MX Lab has intercepted the first Excel based stock spam messages! These messages appeared today in the afternoon local Belgian time. via Mxlab.be
Read More… (From Email Spam News)

Ex Spamfrica, semper aliquid novi. PDF spam is only a few weeks old, and the stock spammers are already trying something new. Check your mailbox for the first wave of stock spam sent as Excel spreadsheets (.xls).
Read More… (From Spamnation)

The spam on my Debian mail system is getting intolerable; 30+ stock pumping spams are getting through the gauntlet every day now. via Nelson’s Weblog
Read More… (From Email Spam News)

I know I’ve written a lot about PersonalBrain of late, and I apologize for that if it doesn’t interest you. But partly in response to comments on an earlier post, and partly just because I think it might help, I…
Read More… (From loose wire blog)

July 19th, 2007 by Alan Rabinowitz This is the third and final installment of the link building tutorial. via Search Engine Journal
Read More… (From Email Spam News)

Posted by Charles W. Moore on 07/18 at 12:13 AM Press Release Edited By Applelinks Contributing Editor Charles W. Moore SmileOnMyMac has released PageSender 4.0.3, an update to its top-rated fax software for … via Applelinks
Read More… (From Email Spam News)

In my last post, we were introduced to the new SPF record syntax that is specifically designed for SenderID. The question now is how does SenderID treat SPF records that were originally designed to be used with SPF? SenderID allows the spam filter to check SPF records on the envelope sender or the PRA, but SPF records are only designed to be used on the envelope sender. If a system using SenderID encounters an SPF record, the behaviour is dependent on the implementation of SenderID. Section 3.4 of RFC 4406 says the following:

In order to provide compatibility for these domains, Sender ID implementations SHOULD interpret the version prefix “v=spf1″ as equivalent to “spf2.0/mfrom,pra“, provided no record starting with “spf2.0″ exists.

In other words, if you have a Sender ID implementation that checks the envelope sender (ie, just like SPF), this will function exactly like regular SPF. If you have a Sender ID implementation that checks the PRA, use the SPF record to check the PRA. Thus, the recommended behaviour of your SenderID implementation is that existing SPF records should protect either the MAIL FROM or PRA. The RFC goes on to say the following:

Administrators who have already published “v=spf1″ records SHOULD review these records to determine whether they are also valid for use with PRA checks. If the information in a “v=spf1″ record is not correct for a PRA check, administrators SHOULD publish either an “spf2.0/pra” record with correct information or an “spf2.0/pra ?all” record indicating that the result of a PRA check is explicitly inconclusive.

The reason this warning is given is because it’s possible that the behaviour of the envelope sender could be different than PRA. Because SPF was designed to be used to protect the MAIL FROM, it is not necessarily true that the PRA will behave the same way. As the warning above says, to prevent any confusion, domain administrators should explicitly publish SenderID records that do not explicitly say one way or the other whether or not the PRA is protected (ie, return Neutral). The folks at OpenSPF are much more blunt. Before I go on, I just have to say that there is a definite touch of arrogance in their commentary on SenderID, but I digress…

If you have published an v=spf1 policy to protect the use of your domain in the MAIL FROM and HELO addresses, Sender ID implementations that apply your policy to PRA (per RFC 4406) will reject your mail if you use your domain in the “From” (or generally PRA) header field while sending from (MAIL FROM) another system. Informal surveys have shown that in roughly 80% of e-mail surveyed, MAIL FROM and PRA are the same. However about 20% may be wrongly rejected or flagged by Sender ID implementations.

