PDF ruse attempts to smuggle junk past spam filters The fraudsters behind pump-and-dump stock spams are trying a new technique in a bid to fool spam filters. via Channel Register
Read More… (From Email Spam News)

The latest version of SPAMfighter offers SPAMfighter user’s better spam detection against the latest forms of spam mails plaguing e-mail users today. via PR-inside.com
Read More… (From Email Spam News)

We saw in part 2 of this series that when a receiving email server gets the message, it inserts a Received: header into the mail headers of the message. Let’s go back to our previous example and see what happens if the message is routed through a couple of more servers. Suppose that on its way from mailhost.tzink-is-awesome.com, mail sent from tzink.net had to go through a couple of forwarding relays. From me@tzink.net
Received: from mailhost.tzink-is-awesome.com (mailhost.tzink-is-awesome.com [292.13.130.22]) by mail.tzink.net (8.8.5) for me@tzink-is-awesome.com with EMSTP id 123456789-0AH for <me@tzink.net>
Received: from tdk4127.com (example_mailers_competitors.com [284.33.167.99]) by an_email_program (1.0) with SMTP id 71718149989; Thu, June 21, 2007 23:06 -0800
Received: from example_mailers.com (example_mailers.com [267.99.33.167]) by another_email_program (7.3) with SMTP id 9899481717; Thu, June 21, 2007 23:01 -0800
From: my.alias@tzink.net
To: another.email@tzink-is-awesome.com
Date: Fri, Jun 18, 2007 20:20:20 PST
Message-ID: <elmsley-flushtration-484@mail.tzink.net>
Subject: How’s it going? I’ve highlighted the received headers in different colors. In general, you read received headers from bottom to top, with the most recent one getting stamped at the top and being the most reliable one. In the above example, the message started from the IP 267.99.33.167 at a mail host called example_mailers.com. It got routed through their competitors example_mailers_competitors.com (IP = 284.33.167.99), went through mailhost.tzink-is-awesome.com before finally arriving at its end destination at mail.tzink.net. It’s a complicated process but from the above, we can see that the message originated at 267.99.33.167, the first IP address. In real life, it doesn’t quite work that way. Spammers will often insert fake routine information into the headers. Here is a real life example of a spam message that I just received in my own email account (with some of the identifying information removed): Received: from 200-122-3-37.dsl.prima.net.ar (200-122-3-37.dsl.prima.net.ar [200.122.3.37]) by mail25-blu.bigfish.com (Postfix) with ESMTP id 78128787654; Thu, 21 Jun 2007 22:46:40 +0000 (UTC)
Received: from 208.109.233.77 (HELO positivenews.net) by frontbridge.com with esmtp (1/9B/+4-) LD*H)
id (<C/(,-Q>,0(B-E< for me@example.net; Thu, 21 Jun 2007 22:46:50 +0300 From the above, we can see that the message originated at 208.109.233.77 from a machine calling itself positivenews.net, passed itself to a machine in a DSL pool in Argentina before finally arriving at my inbox. Or did it? Look at the blue received header, it looks suspicious. That first received header is wrong. For one thing, it says Received: from <IP address> rather than Received: from mail host. Then, typically we would expect to see IP address in parentheses rather than only the name of the host. Of course, some mail servers are configured differently and this could be a configuration issue, but it is suspicious. Generally, as a spam analyst I would use this information alone to call it a forgery. Moving onwards, look at the SMTP id. A bunch of characters including forward slashes, + and - signs and the asterisk. That, too, is suspicious and more than enough to confirm this received header as a forgery and is not authentic. Thus, we look at the line above and see that this mail originated from 200.122.3.37. Spammers can insert more than one extra received header. Sometimes they are easy to spot, sometimes they are not. The times when they don’t look like regular received headers gives them away; they will have syntax errors and extra X-headers that don’t make any sense. Other times, spammers will be quite subtle in that they will mimic actual received headers. That makes things harder to pick out. The last (ie, first in the header list) received header is correct because it contains the latest hop that the message went through and your machine stamped it. It doesn’t mean that the mail originated at that IP but at least you have some information about where the mail recently came from.
Read More… (From Terry Zink’s Anti-spam Blog)

Blogging, email, IM, and telephone make it easy to keep in touch with your real friends. via SEO Book.com
Read More… (From Email Spam News)

“People who need people are the luckiest people in the world”

Robert Savage is a software inventor with all his heart, producing many awe-inspiring and highly original results. via Google Blogoscoped
Read More… (From Email Spam News)

“Image spam is increasingly used by spammers to lure recipients into viewing pornography, buying penny stocks, or participating in get-rich-quick schemes”

The latest pump-and-dump spam outbreak, which represented 9 percent of all e-mail traffic when it hit, making it one of the 10 largest outbreaks of 2007, was distributed by over 75,000 zombie PCs. via NewsFactor Network
Read More… (From Email Spam News)

Interesting article in the Palo Alto Daily News today. In short, anti-spam activists Joe Wagner and David Cannon — both PhD students at Stanford — sued a number of major spammers in small claims court in Palo Alto, California.

Among those sued were Valueclick (Scott Richter), Opt In Real Big, Livemercial, SubscriberBASE, Offerweb, and Azoogle. The spammers’ defenses were the usual — “We weren’t served properly”; “The evidence was faked”; “It wasn’t us, it was our affiliates”.

The article is worth reading in its entirely.

The judge said he would rule by the end of the month. I’ll report on the results as soon as I know them myself.
Read More… (From The Spam Diaries)

This week’s column for The Wall Street Journal (subscription only) is about PersonalBrain, a topic I find hard to write about: Here’s a heads-up on some organizing software that may take some getting used to. Frankly, it’s taken me nearly…
Read More… (From loose wire blog)