning to the information made available to the group, it can be easier to see whether or not an email is spoofed spam or a legitimate message worthy of delivery.

Not only is it the hope that less spam will make it through, but that resources will be streamlined as a result of these efforts as well. Large datacenters could see a positive result if all goes as planned.

The Flipside

Of course not everyone is completely sold that DMARC’s work is a panacea when it comes to ending spoofing and spam.

John Levine, one of authors of the DKIM related Author Domain Signing Practices (ADSP) standard, had this to say in an interview with Information Week:

“It’s a good thing as far as it goes, but it does have some of the chronic Internet tendency to put a steel door on a cardboard box.” Like many security standards that are not mandatory, if it’s not implemented then it won’t fail. Neither DKIM nor SPF are at the point where a recipient can say that they will only accept messages that use them. Therefore you still need to keep your eyes open.”

Using Bank of America as an example, it was pointed out in the same article that to fight phishing and spoofing in the past domains suggestive of the name Bank of America, as well as typos, were purchased en masse. Because the pool is so large, Bank of America was not able to purchase every domain available. For example, wwwbankofamerica.com is not owned by them.

So if an email arrives from support@wwwbankofamerica.com it won’t fail any of the checks from SPF or DKIM because it is not a spoofed email address. By all accounts, the sender is legitimate.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Will DMARC Have Much Impact on Spam?

Optimists often look for the most positive events over the year to attach to the label, The Year of…, realists however, take a different approach. And while 2012 is still young and holds a lot of promise, this year could very well be known as the year of social spam.

Social spam is nothing new. In fact, spam first infiltrated Internet bulletin boards in 1994 to mark the first major commercial spam campaign when Laurence Carter and Martha Siegel, a husband and wife team of lawyers, posted bulk messages to Usenet groups advertising their immigration law services in what became known as Green Card spam.

Social interaction on today’s Internet is far more sophisticated than the simple posting of messages and hyperlinks however. Nowadays, spammers turn to social networks and guise their spam as links, content, video, audio and executable files.

The nature of social spam has also changed as the platforms that deliver these messages have also developed over time.

No longer is spam only used to deliver advertising and marketing messages alone. With a more sophisticated field on which to play, spammers have used social sites to not only deliver their advertising, but also malware that: steals credit card numbers, captures user names and passwords and turns computers into zombies.

But if social spam has been a problem for so long, why would 2012 be any different? Take a look and see…

The Facebook Example

On January 4, 2012 the Wall Street Journal reported that social spam is on the rise and to combat this, social networks are hiring more staff to help fight this problem. Facebook was named specifically because according to reports, the volume of spam on Facebook is growing faster than its user base.

On Facebook, spam usually spreads when users are tricked into liking, and then sharing, content that is spam. This practice, known as like-jacking, usually works when a user’s computer is infected with malware that allows the spammer to take control of the user’s Facebook account.

The spammer then posts a message on your friend’s profile that would be interesting to others. Commonly, free dinner coupons are used as the bait as are offers for free iPads or other give aways.

When the user’s friends click on the free offer, they are instructed to download the coupons. These coupons actually contain malware that infects the computers of the user’s friends thus continuing the cycle.

Of course the malware does more than just spread itself via Facebook. It can be used to deliver Trojan horses, keystroke loggers, or any other type of malware.

And just how prevalent are these messages? By Facebook’s own admission, they block over 200 million malicious actions every day. In 2008 the company employed four engineers working to fight malicious use of their site. The same department today, named site integrity, now has 31 team members. Additionally, there are 46 people working on security 300 focused on user issues and over 1,000 others (engineers, lawyers, risk analysts, etc.) who help to fight spam on the site in other ways.

Others Not Immune

Of course other social networks and content sharing sites are hardly immune to the problem of social spam. Twitter has long been a hot bed for spammy posts created by malicious users.

Twitter, by nature, set itself up for spam from the very beginning. As a great way to share content to other like-minded users, Twitter allowed people to share short messages that were less than 140 characters long; short, sweet and to the point.

Since URLs were often lengthy, companies – including Twitter – developed URL shorteners. Now, http://www.allspammedup.com could become http://bit.ly/3KmvyZ to save precious character space.

The problem is, no one really knows if http://bit.ly/3KmvyZ will take you to All Spammed Up or a malicious web site.

Google also out how quickly spam could infiltrate even a carefully planned social network.

Originally opened through an invite only process, Google+ users found the site a welcome break from other social sites that had turned into spam havens. Since early adopters were tech savvy, spam was quickly reported and accounts spewing spam were shut down.

Then came the public release and the ability to create business pages and spammy comments and shares began to fold the network causing one well known legitimate marketing professional to comment:

Wow, Google+ must be taking off. Spotted not one but two pieces of comment spam today.

As users find it easier than ever to share content with their friends and family, spammers will find it easier to manipulate this process. Because we have become so trusting of the content our “friends” share with us, we never consider the fact that what may be the coolest thing on someone’s wall may just wind up infecting our computer.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Is 2012 the Year of Social Spam?

Maybe they think it makes their blog look popular to have hundreds of comments, or perhaps they are too lazy to monitor and delete the obvious spam comments left on their site. The hope is the blogger simply doesn’t know how to solve the spam problem. If this is the case, education is an easy fix.

From the reader’s perspective, nothing is more irritating than coming across a site that is littered with off topic comments, links to designer handbags, pharmaceutical advertisements and the throngs of strategically misspelled words to make the comment look unique to the search engine.

But why do spammers waste their time with blog comments? For the same reason they send email spam, for advertising.

It may surprise many people, but the spam found in blog comments is not different from the same spam you find in your email inbox. Right down to the way that spam is sent.

The Benefits of Comment Spam

I had mentioned that comment spam is used for advertising purposes. Leaving a comment with a link to a spammer’s site on a popular blog is an easy way to get your site out in front of thousands of readers. By flooding the blogosphere, this could lead to hundreds of thousands of Internet surfers seeing a spammer’s “ad” every day.

