Please create an account to participate in the Slashdot moderation system


Forgot your password?

Bot Nets Behind Recent Spam Surge 389

gsslay writes "Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams. The Register reports that anti-spam companies have seen a 30% increase in the last two months and, more worryingly, more of this spam is getting through to mailboxes due to the spammers' change in tactics. Rather than use unsecured mail relays spammers are using bot nets, making spam harder to identify and eliminate. Bounced spam is also on the up, and some experts reckon it's past time to start worrying. "
This discussion has been archived. No new comments can be posted.

Bot Nets Behind Recent Spam Surge

Comments Filter:
  • by suso ( 153703 ) * on Wednesday November 01, 2006 @10:11AM (#16672153) Homepage Journal
    Honestly, it was past time to start worrying about 2 years ago. Two years ago I was had the feeling that the rising amount of spam was going to cause significant problems to the point where mail servers would no longer be maintainable and the internet may become unuseable. But now here we are, nothing truely significant. More spam taking more space and driving the load up a bit on servers, but not necessarily cripling everything as we expected.

        I also haven't really noticed this increase that people have talked about lately. On average I receive over 11,000 spam messages a month to my primary email account. Here is the count per month for the past two and a half years:

    2004-07: 9088
    2004-08: 9057
    2004-09: 8990
    2004-10: 14318
    2004-11: 9910
    2004-12: 11521
    2005-01: 11251
    2005-02: 9381
    2005-03: 10843
    2005-04: 10084
    2005-05: 11785
    2005-06: 10987
    2005-07: 10505
    2005-08: 9333
    2005-09: 9704
    2005-10: 12329
    2005-11: 12394
    2005-12: 14934
    2006-01: 13764
    2006-02: 13235
    2006-03: 14562
    2006-04: 11946
    2006-05: 14204
    2006-06: 13801
    2006-07: 9671
    2006-08: 10395
    2006-09: 11373
    2006-10: 12221
    • Smarter Spammers (Score:4, Interesting)

      by eldavojohn ( 898314 ) * <eldavojohn AT gmail DOT com> on Wednesday November 01, 2006 @10:14AM (#16672185) Journal
      It's not about the amount that comes to you, but rather the tactics being used. I think the spammers have learned to make it past Bayesian filters and, as a result, we can't just automatically dispose of mail. More and more of it is making into mailboxes whether it's attaching dummy text to fool the filters or just making the pitch come in the form of an image and using good text to get that image to the user.

      Are your mailbox counts filtered or unfiltered? If so, what strategy is used?
      • Hmmm, odd... I have seen more spam in my spambox but really, no more has made it in to my inbox, and all with Bayesian filtering based SpamSieve, so my anecdotal results don't match with the story... lucky me, I guess =)
        • +1 haven't noticed more spam.

          Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams.

          One option is SpamBayes []. After a little training with the regular spam I was receiving, very few false negatives and I haven't seen a false positive in months.

          Not affiliated, just a satisfied customer.

      • by gunnk ( 463227 )
        I think you're right that Bayes is getting beaten -- that was really just a matter of time in the ongoing arms race. The text padding in the spam I get is MUCH larger than the "spammy" portion. In fact, the spam itself is now often just an image -- Bayes can't help me there!

        I've set my email to be whitelist only: if you aren't filtered INTO my inbox, you're rejected. However, the rejection message contains a whitelist keyword -- any message with my current keyword in the subject line gets through. The
    • I too am not noticing the increase. Now I've got my e-mail everywhere (and I do mean everywhere) without any hiding. And yet I haven't noticed any spam increase. In fact, I barely notice my spam as it is. That's mainly because of Gmail's spam filter though :) With it, you don't need to worry about spam.

      Although it would be nice to get something more proactive done about it.
      • by mgblst ( 80109 )
        Don't know if your are just talking rubbish or really lucky. I used to get about one a week with gmail, now I wouldn't be surprised to get 1 everyday. At least 4 or 5 a week.

