The CAN-SPAM Act is supposed to protect us from unwanted commercial email but some U.S. based spammers, who usually call themselves direct marketers, have found a loophole to get around the requirements placed on them by the law.

CAN-SPAM says commercial emailers must provide a clear and easy way for recipients to opt out of receiving further messages and they must promptly honor those requests. What some sleazy marketers have found however, is that they can get around having to do so by changing their name. They send a blast of spam as XYZCompany at XYZ.com. They get a flurry of opt out requests and instead of honoring them, they change their name to XYZCompany1 at XYZ1.com.  More spam sent, more requests received, and they change their name again, this time to XYZCompany2 and XYZ2.com.

What can be done? It’s up to the U.S. to change the law to say that direct marketers and commercial emailers must get permission from consumers BEFORE sending any of their spam. In doing so the U.S. will fall into line with spam laws in most other countries.

Will this happen? That’s anyone’s guess. The Supreme Court’s decision to allow businesses to spend as much as they want on political campaigns may have a less than pleasant effect on the law. In the meantime, if your company is using this practice, stop. It’s not legal and it’s not good business.

The U.S. Federal Trade Commission has fined a New Zealand man $15 million; Spamhaus claims this is one of the largest spam gangs in the world. The gang, operating under the names “Canadian Healthcare” and “HerbalKing” has been operating since 2005 and has sent billions of spam messages hawking male enhancement products, weight loss pills and other pharmaceuticals. The spam messages directed the recipients to websites owned by an affiliate network called Affking. The sites claimed to be offering drugs from U.S. pharmacies when they were actually shady black market drugs made in India. They also stole credit card information and personal data. The gang appears to have made their profits from all three operations – the fake drugs, the affiliate network and the data harvesting.

The drugs are untested and could be dangerous if used. The gang leader, Lance Atkinson, and his partner Jody Smith, were also ordered to turn over all their assets, which amount to over $1 million, and Smith faces jail time. Their company, Inet Ventures Pty Ltd, registered in Australia, has received over 3 million complaints from consumers. Spamming seems to run in the family. Atkinson’s brother, Shane was fined over $112,000 earlier this year by a New Zealand court for his spamming activities.

Atkinson is a New Zealand citizen living in Australia, which will make collecting on the fine difficult. He’s not required to pay unless he enters the U.S. Smith however, does live in the U.S. and will soon be sentenced for conspiracy to traffic counterfeit goods, which he pled guilty to. The conviction carries a maximum 5 year sentence.

The FBI has issued a warning about a new phishing attack targeting PR firms and lawyers. The messages contain business specific subject lines designed to trick the recipient into thinking it is a legit message. The body of the message contains either a malicious link or attachment that when clicked will download a file called “srhost.exe” from a site called d.ueopen.xom (URL purposely mistyped to avoid accidental clicks). The FBI is warning IT departments to block any traffic discovered from ueopen, a domain registered in China as it is a definite sign their network has been compromised.

Security experts say attacks against legal agencies are increasing due to the large amount of personal and financial information they possess. Such personal data is highly sought after on the underground cybercrime market and can be used or sold for a handsome profit.

This latest warning came as the Government Accountability Office released a report saying that cyberattacks against the U.S. are rising sharply and that as a result of the increasing connections between the Internet and information systems, hackers are being presented with more and more opportunities to do things like disrupt telephone service or the power grid. The GAO says it is critical that the U.S. do more to protect its infrastructure and critical services and increase its level of cyber security.

The idea of a per email charge isn’t anything new. Goodmail did it years ago – or tried to. Not surprisingly it was a dismal failure. Still, some experts insist it’s an effective way to deter spammers. After all they aren’t about to shell out money to send their messages. The problem with virtual postage is that legit users have to pay too, and that’s just not something most people are willing to do. They figure their monthly payment to their ISP is enough, and who can blame them?

Continue reading Yahoo! Revives Pay Per Email Model to Fight Spam»

Most of us have got accustomed to using spam filters, so we never even see most of it. The spam that does get through, we tend to ignore. We just glance past it, delete it, and never bother reading it, because we’re used to the suspicious headings and the tip-offs that classifies it as an advertisement. Anything coming from a barrister in Nigeria, or a crooked banker in South America goes straight to the trash, as do all the ads for pharmaceuticals, get-rich-quick schemes, and secret tropical fruit juices that are used by people on some island in Southeast Asia where they all live to be 100 years old.

But it seems, one man’s trash is another man’s treasure, and there are a few people out there who actually want those fruit juices. If you’re one of those people, here’s a tip: I used to buy that same juice that the multi-level marketers sell for $40 a bottle, when I was living in Bangkok, from street vendors for about a half a dollar. Be that as it may, now and then there is an ad that catches my eye. Yes it’s true, sometimes those ads do peddle something useful, like printer ink cartridge refills, which I regularly purchase. But I suppose to lots of other people, those ads are spam, too.

Continue reading Who responds to spam?»

The Conference on E-mail and Anti-Spam, held in Mountain View, California this week, brought to light some interesting trends in spam and research on where it comes from. According to a report in today’s MIT Technology Review, new research highlights just how spammers get their email address lists in the first place, and how they relay the messages.