Considering the fact that certain keywords are nearly impossible to rank well in Google due to extreme competition, gaining traffic from links that are embedded in blog comments is one of the few remaining methods of free Internet marketing.

Ironically, these links have an added benefit to the spammer’s pages that make up the spammer’s web site. The number of incoming links is one way that search engines determine a web page’s popularity. The more links a page has, the more popular it’s content looks to the search engine, which in turn can result in the page being indexed more quickly and the page ranking higher in the search engines.

It also helps increase the page’s coveted Page Rank. Obtaining a higher Page Rank is often one of the first things a Search Engine Optimization specialist tries to do to help their web sites rank well.

How Spammers Flood the Blogosphere

While the reason comment spam is so prevalent is not the only thing that is identical to email spam, the methodology is as well.

Much like the botnets that pump out millions of spam emails a day, comment spammers use software programs that pump out hundreds of comments a day arbitrarily and automatically.

That’s right, all of those senseless comments you see were all left by a software program, not an actual human being.

Now, 50 to 100 comments may not seem to be as much of a problem as that of email spam, but if you consider that by targeting high traffic blogs that receive 40,000 or more visits a day, those numbers add up to millions of people being affected by comment spam. Because remember, the victim of comment spam isn’t the blog itself; it’s the reader.

The Subtle Differences

Comment spam and email spam may be similar in parts, but the two do share some differences as well.

Email spammers try to send out as many messages as possible every minute in hopes that they find a someone somewhere along the lines.

Comment spammers take a different approach.

Of course, trying to blast their comments out to more blogs each day may spread their message to a wider net so why do they limit themselves to less than 100 blogs a day? Because they have learned over time that the search engines are smart enough to see how many back links (the links embedded into a comment, forum or anywhere else on a website) a site receives each day. If the site gets too many, then the search engine algorithm thinks something fishy is going on and may wind up penalizing the offending site.

The search engines also notice the content of the comments as well. When scanning the web, the search engine algorithm notices the content surrounding a link as well as the link itself. Especially the anchor text, which are the words that the link is inserted in. For example, many sites use click here as the anchor text. If certain keywords are used instead of click here, then the site looks more important.

However, if the same keywords and same content is used for too many back links the search engine algorithm again senses something is amiss and realizes that someone is spamming. To combat this, comment spam software will subtly change the content and keywords before automatically leaving the comments. These small changes are just enough to throw off the search engines and make the comment look unique.

Bloggers who recognize comment spam and how it works will definitely have a leg up when it comes to keeping it off their site. Like email spam, it takes work to fight but in the end it is well worth the effort.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Comparing Comment Spam to Email Spam

A new spam campaign has been detected and it’s using Google Docs as part of its scheme. That spammers are exploiting Google Docs is nothing new, but in the past, they spammed by using the share feature to send spam filled docs. In this new campaign, they use email instead. The emails contain a link to a Google Doc that is filled with spam hawking fake degrees for sale. It’s not clear who is behind this new campaign but whoever it is, he/she is clearly experienced enough to have been able to get around Gmail’s spam filter.

While overall spam volumes have dropped, new spam campaigns are still being unleashed. One that landed in my inbox a few days ago had the subject line “Woow!” and a link that said “Click here to see attached photos”.  When I hovered my cursor over the link, the underlying URL was gibberish but did have my email address embedded in it. A little more research revealed the URL led to a fake Windows Live login page. Yep, it’s a phishing attack. It looks like the attacker is hoping to collect lots of Windows Live login credentials for some sort of future attack, or maybe to sell to another cybercriminal. The email came from my aunt’s Hotmail account, so it looks like the attacker has already managed to hijack some accounts and is using them to keep the attack going.

It’s relatively easy to spot a phishing attack. Just hover your cursor over an URL in an email and the real address will show in the info bar. There are other red flags as well. If a company you do business with emails you, they will always address you by your name or screen name, never as “Dear User” or “Dear Customer”.  Also, no legit company will email you and ask for personal info such as your password or credit card number.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Spam Campaign Uses Google Docs

Microsoft, Google, AOL, and Yahoo are all providing metadata from messages sent to their users on a daily basis to Agari. Protecting users’ privacy is of paramount importance to all of the participants. The metadata includes aggregate information on things like source IP address, subject, and sender address, but not the body of the email. Participating providers may provide URLs contained within messages that are already failing other tests so that Agari can notify the company being spoofed in the message, but no other email content is shared.

As email metadata is analyzed by Agari, who is handling over 1.5 billion messages a day, characteristics of messages that are spam or phishing messages are identified. Data is then pushed back to the participants, who can update the policies on their borders to reject spam and block phishing attacks.

There are about fifty other participants in the Agari service, including financial and e-commerce corporations. Business site LinkedIn, and social media sites Facebook and YouSendIt are also participating, which is great news for the users of these services, who are often flooded by spam messages.

It may surprise you to learn that you have probably already been protected by Agari. The company began operations in 2009, running in stealth mode. Current estimates have Agari protecting half of US consumer email users, and over 1 billion individual mailboxes.

Agari, a spinoff of Cisco Systems, is a venture capital funded company based in Palo Alto, California and led by several of the people who were responsible for creating and running Cisco’s IronPort technology. Agari promotes their technology as a cloud based infrastructure, capable of pushing out updates in response to new attacks in a matter of seconds. With an infrastructure capable of processing billions of messages per day, they are positioned to handle the ever increasing volumes of email.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Strength in Numbers – Agari

Whether it arrives in the form of a junk email advertising for prescription drugs or a shared post in Google+, spam is one of the most annoying and costly things we have to deal with every time we log onto our computers.

However spam can be kept under control. By understanding some of the fundamentals about how spam, and spammers, work you can reduce the amount of junk you receive to a minimum.

1. Spammers are in this business to make money.

Most spammers will try to legitimize their emails by including the disclaimer stating you can be removed from future mailings by replying to the message with a specific subject line or message content.

