Spammers getting desperate...
 

Recently checked my gmail junk box. I know that captchas prevent spam, but now spammers seem to be using captchas to (try) to get around spam filters:
http://i5.tinypic.com.nyud.net:8080/4hc3j15.gif

I've also noticed things like "buuy vxxxiaagria" and "go to http://www..druREMOVEgmedsitebest.com/ but remove the REMOVE and the 2nd . dot"

wow. Looks like spam software is progressing nicely if they have to use things like that to get by it. I have to say though, Gmail does a fabulous job of filtering out spam.

I’m getting desperate, too
 

.
I’m getting a bit desperate, too. Or at least very very annoyed.

Last spring I was receiving perhaps a handful of spam emails per month. Tops. Naturally, I failed to understand this "Spam Problem" everybody was talking about. In the course of the autumn it really took of -- like a cancer out of control.

Just after new years I’d had enough. I reset my MS Entourage preferences to max security: receive emails only from senders in my address book.

It seems to me I should be able to do better. After all, as far as I know, most of the spam is sent as "blind copy". So I’ve been looking for a way to block the receipt of all BCC email, allowing only that where my address is explicitly type in. (Oh, I know that I would have to forego a few newsletters, but that seems a small price to pay.)

Unfortunately, I haven’t figured out how to do that yet. (Grateful for tips!)

My dismal conclusion is that there are only two cures for the email pandemic... But I’ll put those thoughts in a separate thread.
.

If anything gets past gmail's spam filter and then past Mail.app's, I mark it as junk and it learns. I don't get spam.

Yes, my filters learn.
However, I still feel a need to go periodically go through the emails that have been filtered out as junk. I’ve found job queries there, which otherwise would have been lost work and lost income.

Yeah I get a ton of offers to purchase penny stocks and levitra meds but everytime I just hit (Junk) and it tends to self filter from then on afterwards. Man I would hate to have to go through a hotmail or yahoo address on a regular basis...

It seems spammers are using anti-spam techniques to send spam. Image captchas, the messREMOVEage inserting thing, the oBfu5cati0n...

Wonder what will be next...

Sadly, anti-spammage is a reactive sport. Spammers are way ahead of the curve generally, and as soon as an anti-spammage haus catches up.. well the spammers come up with new ways to overload bayesian filters and whatnot. It's a sad fact that spam is here to stay.

I should note, I used a throw away alias recently to sign up with XBox live support. That's all I've used it for as far as I remember, or as far as my inbox is concerned. Guess what I got in that account just the other day?

I don’t get it.
 

So what is your conclusion as to how the spam gets to the address? I don’t get how the mail slips through to an unknown address -- unless the email provider itself is seriously compromised ("slip this through to all users with this domain name..."). How can someone put something into a mailbox that they don’t know exists?

I suppose I lack technical insight, but I really would like to understand this.

Sometimes spammers just use name lists against a domain. I often see connections trying to send to every common and not-so-common name in my domains, things that don't exist and never would have existed. When I looked in my cable internet e-mail account once, it was full of spam although I'd never actually used the account.

Would the following be possible:

1.) Set up a bunch of non-existent dummy accounts for any given domain.
2.) Conclude that those who send email to, say, any three of these accounts are non-human bots.
3.) Automatically block all mail from those IP nos. to given domain.
4.) Blacklist those IP nos., and if necessary IP providers along the path, effectuating a more comprehensive "denial of services".

Absolutely, that can already be done. I don't recall the product name however.

On some of our higher-profile Linux servers we automatically blacklist your IP if you fail an SSH login three times. Same could be done with failed SMTP attempts or whatever.

The other anti-spam technology that's available right now but barely used is SPF, which compares the sender's IP with the sender's claimed domain and if it doesn't match, it blocks that mail.

So why don’t IP providers that handle, say, a million email accounts with the same domain name implement such a strategy?! Wouldn’t that reduce spam to a trickle? At least for their users. At least for the time being...

What if all IP providers did so?

Should we have any sympathy with the owners of botnet computers who might obviously get screwed?

Are those naïve questions?

Anything that will alert an oblivious user of a zombie pc can only be a good thing in my mind. The tech support department of the service providers may take a hit though having to tell the thousands of zombies why they've been blocked. Who knows, maybe that's precisely why they haven't implemented that solution.

In the past few days I've noticed a massive increase in the amount of spam in my Yahoo mailbox. It used to be one or two a day as their spam filter caught the vast majority of it. But yesterday there were over 40 that got through and another 30+ today.

I wonder what the spammers did to defeat the Yahoo filters?

I suspect that in addition to perhaps known names "attacks" that they also send to all-three-and-four-letter-combinations@knowndomain.com

I have a couple of domains with multiple email addresses and commonly the people with very short names start getting spam before others and in greater quantity. I dunno, maybe more common names? My first thought was brute-force randomization.

I assume that Microsoft or the XBox Live spin off sold my email address.

Possibly. Some spambots try a kind of 'brute-force' method of trying somewhat random email addresses.

So far, gmail has filtered every single spam message except for the one captcha. It appears to be filtering those out now, too.

Desperate spammers -- but not educated
 

.
I just gotta share this spam that I received yesterday, because I thought it was so hilarious. Spelling mistakes are left intact:



Prestigious non-accredited unversities. Right, there are lots of those!

Gee I hope I qualify :)

Problem here is that people can't use their ISP's mail server without also using their ISP's email address. Add port 25 blocking and server blacklisting and we solve spam by blocking all email :D

Something similar happened a short time ago here in Tokyo - an ISP said that they were blocking outgoing port 25 and would you please use our mailserver. No problem - only one setting to change. Then, mail got bounced with "Not a biglobe.ne.jp address". I'm so happy I don't work at their support desk.

But you can use a remote server on alternate ports. For example, you can use your Gmail account for SMTP on secure ports, which are not blocked. There's no reason that others can't do the same (many do).

They certainly can, but it's a major headache for the ISP's support desk. My mail provider offers an alternate port but it's request only info - they don't publish it probably on the grounds of those who know enough to ask also know enough to use.

No, the ISP wouldn't do that, the mail provider does it. For the 99% who uses their ISP's mail servers, this won't be an issue. Anyone who wants to use a foreign mail server/account would then have to learn how to send mail through THAT account. Google gives really easy instructions on their site, so anyone else could too.

My ISP, in France (Free) recently blocked port 25.
You can still open it by a console if you want it.

I think that's a good measure, because it isn't very intrusive, and will block a lot of zombie machines, whose owners had no idea of what was happening.