tag:blogger.com,1999:blog-211275282024-03-13T19:34:04.991-07:00The Spam DiariesNews and musings about the fight against spam.<br> by Edward FalkSpam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.comBlogger514125tag:blogger.com,1999:blog-21127528.post-74682848641385419032020-12-23T09:17:00.000-08:002020-12-23T09:17:01.172-08:00Name and Shame: Bitly sells me out.<p> I just got a couple of those "please open this invoice" spams. It was sent to a tagged email address I'd only ever given to Bitly (a URL shortening service).</p><p>So either Bitly sold my contact info to scammers, or their security is substandard.</p>Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com1tag:blogger.com,1999:blog-21127528.post-74012506040403582802018-09-15T12:48:00.004-07:002018-09-15T12:48:41.359-07:00Name and Shame: avcanada.ca sells me outI'm getting spam (we have embarrassing video of you) to a tagged address I gave to avcanada.ca.<br />
<br />
So either Avcanada sold my email address to spammers, or their security is substandard.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-76625156369513649212018-09-15T12:31:00.001-07:002018-09-15T12:31:23.327-07:00Name and Shame: Myspace leaks my login info and passwordI just got one of those "we have a video of you masturbating so send us money" spams. This one was a little different in that it included my myspace account name <i>and</i> my password in the clear.<br />
<br />
So either Myspace sold my contact info to scammers, or their security is substandard. The very fact that they stored my password in the clear is troublesome.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-64231243629446406532014-12-23T11:10:00.002-08:002014-12-23T11:10:39.997-08:00Name and Shame: Tribe.net sells me outI'm getting spam (Russian women want to date you) to a tagged address I gave to tribe.net.<br />
<br />
So either Tribe sold my email address to spammers, or their security is substandard.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-56143683444836745392014-07-23T12:08:00.000-07:002014-07-23T12:08:13.677-07:00Name and shame - Android Developer's Conference sells me outA couple years ago, I attended the Android Developer's Conference (Andevcon). Ever since then, my inbox has been flooded with email sent to the tagged address I gave them. Most of that email was in some way related to Android development, so I let it slide.<br />
<br />
But this morning, I got spam advertising quickie loans to that tagged address, so we know that Andevcon shared my email with spammers.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-91661466165728161242014-05-14T09:54:00.001-07:002014-05-14T09:54:12.584-07:00Name and shame: The San Jose Mercury News sells me outJust one for the official record: an email address I only used for the San Jose Mercury news has been sold to the "El Paso Times Online" who seem to be an actual newspaper. The address was used to send me spam about a health seminar.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com2tag:blogger.com,1999:blog-21127528.post-25273169239825739112013-12-17T17:21:00.001-08:002013-12-17T17:21:07.743-08:00"FedEx" tracking spamJust a quick heads-up. With the holidays around, there's been a flood of fake FedEx spam.<br />
<br />
You get an email saying that the package was delivered, and that you should click on the attachment.<br />
<br />
Obviously, it's a virus. If you're reading this, you're probably savvy enough to know better than to click on this attachment, but make sure your not-so-savvy friends and relatives aren't clicking on it either.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-33740544656502890482013-11-26T11:28:00.000-08:002013-11-26T15:30:04.927-08:00Grrr; Senderbase lists my serverFile this one under <a href="http://thespamdiaries.blogspot.com/2006/03/hidden-costs-of-spam.html">hidden costs of spam</a>.<br />
<br />
I run a small server out of the back room in my house. It's just a place for me to keep my own files where I can access them. Very low bandwidth.<br />
<br />
I'm on a dynamic IP address, and use dyndns to access it. That's all fine.<br />
<br />
Now, my service provider has me listed in the SpamHaus <a href="http://www.spamhaus.org/pbl/">PBL</a>. For those unfamiliar with it, the PBL is the "Policy Black List". It's a list of IP addresses which the owners have informed Spamhaus, out of courtesy, should never be sending unauthenticated email. It is <i>not</i> a list of IP addresses that have actually done anything wrong.<br />
<br />
That's well and good, and it reflects well on my service provider that my address is listed. Dynamic IP addresses <i>shouldn't</i> be sending email. And I don't.<br />
<br />
But the friendly folks at Senderbase have decided that a PBL listing means I must be hosting malware. And so now I find there are networks from which I can't access my own files.<br />
<br />