Understand that if they obtained your email illegally or illicitly then politely asking them to remove you from their list isn’t going to stop them. It is simply telling them that the email address they have is one that is actively monitored by you. This means more spam.

Spammers are also creative in how they deliver spam. They understand that once a market dries up, they have to move on to something more lucrative.

Take email for example; for a long time, email was the preferred delivery method of spam. Once spam filters became more effective, the spammers moved on to comment spam. Akismet and other tools have worked to fight spam on comment enabled websites so the spammers turned their attention towards social networks like Facebook and Google+.

2. Spammers are good at social engineering.

The reason spam is so successful is that spammers know exactly what to say, or promote, to make people fall for their schemes.

Take the Nigerian 419 scams. Those actually worked. People fell for those scams because the spammers knew to tap into the driving force of greed. The mass advertisements for Viagra also make spammers a nice chunk of change. Why, because men are too embarrassed to go to their doctor or pharmacy to get this drug. If they order it online from an advertisement promising discreet ordering and delivery then the embarrassment factor is removed.

These skills have followed them to the social networking world as well. Spammers know that the more followers or friends a person has, the more popular, important or relevant they appear to others. They simply weasel their way into as many social circles as they can.

3. Spam is not going anywhere.

There are always reports that the amount of spam is reducing or that we are winning the war on spam. This is simply not true. In fact one company that recently claimed spam was down has just turned around to state that the number of spam messages has increased.

The truth is, spam is a see-saw battle because the battlefield changes so often. For a while email spam might be down but social network spam up. Then comment spam takes over until people catch on and concentrate their efforts on fighting it there. Spammers might move to SMS spam at that point. But as long as money can be made, spam will continue.

4. Spam is cheap to produce.

The reason spam is so effective is that it is so cheap to send. Spammers rent huge networks of computers, or botnets, that flood email inboxes with spam for as little as 9 dollars an hour or 67 dollars for 24 hours according to a report from ZDNet.

Even as spam filters learn how to better identify mailings sent from botnets, humans in developing countries can be hired to send spam through various channels. Log into any number of freelance worker sites and see how many people are bidding on jobs that look eerily similar to spam.

For a couple of bucks a legion of foreign workers can be hired to post comments, send or retweet messages, post to a wall, etc. None of which is meant for real interaction or adding value. It simply exists as spam.

5. Spam costs money to fight.

The truth of the matter is, spam is costly. These messages cost money to filter, to store, to read, to delete, etc.

But if you go into the fight thinking that you can simply download a bit of free software and your problems will disappear then you may be adding to the problem because some of the things you get for free actually spreads the malware that builds bigger botnets.

To effectively fight spam you have to be diligent. Research the tools that fit your organization’s needs and make an educated decision based on what solution can provide you with adequate protection while also fitting into your budget.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Things You Need to Know About Spam

That’s right, we are talking about CAPTCHA.

CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a simple challenge-response test given to make sure that whoever is filling out an online form is actually a human being, not a bot trolling the Internet for victims. Those bots are usually looking for email or contact forms that they can spam, or trying to register for services that they can use to send spam.

So despite the fact that many humans had trouble reading CAPTCHA phrases and entering them correctly, we put up with these little tests because it helped fight spam.

Little did we know that CAPTCHAs can easily be thwarted.

Past Problems with CAPTCHA

Most people have encountered that one site with a CAPTCHA code so illegible that they try time and time again to enter it only to be met with: “Incorrect code, please try again.”

After too many unsuccessful attempts, people grow frustrated to the point that many web designers nowadays don’t recommend using CAPTCHA as a method for preventing spam. One designer used the analogy:

“Using a CAPTCHA code on most sites is like using a Humvee to crack an egg”

to show how overly aggressive this technique can be.

In addition to user frustrations, these codes haven’t always been the solution to problems with spam.

In 2008 Google found that bots were being used to create thousands of fake Gmail accounts despite their practice of using CAPTCHA to block fake, computer generated registrations. Microsoft also found their Live Mail service was being targeted by bots which were also creating fake accounts.

Both of these instances proved that CAPTCHA had been broken. And like any responsible security service, the folks who developed CAPTCHA went to work on fixing the holes that were used to bypass their security measures.

But that only lasted so long as well. In addition to fighting scammers who use technology to exploit the vulnerabilities in CAPTCHA there is also the problem of outsourcing.

Spammers who don’t want to fight the system via superior technology have simply taken to paying people in China, India, Bangladesh and other developing countries to register by hand. These people sift through the jumbled text diligently typing each character into the box and hitting submit all for a whopping 80 cents per 1000 boxes deciphered. Some pay as high as $1.20 per 1000 and jobs like this are plentiful on the many freelancer sites out there.

New Vulnerabilities Found

Luckily, a good number of vulnerabilities are found by researchers whose intentions are to make security products better. People with phenomenal programming skills and the ability to think outside the box spend hours researching ways they can defeat computer systems in order to make them more secure.

So when a research team out of Stanford University claimed that they have found a way to defeat a number of CAPTCHA systems with a program called Decaptcha, people had to take notice.

The team, consisting of Elie Bursztien, Matthieu Martin, and John Mitchell, created a five step process that removes all of the distortion and noise from the images so that the computer can more easily read the challenge so that it can provide the correct response. And the results are pretty interesting. Visa’s Authorize.net was beat 66% of the time, Blizzard Entertainment’s CAPTCHA system was bypassed 70% of the time, other sites like CNN, eBay and Wikipedia also saw high success rates.

The only ones that were not beat by Decaptcha were those used by Google and reCaptcha.

The Stanford team said they have no plans to release Decaptcha to the public, however their findings mean that it is only a matter of time before criminal organizations find new ways to circumvent CAPTCHA yet again without having to exploit armies of third-world employees to do their dirty work for them.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

CAPTCHA Cracked Again

For the first part of the invite only phase, people were clamoring for invites. A search for Google+ meant weeding through the throngs of web pages either pleading for an invite or those offering them, and even though the social network is now open to everyone those sites still clog up the SERPs for that term.

