Friday 13 April 2007

Chatroom Pimping: New Spam Technique

Interesting spam from Taiwan. Just a single line containing a link to a Skype chatroom. What caught my eye was the chatroom subject embedded in the link:

Special price of the wrist-watch

Random thoughts:

  • Clearly what's going on here is the need for spammers to remove as much Bayesianable text as possible from their messages.
  • There probably needs to be a way that we can report these to Skype so they can quickly take 'em down. Spamcop doesn't work -- Skype is refusing abuse complaints.
  • Presumably if you were foolish enough to join the chat, you'd get bombarded with ads. for fake Rolexes and the like. Possibly also a vector for malware.
I was foolish enough, but the host was offline. Watch this space for updates on what happens...

Wednesday 11 April 2007

IDC's Spam Stats are Conservative?

Mark Levitt

Mark Levitt is the "Program VP for Collaborative Computing and the Enterprise Workplace" at IDC. His name is on a new report that includes some stats that have raised a few eyebrows.

Ars's Nate Anderson said:

New research from IDC claims that this will be the year in which spam outnumbers person-to-person e-mail for the first time.

Huh? Don't we hear from anti-spam vendors all the time that spam is 60, 70, 80, 99% of all email? Is Levitt living in a timewarp?

Well, reading between the lines of IDC's press release, it seems to me that we're comparing apples with oranges. I think Mark is including the number of legitimate messages that stay inside an organization. This is typically a whole lot more than the amount that comes in from outside. It might easily double the number of messages a user receives.

According to my latest estimates, an "average" email user (whatever one of those is) receives around 40 spam messages per day and 15 legitimate. Me? I get more like 500 spams/day, but that's including several spamtraps.

I love Brad Linder's comment:

Spam filters are a lot better than they used to be, so really what this means is that nefarious companies will continue to send messages that nobody will read this year.

Oh yeah, and the Ars story got dugg, too...

[Hat tip: Techmeme]

Monday 9 April 2007

CEAS Spam Filter Bakeoff

The fourth Conference on Email and Anti-Spam (CEAS) is planning a bakeoff this year. In the CEAS 2007 Live Spam Challenge, the organizers hope to simultaneously inject a live stream of spam and legitimate email into several spam filters over a 24 hour period.

However, fair comparative testing of spam control technologies is extremely difficult -- by some measures, it's impossible. Because some promising filter techniques rely on examining the real-time behaviour of the sending machine, it proves tricky to provide the exact same stream of email to all the filters at the same time.

For example, some filters attempt to "fingerprint" the sending machine's operating system -- the idea being that, say, a Windows 98 PC has no business submitting email direct-to-MX. In a test that replicates an inbound email stream to several servers, it's tricky to allow the receiving filters to send IP packets back to the true originating IP address in such a way that is fair and equitable for all test participants.

In its defense, CEAS recognizes this difficulty by excluding greylisting from the list of permitted techniques. I'll be watching this one with interest.