Gadgetopia

Spam gets 1 response per 12,500,000 emails: A team of reseachers became spammers to measure response rates (is there an ethical issue there?).

Using ‘proxy bots’ the team of researchers managed to control 75,869 hijacked machines to conduct their own fake spam campaigns.

The researchers used two of the most popular ploys currently used by spammers – firstly offering a fake pharmacy site and, secondly, offering a herbal Viagra-style remedy to boost libido.

“After 26 days, and almost 350 million email messages, only 28 sales resulted,” says the research paper.

The above image displays the SpamStopsHere statistics for one of my clients. This is about four-and-a-half days of email, which is about 300,000 emails a day for a company of 15 people. Note the 99.96% filter rate.

They’ve been on SpamStopsHere ever since Matt Smith turned me on to that service three years ago. I signed them up, and spam instantly stopped. For the last three years, their inboxes have been essentially spam-free.

Alas, SpamStopsHere has notified us that this client is using an entire server on their network to filter email. Since the client doesn’t want to pay for a dedicated server, he’s considering the nuclear option and just changing his domain name.

How does it get this bad? They’ve had the same email addresses for 10 years, and had them in unencrypted mailto links on their Web site for five years before they hired us.

Craigslist phone verification system: Craigslist has implemented perhaps the absolute killer app in terms of anti-spam solutions:

[…] Craigs*list has implemented a phone verification system in certain categories to reduce SPAM content. When you attempt to make a post, it asks for you to verify yourself by typing in a viable phone number. It automatically calls it and repeats a verification code which you must then enter for your post to go live. If your post gets flagged, the phone number you verified with will be blacklisted.

So while email address are cheap and disposable, phone numbers are not, and every spam post is bound to blacklist a phone number.

The link goes to a forum newsgroup thread where a bunch of spammers talk about it and conclude that they’re more-or-less screwed. There’s a lot of talk about getting cheap VOIP numbers, but the closest workable idea they found was to go to public places and use pay phones.

This presumably has the added benefit of binding a set of spam postings to the same phone number. So, if one of them gets flagged as spam, you could find everything else verified from that number and pull them down at the same time.

Via Reddit

I found this comment on one of my client’s blogs today.

hello , my name is Richard and I know you get a lot of spammy comments , I can help you with this problem . I know a lot of spammers and I will ask them not to post on your site. It will reduce the volume of spam by 30-50% .In return Id like to ask you to put a link to my site on the index page of your site.

Did you hear that? He’ll tell the spammers to stop. What a gift.

Seven Habits of Highly Effective Spambot Hunters: Josh Clark is doing some crazy fun stuff to counter comment spammers on Big Medium. I love it.

Big Medium counters this by covering its tracks, never using the same field names twice. Every time you visit the page, all of the field names change. The field names are MD5 hashes of the page’s slug name, its database creation date and a server secret. A semi-obfuscated timestamp is mashed with this field name, creating a 50-digit field name that changes every second.

If the correct combination of field names are not received, the form submission is discarded.

EU Rejects Spam Maker’s Trademark Bid: This phenomenon is interesting. The company that makes Spam has essentially lost their name — it was stolen by the rest of the world and there’s nothing they can do about it. Even if they claim a legal victory, it’s not going to help them. They’re never getting the word back in any meaningful sense.

The producer of the canned pork product Spam has lost a bid to claim the word as a trademark for unsolicited e-mails. EU trademark officials rejected Hormel Foods Corp.’s appeal, dealing the company another setback in its struggle to prevent software companies from using the word “spam” in their products, a practice it argued was diluting its brand name.

Subliminal advertising in spam?: I followed this link, and I think I bought 100 shares.

The spam contains an animated GIF with four frames. One of the frames (which contains the actual spam message) remains visible for 17 seconds. The other three frames are displayed for 10ms or 40ms, and each of those contains a little random noise and the word BUY in random positions.

Reader feedback on bizarre no-link spam: A while back, Mark over at Boing Boing posted about some odd spam comments he’d seen that had no URL. If there’s no URL, why post the spam? In the last week, several readers have approached him with theories. Some of them are interesting.