People wanted them so badly that some of the lucky ones to receive an early invite were selling off their 150 invitations on eBay, Craigslist and anywhere else they could find buyers.

And when it was only open to early adopters, Google+ was a nice place to meet up, share resources and follow interesting people. The level of spam was relatively low during the first 20 million people because it was policed by the users.

Of course opening it up changed all of that.

A couple of public posts regarding spam on Google+ read:

Oof. So much G+ spam, typically in the form of “[fake-sounding or often Russian or Indian name] has shared a private post with you.” What a deluge in the last 48 hours. Bet the G+ dev team has their hands full with this issue right now. Update: shortly after posting this whiney G+ complaint, a spammer invaded the comments on this very post, with a “normal/non-foreign-sounding,” white, female, American profile.

I’m seeing the amount of spam growing exponentially since G+ opened to everyone. Are you?

Comment spam is getting really bad on G+. I would prefer to have a moderation queue rather than have comments show up directly. It’s getting to the point where it is difficult to keep up with the deleting & blocking of spam on my posts.

How can I block people in Google+? More an more spam here.

So it is definitely becoming a serious and annoying problem for many plusers to deal with.

But is that what Google had intended all along?

In an interesting post by Barry Adams for the State of Search blog, the author calls Google out and asks the question, is Google+ a honeytrap to study future search metrics?

The Case For

Despite any preconceived prejudices you have against Google there is one thing for certain, they truly care about the quality of their search results. And they are trying to keep them as solid as possible.

The latest Panda, or Farmer, update provides a stable argument for this as it was geared towards reducing the amount of content spam from the search engine results pages, or SERPS, and devaluing any links from content farms and other forms of link spam.

But Google also knows that the future of search lies within the social metric, not only the link metrics states Adams. So it needs to know how social media can be used to effect rankings. Since spam is a pervasive problem in social media through comment spam, fake shares and votes that are bought for pennies, Google needs to know just how social signals can best serve their ranking algorithms without giving spammers another avenue to exploit.

“I believe Google+ is a huge laboratory designed to analyse social behaviour in an effort to develop algorithms that can, with a high degree of accuracy, detect genuine and authentic shares and upvotes and let those count in Google’s search ranking mechanisms,” claims Adams.

And this wouldn’t be the first time Google released a product that merely served as a laboratory for something greater.

Ever used Goog 411? Many people did because it offered free directory information services instead of the pricey ones offered by phone companies.

But what Google was really doing was building a phoneme database from these voice queries so it could build a quality speech recognition engine for their voice search.

Pretty smart on their part, huh?

The Case Against

Of course, Google may just be offering its social network because it knows that in order to stay relevant, it needs to offer products that are relevant.

People share so much through Facebook, Twitter, StumbleUpon and other social tools because users trust what others recommend more than they do a search engine spider. So while shares and votes are certainly going to be part of Google’s algorithm, it could also be that they know the playing field is changing and they had better adapt.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The Google+ Experiment

Blogs are fertile ground for this type of promotion through the comment system used by blog software.

Spamdexing, or comment spam as it is more widely known, comes from the spam that originally appeared in forums and guestbooks. Spammers would visit these sites and post comments to the various discussions with links back to their sites. These links would help to increase search engine rankings as backlinks and are often counted as votes to a website’s popularity. The more votes a site gets, the more the search engine feels that it is a site worthy of a higher ranking for a certain keyword.

The links would also help drive some traffic to the website it is promoting.

Since the comments rarely added any value to the discussion, or the forum as a whole, the moderators often deleted these comments until it became too much of a problem.

Eventually, spamdexing was fought by moderators eliminating the ability to insert links into the discussions at all or setting a minimum number of posts or replies that a member needed to add before that member could include a link in their profile or content.

Enter Blogs

Eventually blogging software hit the market and made it easy for just about anyone, of any technical ability, to set up a blog that would allow the author to write posts and his or her readers to actively participate through the built in commenting system.

Due to how easy applications like WordPress have made it to set up a blog, you now have millions – over 152 million in 2010 – of blogs on the Internet. To spammers, that represents a high number of possible targets to infiltrate with junk comments to help their illicit cause.

Why it is a Problem?

Like the forums, links in blog comments would help boost a website’s ranking in some of the search engine results pages.

Add to this a flood of programs available that will automate the process of posting comments to different blogs and it is easy to see how pervasive this problem has become.

To fight back, Google encouraged the use of the rel=”nofollow” tag. What this basically does is tell the Google spiders to ignore any links with this tag so that the website in the link does not reap any benefit in the search engine results.

As any blog owner knows, it has done very little to stop the automated comments.

The Psychology of Comment Spam

Other methods have been employed by bloggers to help reduce the number of comments that add no value to the discussion but it is widely accepted that comment moderation by an actual human being is the only way to stop spamdexing.

But even like its technology counterparts, human moderation has its faults.

Like any spam tactic, comment spam relies on manipulation. When people fall victim to spam emails it is because they fall for the promises that tie into their emotions.

For bloggers, that emotion is pride.

Take a look at ten different blogs and see how many comments are similar to the following:

• Great post/blog!
• You really nailed it here. I have bookmarked your site and will be back.
• My friend recommended this site and I am glad he did. I am a fan!
• Can you tell me what theme you are using for you blog? I love it and want to use it on mine.

Each one of these comments makes the blogger feel good about themselves. And for new bloggers who don’t see many comments on their site, these are often viewed as a blessing.

But you should have noticed that none of these examples address the topic of the post. That is because the person who wrote them probably never read what the author wrote.

What they did was try to make the author feel good about their blog, content, design, etc. so that they would easily see their comment approved.

