groups.google.com hates greylisting

Thursday, March 27th, 2014

Dear Google,

Here’s a Wikipedia article for you: Greylisting.

After you’ve read that, then consider the error message I always get for my groups.google.com account when you disable mail sending to me due to “bouncing”:

Bounce status Your email address is currently flagged as bouncing. For additional information or to correct this, view your email status here [link].

Following that link I get to read the reason:

“Google tried to deliver your message, but it was rejected by the server for the recipient domain haxx.se by [mailserver]. The error that the other server returned was: 451 4.7.1 Greylisting in action, please come back later”

See, even the error message spells out what it is all about!

Thanks to this feature of Google groups, I cannot participate in any such lists/groups for as long as I keep my greylisting activated since it’ll keep disabling mail delivery to me.

Enabling greylisting decreased my spam flood to roughly a third of the previous volume (and now I’m at 500-1000 spam emails/day) so I’m not ready to disable it yet. I just have to not use google groups.

Update: I threw in the towel and I now whitelist google.com servers to get around this problem…

a 20 to 1 spam to comment ratio

Thursday, October 20th, 2011

It has been a little over 1500 days since I started this (wordpress’ed) version of my blog. During this time, I’ve posted entries, people have submitted comments and most of all there have been spammers posting “comments”.

During these 1500 days I’ve posted over 600 blog entries. Roughly one entry every 2.5 days. We can see that my visitors aren’t that talkative in comparison as I’ve received some 550 comments in total to my blog posts.

10,000 spam comments have been submitted. That means roughly 20 times more spam than legitimate comments. The world can indeed be a sad place at times! :-(

generic opt-in spam lists don’t exist

Friday, September 2nd, 2011

The last couple of days I’ve received a number of Swedish spam emails and I started digging up the Swedish companies behind them. The vast majority of all spams I get and have gotten during the years are English, so the Swedish ones stand out and they are a relatively new thing.

There seems to be a range of companies that now offer “email marketing” as a service to other companies. And there are lots of companies apparently willing to use such services. The other day the somewhat respected ISP company Crystone for example went ahead and spammed “a few hundred K” recipients (link to a Swedish-speaking forum). I’ve long been annoyed by the repeated spam mails I get from the company Jajja, which apart from being in the snake oil business (SEO) seems to be a legitimate business that wants to be taken seriously. Of course, they have a shady history of bad business ethics (link to Swedish article about Jajja doing blog-comment spamming in 2007).

A can with spamCrystone’s excuse for their spam outburst was that they had bought this list of “verified” and “opt-in” addresses (from big-time spammer company mailcom.se) so they were quite surprised when large amounts of people started complaining and whining about their spam. mailcom.se, unsurprisingly, on their site boast to also have Jajja as customers. I have emailed mailcom.se and complained in strongly worded terms. I expect no response or effect.

Hejsan

Detta är ett av tjogtals (hundratals?) spam email jag fått från er. Ni har hittat/köpt denna email-address genom web-scraping och ni och era kunder är inget annat än spammare. Det är illegalt i Sverige och att betrakta som en vedervärt sätt att försöka marknadsföra någonting.

Fy skäms!

The above is the email text I sent. It could be translated into English like:

Hello

This is one of the many (hundreds?) spam emails I’ve received from you. You found / bought this email address by web-scraping and you and your customers are nothing but spammers. It is illegal in Sweden and to be regarded as a horrible way of trying to market anything.

Shame on you!

Newsflash: there is no such thing as a blanket list with verified and opt-in email addresses. You may get people to opt-in for a particular and well explained purpose, but nobody ever asked anyone if they wanted to get stupid market emails from Crystone without compensation. Who would have opted-in to something like that?

Legality? People here in Sweden are quick to point out that sending market emails to companies and other business is not illegal here. Although, as is easily proven, these guys don’t know who they target as their list clearly is created by old fashioned web scraping techniques and they send to anyone, individuals and companies – without discrimination. Besides, my biggest complaints against spam is that it is a nuisance and a pain, if it is illegal or not is not the biggest concern to me. Spam is spam no matter what.

