Saturday 2 December 2006

Now! That's What I Call Spamming!

Occasionally, I remember to read Andy Clarke's blog, And all that Malarkey. Doozy of a post earlier this week. Spammers, take note (yeah, right; dream on)...

At about 4.30, the phone rang. Now I've written before about telephone salesmen, but this was a call with a difference ... Not only did [he] identify himself upfront to save me the job of interogating him, he actually asked, and very politely I should add, if it was OK to contact me. My defences came down and, Holy smokes, I even asked him right there what his software did ... So I gave him my email, this guy has class. Now, here is the odd thing. For the next two hours I was actively waiting for this guy to email me! Two hours in which I was wondering about his software ... he made me think about his product and about the experience of dealing with him (hell, I'm even blogging about it).

Tuesday 28 November 2006

I Got 25,000 Spam Messages in Two Days!

Late last week, some idiot spammer decided it would be a neat trick to send a metric boatload of spam messages in my name (see also Joe Job). I estimate that in the space of 48 hours, his botnet spewed a million messages that appeared to come from one of my domains.

Unsurprisingly, a small percentage of those messages bounced. Guess where the bounces ended up? In my email. All 25,000 of them...

What can we learn from this?

  1. Symantec's Brightmail spam filter is really good. OK, I kinda knew this already, but the Brightmail filters that sit in front of my mail service did a near-perfect job of sifting out the bounces from the real email.

  2. Way too many email servers are badly broken, to the extent that they bounce email to unknown addresses, instead of rejecting it. Some of this is down to configurations that accept everything at the perimeter and only later decide the mailbox doesn't exist, but mostly it just seems to be broken software. (If you run a mail system that does this, for the love of all that's holy please fix it.)

  3. Way too many ISP abuse desks seem to think (2) is perfectly acceptable behavior.

  4. Way too many sites allow their users to auto-reply to email willy-nilly. Don't these people have spam filters? Amusingly, some do, as can be seen from the SpamAssassin-like headers added to the bounced spam, yet even though the message scores higher than the spam cutoff, they're still kindly letting me know that they're out of the office.

  5. Way too many ISP abuse desks seem to think (4) is perfectly acceptable behavior, too.

  6. Challenge/Response spam filters are a royal scourge. (See blog posts passim). It's not my job to filter your spam for you.

  7. SpamCop is still an excellent resource.
Some spammer probably thinks he's been jolly clever and put one over an "anti". However, the state of the art in spam filtering is just too good.