By nature we want positive feedback. It makes us feel good about ourselves. However if the compliment is not genuine then what value does it add?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why Bloggers Fall for Comment Spam

The attack attempts to dupe victims into downloading a report called “Blinded: The Decline of U.S. Earth Monitoring Capabilities and its Consequences for National Security” from the Center for a New American Security, a Washington D.C. think tank. The report is actually available from the organization’s website. If the victim falls for it and enters their Gmail account details into the provided form, they are sent to the scammers, who use it to take over the account which is checked several times daily. It appears the goal of this attack is to spy on the victims.

Google announced back in June that it has successfully disrupted the first attack, but the publicity hasn’t fazed the hackers at all. They made a few minor changes and kept right on going.

“Once compromises happen and are covered in the news, they do not disappear and attackers don’t give up or stop. They continue their business as usual,” said Mila Parkour, an independent security researcher based in Washington, D.C.

The Chinese government has denied any involvement but most experts aren’t believing it. The origin of the phishing attack was traced to Jinan, China, a location that has been linked to other attacks including one against Google itself two years ago. Government sponsored cyberattacks are nothing new and will probably become more and more common over the coming years as traditional warfare goes digital.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Gmail Users Hit With Spear Phishing Attack

The purists may suggest that we should never have made things smaller. They might even postulate that the age of innocence is over, and they would probably be right; but a new age is just beginning, and the dinosaur-sized PC that sits on your desk is now just that: a dinosaur. The ‘Big Ol’ Beast,’ as I like to call mine, sits there and stares at me sometimes, seemingly pleading with me: “pay attention to me!” “Use me!” it begs. “Bigger is better!” it pouts.

I just chuckle and Swype my finger across a shimmering sheet of Gorilla Glass, giggling like a school girl when a word is transposed into the message I’m composing, without my finger ever leaving the virtual keyboard.  Holding a fully functional computer in the palm of my hand is surreal and downright unbelievable, especially when I think about my first computer, an Atari 400 with a flat membrane keyboard, 4 Kilobytes of RAM, and the ability to display a whopping 256 different colors onscreen simultaneously. The wonderment I felt while pounding out (literally – you had to press hard on those keys) games in Atari BASIC seems like only yesterday, but the tech world is a time machine and I’ve been transported into the 21st century – where smaller is better, and just when you thought it was safe to download that new Sudoku game for your shiny new mobile device, you should think again. For as our tech gets smaller, so too does the world we live in.

“Mr. Data – Engage”

Allow me to dispense with a formality: it is Android of which I speak. I’m not going to get into a lengthy debate here, but I’m dismissing the iPhone and iOS from this discussion. While there are many millions who would vehemently disagree with me, I believe the Android OS, and the phones that support it, to be vastly superior to Apple’s offerings – and it appears there are many millions who would agree with me. As a developer who strongly believes in sharing over hoarding, I’m an open-source guy and always have been.

The problem with open-source is that while it promotes the highly admirable philosophies of collaboration, sharing, and (often) freeness, it also sends a message to the lowlifes and scum of the earth. You know the types: those who will scam little old grandmothers out of their life savings. The despicable cross-section of society that often makes me ashamed to admit I’m part of that society. The scammers and spammers – the pond-scum phishermen, as I like to call them.

Security Breach

Herein lies part of the problem: society just can’t turn down something that’s free. If the Android OS has one significant problem, it’s that its open-source nature allows anybody to put free or advertising-supported content on the Android Market. It’s no secret that Google has had their share of problems with previously valid applications being reupped to the Market, replete with all sorts of security exploits. And while it seemed strange to me to install a firewall and antivirus software on my phone, in my mind it was a pure necessity and the first thing I did when I set up my phone. (Note: this is where I tip my hat to Apple’s closed, often oppressive, approach to its marketplace. Oppressive or not, I never sensed a security threat to my iPhone).

Spam Magnet

That device in your pocket is infinitely more dangerous than anything you ever plugged a keyboard and mouse into. The open-source feeling and the sense that you’re holding a teeny-tiny little PC in the palm of your hand provides a false sense of security, one that turns your phone into a spam magnet. It’s easy to forget, especially if you’re not an IT professional, that not all spam filters are created equal. Indeed, the very nature of mobile devices means we use them on the go, making that device in your pocket a spam attack waiting to happen.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Bigger is Better: Why Your Pocket is Filled with Spammy Goodness

Of course, sudden growth has its problems. Early on Vic Gundotra, Senior Vice President of Engineering at Google, had to send out an apology to users. Apparently, the system had spammed those involved in the beta test because the servers ran out of disk space causing the system to send out notice after notice.

Unwanted email for sure, but spam? I would hardly think so.

However some insiders think that it is just a matter of time before users start getting hit by some really nasty spam inside the network.

Basing their theories on the fact that Facebook and Twitter have become huge targets for phishing attacks, many see Google+ as the next logical target.

Will it become a problem?

To get a sense of what Google+ users think of spam on the network, let’s look at what some of the most influential users have to say:

• Spam away, as far as I’m concerned, because I don’t want to miss something good just because nobody bothered to tell me about it! : )  +Will Wheaton
• One thing that’s been nice (so far) about G+ is the lack of spam accounts. There are lots of those on Twitter. +Wesley Fryer
• One of the things I have seen is that people will share posts with you to pitch you on their message. Sometimes this is very effective. Other times, though, I find myself blocking these people since their posts are pure sales/i.e. spam. Hopefully G+ won’t become a haven for spammers. How do we manage this? Should we be tagging the spammers back? +Steve Rubel
• Of course whenever we review a profile, if we determine that the account is violating other policies like spam or abuse we’ll suspend the account. +Natalie Villalobos
• Imagine SEO/SEM with spam weeded out through your circles & interests. Game Changer for sure! +Tom Anderson
• G+ allows you to actually see who you want to see without all of the ads and spam messages. +Robert Scoble
• Spam can be dealt with. Google is already very good at detecting this type of thing in Gmail, the rest can be crowd sourced. +Vic Gundotra

Now let’s take a moment to address the comment made by Vic Gundotra.

In Google+ fellow users can be blocked. If they insist on spreading junk you have the option to block them so none of their posts show up, even if they comment on someone else who you are following.