So now it's off to see if I can't convince them to adjust their filters.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-16536901449974096652013-08-15T08:39:00.000-07:002014-07-23T12:06:01.646-07:00Wayne Mansfield back in the news, fined $95,000<div class="separator" style="clear: both; text-align: center;">
<a href="http://photos1.blogger.com/blogger/5356/2134/320/gavel_001.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://photos1.blogger.com/blogger/5356/2134/320/gavel_001.jpg" /></a></div>
New Zealand <i>Business Day</i> reports that longtime spammer <a href="http://www.rahul.net/falk/quickrefh.html#wayne_mansfield">Wayne Mansfield</a> has — again — been fined for spamming.<br />
<br />
The article, <a href="http://www.stuff.co.nz/business/industries/9041805/Spam-leads-to-95-000-fine">Spam leads to $95,000 fine</a>, reports that Mansfield had been spamming advertisements for his sales coaching seminars using a purchased email list containing around 67,000 addresses. Typical spam runs were to 10,000 addresses at a time. "Unsubscribe" requests were being ignored.<br />
<br />
Although Mansfield is an Australia resident, the New Zealand court ruled that he was still subject to fines in New Zealand.<br />
<br />
The article notes that he was banned from running a business for four years in Australia, although that ban has now expired.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-13312558995621248862013-03-11T13:11:00.000-07:002014-07-23T12:04:58.128-07:00Name and Shame -- Dropbox leaks my emailBased on a tip from <a href="http://jl.ly/2013/03/01#leak3">John Levine's blog</a>, I went back and looked at my own spam filter. Turns out that I've received two spams in the last month to the tagged address I gave to Dropbox when I opened my account there.<br />
<br />
Did they sell their mailing lists, or were they stolen? I don't really care; they had a duty to keep that information away from spammers and they failed. Frankly, I would have hoped for better security from a company to whom people trust their personal data.<br />
<br />
Well, the primary lesson here is that you can't trust the cloud. If you're putting personal stuff up on Dropbox or any other cloud service, make sure you encrypt it at your end first.<br />
<br />
News: <a href="http://www.zdnet.com/dropbox-users-report-spam-emails-after-last-years-data-breach-7000012019/">Dropbox users report spam emails after last year's data breach</a>. (ZDNet)<br />
<br />
Relevant articles: <a href="http://www.pcworld.com/article/2010296/how-to-encrypt-your-cloud-storage-for-free.html">How to encrypt your cloud storage for free</a> (PCWorld), <a href="http://lifehacker.com/5794486/how-to-add-a-second-layer-of-encryption-to-dropbox">How To Add a Second Layer of Encryption to Dropbox</a> (LifeHacker). Executive summary: Use <a href="http://www.truecrypt.org/">TrueCrypt</a> (or any other crypto software) to manually encrypt your files before uploading them, or <a href="https://www.boxcryptor.com/">BoxCryptor</a> (Windows, Mac, iOS, Android) as a front end to DropBox, Google Drive, or any other cloud provider.<br />
<br />
Edited to add: see also Spideroak, which does encryption at your end: <a href="https://spideroak.com/">https://spideroak.com/</a>Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com1tag:blogger.com,1999:blog-21127528.post-58203925285681175412013-01-29T14:23:00.002-08:002013-01-29T14:23:18.068-08:00Name and Shame -- Dyndns leaks my emailToday, I got hit by a phishing email from a Russian spammer. The email was sent to a tagged email address I had only given to dyndns.org.<br />
<br />
Did they sell their mailing lists, or were they stolen? I don't really care; they had a duty to keep that information away from spammers and they failed.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com6tag:blogger.com,1999:blog-21127528.post-72551760275728416872012-10-17T08:01:00.001-07:002012-10-17T08:01:11.746-07:00Name and shame: Waiter.com sells me outThis is happening more and more often. This time, I received a phishing spam to an email address I had only ever given to waiter.com.<br />
<br />
The most likely explanation is that Waiter.com or their email provider failed to properly secure my email address and it was stolen by spammers, but either way, shame on Waiter.com for not protecting it better.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-47236155643082396522012-10-14T08:59:00.001-07:002012-10-14T08:59:28.697-07:00Name and shame: deabath.com sells me out to NikonJust received spam from Nikon camera to an email address I had previously given to deabath.com.<br />
<br />
Either DEA Bathroom sold my email address to Nikon, or they failed to secure it properly and it got stolen.<br />
<br />
Either way, shame on DEA Bathrooms for not keeping my email safe, and shame on Nikon for spamming.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-45604474284505417972012-10-04T07:41:00.000-07:002012-10-04T07:41:22.806-07:00Name and Shame: Sporty's Sells Me OutGot some spam today to the tagged email address I had used only with Sporty's Pilot Shop.<br />
<br />