According to a paper coming out of Indiana University that was presented at the conference, it is common for spammers to gather email addresses from Web pages, in much the same way that a search engine’s spider works. When you print your email address on the Web, you’re risking spam–automated spam crawlers, constantly survey the Web, looking for email addresses, and sooner or later, it will get to yours. The research showed that when you include an email address on a comment board on a web site, there is a high probability of receiving spam. But what about when you register on a web site? It’s very common for a web site to require user registration to gain access, and this is a legitimate way for a site to operate–you’re in essence, trading your email address for access to information. But the registration process is less likely to result in spam, especially when more legitimate and mainstream sites are conducting the registration.

Is there a way to stop the spam crawler programs? The researchers say yes, and it should be a straightforward process to block them and thereby protect email addresses submitted to a web site from being harvested.

A common technique seen throughout the Internet is to replace the @ symbol with the word “at”, to foil the automated harvesting mechanism. Surprisingly, this very simple technique has proven to be highly effective.

The Indiana University researchers recommended users exercise caution when divulging email addresses–and also noted that spam can arrive very quickly, in many cases, in less than an hour after entering an email address on a web site. The spamming crawlers tended to be fairly aggressive as well, ranging from visiting two times per minute to over 50 times per minute.

The spammers and scammers are usually pretty speedy to “monetize” (I really hate that word!) a situation. For example, in the PIFTS.exe matter, malicious websites were updated to use PIFTS.exe as a lure before Symantec were able to react publicly to the matter (read the link for the full story), so it’s somewhat surpring that it’s taken them so long to “monetize” Conficker. But, as you would expect, they have indeed now realized that Conficker does indeed provide them with an opportunity to make some bucks and started using it as bait. As reported over at the Sophos blog, spammers are now sending messages which attempt to shock people into downloading and installing a malicious file:

          Dear Windows User,

On April 1st, 2009 the “Conficker” virus began infecting Microsoft Windows users extraordinarily quickly. Microsoft has been alerted by your Internet company that your system is showing signs of infection. In order to prevent further infection we advise checking your computer with antispyware software.

We are giving all effected Windows users with a free scanner to secure their computers. Please visit … etc., etc., etc.

The link in the spam leads to a website which attempts to entice users to download a … surprise, surprise … malicious file (Mal/FakeAV-AH, accoring to Sophos).

Continue reading Scareware Scammers Monetize Conficker»

According to a report on shadowserver.org, a new Trojan, which is a variant of Waledac, has appeared in spam that invites recipients to go to a web site to view a Christmas e-card. The spam claims that the victim has received an e-card. When the victim goes to the web site, they download an executable (ecard.exe or postcard.exe), which triggers the release of the Waledac Trojan. There are several different domains to where the victim may be directed, all with innocuous names like “bestchristmascard.com” or “livechristmascard.com”.

Unfortuantely the multiple domains are difficult to shut down because they are part of a fast flux network, and every time the domain is resolved a new IP address is returned.

According to the report, there are striking similarities to the Storm worm, including the use of a fast flux network, multiple name servers for each domain, the use of the ecard.exe and postcard.exe files which were also used by Storm, and a drive-by exploit in domains.

Continue reading Have a spam-free new year»

At least once a week I get a call form an email user complaining about email being rejected. The complaint goes something like this, “I tried to send our monthly report email to a group of people, but quite a few were rejected.”  I explain that many email systems like AOL, MSN, Earthlink etc. will reject email, if it contains more than 10 to 15 email addresses. The email systems consider a long list of email addresses within an email to be spam. Yes, you know the people to whom you are sending the email. Yes, the email addresses are valid. Yes, you are not sending spam. Unfortunately email systems don’t know the difference between friendly emails and spam. Email systems are programmed to reject email, if there is a bulk amount of email addresses.  I recommend using a List Server (LISTSERV) for mailing lists. A LISTSERV can handle thousands of email addresses and successfully send email to all email systems without spam rejections.  That is because a LISTSERV controls the mailing so each email system receives it as one email address at a time.

Continue reading Why to use a LISTSERV for your email groups»

A good cook has the ability to take something ordinary and turn it into something that looks elegant. Take Spam, for example, (the luncheon meat, not the email); every cooking magazine, household journal, and recipe section of the newspaper will have at least one article at some point on how to dress up Spam to impress your friends and family. Some of the pictures of those dishes look pretty good, too.

Spam (the email) can also be dressed up to look more elegant, and like those luncheon meat recipes, can be very deceiving. Cisco’s 2008 Annual Security Report provides some insight into how spammers are becoming more sophisticated. Now when you open up that can of luncheon meat Spam and plop it out onto the plate, you can immediately recognize it. The meat itself takes on the shape of the can, and it has little bits of gelatin around the edges. You can also recognize your garden-variety email spam as well, almost immediately. When it plops out into your email box, the email spam also has a recognizable “shape”–it is usually generically addressed, with little bits of poor grammar around the edges, and it’s trying to convince you to do something you wouldn’t ordinarily do.

Continue reading Cisco reports targeted spam on the rise»