        However thought of these stock tips spamming was a genius. There is no way they can be traced to a company, and still a chance of making some money. Bastard.
        • Has anyone tried charting out these stocks they try to pump and dump to see if their tactics actualyl work at all? It blows my mind that anyone falls for those things....
          • by jfengel ( 409917 )
            As a matter of fact, somebody has. BBC article [].

            Conclusion: you can make 4-6% per day on this, which is an astonishing sum of money. Slashdot [] discussed it at the time.

            • Re: (Score:3, Informative)

              by mgblst ( 80109 )
              Just to clarify, you can lose 8% a day, the Scammers can make 4-6% a day. I thought that I need to point this out, in case some silly fool gets the idea of following the scammers advice.
              • On the flip side, I wonder how many people are making money by following the opposite of the spammer's advice?
              • by jfengel ( 409917 )
                Yes, thank you. Scammers make money; idiots who listen to scammers lose money.
      • I'm also very promiscuous with my email address... and just like you it's because Gmail takes care of all the crap, simply and effectively.

        I've been noticing a Spam surge recently... but only because I keep an eye on my gmail spam category. Right now it reads thus:

        Spam (5343)

        That number represents the # of Spam in the last 30 days for those that don't use Gmail. For a while now I've hovered around 2000 or so... but it's been steadily climbing over the last several months. Luckily Gmail does a good job an
        • I'm also very promiscuous with my email address... and just like you it's because Gmail takes care of all the crap, simply and effectively.

          But google is (so far) a nice company, and I don't like to do that to nice companies. This is why I use hotmail for all subscription crap. I sign up for ALL the newsletters with hotmail.
        • by jfengel ( 409917 )
          It's unfortunate, however, that with that much spam you can't hope to scan your inbox for false-positives. I used to, and now I just hope that there isn't any, or that they'll re-send if it was important.
    • by Trifthen ( 40989 )
      I also haven't noticed the increase as much. Then again, I'm a bad admin and disallow dynamic IPs from sending mail to my system. Botnets have no teeth when the systems that have been compromised are summarily ignored.
  • AI to Stop the Spam (Score:5, Interesting)

    by eldavojohn ( 898314 ) * <eldavojohn AT gmail DOT com> on Wednesday November 01, 2006 @10:12AM (#16672165) Journal
    I know it's an old article, but Paul Graham's A Plan for Spam [] seems as applicable now as it ever has. It's not the best but even when international alliances [] (albeit recently formed []) can't stop spam, you have to start using your imagination.

    But this Bayesian strategy has been overcome by the spammers. They use hilariously strange word ordering trick the spam filter and lower their threshold (see Graham's Lisp code) down to an acceptable range. Here's a piece of text from some spam that made it into my mailbox this morning:
    However 'Beyond' is also butt ugly, the first week's worth of posts are a bit boring and the blogroll is narcissistic.
    And it goes on for about 7 paragraphs with absolutely nothing to do with its pitch. It's because of this nonsense that it makes it into my mailbox in the first place.

    How do we eradicate this problem? What strategies do we use next?

    Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing. Yes, I know it sounds absurd but I really think that an engine could be written in Prolog using WordNet or another dictionary with some basic English rules in an attempt to parse and analyze incoming text.

    Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?
    • by gnasher719 ( 869701 ) on Wednesday November 01, 2006 @10:23AM (#16672295)
      Right now, spam goes past spam filters by including a large amount of random nonsense text that resembles English language reasonably well. So we will get spam filters that detect large amounts of random nonsense text. So spam will include text that makes actual sense. Give it twenty years, and your average spam email will consist of 300 pages of text that is better than anything Shakespeare has ever written, followed by two lines begging you to buy viagra. Thirty years, spam will be two hour Quicktime movies better than anything you can watch in the cinema today, with the hero using viagra bought from the spammer in the right places.
      • Re: (Score:2, Funny)

        by Tsagadai ( 922574 )
        I think your onto something there. In no time at all my spam will be a better read than the mail I get from my illiterate contacts.
    • It's interesting, these rarely get through on my spam filter...