Yet another internet vendor who either thinks my personal information is a commodity to be bought and sold, or who didn't think their contact database needed protecting.<br />
<br />
Probably the latter, but doesn't anybody care about security any more?<br />
<br />
Here's the text of the spam (one sample) with the formatting removed.<br />
<br />
<blockquote class="tr_bq">
Fax Message [Caller-ID: 400-610-8390]<br /> You have received a 62 pages fax at Thu, 04 Oct 2012 12:12:49 +0530.<br />* The reference number for this fax is <a href="http://zumrutevlersaglik.com/64trxq/index.html">min1_20121004121249.56555</a>.<br />View this fax using your PDF reader.<br /><a href="http://www.aerotech-groundschool.com/wtJ8QJ/index.html">Click here to view this message</a>Please visit <a href="http://zumrutevlersaglik.com/64trxq/index.html">www.eFax.com/en/efax/twa/page/help</a> if you have any questions regarding this message or your service.<br />Thank you for using the eFax service!</blockquote>
<div id="ecxcontent" style="padding: 0px 6px;">
<br /></div>
<div id="ecxcontent" style="padding: 0px 6px;">
Don't click the links, of course. The payloads are dead links now, but presumably led to phishing sites.</div>
Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-25282721817444118222012-08-26T10:16:00.001-07:002012-08-26T10:16:26.498-07:00Thank you scammer, for my morning chuckleGot a pretty typical phish this morning; the usual "please help me launder my money out of Nigeria" scam.<br />
But the "From" line was unsually good: From: "<a href="http://en.wikipedia.org/wiki/James_%22Sawyer%22_Ford">James Ford</a>"<...@aol.com>Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-17488609646394740952012-04-27T08:25:00.002-07:002012-04-27T08:52:01.287-07:00Spam riding the tailcoats of ham<i>Ham</i> is the term used to describe unwanted email that clogs up your inbox like spam, but isn't strictly-speaking spam. It typically takes the form of mailing list traffic that you signed up for but can't figure out how to unsubscribe from, or advertising from a company you once did business with online.<br />
<br />
For years now, I've been subjected to the occasional bit of ham from LinkedIn reminding me of this or that invite I haven't yet replied to, or a message I haven't read yet.<br />
<br />
Lately, I've noticed a fair amount of actual spam coming in designed to look like LinkedIn ham. The layout, artwork, and subject line are similar to the "You have a pending message from X" messages I frequently get from LinkedIn, but the link takes you to a phishing site.<br />
<br />
The key signs that it's a fraud are the From: line which is typically gibberish, and the Subject: line which is just a little bit off, but these will likely be fixed as the phishers refine their fraud. Ultimately, the best defense is the practice you should be using on all emails: always hover over a link before clicking it, and make sure it goes where you think it does.<br />
<br />
Be careful out there, you hear?Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-68776791637969297812012-04-10T09:59:00.000-07:002012-04-10T09:59:15.394-07:00Twitter fights spammers in courtAccording to <i>Tech News World</i>, twitter <a href="http://www.technewsworld.com/story/74816.html">Twitter is suing a number of spammers and spam-support providers.</a><br />
<br />
In particular, Twitter is going after five tool providers who make apps such as TweetBuddy and TweetAdder which are used to insert advertisements into trending Twitter topics.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-19530480632186637272011-12-01T18:24:00.000-08:002011-12-01T18:41:38.709-08:00Michelle Bachmann campaign -- spammers<p>An article from the Iowa Republican: <a href="http://theiowarepublican.com/2011/bachmann-campaign-in-hot-water-over-stolen-homeschooler-email-list/">Bachmann Campaign In Hot Water Over Misuse of Homeschooler Email List</a></p>
<p>In a nutshell, the Bachman campaign downloaded the email contact list of the Network of Iowa Christian Home Educators (NICHE) without NICHE's knowledge or permission and used to to send political spam to its members.</p>
<p>Interestingly, campaign laws may now require NICHE to make its mailing list available to any other political candidate that wants to use it.</p>Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-13325815181274669842011-10-21T19:42:00.000-07:002011-10-21T19:44:04.543-07:00Shout out to "MainSleaze" anti-spam web siteJust a quick pointer to a new blog run by Catherine Jefferson: <a href="http://mainsleaze.spambouncer.org/">MainSleeze</a><br /><br />The title pretty much says it all, it's a blog devoted to naming and shaming mainstream companies that use Spam in their advertising.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-38804497340568053772011-07-10T13:45:00.000-07:002011-07-10T13:48:21.184-07:00Name and shame: CDR Outlet sells me outA tagged address I gave only to CDR Outlet has just received spam, ostensibly for some McDonald's coupons, but probably really a virus.