Wednesday, November 20. 2013
this spammer does not appear to have fully mastered their comment generation scripts:
{
{I have|I've} been {surfing|browsing} online more than
{three|3|2|4} hours today, yet I never found any interesting article like yours. {It's|It is} pretty worth enough for me.
can we get some better quality spammers please?
Tuesday, September 17. 2013
updated - got the unsubscribe link wrong
i just got a spam in the inbox that doesn't look like any i've seen before.
Subject: Your Neighborhood Is On Lockdown Due To Child Predator Alert
It's trying to panic you into visiting the site (which I will not link to here, i suspect it's a malware site that will only be live for a short period of time). But the "unsubscribe" link is pretty funny:
I do not care to know when predators are in my neighborhood here
Where the trailing here is a link to, perhaps, another malware site.
Saturday, July 6. 2013
Prior postings on the subject are Here and Here.
It turns out I know someone who works in the corporate complex that owns prweb who is well versed in network abuse issues, and the situation is getting looked into. So I plan to stop stirring up trouble for the time being.
Friday, July 5. 2013
after the link spam incident discussed here i sent a polite inquiry to prweb asking whether link spamming using links to their service was a ToS violation. They have responded:
Dear Richard,
Unfortunately, PRWeb can't control where our users choose to post their press releases. It may not have even been an individual client who sent this spam release, but a spam bot.
We apologize that your blog site has been spammed with this release. Unfortunately, PRWeb didn't send the spam email and thus we have can't regulate this kind of activity
Best regards,
Marti
PRWeb Editors
PRWeb, a Vocus, Inc. Company
5160 Industrial Place, Suite 103
Ferndale, WA 98248 USA
This is of course, fundamentally unsatisfactory. They have Terms of Service which their customers must agree to and the ToS can of course contain limitations on how they use the links.
Now to ask the person whose name is on the release about the link spamming incident.
Someone just tried to link spam a blog I manage. It got kicked into automoderation. I found it somewhat entertaining, as the link was to a press release on www.prweb.com plugging an online reputation management service. It appears that they are not worried about having an online reputation for link spamming.
I'm not revealing the details just yet, as it is a possibility that this is a Joe-Job. But more than likely it's someone setting up as a reputation consultant who isn't really very competent or knowledgeable about what they're doing.
In the meantime, I have submitted a inquiry to prweb as to whether or not link spamming is a violation of their Terms of Service. I'll be very interested to hear their response.
Wednesday, March 30. 2011
I got an email from Rotary International the other day. As incoming president of Albany Rotary, I can expect to get these things, this one was reminding me of a membership goal form I need to prepare as part of the runup to becoming president in July.
Unfortunately, as someone who has been involved in EMail for a long time, I have to say that this particular message was more than a little weak when it came to best practices. I don't think this is entirely Rotary's fault, i place most of the blame on Blue Hornet, their EMail Service Provider (ESP), a group that has been around for a while and is supposed to know better than to do what they did.
How did I become aware of the problem? Well, the email client I use, Thunderbird, warned me the email from rotary might be a scam. Why did it do that? The message included a link to the pdf on the rotary site, which in the message, looked like http://www.rotary.org/RIdocuments/en_pdf/membership_club_goal_form_en.pdf. The problem was that secretly the link was really http://echo4.bluehornet.com/ct/10998940:13419053082:m:1:995605161:6ADF5EA5CA9CE09181F7544C92C68802
Why is this a problem? Basically, much if not most of the scam email in the world uses the trick of showing one link and really going to another. This is why Thunderbird calls it out and warns you about these messages.
I'm really disappointed, this is stupid and unnecessary, and I have no idea how hard it's going to be to get this fixed. And it needs to be fixed...
Wednesday, March 31. 2010
- Whois Privacy
Many legitimate businesses buy whois privacy without really thinking about how it makes them look. Many illegitimate businesses turn it on because they have an interest in hiding.
- Mailbox stores
Postal addresses in Whois that turn out to be in Mailboxes, Etc. stores are a red flag
- obviously bogus postal addresses and phone numbers
Mismatching states, zip codes and area codes are a dead giveaway.
- postal address in Boca Raton, FL
Are there any legitimate internet businesses in Boca?
- no web site
Whether this is a blank web page or an apache "your installation worked" page, it's a clue you want to hide.
A year and a half ago, a deer tried to occupy the same space as my left front fender, and thus proved that two solid objects cannot in fact occupy the same space. I used the Travelers Insurance concierge service to handle the repairs and they ended up farming the body work out to DeNooyer Chevrolet (who did a decent job with the repairs, I might add.)
So suddenly today I got a helpful email message from DeNooyer via an anonymous outfit, vu7s.com, indicating that as a valued customer, if I wanted to receive promotions via email all I had to do was, well, nothing, they were going to just start sending them.
Here is a list of facts as I see them:
- I was never DeNooyer's customer, I was Traveler's customer. DeNooyer presumes too much.
- I never gave DeNooyer my email address. They got it from somewhere else, without my permission
- I don't play opt-out games, I never "click here". I did what I usually do, I instructed my mail server to reject all email from *.vu7s.com
What the vendor appears to have done for DeNooyer is called epending. They probably sold DeNooyer a service whereby they correlated names with likely email addresses and just started sending. It's an error prone process that sometimes has some pretty awful side effects if the wrong email address gets tied to a name. Just say NO to epending.
Tuesday, March 30. 2010
As the Internet deployment of IPv6 goes forward, folks are starting to collect info on the deployment of junk email over IPv6. Here are some stats from RIPE on the subject.
Their study is not particularly rigorous, in particular they have spam blocking in place on IPv4 that is not present for IPv6 (see their section on Methodology.) Their comment about DNSBLs is a concern. They are right in that DNSBLs are controversial, but some are more controversial than others, and sometimes the manner of usage is what is controversial - direct blocking at connect time is a very different thing from Spam Assassin scoring, and some DNSBLs are really bad for the former, but fine for the latter. They don't actually say what they are doing, they just indicate that they are using some unspecified DNSBLs in some unspecified manner. Another issue is that they don't really indicate which spam control measures are turned on for IPv6 vs IPv4; as far as I know there aren't any significant IPv6 DNSBLs yet (one clear difference between their IPv4 and IPv6 data), but I'd like to know if they have their greylisting turned on for v6?
Finally, I'd like to know how they can refuse connections to MTAs when the target address does not exist. A receiver has no idea what the recipient address will be when the initial connection is requested.
|