      But, I do a couple things that helps:

      The filter doesn't 'auto train', I only train it on uncertain mails. I notice a problem before where overtraining could cause a lot of false positives. Also I have about 850 "spam" trained mails and about "450" not spma mails. So far, my false positives have only been from my boss sending me one-liners with just urls in them. My false negatives have been these "lotsa random words" things, but they still mostl
      • I only train it on uncertain mails. [...] So far, my false positives have only been from my boss sending me one-liners with just urls in them.

        You really need to "train" your boss... :)

    • by Ctrl+Alt+De1337 ( 837964 ) on Wednesday November 01, 2006 @10:27AM (#16672373) Homepage
      Your post advocates a

      (X) technical ( ) legislative ( ) market-based (X) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      (X) It is defenseless against brute force attacks
      (X) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      (X) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      ( ) Armies of worm riddled broadband-connected Windows boxes
      (X) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      ( ) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      (X) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      (X) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      (X) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      (X) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
      • Of course I agree with the great "Your Idea To Fight Spam Won't Work" cookie cutter doc, but I take issue with one aspect of it - indeed, the chief aspect of the proposed solution:

        The "enteral arms race of a filtering application." I mean, on one hand, sure, that's not the ideal solution, and it has its share of issues and kinks that need to be ironed out.

        But on the other hand, doesn't this really seem like the ultime answer to spam anyway? From a practical standpoint, we just need to continually and vigila
    • Bayesian Has Failed (Score:5, Interesting)

      by ObsessiveMathsFreak ( 773371 ) <obsessivemathsfreak@ e i r c o m . n et> on Wednesday November 01, 2006 @10:53AM (#16672687) Homepage Journal
      Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing.

      No. Bayesian filtering has failed, just like every other filtering method before it. Modifying it will not work. Adding OCR for image text will not work. Creating a new filtering mechanism will not work. The spamming will continue, more and more of it will get in.

      Frankly, given that both processing power, disc space, bandwidth etc, are all increasing, I for one foresee the current spam/ant-spam arms race continuing indefinitely, with the amount of spam sent slowly increasing, and the amount caught by the filters being just enough to keep the amount of spam you get into your inbox at in and around a constant level. It's an endless cycle.

      I say, turn it all off. All of it. The filters, the blacklists, the whitelists, Spamhaus, the lot. Let every single spam sent reach its destination, if just for one day. Let Joe Sick Pack finally realise the scale of the problem and just how much strain is being placed on mail servers. It will be both terrible and beautilful at the same time.

      Then take off and nuke the site from orbit. It's the only way to be sure.
      • I get roughly 1000 pieces of spam per day (spread across 6 email accounts -- the big offenders are Yahoo Japan, which came with my BB service and gave me an alternate email address which is algorithmically guessable, and my college account which I used when I was young and stupid and has been floating around the spam lists ever since). Of these, a grand total of five will penetrate POPFile (Bayesian filtering and thats all). Of the 300 non-spam mails (and perhaps 25 mails of interest, the rest being work-
      • Re: (Score:3, Insightful)

        by Tom ( 822 )
        After some years of fighting the war, I've come to agree with parent.

        There are a lot of very innovative anti-spam techniques out there. Teergrubing, greylisting, blacklists, baysian filters, now we get OCR and what-have-you.

        Problem is: Every filter is a tool for the spammer. Since the filters are readily available (and have to be), the spammer can just take them and tweak his spam until it passes.

        I'm with parent. Let's make the problem obvious. Let the world drown in spam for a couple of days, a week or two
    • Re: (Score:2, Interesting)

      by denoir ( 960304 )

      Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?

