October 16th, 2008They Must Think We’re Daft
An interesting phenomenon has been occurring the last few months and I, for one, am not happy to see it happening. After a few months of relative peacefulness, my server is starting to face an inundation of spam. There have only been a few services that I’ve signed up for since my last rant on the subject and, considering how both are rather popular social networks, I doubt they are responsible for selling my email addresses to spammers based out of Russia, North America and Kenya. What I don’t quite understand, though, is why spammers continue to use the same tricks over and over. It’s as though they think the average internet user is about as daft as two wingless mantises on the precipice of some grand canyon.
But then, with the sheer number of scammers out there, perhaps some of us really are unaware of the persistent plague of pestilent people who prey on copious quantities of uninformed customers.
I currently host email for about 190 people on three continents. The average person receives roughly 80 messages per month and anywhere between 200 and 5000 spam email messages every month. While I can certainly understand why some addresses are spammed to death, what I can’t tolerate is the sheer amount of processing power that’s going into identification and elimination of these malignant messages. Here is the breakdown on the email messages for the past two weeks:
Total Messages Received: 6,920
Messages Marked as Spam: 6,193
Messages Sent: 590
Messages Flagged by System: 1
So in two weeks, my server has received almost seven thousand messages. A good portion of these were marked as spam and deleted before arriving at its intended destination. 590 messages were sent from the same server, and only one was marked as being potentially spam. The only reason it was marked that way was because it was an actual spam message that got through, and someone was forwarding it to PayPal to see if it was a real warning.
As a disclaimer, I will mention that I do not read the emails of people on my server. That would not only be a huge invasion of privacy, but the act of a stupid SysAdmin. While I’ve done many stupid things in my life, this will not be one of them. When my spam checker identifies something as spam coming from my server, it sends me a message with the name of the person who sent it, as well as the subject line. If I think someone is sending spam from my server, I will talk to them about what they’re doing with the free service I’m providing and get clarification. The last thing I want to see is my server going back on the black lists. It took months to get it back on the white lists with MSN, Yahoo and GMail a few months back thanks to IP sharing with my host provider.
That said, I thought it would be interesting to see what kind of spam messages are being sent out this month. Have spammers learned from the past and become more sophisticated with their techniques? Are they using well-written messages in an effort to entice us with sex, cheap goods, drugs or some combination thereof?
Oh, if only it were true.
Type One: The Sexy Offer
We’ve all seen this one. The subject line looks something like “[MSG: 83921] I want to see you right away” and is supposed to be from someone with a rather seductive looking name. “Foxy Brunette” and “Penelope Wilson” seem to be the two most common names found in my spam filter and, despite by best attempts to understand, I just cannot wrap my head around why someone would respond to something that clearly looks so fake.
MSG 83921? Would you put this in an email to someone you want to get into bed with? I can just imagine how stupid I would have looked to my Reiko had I sent emails with such ridiculous subject lines when we were still dating.
Anyone who is begging someone they’ve never met for sex is either a crack addict, a prostitute who’s being threatened by a pimp, or someone you wouldn’t want to be involved with in the first place. If I ever meet someone who responds to these kinds of messages, I’ll probably vomit in rage before passing out due to a severe chemical imbalance in my brain while trying to parse the fact that the person before me is really so gullible.
Type Two: The Sales Pitch
“Exclusive Offer! Best imitation r0l3x watches you’ll ever see!” This is a subject line I can understand. The Rolex brand has been trashed so badly online that even mentioning that you bought one will earn your email an unhappy trip to the Junk folder, if not deleted outright. Other brands such as Viagra, Gucci, Prada, Cialis and just about everything else that is considered up-scale have received the very same treatment. It must be damn near impossible for advertisers from any of these companies to market their products online thanks to scammers and spammers the world over. Luckily, rich people don’t use the internet.
Have you ever known someone to buy drugs from some unknown vendor on the internet? How about a nice-looking $500 replica Rolex watch? If you do, send me their email address. I have a bridge in Nagoya I’d like to sell them, and perhaps I’ll even part with some land on the moon.
Type Three: The e-Card
What started out as a nice little industry where people could send animated “cards” to each other to celebrate all the little things in life turned into the most effective way to transmit viral infections and just about every other type of unwanted software online. One of these managed to sneak past my spam filters a few weeks ago and looked pretty convincing … until it asked me to click a link. The message looked a little like this:
You’ve received an eCard from your sister!
To pick it up, just click on the link below, or copy and paste it into your browser: http://nonsensical.com/e-card.exe.
Your card will be available only for a few days, so be sure to pick it up quickly!
Wow! My sister sent me an eCard? How thoughtful! Wait a minute … it’s an exe!
What’s really sad about this last one is that I can actually picture my parents clicking the link and being infected with whatever code the executable file contained. The way I look at it, if my parents would click it, then so would tens of millions of others.
No wonder bot-nets become so massive in such a short amount of time.
What’s the Solution?
Like many other people (who are far more intelligent than I), I’ve been looking for some possible solutions to this issue, but have yet to find any that would be workable on a grand scale. Limiting people to one email address in a lifetime would be difficult to ensure and maintain, not to mention troublesome for those of us who need separate addresses for whatever reason. Having people manually confirm an email address by traditional mail or phone call would be just as troublesome, as some companies would pop up offering to bypass this for $20 USD or whatever. At the same time, we don’t want email to become something that is darn near Orwellian in nature, as the communications method has lots to offer both individuals and companies.
So what’s a workable option?
Unfortunately, I can’t think of a single realistic alternative to our current spam-filtering technologies. Sure, the filters will continue to suck up a large amount of processing power, but what other methods could ensure a spam-free mailbox?
I’d love to hear your thoughts on the matter.
I certainly understand your sentiments and really don’t know of a good solution to shutdown the spammers. Here’s the 2 things that really get me: Why do they insist on sending the EXACT SAME message multiple times over a day or week. Do they think that I’m going to fall for it the 17th time I get it if I didn’t the first? The other thing is how they get my email address. I expect it with email addresses I use to sign up for things, but I have also received spam on a couple of email addresses that I KNOW that I have NEVER used to sign up for ANYTHING!
There are a few different ways that spammers can get their hands on our email addresses, and none of them are easy to prevent. Here are just a few:
* our friends or family have a trojan or some malware on their system which records all email addresses and secretly sends them to a centralized server somewhere
* through the WHOIS database (do a WHOIS on almost any domain I’ve registered and you’ll get my primary email address)
* through shared hosting back-doors (there are reports that it’s very easy for spammers to collect every email address on a shared host through poorly configured servers)
Unfortunately, we can never have a 100% spam-free email account, because there are just too many ways for people to get their hands on our information
Hmmm, I might have to investigate if my server is configured properly…
As far as the whois, I haven’t given the email addresses in mind to any registrar for any reason
It does make me wonder if someone or people that I know have some sort of “bug”
Although, I think I might want to look at my server first because I am getting pretty much the same spam on a couple different email addresses on this server (although the others aren’t affected) hmmm…I guess for now I’ll just not worry about it because like you said “we can never have a 100% spam-free email account”
Will you be scammed, and how will you know? Will it be obvious if a home business opportunity is going to run off with your money.
This is a pretty loaded question, and not one that I could easily answer. That said, if your gut is telling you that something sounds too good to be true, it probably is.
I’ve learned this lesson the hard way
Wow … you would not believe how much spam this one post has attracted. My Akismet numbers have jumped by over 900 points just today, and according to my stats package, this site has been hit by well over a thousand crawlers in just under 20 hours
It’s amazing what a few mentions of some over-scammed products will do to your traffic….