I’ve also explicitly tweeted about the spam service provided by quicknet.se. They’re at least somewhat open about it and add a header in their outgoing mails claiming them to be from “QuicNet_AB” (notice how the letter k is absent). I’ve received several spams via their domain gallerian.org so there’s no doubt who’s behind them. These mails also have ended up targeted to email addresses that are without any doubt harvested from the web. An employee of quicknet responded to me (in Swedish), apparently surprised by my allegations but I’ve received no further info. But frankly, I don’t care what excuse they can come up with. It will only be something lame as this is not a mistake.

Other seemingly popular Swedish spam companies include epostservice.se/com, epostarna.se and so on. I wish more people will react on the spam and object to the companies that buy these services (in good faith or not) and to the companies that provide these services. Tell them it’s all spam, no matter what excuses they can figure out!

PS. Yes, this is the same Crystone I’ve written about before

Email asking for my products

Wednesday, March 30th, 2011

In my mini-series of strange mails I receive, here’s another one:

Subject: Product Request

Hello,
I am interested in purchasing some of your products, I will like to know
if youcan ship directly to SPAIN , I also want you to know my mode of
payment for this order is via Credit Card. Get back to me if you can ship
to that destination and also if you accept the payment type I indicated.
Kindly return this email with your price list of your products..

I assume I’ll never figure out what products he speaks of, or how on earth he ended up sending me this… I’ll admit I was tempted to make up some “interesting” products to offer.

Update: I was informed that this is probably “just” another online fraud attempt. How boring.

Spammers now subscribe

Friday, October 30th, 2009

During several years I’ve been setting mailing lists I admin to only accept posts from subscribers iA can with spamn order to avoid having to deal with very large amounts of spam posts.

While that is slightly awkward to users of the list, the huge benefit for me as admin has been the deciding factor.

Recently however, I’ve noticed how this way to prevent spam on the mailing lists have started to fail more and more frequently.

Now, I see a rapid growth in spam from users who actually subscribe first and then post their spam to the list. Of course, sometimes spammers happen to just fake the from address from a member of a list – like when a spammer fakes my address and sends spam to a list I am subscribed to, but it’s quite obvious that we also see the actual original spammer join lists and send spam as well.

It makes me sad, since I figure the next step I then need to take on the mailing lists I admin is to either spam check the incoming mails with a tool like spamassassin (and risk false positives or to not trap all spams) and/or start setting new members as moderated so that I have to acknowledge their first post to the list in order to make sure they’re not spammers.

Or is there any other good idea of what I can do that I haven’t thought of?

Explanation for hjsdhjerrddf.com domains

Friday, January 23rd, 2009

In case you’ve checked some of your spam mails recently you might’ve discovered how a large amount of them include links to sites using seemingly very random names in the domain names. Like hjsdhjerrddf.com or qwetyqfweyqt.com and so on. Hammering-the-keyboard looking names.

The explanation behind these is quite simple and sad: ICANN allows for a “tasting period” before you pay for the domain. Thus spammers register all sorts of random names, spam the world with mails referring the users to these domains and then they return the domain names again before they’ve paid anything, and go on to the next names.

With a large enough set of people and programs doing this, a large amount of names will constantly be kept in use but not paid for and constantly changing owners.

Conclusion: wherever there’s a loophole in the system, someone is there to exploit it for the purpose of sending spam.

My best spam rules right now

Sunday, June 22nd, 2008

I’ve already before mentioned my antispam setup, but today I just ran a little check on my “hispam” mailbox (the spams with so high spam points that I never even bother to check them for false positives), 43MB of 7900+ spams (received during ~40 hours), to see which ones of my own handicrafted rules that get triggered the most. I use a set of 40+ custom spamassassin rules to help it trigger more mails as spam, since some of the very short mails seem to be hard to catch otherwise, and some of the mails are in many ways looking like mail I would normally get.

