November 03, 2004

Spammers Convicted

(via Slashdot) Two spammers were convicted under a Virginia law for spamming.

Jurors who convicted Jeremy D. Jaynes, 30, and Jessica DeGroot, 28, later sentenced Jaynes to a nine-year prison term and fined DeGroot $7,500 for three convictions each of sending e-mails with fraudulent and untraceable routing information.
It's refreshing to hear that a spammer has finally received jail time.

-Chris

Posted at 11:53 PM in SPAM | Permalink | Comments (0) | TrackBack

September 22, 2003

Anti-Spam Testing

Network World tested 16 anti-spam tools against all their email for the month of June. Looks like Postini came out on top.


-Chris


Spam Q&A
Spam and Statistics

Posted at 01:40 PM in SPAM | Permalink | Comments (0) | TrackBack

July 07, 2003

Scam Spam

An interesting question was proposed on my LUG mailing list. Is there a technical term for spam that tries to lure people in to giving away their passwords?

I remember the term "password fishing" from a story I read about a famous spammer named Rodona Garst. Apparently she was sending spam to aol users that stated they needed to provide their logon information using her "aol looking" web form. This web form would push the stolen account information back to Rodona Garst and her company Premier Services.

I tried google and everything2 for "password fishing" without any results.

-Chris

Posted at 01:45 PM in SPAM | Permalink | Comments (0) | TrackBack

June 30, 2003

Helpful Spam Prevention Tips

I enjoyed reading Dru Nelson's article on SPAM Prevention.

On November 19, 2002, I was getting 10-20 TCP connections per second from around 300 different IP networks to my machine at a colocation facility. I checked the source IPs and they were coming from all over the globe. The destination email addresses all conformed to a simple pattern; this indicated that something was performing a simple algorithmic attack. My computer was really sluggish from queuing all of the bounce messages. My qmail queue was over 13,500 messages at that point. In fact, I couldn't even send out email through the machine's localhost interface. The load caused all sorts of timeouts for other systems on the machine.


My worst spam problem was being the recipient of a joe job. I received around 200 bounce messages to one of my email accounts. After doing some searching on Google, I learned this is a very common problem.

I despise spammers.

-Chris

Posted at 01:15 PM in SPAM | Permalink | Comments (0)

June 11, 2003

Fighting SPAM

I read an interesting article in Network World Fusion on spam. Two authors get the chance to argue for technology or law to combat the spam epidemic. Paul Grahm, best known for his paper,"A Plan for Spam,"advocates using filtering technology to fight spam. Jason Cattlet, President and founder of Junkbusters Corp, argues his case for introducing laws to fight spammers.

I think a combination of both law and technology will slowly start to weaken the growth of spam. Some interesting links on this controversial subject are below.

  1. EFF's Position Paper Have you donated?
  2. Lawerence Lessig's Spam Bounty Hunters
  3. Chip Rosenthal's comments for DNSBL
  4. My post about RMX
  5. David E. Sorkin's site on Spam Laws
  6. David E. Sorkin's Technical and Legal Approaches to Unsolicited Electronic Mail
  7. List of known DNSBL

-Chris

Posted at 12:47 PM in SPAM | Permalink | Comments (0)

May 29, 2003

Case for RMX

I read a really nice article by Mike Rubel supporting the use of RMX records to help prevent the spoofing of the FROM: header.

This document supports and encourages the adoption of Hadmut Danisch's RMX resource records for DNS. RMX records are intended to make email forgery difficult by providing a mechanism for a domain owner to list all mail servers authorized to send email on behalf of his or her domain name. They eliminate the most serious drawback of SMTP--the meaningless From: header--without breaking any core internet protocols.

The RFC is a little dry to read so stick with Mike's article.

Chris

Posted at 01:15 AM in SPAM | Permalink | Comments (0)