<br /><br />Now, whether CDR Outlet deliberately sold my email address, or a rogue employee sold a copy of the email list, or a rogue email service provider sold it, it's impossible to tell, but whichever it was, shame on CDR Outlet for not protecting my email better.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-73805252594995329312011-06-09T19:59:00.000-07:002011-06-09T20:02:04.343-07:00Quick news from the E360 case(via usenet)<br /><br />The audio transcript of the damages hearing in the E360 case is available as an mp3 file: http://www.ca7.uscourts.gov/tmp/8K0VUL4K.mp3<br /><br />The money quote at 19:20 into the recording:<br /><br /><blockquote>I have never seen such an incompetent presentation of a damages case, it's not only incompetent, it's grotesque. You've got damages jumping around from 11 million to 130 million to 122 million to 33 million. In fact the damages are probably zero</blockquote>Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-56477878725970844862011-05-19T22:31:00.000-07:002011-05-19T22:53:39.678-07:00A true Final Ultimate Solution to the Spam Problem?A common acronym in spam-fighting is <a href="http://www.rhyolite.com/anti-spam/you-might-be.html">FUSSP</a> — Final Ultimate Solution to the Spam Problem. It's used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.<br /><br />This time — be still, my beating heart — it looks like some researchers at the University of California might really be on to something.<br /><br />According to the <a href="http://www.nytimes.com/2011/05/20/technology/20spam.html?_r=1">New York Times</a>, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.<br /><br />The UC paper is available <a href="http://cseweb.ucsd.edu/%7Esavage/papers/Oakland11.pdf">here</a> (pdf).<br /><br />I've said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.<br /><br />Of course, I don't have any illusions that this is the <span style="font-style: italic;">final</span> solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you <span style="font-style: italic;">can</span> fight spam, if you're just willing to do it.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com1tag:blogger.com,1999:blog-21127528.post-52950436959129880872010-05-07T11:59:00.000-07:002010-05-07T12:02:14.033-07:00Shame on Waiter.com for giving my email address to spammersAnd as a follow-up to my previous post, the "Thank you for buying iTunes Gift Certificate!" virus spam I received yesterday was sent to a tagged address I created for use with waiter.com.<br /><br />So shame on waiter.com for either selling my email address to spammers, or at the very least, for having sloppy security.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com3tag:blogger.com,1999:blog-21127528.post-43988332054768589812010-05-07T11:51:00.001-07:002010-05-07T11:59:19.206-07:00Just to be clear, no you didn't buy an iTunes gift certificate and forgetI've gotten a couple of these in the last couple days. "Thank you for buying iTunes Gift Certificate!" followed by the usual yada-yada telling you to open the enclosed zip file.<br /><br />The only thing in the zip file is a .exe file, and I don't think I need to warn you about running .exe files from strangers.<br /><br />y'all be careful out there.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0tag:blogger.com,1999:blog-21127528.post-55498481389692694102010-03-18T22:36:00.000-07:002010-03-18T23:04:51.153-07:00Big win for California spam lawBig news from California:<br /><h3>Court Holds Recipients of Unlawful “Spam” Are Entitled to $1,000 Per Email</h3><br />Last week, Superior Court judge Marie Weiner ruled that Dan Balsam was entitled to $7000 damages plus attorneys' fees and costs from Trancos Inc., of Redwood City.<br /><br />This is huge news for two reasons: First, it's the first time an anti-spam case has been won by an individual instead of a major ISP.<br /><br />But more importantly, the judge has ruled that the CAN-SPAM act does <span style="font-weight: bold;">not</span> pre-empt the California anti-spam law, California Business & Professions Code § 17529.5.<br /><br />The judge ruled that the use of generic words in the From: line such as "Paid Survey" and "Your Business" were deceptive, along with their use of multiple domain names, the use of unregistered fictitious business names, and a box at the UPS store were intentionally misleading.<br /><br />Full details at <a href="http://www.danhatesspam.com/trancos.html">http://www.DanHatesSpam.com/trancos.html</a> (pdf).<br /><br />More coverage can be found at the San Francisco Chronicle: <a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/03/17/BANA1CGPFF.DTL">SF lawyer awarded $7,000 from email spammer</a>, and SlashDot: <a href="http://yro.slashdot.org/story/10/03/18/2237230/1st-Trial-Under-California-Spam-Law-Slams-Spammer"> 1st Trial Under California Spam Law Slams Spammer</a>.Spam Diarieshttp://www.blogger.com/profile/05175708997156235199noreply@blogger.com0