While invites are scarce, this method will work against those without the foresight to create multiple accounts right from the beginning. However, once this product gets out of beta, what will happen? Once a spammer is blocked too many times, he or she will just create another account. The same is true if they are kicked off the network for being reported as a spammer.

And, as any Gmail user can attest to, spam does get through their filters; no more than any other email service, but it does get through.

What holds the most promise for fighting spam is crowd sourcing.

The Google+ community so far has been extremely helpful to one another. A link that is spam would quickly be identified by other users so that others would not fall victim as well. Combining the users with whatever technologies Google employs to fight spam may very well take the profitability out of using Google+ to deliver spam.

I would be interested in hearing from other Google+ users as to their experiences with spam on the network and what they think will best keep it at bay.

Author’s Note –  many people are reporting that emails being sent to their inbox claim to contain a link that will provide the reader with an invite to Google+. The link actually takes the person to a pharmacy site offering drugs like Viagra, Cialis and Levitra.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Google+ Will It Become a Magnet for Spam?

Myths pervade every society and ours is no different. There are things that we hear, or read on the Internet, that we take as gospel truth because we fail to understand the truth behind the statements.

When it comes to spam, there are many different myths that surround it. None so epic as people flying too close to the sun or men fighting Cyclops on their way home from a far away land; however they are stories that shouldn’t be trusted none the less.

Myth 1 – If I include an unsubscribe link, I am not a spammer.

If you send unsolicited marketing messages indiscriminately, you will be considered a spammer. Including an unsubscribe link is only one of the requirements that marketers must do to be compliant with CAN-SPAM Act laws. Simply placing a link, and even honoring unsubscribe requests, will not help you shed the label of spammer.

To legitimately send bulk marketing messages, your recipients need to opt-in to receive messages from you. A double opt-in process is actually considered a best practice here so that people can confirm that they want to hear from you.

Myth 2 – Anti-spam software or appliance will stop phishing attacks.

While phishers use similar methods as spammers, the differences between the two are quite complex. Enough so that traditional spam filters have a hard time catching phishers who know what they are doing. Since phishing attacks are more sophisticated and targeted rather than random, anti-spam filters have a hard time finding these attacks.

Most quality anti-spam filters, both software and hardware based, include some type of anti-phishing engine that protects users against these attacks. Installing, and properly managing, anti-phishing technology can help prevent users from falling victim to these scams.

Myth 3 – If I click on unsubscribe, I won’t get any more spam.

When a legitimate marketer sends you a message and you unsubscribe, odds are they will remove you from their list. But remember, spammers aren’t legitimate marketers. And if they cared about CAN-SPAM they wouldn’t be sending you junk messages in the first place. What happens when you click unsubscribe is that the spammer realizes that they have an active email address. Knowing this, they will send you more spam. Worse than this, these links sometimes take you to a malicious website where malware will infect your computer so now you have something worse to deal with.

Only click on unsubscribe links from mailers that you know you subscribed to. Everything else you should add to your spam box and simply delete it.

Myth 4 – Spam is an email problem.

When we think of spam we tend to think of email messages offering pharmaceuticals, European lottery winnings or promises of instant riches from a Nigerian prince. But spam keeps up with technology and as we use more and more tools to communicate, spammers have more tools at their disposal to get their messages out. Text messaging, search engines, social networks and blog comments are just some of the newer targets for spammers.

Using appropriate spam fighting techniques for the various ways spam is sent can be a big factor in reducing the amount of junk messages you are sent.

Myth 5 – Educating users is the best way to fight spam.

Even the most technology-wise user will still be sent spam. Once a spammer has a way to contact them, efforts will be made to send them spam. While educated users are less likely to fall for the scams and lofty promises of spam, they are still the recipients of these messages. All it takes is one slip up and they could easily find themselves infected with malware or falling victim to illicit claims.

Education is a key component of any spam fighting strategy but it needs to be complimented with trustworthy anti-spam, anti-phishing and anti-malware technologies.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Common Spam Myths

The New York Times have begun to take issue with questionable search engine optimization (SEO) tactics and have been highlighting these black-hat techniques that are used to game the Google search engine. Their efforts exposed JC Penny and Overstock.com for illicit practices when it came to buying incoming links and now the Times have taken interest in how spamming Google places has become a profitable venture for those who find email spam just a bit too exhausting.

The Scam

Using locksmith services in Seattle as the scene for this story, the Times reported on how lead generation sites can flood the local search results with fake addresses to gain more favorable rankings in the search engine results page for specific keywords. In this instance, emergency locksmith Seattle.

In this type of scam the lead generation service sets up a listing in Google Maps for their target city that can be either a post office box or, for the more courageous, a fake address on a real street. Some local businesses even offer their address to these spammers for a small price each month.

The business name is then set up as using prime keywords and the name of the city, for example Seattle 24 Locksmith. Using other services like Yahoo Local, Yelp, Yellow Pages, etc, the spammer can build citations for the illegitimate listing.

Some spammers even go so far as to set up a blog, link build with comment spam and hire people to provide reviews of their service. Now they not only look like the ideal choice for a locksmith, but they have successfully built themselves up in the search engines so that true local businesses don’t stand a chance at out ranking them.

Now they move on to the next city or keyword and repeat the process.

So now the customer thinks that they are calling a local business with great reviews. Instead they are calling a phone bank, often located in a foreign country, which dispatches a locksmith that pays for their services. Some of the locksmiths are legitimate but the Times reported that, “all too often [they] do shoddy work and/or charge two or three times the estimate.”

Essentially, if a legitimate business doesn’t fall in line and pay up for customers through these lead generation services their business takes a huge hit. Basically, this is an example of digital extortion.

Is it Really a Problem?

So just how big a problem is this? According to Yelp there were 3,000 locksmiths listed in the Seattle area. Most, as it turns out, were lead generation sites.