I’ve found that many times innocuous-looking comments with no url are used to sneak past sophisticated blog-spamfilters […]. Many of these filters give a ‘karmic boost’ to commenters who already have one approved comment. By not posting any links at all, they have a better chance of getting their foot in the door […]

[…] If the spammer […] can attribute these numbers to a particular blog or email address, they can see which sites are ‘hot ones’.

I’ve long suspected that spam is (or could be) used by spies or (more likely) terrorist cells. There is so much NOISE in email, it’s the perfect place to hide SIGNAL.

Thanks to Akismet we’re almost spam-free these days.

So, a few of us here at work got a spam today with this as part of the body:

Your credit doesn’t matter to us

We believe this should have been caught by our spam filter. However, if you copy the text and paste it into notepad, it come out like this:

Your cr y ed y it doesn’t matter to us

How the heck are they doing that? How am I or any other software supposed to stop that? We are using Mailsweeper and it isn’t doing a very good job. What is everybody here using for their corporate spam filter solution? And yes, we are running Exchange.

Once again, Matt Smith has come and rescued me from spammers. A couple of weeks ago, I was at my wit’s end. Some commentors recommended Akismet, but I thought it was WordPress-only. Then Matt emailed me to tell me there was a Movable Type port. Given Matt’s track record of helping me banish spam, I decided to try it.

It’s not perfect, but it’s very, very, very good. Spams that get through to the site have dropped 97%. I’ll get maybe one per day now.

I don’t even know how Akismet works. I think it’s a Web service of some kind, but — to be honest — I don’t much care. I just dropped the directory into my plugins, applied for and received a wordpress.com key, and spam went bye-bye.

They ask that if you make over $500 a month from your blog (we do), then you should pay $5 a month for the API key. Worth every penny.

So, thanks Matt. And thanks to the other Matt that created Akismet in the first place. Thanks to them, the Gadgetopia comments feed isn’t such a bad place to hang out anymore.

Well, comment spam has finally done me in.

A big new wave launched about a week ago, and we’re getting spammed about once every 2 minutes, 24 hours a day. I have to manually delete over 100 comment spams a day in three or four “shifts” at the MT interface.

For every one that gets on the site, nine or ten are caught, but the bastards still manage to get dozens on the site throughout the day, where they sit for hours. The fact that these idiots are getting some value, however small, is just pissing me off.

I’m going to install HMPassphrase over the weekend. This is the Movable Type version of WP Gatekeeper, which I posted about last year after encountering it on Joseph Scott’s site. It asks you a simple question, to which you must provide the correct answer before it will accept your comment (“What color is the sky?”, “What color is an orange?”, “What shape is a wheel?”, etc.)

I hate to do this, but I’m just sick of it.

If it’s not obvious by now, I’ve tightened up the spam filtering. We’re getting hammered by comment spam this last week or so — some big new round of scripts is going off.

I’m sorry if your comment is delayed, but it’s either that or TypeKey, which I don’t really want to do either. This sucks. I have to find a solution of some kind — I’m open to suggestions.

AOL to charge fee as way to cut spam: Marketers can now pay America Online to ensure their messages are delivered and not flagged as spam. How is this not bribery?

The certified e-mail system would require advertisers to pay $2 to $3 per 1,000 messages. The plan is optional, though AOL and its tech partner, Goodmail Systems, cannot guarantee that all non-certified e-mail with Web links and images will be delivered.

Nothing has changed except:

1. AOL is making money hand over fist.
2. Marketers have a nice, handy way around spam filters at AOL.

This will do nothing to dissaude hardcore spammers. Zero. Nada. Zilch. They’re no worse off than they were before, so why should they change? The economics of spam are the same for them. This just means there’s a new class of spammer: those that have paid AOL for the right to bypass the filters.

This is crap.

Get this for a new spam angle —

I had shared my Yahoo Calendar with my wife, so she could add events. Somehow I must have hosed it up, because some idiot has managed to add events to my calendar so that I’m amply remind that I need to join his Party Poker site every single day.

These aren’t on my calendar — I have the bonehead’s username and I’ve turned it into Yahoo. But I checked my settings again, and I only allowed “Trusted Friends” to view and add events to my calendar.

No idea how it happened, but it just proves that spammers are bleeping weasels.

I found this subject line in my spam trap this morning:

Get your site seen by 100K+ now-%RND_SUBJ

Apparently he screwed up the “random subject” parameter in his spam generator.