      There are already far better methods than Bayesian classification. For a comparison with neural networks [] and support vector machines [] see this blog posting. []

      So why aren't they used? The answer is two-fold. First of all Bayesian filters are very fast to train and very fast to use. Neural nets are computationally expensive to train and fast to use while support vector machines are expensive to both train and us

    • Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?

      Such an approach may generate capable and powerful natural language parsers. Rock on. But as a solution to spam it really is a case of "naive (computer) scientist."

      The most direct approach to stopping spam is breaking these botnets and the most direct real-world approach to breaking these botnets is cleaning up the mess that Microsoft has made of their OS.

      And I'm not flamebaiting because if it were Lin

      • Unfortunately, it's not largely done in XP. Last I checked, it's still possible yield control of your computer by clicking on a popup box while in IE. Likewise, I can still install a malicious program from within Firefox, albeit with a couple more clicks.

        I really don't blame Microsoft (or Mozilla) for this; if a user is bound and determined to do stupid things, they can't be stopped.

        The solution? Beats me. Shoot all the idiots, maybe?

  • Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams.

    You mean I wasn't getting emails for being the most popular penny stock buyer in America?
  • Current Problems (Score:3, Interesting)

    by herwin ( 169154 ) <herwin.theworld@com> on Wednesday November 01, 2006 @10:20AM (#16672257) Homepage Journal
    I've been noticing a lot of the pump and dump spam recently, partly because non-existant addresses associated with a domain I own have been used as return addresses. I've also recently learned that the address of an academic website I maintain on a university server was poisoned on at least one major DNS so people accessing the website were redirected to a fake site that attempted to take over their machine. It's really getting rough out there.
  • "The client called me up to say, 'I've probably got a thousand e-mails in my inbox that seems to be nothing by bounce backs from spam,'"

    LOOK!!! A clue!!!
    • LOOK!!! A clue!!!

      But a worthless clue, because they're little you can do about it. I was shocked last week when I found 2551 messages in my personal email inbox (where I normally get five a day). Holy crap! Bounced spam was coming in every couple of minutes.

      This didn't happen because I had a bot, or was compromised, or was running Windows, etc, etc. It was because the spammers were spoofing my email address. My solution was to get my ISP to block all returned mails at the server. If you have a big mega-ISP,
  • I think 2 simple solutions can be combined.

    1- As in IM, no one can email you if you have not emailed before.

    2- For first time email, the receiving server could sent back a []CAPTCHA or a product of two large primes to factorize.
    The captcha would be solved by the human sender, or the factorization problem by her MUA. Nowadays email is almost instantaneous, this would not add a noticeable delay. All the protocol could be implemented over current email protocols with little mo
    • by Svartalf ( 2997 )
      The problem with using the MUA to factorize is that the spam spraying engines can do the same thing.
      Captcha's are a little better, but only really slightly. Most of them can be busted quickly with
      modern machines- and once they've done the captcha, they can spooge the crap to you indescriminately.

      What needs to be done is better design and an actual re-think of email with a new RFC- but that's not
      likely to happen; if it were it'd have happened a long time ago instead of all this reactive crap
      to the problem.

      • The problem with using the MUA to factorize is that the spam spraying engines can do the same thing.

        The point of the forced factorization wouldn't be to prevent a spam engine from being able to perform the same task. The point would be to make it financially infeasible for spam engines to do so. If it takes 10 seconds for an extremely fast processor to factorize the primes, it's going to be very difficult for a spammer to send out the 10 million emails that make him money. Make that 100 seconds and it's
        • Sorry to say- 10 seconds to send something is "okay". Nearly 2 minutes to send something, even if it's
          done in the background with a batch processing thread- it's stupid. It's as bad as the problem it's
          attempting to solve. Sorry, just don't buy that one- answers to the problem need to be FIXING things
          not just shifting the problems about. Also keep in mind that spammers aren't using a single machine to
          spooge spam to you now- they're using botnets. What does it matter if you take 100 seconds to send the
    • by sqlrob ( 173498 )
      So, how does the factorization stop compromised clients like these bot nets? Computing power is free to them.
    • What about things like emails from graduate schools? I am applying right now and a lot of the communication comes from places I have never emailed before(I apply on the web and they send me an email confirmation and an email of the results, usually from different addresses). Should admissions secretaries be inundated with captchas? There are thousands of sites like that, I think that most people would find the cure worse than the disease.