For the customer this presents a huge problem. One story cited in the Times article explains how a local locksmith named Bob Strom responded to a call where a victim of this type of scam explained,  “A young man came yesterday, quoted me $49 to open my door, then he drilled my lock, charged me $400 and left — and now I need a new lock.” He went on to state that this has become a rising trend.

For businesses it represents just as much of a threat. Google’s Matt Cutts defines webspam as, “the junk you see in search results when websites successfully cheat their way into higher positions in search results or otherwise violate search engine quality guidelines.” And Google has spent a great deal of time and money to fight this growing type of spam.

Currently, certain industries are more susceptible to this type of spam than others. Those who find it most difficult to compete fall under these industries:

• Locksmiths
• Plumbers
• Carpet cleaning
• Movers
• Appliance Repair

But that doesn’t mean other industries won’t see problems beginning to arise as they lose business to those who find it easier to game the system than to produce quality, competitive work.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spamming Google Places

If you have been spending your holiday in a Luddite community, and are only just getting back online after a relaxing summer without Internet connectivity (how could you possibly relax without Internet connectivity???). Google+ is the latest invite only craze from the gang in Mountain View. I have heard it best described as being “like Facebook, but not Facebook” which is really all it took to get me interested, since I don’t do Facebook, but feel like I might be missing something as a result.

Like many of Google’s other product debuts, Google+ is currently in “invite only” mode, which is a great way to build buzz, make people want it if they don’t already have it, and to try to control growth. That last bit didn’t work out so well though, as last weekend the company that offers impossibly large mailbox sizes ran out of storage space on the system that tracks Google+ notifications. When a Google+ user (we’ll call them the lucky ones) adds you to a social circle within their Google+ space or comments on something that you have shared or posted, a notification is sent to you so you are aware of this activity. Think of it as email notifications for your wall as well as your social circle popularity.

Unfortunately, when the notification system ran out of space, it could not log that it had sent a notification, so it continued to do so, again and again, for a period of about 80 minutes. While not all Google+ users were affected, many of its estimated 4.5 to 6 million users were. Vic Gundotra, Google’s Senior Vice President in charge of Google+, issued a short but sweet apology to users.

Please accept our apologies for the spam we caused this afternoon. For about 80 minutes we ran out of disk space on the service that keeps track of notifications. Hence our system continued to try sending notifications. Over, and over again. Yikes. We didn’t expect to hit these high thresholds so quickly, but we should have. Thank you for helping us during this field trial, and once again, we are very sorry for the spam.

The vast majority of responses from users were positive, and understanding of the issue. Since this newest foray into social media is not even being promoted as a beta, but rather as a field trial, bumps in the road such as this one are understandable, and to a degree, expected. Mr. Gundotra’s open and direct apology and explanation were both refreshing, and should be a model for businesses who have similar user experience issues.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Google+ growing pains include brief spam storm

Google has announced it has blocked the entire co.cc domain and all it’s subdomains. The move comes as a result of what Google says is a high volume of spam coming from the domain. The block means sites using that domain will no longer show up in Google Search results.

The co.cc domain is owned by a company in Korea who allows people to register free subdomains with it such as mysite.co.cc.  The free service appeals to people who don’t have the means to pay for a top level .com domain and the necessary hosting. However it obviously appeals to spammers and cybercriminals as well, who are using sites registered on the domain to poison search results and create spam filled blogs. A few weeks back Google blacklisted the entire cz.cc domain for the same reason.

The blacklistings don’t seem to be doing a lot of good. The spammers just move on to another free domain. Researchers have detected a large volume of spam and malicious links coming from the co.tv and co.be domains. I suppose those two will be blacklisted next.

The problem here is the innocent people that may be using those services. When you block the entire domain they are punished. I experienced this first hand several years ago. I owned a channel on an IRC channel but started to frequently find myself banned from server. When I complained I found that someone who had the same ISP as mine had caused trouble and the server admin’s solution was to simply ban their IP whenever they acted up. They never gave a thought to the fact that IPs aren’t static and as a result they ended up banning everyone who used the ISP they belonged to.

I can understand why Google is taking this action, but I think it needs to be re-examined. After all, where will they draw the line? If a high volume of spam is found to be coming from aol.com, yahoo.com, or even gmail.com, what will they do? Will they stick to policy and ban the entire domain? Somehow I doubt it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Google Blocks Entire Domain Due to Spam

As a quick refresher to those new to this blog, spear phishing involves the use of e-mail that are crafted so that they appear to be coming from colleagues or friends.  The idea behind it is simple: users are far more likely to open an attachment or click on a URL from an e-mail coming from a known party.  And the elegance of spear phishing from the point of the attackers is how it takes only one successful message for their foray to succeed.  The stakes of a successful incursion are high indeed, if the “political dynamite” nature of the information stored within the IMF network is any indication.

And before you are tempted to think that spear phishing can’t be that common an occurrence, I’ve highlighted 4 Recent Cyber Crimes Involving Spear Phishing and Emails just a few weeks ago on sophisticated attacks such as Operation Aurora and the widely-publicized RSA network breach.  My personal take: Spear phishing will only increase in the months and years ahead.

The shift from juvenile fun to profit and espionage

I was reading news reports about the recent statements made by FBI director Robert Mueller, who gave his testimony as part of President Obama’s request to extend Mueller’s term by two years.

In a nutshell, the FBI is working hard to ensure that “the personnel in the bureau have the equipment, the capability, the skill, the experience to address those [cyber] threats.”

It seems inconceivable that some of the largest computer crimes that the agency is currently investigating include attempted hacks into the Gmail accounts of U.S. government officials and military personnel, and which are alleged by Google to originate from China.  What is clear however is that hacking has graduated from the juvenile fun to a deadly seriously game involving substantial profit or as part of state or industrial espionage.

It is also worth noting that hackers are resorting to the use of phishing techniques in order to open up the first cracks in the defenses of large and well-funded organizations.  In effect, the humble e-mail inbox has become a location that not only influences the relative productivity of employees, but is now seen as a comparatively weaker gateway into the core systems of corporate and government networks.

