Category: Spam

Posted on
by

These people are no longer amusing. I’ve been getting about 10 messages a day from them. On Friday I actually had to add a rule to the server config to detect their domain names, since half of them didn’t score high enough to get labeled as spam. (Bayes training helped, but not enough.) And some of their ads are for really sick stuff – not just garden-variety porn, but fetishes I don’t even want to hear about.

They all have the same structure, the same types of misspellings, the same type of Bayes poison, and point to a website named after food. And while names like “hot carrot soup dot com” and “sexy naked sushi dot com” (I won’t list the exact URLs, since that would only improve their page rank) were funny at first, their persistence has gotten %@*! annoying. Why the heck do they need to send me 10 messages a day advertising what’s clearly one site? And why cluster them?

Mandated opt-out links aren’t enough. Even if spammers weren’t already known to ignore/abuse requests to be removed, it’s obvious that these aren’t complying with other provisions of federal law (fake return addresses, no street address, no “SEXUALLY-EXPLICIT” tag on the subject line), so why should anyone assume they’ll honor the unsubscribe links?

The two main email accreditation companies (OK, the only two I know of), Habeas and Bonded Sender, hold their clients to opt-in only criteria. So did California’s stillborn anti-spam law (superseded by federal law the day it was to go into effect). Why couldn’t congress do the same? I do think CAN-SPAM is better than nothing, but it’s done little to stem the tide in the 5 months it’s been active.

Posted on
by

I’m sure you’ve seen spam that includes random bits of text, maybe out of novels or legal documents or lists of sayings. They do this to confuse filters that learn based on messages people classify as spam or non-spam. The idea is that if there’s enough garbage mixed in with the spam, these filters will see non-spam patterns in the spam — or just miss the spam patterns in all the noise — and be less effective.

Well, one just came across my desk that started with this highly appropriate phrase:

Doubt is the beginning of wisdom.

This was followed by sensationalist “best product” and “unbeatable” deals. (You know, the $50 copy of Windows XP that they’ll probably claim fell off a truck or something.)

In other words, the kind of post that just needs more salt.

Posted on
by

This one was sent to ftp@(a domain name we host):

Your Loan/Mortgage Application has been processed and
we can finance you at a low 3% rate.

Funny, I don’t remember “applies for refinancing” on our FTP server’s list of capabilities!

Posted on
by

I’m not sure I’ve ever seen so many misspellings of “college” in one email! Excerpts:

Real Cllgeoe Girls

Neeswt Tnocoelhgy for Gteting Off!

Find out what these cleolge girls REALLY learend at shocol….

And my favorite bit, the label for the unsubscribe link:

Hold Off This Rubbish

All the obfuscation did nothing to disguise the spam – it still got labeled – but it does make for some entertaining reading!

Posted on
by

Yahoo has finally released its specification for its DomainKeys email authentication scheme. Included is the following patent license (emphasis added):

Yahoo! will grant a royalty-free, worldwide, non-exclusive license under any Yahoo! patent claims that are essential to implement or use any Implementations so that licensees can make, use, sell, offer for sale, import, or yodel Implementations; provided that the licensee agrees not to assert against Yahoo!, or any other Yahoo! licensees of Implementations, any patent claims of licensee that are essential to implement or use any Implementations.

Yodel?

Posted on
by

I just received spam advertising a book about fascism. It’s not your typical spam — it just looks like the introduction to a book, placed in email and sent — unsolicited of course — to random people around the net. It was fairly well written and not obfuscated, so it didn’t trigger much in the way of spam filters. (The great irony is that by misspelling and breaking up words to get past filters, spammers are making it easier for people to spot, making themselves look horribly unprofessional — would you really trust the product from someone selling “druuugs?” — and creating new, definite spam signs. When you see 10 drug names all misspelled with strange symbols, you know it’s either a spammer or a 14-year-old IRC junkie trying to be L337.)

They even made the effort to include a full plain-text equivalent alongside the HTML version, for the benefit of people who don’t trust or can’t read HTML mail.

And that brings me to the funny part, this statement from the plain-text version:

If your e-mail software does not support html, please click here.

Two problems: aside from violating W3C QA guidelines on link text, it makes no sense, because there’s nothing to click on!

They tried. They really tried. But they forgot to ask whether I actually wanted to be on their mailing list. (Oh, and the “click here” thing was funny.)

ยปAll pages site-wide with this tag