      So what about prime factoring? Well, a huge amount of email no
    • no one can email you if you have not emailed before.

      Wrong. I get spam in my never-ever-used ISP provided address. The only thing that address is legitimately used for is to receive billing invoices from my ISP.
    • Good luck trying to buy things online. How does one email a web site? How do you even know what form their first email to you will look like?
    • Aren't lots of factorizations just the kind of things these large botnets sending out spam today would be great at? Or even Captcha parsing?

  • by andrews ( 12425 ) <alan AT tieless DOT com> on Wednesday November 01, 2006 @10:25AM (#16672329)
    Over the last couple of months the spam count on my mail server has gone from an average of 10K a day to over 20K a day. I had to turn off virus scanning and actually drop some of my spam filtering because the server couldn't process the mail fast enough. Now I'm having to upgrade the mail server hardware to handle the increased SPAM load. I'm sure I'm not the only one forced to do this.... SPAM gone from an annoyance to a financial problem.
    • by LinuxDon ( 925232 ) on Wednesday November 01, 2006 @10:37AM (#16672481)
      Wouldn't DNS blacklists be something for you?
      It would certainly solve your load problem.
      There are a couple of providers who can provide the lists commercially for heavy load mailservers.

      See my post earlier today at: =16671889 []

      (Ps. I'm just a very happy blacklist user)
      • An obvious point, but do make sure if you do go down the blacklist route that everyone affected by it - i.e. every user with an account on your mailserver - agrees to the use of blacklists and is happy with the idea that some non-spam messages will inevitably be blocked, and that they won't be notified when this happens.
      • But with the arrival of spam spooging botnets, it becomes a little more difficult. They can forge all kinds
        of legit domain name/address combos that have NOTHING to do with the actual spam (Hell, I've gotten all
        kinds of bounces from my domain and others I get mail from, claiming I sent the spam and I never did any
        such thing...). As they get more clever, blacklisting will become less and less effective- and can cause
        other problems like blacklisting legit domains without open relays, etc. It's a reactive so
    • I get about 6k a day to my aging server, and the spam filtering cannot keep up. It's not an even trickle: some times of the day, it's several attempts per second. That's faster than the filtering software can handle.

      Legitimate senders are getting "warning: could not send for past 4 hours" and then phoning me to ask if I've received their mail. The CPU and memory load spikes from time to time, and then it's not possible to login until it settles. (A known weak spot in Linux.) If I lower the resources al
  • Original article (Score:3, Informative)

    by TomatoMan ( 93630 ) on Wednesday November 01, 2006 @10:25AM (#16672331) Homepage Journal
    Credit where credit is due: this article is from SecurityFocus. The Register just scraped it. []
  • Image to text (Score:3, Interesting)

    by Overzeetop ( 214511 ) on Wednesday November 01, 2006 @10:25AM (#16672337) Journal
    If we could OCR these incoming images, maybe that would eliminate at least the deluge of stock pumpers. I made the mistake of setting an autoreply on my account recently (at the server end). Now I get a zillion bounce-spams using my domain (I monitor a catch-all) and randomly generated usernames.

    I think law enforcement should be working harder at catching spammers (internationally, if necessary) than they are at tracking down copyright infringers. Not because of any moral posture, but because I suspect the total economic impact of spam is greater than infringing use of content. I also think the prohibition against cruel and unusual punishment should be lifted.