How does it concern me?

Businesses receive hundreds and thousands of e-mails on a daily basis and, in spite of automated systems and web platforms, e-mails continue to hold an important place in the conducting of business. Even when used against other companies, spear phishing erodes at and threatens to harm the trust placed in this important communication channel.

In addition, it is also unlikely that all the capabilities exhibited by the alleged state-sponsored hackers are developed internally.  There is essentially nothing to prevent these same tools from leaking into the larger hacker underground, or for these highly-skilled and trained professionals from leveraging their skills and tools for personal profit – at the expense of your company.

Fighting spam as part of the solution

The somber truth is that reducing spam will not solve the spear phishing problem.  However, it is not a task that is unnecessary either, since excessive spam lowers the guard of employees from actual spear phishing attempts that may be taking place.  It is undeniable too that the ability to correctly identify the authenticity of a message effectively filters out spear phishing attempts.

Not all is doom and gloom, however.  The news coverage and sheer scale and damage of recent spear phishing attacks are causing senior executives to recognize the threat that is trying to slip into the corporate Inbox.  Harnessed correctly, administrators and IT managers can harness this new awareness and expanded budget to take spam filtering and email management to the next level.

Has your company or yourself ever fallen prey to (or come across) a spear phishing attack?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The rise of state-sponsored spear phishing and why it matters to you

“Dear User, due to the congestion in our Gmail database,” the message reads,”We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date. To confirm your account kindly fill the account verification form After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.”

The link provided leads to a spreadsheet hosted on Google Docs, which may further convince those who fell for the initial message that it is indeed legit. Users who fill out the form provide turn over their names, email addresses, passwords, birthdate and other personal information to the scammers.

How successful this attack will be remains to be seen. While most people probably realize that there is no “congestion” and that Google would never ask for their passwords, there may be enough who see the fake header and link to Google Docs and end up being too trusting to make the scam successful. It’s not known if Google is aware of the scam yet-the link to the fake verification form on Google Docs appears to be still active. Since the attackers’ main interest seems to be email addresses, it looks like they are hoping to harvest a fresh batch to use to send spam or sign up for blogspot accounts in order to create spam blogs.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Google Users Hit With Phishing Attack

Google Docs is the cloud service from the Internet search giant that allows publishing, sharing, and collaboratively editing word processing documents, spreadsheets, and presentations, all of which are compatible with popular office suites such as Microsoft Office. Anyone with a free Google account can create the documents, and then choose to share them with specific individuals or with the public. Documents are accessed using a web browser and accessing a Google.com domain, such as spreadsheets.google.com. Access uses HTTPS which is secured using a certificate issued to Google.com, which means that traffic is encrypted, and browsers display the typical padlock icon indicating to many less savvy Internet users that a site can be trusted. That is not to say that Google’s site, and its services, cannot be trusted. Personally, I am a heavy user of Google services including Gmail, Google Voice, and yes, Google Docs, having been a beta participant in almost every one of their services since 1997, including Buzz and Wave.  And I do trust them, at least as much as I trust any corporation.

It’s the content malicious users put up on the document sharing services from Google and others that cannot be trusted. Many people may not be able to make that distinction, and unfortunately, that is what malicious users launching phishing attacks using documents hosted on the cloud service providers’ sites are counting on. They hope that a user sees a link to a Google site and gives it instant credibility, since they trust other services on Google. If the document is more heavily targeted to a user, requiring that they log on to their Google account in order to access it, which can carry an even stronger impression of trustworthiness to users.

But since service providers are not required, nor in many cases even able, to screen the content submitted by their users, the bad guys have found yet another way to target victims, proffer their wares, and attempt to convince people to give out their sensitive information. Just as we need to educate our users not to open attachments in email unless they know the sender and were expecting the attachment, and that they should never provide their credentials to anyone, as admins we need to start raising the awareness of this latest attack vector, educating our users to treat links to anything that they were not expecting as suspect, and the always think twice before submitting any kind of personal information to any website, no matter what the domain name or colour the address bar may be.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spear Phishing Attacks the Cloud

An increasing number of these ‘friend requests’ are starting to hit inboxes of registered YouTube users everywhere. These requests come with the topic “username has invited you to become friends.” Maybe YouTube thinks it’s Facebook now, or is at least trying to jump on the bandwagon of letting users ‘friend’ one another. It stands to reason, considering they have a like button already. These messages are relayed through the YouTube service, so they are not exposing your email address to spammers, but the friend request is about as spammy as any other. Much like email spam, the username contains a string of numbers.

Clicking on the hyperlinked username is safe. It takes you to the YouTube page to see the sender’s profile. Common to all of these, the users have a number of friends, but no videos available. In their profile is a link to their website, and that is what you need to be wary of.

These links are either obfuscated with a link shortening service, or they can be links to a blogger page that then redirects to another site, which invariably is either a spam site trying to sell you something, or worse, a compromised or malicious site that tries to infect your computer with malware.

Email admins may want to consider adding the string “has invited you to become friends on YouTube” to their word lists, and raise awareness amongst their users to help them protect their personal computers from these tactics. In addition to raising awareness of this with your users, friends, and family, there are some steps you can share with them which they can take to help reduce the amount of noise hitting their inbox from YouTube, and to counter the activities of these.

1. If you get one of these messages, check the user’s profile to see if you know them and be very careful about clicking any links on their page. It’s better to be safe than sorry.
2. If the request is obviously spam, click the report spam link in the friend request.
3. Update your Privacy settings on your account. You can restrict search and contact settings to allow only friends to send messages or share videos, and to only let others find your channel on YouTube if they have your email address. Of course, if you are trying to increase viewership you won’t want to do this, and it won’t block friend requests, but it will prevent other spam messages being sent through YouTube.

If you have a YouTube account, have you started to see these messages hit your inbox?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

YouTube enters Facebook territory with Friend Request Spam