Anyway, my top-10 rules are:

  1. 1624 6.0 DS_BODY_DRUGBRAND      BODY: mentions drug brand
  2. 1428 6.0 DS_SUBJECT_DRUGBRAND   Subject mentions drug brand
  3. 828 6.0 DS_FROM_HAXX     spoofed haxx.se address
  4. 769 4.0 DS_BODY_DISCOUNT    BODY: mentions percent discount
  5. 745 4.0 DS_SUBJECT_DISCOUNT   subject mentions percent discount
  6. 415 2.1 DS_TO_OWNER   To contains -owner
  7. 200 6.0 DS_BODY_NODOCTOR  BODY: mentions “no doctor”
  8. 195 2.0 DS_MAILER_THEBAT  sent with the bat
  9. 189 6.0 DS_BODY_DESIGNBRANDS  BODY: mentions designer brand(s)
  10. 158 3.0 DS_BODY_REPLICAS  BODY: speaks of replicas

The first number is number of hits. The second is the “spam points” I assign a match. Then there’s the name of the rule and my description for it. The “spam points” can best be seen relative to the other rules, as what makes a single mail a spam in the end involves multiple factors that aren’t shown here.

Mail turned unreliable

Friday, May 23rd, 2008

I’ve always been proud of my ability to read and respond to email in a swift and reliable manner. I read and write emails every day, and most days I read mails more or less immediately as they land in my inbox.

However, during the recent year or so I’ve noticed that I’m no longer a reliable mail recipient. The amount of spam I get has made me tighten the screws so hard I get my share of false positives. The kind of mails that I need to rescue from my spam bin as they will otherwise suffer the death by delete. But how many do I miss? How often do I lose legitimate mails?

On some of the mailing lists I participate in, the spammers have started to send posts with my email in the From: field (circumventing the subscribers-only limitation), leading to me having to set my own mails as moderated to prevent spam to get posted… :-(

Wordpress quirks and edits

Saturday, May 10th, 2008

There’s no secret I’ve had my share of gripes with Wordpress and here comes two more:

I can’t upload images at the moment! I run the “plain” wordpress package in Debian testing and when I try to upload an image using the fancy new ajax way in 2.5, it just sits there for a while and it seems it receives the file but I don’t get the UI up that I believe I should get when the upload is completed… so I can’t confirm the upload etc so it instead it gets discarded!

I’m suffering a bit from trackback spam so I installed a plugin named Trackback Validator to help me reduce the manual work of denying them. It seems to work rather well so far in that I now no longer have to mark very many comments (trackbacks appear as comments within Wordpress) at all, but the annoying part is that even though the validator unvalidates the trackbacks I still get information mails sent out to me about them! I’ve now also enabled the Akismet plugin so let’s see what happens. Of course simply disabling trackbacks is an option that I’ll use if this doesn’t work good enough.

A funny side-effect with installing and enabling Akismet was that all of a suddent I could access comments previously marked as spam, and thus I could undo the damages from my accidental mark-as-spam-hiccup the other day!

While playing around with plugins, I also installed a gravatar plugin that shows gravatar-images for users on comments, and I installed a plugin that will automatically set my timezone correctly even when DST changes – which Wordpress can’t do by itself!

Then all of a sudden when I poked around (too much) I managed to somehow ruin the background image I use a the top of all pages on my blog. Somewhat I got a gradient there instead, which indeed is what the theme supports (the theme I use is of course a standard one but I have done some minor edits of it). Took me a while to manage to get rid of the gradient and get back image back… I had to resort to editing the PHP file for the theme!

Wordpress unmanages comments

Thursday, May 8th, 2008

Blah, so I get a large amount of spam comments and trackbacks to my blog and I go over them and mark them as spam regularly. They don’t appear on the site, they just end up in my attention queue and I need to deal with them and take care of the occasional “true” comment as well.

When I do this I press the Awaiting Moderation (15) link (assuming I have fifteen comments awaiting), select them all and then press Mark As Spam and I’m fine.

Right now I managed to error. I didn’t press the awaiting link and then I had the list of all comments shown and since there were many comments I got to see the last 20 comments or so. I selected them all (all comments on that page) and marked them as spam. Whaaaaaa. Pain! That was not very clever! Several legitimate comments now went down the drain and…

There’s no way to restore them, there’s no undo the deletion, there’s no “oh wait these aren’t spam really” way.

Grrrr. So guys, if I removed one of your comments you should know that I’m sorry. I really am. I’ll try to improve…