    Hey, now that I come to think of it, maybe spam is a bigger issue than oil. I say we start invading countries with spammers!
    • by Xzzy ( 111297 )
      Now I get a zillion bounce-spams using my domain (I monitor a catch-all) and randomly generated usernames.

      I haven't gotten a single spam to my "real" email address, but my catch-all has been getting hammered the past month with bounces. It seems about time to disable them, I wonder what percentage of emails floating around are actually just errors from spammers sending to nonexistant accounts.

  • Today I finally got an ebay phising scam spam e-mail that was almost good enough to fool me, if I hadn't been paying attention:

    1. It looked like a real question from eBay.
    2. It was actually for a real item I had listed (albeit a closed auction listing).
    3. The contact name was a real eBay bidder, and clicking on the linked name brought up the actual eBay user's page.
    4. BUT...clicking on the response button took you to a sign-in page on a phising site.

    Most of the eBay phising attempts I get are pretty laughable, but this was good enough to be worth warning about, as someone has finally written a sophisticated enough phising bot to send these out based on listings.

    So, if you weren't already doing this before, to answer eBay mail, go in through your MyEbay link rather than any mail link to answer eBay mail.

  • by user24 ( 854467 )
    I saw this on* and TBH I just thought "tell me something I don't know" - seriously, who is suprised by this?

  • so I can smash their FN hands with a hammer.
    They'll have to do their spamming by holding a stick in their FN mouth.

    I'm so sick of this shit.. They fly in totally under spamassassins radar. I have SA threshhold set at 2.1 and this shit still scores less than a 1.0..

    I'm about ready to whitelist the people I know and blackhole everything else.
    • re:I'm about ready to whitelist the people I know and blackhole everything else.

      Not a bad idea but instead of a full blacklist, do a greylist and Whitelist.
      Any address on the Whitelist gets through your email server @ full speed.
      Any address NOT on the Whitelist gets through your email server @0.01% of full speed (or even slower).
      This will bog down the spammers email server and make your server a place to avoid if they want to hit more suckers/hour.
      I know the SW exists for email servers on Linux (?called Tar
    • Oh yes, you hit the nerve right with this one. Spammers are worse than petty thieves, burglars and even carjackers: they steal time from millions and millions of people all at once. In severity_of_crime = impact_of_crime x number_of_pple_affected, they score below Pol Pot and Stalin, but way above Charles Manson, I suppose. Causing serious grievance to a dozen people is effectively on the same scale as causing a minimal nuisance to hundreds of millions, at least in my opinion. One murder brings the death pe
    • It sounds like your not using any other UCE protection. "hello" checks and rbl's are absolutes then use header checks to really lock it down. After you have all three of those in place then educate spamd with a shared spam email box or a trap email address. Another thing you can do is submit the ip's of spam email to ORDB []

      I've seen more than a 300% increase in spam being blocked during the month of October. I've seen at most a 1% increase making it through; but, I attribute tha
      • Does anyone have a program that can crawl through a spam mailbox and pull out the IPs of the originating machines, based on the headers?

        Obviously you'd have the problem of forged headers, but usually you can find an IP if you trace the headers back to the first "trusted" network (a major ISP or backbone server) and see who they received the message from. That's probably either your spam source or your open relay.

        Then you could just dump the IPs into the ORDB for checking automatically, and put the zombie-ma
  • bot wars (Score:5, Interesting)

    by MECC ( 8478 ) * on Wednesday November 01, 2006 @10:36AM (#16672469)
    I recently saw a surge from about 15 spams a day to well over 200. So, I got a spamcop account, and changed my email to go there, and then from there I forward it to where I read my email. Now I'm back down to about 15 per day. Spamcop catches the rest, and they land in my 'held mail' folder, where it takes about 10 seconds to report as much spam as I want. In the email account where I actually read my email, I pushed up the sensitivity of the spam filters, and now I see maybe two a day in my inbox. I just report the rest to spamcop.

