Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« November 2010 | Main | January 2011 »

December 31, 2010

Spam (Mini) Trends Permalink

In the past few months, one or more spam-generating botnets have been taken offline. But only in the last couple of weeks have I noticed anything truly different in the spam arriving at my main domain.

For the past two weeks, dictionary attacks have dropped off substantially. They had been so numerous that I had to adjust my spam statistics graph to count them by the thousands, compared to the ones for regular spam and other activity. Dictionary attacks had been averaging roughly 25,000 to 30,000 per day, but are now down to less than ten percent of that.

I don't know the specific source of the dictionary attacks that came my way for years, but it wouldn't surprise me if the bulk of them originated from one botnet source. Someone, somewhere had to be paying for the tens of thousands of messages that my server rejected every day. And mine is just one among millions of email servers rejecting this junk. I figured that eventually the economics would flow in my favor.

One thing I know for certain: No short-term trend in spam is guaranteed to be permanent. Perhaps the machine will crank up again with the beginning of the New Year. But I'll hope that it doesn't, indicating that one small part of the spam economy has finally collapsed under its own weight. That will be my toast to welcome 2011.

Posted on December 31, 2010 at 11:22 AM
Licensing Email Users [Updated] Permalink

It has been over three years since my last suggestion that every email user should undergo training and licensing before being issued a first email address. The thought came up again today when I received one of those "forward this email to everyone you know" emails. It's the one about the so-called 28th amendment (to the U.S. Constitution). When I saw:

Subject: Fw: Important

I knew it was: a) not important; and b) trouble.

The message I received came through a Yahoo group whose members consist of a close-knit community of local amateur radio operators (it's for our emergency service organization, ARES). Even inactive members are no more than two degrees of separation from everyone else.

The member who sent the message through the group is a long-retired gentleman. I'll call him Ted (not his real name). Ted has the top-level ham radio license (Amateur Extra), which means he's no technical buffoon. I also have this mental picture from meetings years ago at which he was sermonizing chapter and verse about PC security.

So, today Ted forwarded this email. The original email included its From: and To: fields. The original To: field had 35 email addresses in plain view. That messages was forwarded to 44 more addresses in plain view. Passing over for a moment the potential privacy violation of broadcasting individual email addresses to so many individuals, I'm more concerned about the possibility that one or more recipients on our list might have a compromised PC that harvests anything that looks like an email address — even if it is in a cached copy of a web mail view.

Spammers don't have to work hard to uncover fresh email addresses when unlicensed individuals do all the work for them.

Ted, keep your radio license, but if you had an email license, I'd contact the authorities to have them suspend it until you went for a remedial course at Email School.

Update (4:05pm PST): And the madness continues. One of the recipients in my radio group replied to the forwarded message to tell off Ted. In so doing, however, he sent his "take it elsewhere" message to everyone in the To: list of Ted's message (ah, the dangerous Reply All button). This has resulted in the pissed-off guy exposing his email address (now explicitly in the From: field, whereas before it had been hidden as a group member) to all earlier recipients (including everyone in the Yahoo group). My list of email license suspensions grows.

Posted on December 31, 2010 at 11:05 AM