You might be wondering why anyone would would use different a MAIL FROM from their PRA (ie, different domain in the envelope sender from the From: address). The answer is that it happens all the time. The most common occurence of this are newsletters. An emailer, such as bigfootinteractive.com, might be contracted to send out emails for a Home Depot newsletter. The envelope sender might be newsletters @ bigfootinteractive.com but the From: address, the one that appears in your email client that Home Depot wants to show up to their subscribers, says info @ homedepot.com. The SPF check will pass because the IP sending the email is authorized to send mail for constantcontact.com, but if the PRA turns out to be homedepot.com (and 80% of the time, it is the domain in the From: address), then this will return a Hard Fail. If the SenderID implementation checks the PRA, it will reject the mail (or at the very least increase the spam score). This type of situation is not at all unusual. Bulk emailers have historically been very slow to adopt good email practices, and this example is common in real life. SenderID also has some issues with email forwarders, such as mail forwarded through a university alumni account. In my next post, I will discuss a little bit more about some of the mitigations that are possible to deal with some of the above issues.
Read More… (From Terry Zink’s Anti-spam Blog)

Last November, Christopher William Smith, known as “Rizler” was convicted of running an illegal online drug operation.

Today, SpamSuite placed the legal documents on-line for all to read. Highlights include Smith’s request for a new trial, the detention order placing him in solitary with limited visitation rights, the sentencing document that lists Smith’s long career as a scammer.

Long before Christopher Smith established his illegal online pharmacy, he was already an experienced Internet scam artist. Beginning at least in the 1990s, when he was in his teens, and continuing well into his 20s, Smith sold a wide variety of dubious if not outright fraudulent products through large-scale unsolicited email (spam) campaigns. The products Smith spammed included human growth hormones, penis enlargement pills, phermone concentrate, and an online gambling casino (in which winners were not paid their winnings). Smith also set up a fake escrow service to receive proceeds from the purported sales of Dell laptops and plasma TVs. Customers who paid Smith never received any product. On November 20, 2002, one of the victims of his scams, Time Warner, obtained a permanent injunction against Smith, his business at the time, Rizler, Inc., and others from the U.S. District Court for the District of Minnesota (Case No. 0:01cv1077 (DDA/FLN)), enjoining them from selling cable TV descramblers which illegally stole cable signals. While there were very few laws governing spam email campaigns until the CAN-SPAM act was passed in late 2003, Smith nonetheless engaged in a wide-variety of illegal activity surrounding his spamming endeavors. For example, in addition to defrauding customers out of their money as discussed above, Smith stole email accounts and used computer programs to obtain customer account information and passwords. He also set up fake email accounts using stolen credit numbers, and in turn used those fake email accounts to spread his spam.

Other scary information: Smith took in on the order of $24 million, most of which he was able to hide from authorities. He paid $1.1 million in cash for a house. The techniques he used to illegally communicate with his associates from jail are also fascinating. The death threats are a little scary.
Enjoy your weekend everybody.
Read More… (From The Spam Diaries)

Do portraits of them as ASCII art. Amit Agarwal, an India-based blogger of impeccable test and refinement, does some very cool pictures of 100 bloggers. Including that picture of me looking smarmy in the middle of the kampung: ASCII Art:…
Read More… (From loose wire blog)

Who sends greeting cards for the Fourth of July? Apparently spammers. Beware of emails with Fourth of July subject lines such as:Subject: Celebrate Your Independence
Subject: America the Beautiful
Subject: July 4th Fireworks Show
Subject: July 4th Family Day
Subject: 4th Of July Celebration
Subject: American Pride, On The 4th
Each message contains a link to the “greeting card”. The link in these cases is an exposed IP address, which is a pretty good indicator that it isn”t a greeting card from an established and reputable Ecard service . When clicked, the link delivers a downloader that accesses the Internet and downloads a Trojan onto the computer. We’ve been seeing a lot of generic Ecard spam over the past month and have noted it in previous blogs. What makes this one different is that it specifically targets the July 4th Holiday. We have observed over 15 million of these messages since the attack first appeared.

Read More… (From Security Response Weblog)

“While the US remains top spam dog, the latest chart emphasizes the urgent need for joined-up global action to combat this growing problem”

At the same time that spam has shifted to carrying PDF files to slip past spam-filters , Sophos has released their study of the top 12 spamming countries from the 2nd quarter of 2007. via EbizQ
Read More… (From Email Spam News)