    Maybe we need bots to fight the bots. Bot Wars. In a galaxy far, far, away...

  • Where are those anyway? I never saw them.
  • Not so hard to catch (Score:2, Interesting)

    by pscottdv ( 676889 )
    If law enforcement really wanted to catch these pump-and-dump spammers it would be easy to do. Just investigate the people who have purchased large volumes of the penny stocks being spamvertised. I doubt anyone cares enough to do it, though.

    Oh, and Slashdot? If you keep hitting me with animated advertisements that cannot be closed, I will be moving to Digg.
    • Re: (Score:2, Interesting)

      Most pump/dump scams are now driven by identity thefted accounts. Steal identity, open an account, establish ACH-Out to a local bank, then an ACH-out to a foreign bank, buy 100 shares a day of the cheap stock for 3 months (multiplied by several accounts across several brokerages to stay under the radar), start the 'pump' hit your profit margin (less than 10,000 per account), then siphon the illicit accounts.

      Last weeks press relating to Ameritrade and E*trade taking huge losses (22Million+ in writeoffs),
    • by mpe ( 36238 )
      If law enforcement really wanted to catch these pump-and-dump spammers it would be easy to do. Just investigate the people who have purchased large volumes of the penny stocks being spamvertised.

      It should be possible for law enforcement to track down the vast majority of spammers. Even if they are purely fraudsters they still need to have somewhere to ask people to send money to.

      I doubt anyone cares enough to do it, though.

      As with corporate crime...
  • It's been past time to start worrying a long time ago. There used to be a slim chance to fight spam by closing open relays (or blacklisting them) and using legal methods. But going through the legal system to fight spam is not easy in countries such as China and Russia (let alone Vietnam or Nigeria). The German computer magazine c't had an article on bot nets sending spam in april 2005: []

    That was pretty much the time I started worrying.

    When I read that Microsoft o
  • I see a lot of nonsense text, but no ad. No stock tip, no viagra, etc. Just nonsense. How do you make money not even trying to sell something?

    Is it just an attempt to desensitize my filters, so that maybe an ad can get through later?

    Or are they just "email terrorists" trying to DoS email altogether, with no commercial agenda?

  • by Ignorant Aardvark ( 632408 ) <cydeweys&gmail,com> on Wednesday November 01, 2006 @10:44AM (#16672567) Homepage Journal
    Let's face it, email is a broken protocol. It has no built-in safeguards against these kinds of attacks. The problem I'm seeing is that we're giving up and just saying it's inevitable, when it's clearly not. There's lots of good methods out there that stop spam cold in its tracks. Some sort of actually enforced sender ID protocol would be a good start. The problem is that everyone thinks the current system has too much inertia, and that it can't be replaced.
    • Re: (Score:2, Insightful)

      by FirmWarez ( 645119 )
      Yeah, but any replacement won't focus on "safeguards against spam attacks" but rather "let's toss net neutrality out the window and figure out how to make a buck". That's my fear, not that the current system can't be replaced but that "special interests" will make sure that any replacement favors the big guy. That opens up some scary cans o' worms...
  • sendmail w/Joe Jobs (Score:3, Informative)

    by nuintari ( 47926 ) on Wednesday November 01, 2006 @10:45AM (#16672579) Homepage
    We have seen a huge increase in the number of Joe Jobs [] lately, and as a consequence, our postmaster mail is filling up at record pace. Yesterday, I saw bounce notices from a single Joe Job coming in at several thousand a minute. Literally, thunderbird could not open my postmaster folder. I had to copy /dev/null into it, wait a few seconds, and open it with mutt if I wanted to see any of the data. Over fifty 50% of our processing time was spent sending mail to the postmaster admins, and we had a backlog of 25,000 messages. Our dual mail server beast could not keep up, fortunately, we found out why.

    By default, sendmail uses a single queue runner. We found this, and not amavis, was our bottleneck. The single queue runner is fine for low and medium volumes, but fails miserably when presented with a huge volume of mail. So we fired 4 queue runners instead, and increased the number of available amavis children to compensate. The queue runners each have a behavior:

    1) the default sendmail queue runner, starts at the front of the queue, and runs serial through it, then starts over.
    2) tries to find the oldest members of the queue and process them first. Keeps stuff from being left alone for very long.
    3) tries to find letters that are all going to the same mail server, and send them together. This one is awesome, as it opens a single tcp connection, and sends as many letters as it can. No time waiting for tcp handshaking per letter.
    4) hops around the queue at random, and sends messages.

    The combination of these four queue runners, and we have seen a huge increase in the load average on our mail servers, but we have also seen a great boost to performance. We are still seeing tons of postmaster bounces from Joe Jobs, but we aren't being slugged out by them anymore. If your mail server seems to be under performing, try this, it really does help.
  • Seriously, with all the guards I have in place, I haven't really noticed anything. I got three spams for all of last week ( and this address is on mailing lists. You can google it for christ's sake ).

    So yeah, haven't noticed it. Sorry.

    ( and yes, smartasses, if it makes you happy, sign me up for whatever spam you want to; it still won't bother me. :D )
  • by Xaremos ( 972594 ) on Wednesday November 01, 2006 @11:02AM (#16672835)
    This is my own experience. I once got a library card, and gave my email address. Within a month I started receiving a huge amount of spam using my name, physical address, and/or email. I moved (for other reasons ^_^), and got a new library card. I set up an email address specifically for using as my library email. Same thing happened. In a few years I moved again, new card, new spam. I got a ticket. I gave my email address to the municipal court. Within a month, more spam. I worked for the state for a while. I set up an account specifically for that and had no mail until I had given the state the email address, and then I started getting spam. So, my thinking is, it is the government or at least my state government that has issues with security.
  • I have incoming port 25 firewall blocks set up for all the Chinese and Korean netblocks I could find, plus specific blocks for hosted spammers. A few weeks ago, right after entering some Russian hosting blocks to filter out a bunch of spam that my mom was getting, suddenly my own spam levels shot right through the roof. And they were from all over the place, quite obviously botnet spam. My increase was so dramatic specifically because I had blocks for my "usual" sources.

    Thank you Microsoft, for focusing

  • I think mailclients should accept mail by whitelist only. SMTP should then be extended to include a whitelist-request, which can, count 'em, contain 1 line of text of 100 characters or something; much like a subject line, so you can still subscribe to web-based mailing lists and the like. The response to a whitelist-request should also be automated by your mailclient (popup with: 'You have a whitelist request, XXX. What would you like to do ?'). MTAs can be aware of the preferences of their clients by i
  • If I could run all of the tests I want to I could iliminate a ton of the spam coming in. Unfortunately a lot of the domains my users need to receive email from don't follow basic RFCs much less recommended best practices. As a result many tests which seem great on the surface block far too much legitimate mail.

    Heck even Yahoo can't be bothered to add an SPF record to their DNS. (Ok, it's not an RFC but it's a good idea just the same.)

    How do you feel about emails that become the casualty of the domain own
  • by klossner ( 733867 ) on Wednesday November 01, 2006 @12:03PM (#16673773)
    At about the time that [] lost their credit card charging rights, I started to receive this spam at an address I set up just for their service announcements. Nobody else has it, so it's clear that allofmp3 monetized their email address list.
  • whether its spam (SMTP) or port scanning from zombie machines the ISP must be able to spot the rogue activity and stop it.
    Port scanning other machines in the ISPs subnet is not normal and likey prohibited by TOS, sending thousands (even hundereds) or emails is not normal and likey prohibited by TOS.
    Why do they do nothing ??
    When I say normal I do not mean it would never happen in a real situation just unlikely).

%DCL-MEM-BAD, bad memory VMS-F-PDGERS, pudding between the ears