|
Do
Anti-Spam Laws Scare Spammers?
It
was reported early this month that some more
notorious spammers have taken different paths
in their high-paying careers. According to a
report in USA Today, Erb Avore is starting a
call center in India, while big-time spammer,
Damon DeCrescenzo has left the business and
is looking for a new profession.
The
report said that anti-spam lawsuits and sophisticated
anti-spam software are among the reasons why
spammers are dropping out of business. Some
other spammers, however, have branched out to
related areas, causing the unprecedented rise
of spim, or instant-messenger spam. (Ferris
Research says that spim will rise to as much
as 4 billion this year).
However,
data collected from various research groups
show contradicting results. The USA Today report
continued, “About 3% of spam got to consumers
in April, vs. 12% in November…based on
data [Cloudmark] collected from more than 925,000
e-mail users.”
Jupiter
Research, on the other hand, issued a report
in April saying that 64% of e-mail marketing
offers from U.S. companies did not meet the
CAN-SPAM Act requirements. Another leading anti-spam
firm said that spam of all types accounted for
63% of more than 3 billion e-mail messages filtered.
At
this stage, the debate on whether the anti-spam
laws are effective or not in thwarting unwanted
e-mails is pointless. Five months after the
CAN-SPAM Act was enacted into law and a number
of the most wanted spammers currently facing
lawsuits, we, e-mail users, must never allow
ourselves to be lulled to complacency.
This
points to a pressing need for us to remain vigilant
in guarding our computers from spam. Moreover,
our anti-spam strategy should not be limited
to investing in and acquiring a reliable anti-spam
product. We must also take extra efforts to
learn new developments in the global fight against
spam.
In
the end, it’s really all about education.
Bigfoot
Anti-Spam Team Releases Top 5 Spam for April-May
The
team behind Bigfoot Anti-Spam Solution has released
its Top 5 spam list reported for April. Here’s
the list with some comments that will help educate
e-mail users about spammers’ techniques.
1.
Subject: All your prescription needs right here
This
kind of spam employs the URL & Image technique
to evade filters. This means, no text is seen
in the message, but is instead found in the
image located on a remote server, linked by
a URL reference in the email. So, there is no
way to catch this type of spam apart from the
URL, which, by the way, spammers change from
time to time, and these URL’s are usually
gibberish, or unintelligible domain names, which
should already give out their nature as spam.
2.
Subject: Test our Internet pharmacy, buy Víagra
and other meds
This spam also uses the same URL & Image
technique to evade filters. However, it adds
up another technique - Invisible Ink (but not
so invisible this time, because it's yellow
against white background). They insert these
unreadable words or phrases in order to fool
bayesian filters.
3.
Subject: Our newsletter made investors over
900% return last week!
This
spam is one that disguises itself as a business
subscription, but is unsolicited. More often
it would be hard to distinguish this from a
real business subscription, and this message
more often passes through bayesian filters -
other wise could cause false-positives.
4.
Subject: limite;d time off;er
This
spam is a very basic type of spam, it does contain
a very short message, and gives URL’s
where users could read more. If you look at
the URL source, you could see that they are
trying to employ random sub-domains to try to
fool URL-based filters.
5.
Subject: Fwd:Affordable Life Ins. Finally
This
type of spam employs the micro-text or pixel-text
technique in order to conceal words or phrases
from the viewer. As usual, these concealed words
or phrases try to fool bayesian filters. Try
to notice the broken lines in the unsubscribe
portion of this message --- these are not actual
lines but are words printed so tiny (1 pixel)
that they appear as lines or groups of dots.
If you try to copy & paste these lines into
notepad, you'll be surprised to see words instead.
Kids
Get Spam Too, Study Says
If you think your kids are not susceptible to
spam, think again.
A
study conducted by KidsGuard.com showed kids
in the United Kingdom receive an average of
1.46 pornographic e-mails per day; that’s
about 10 per week.
The
figures were based on a survey conducted by
KidsGuard.com involving a sample of over 66,000
kids. According to the results, the kids received
nearly 700,000 unsolicited e-mails between the
months of October and December 2003. The spam
mails were mostly porn, and a large bulk of
finance and get rich quick spam.
As
spam has been widely creeping to our computer
systems over the years, its does not come as
a surprise that it is affecting all Net consumers,
including the youngsters.
Back to top
Stiffer
Penalties for Spammers in Maryland
Maryland’s House of Delegates
and Senate have both approved unanimously an
anti-spam bill that will seek rigid penalty
for people sending fraudulent, unsolicited e-mails.
According
to Tim Lemke’s report for The Washington
Times, spammers who send more than 10 unsolicited
e-mail advertisements a day with false or misleading
information to computer users in Maryland could
be slapped a fine of as much as $10,000 or imprisonment
of up to 5 years. The more spam sent the tougher
the penalty the spammer will be subject to.
For repeat offenders will face up to 10 years
of jail and $25,000 fine.
This
proposed law will also go after spammers who
are based outside Maryland but target e-mail
users in the state. It will also prosecute spammers
who use special programs to “harvest”
e-mail addresses off websites or hijack computer
to send spam. Falsifying information when registering
for an e-mail address or domain name will also
be considered illegal.
Ex-Power
Executive Faces 5 Years Jail for Fraud
E. Douglas Mitchell, ex-president
of the California-based electricity wholesaler
PowerSource, is facing up to five years in prison
for taking part in a conspiracy by committing
wire and mail fraud, The Associated Press reported
early this month.
Mitchell,
who was part of a scam that profited from the
energy crisis that hit California, will be sentenced
on July 16. Thousands of Americans got deceived
when PowerSource offered exaggerate profits
for a $10,000 investment in the company.
The
six other conspirators pleaded guilty and were
sentenced to a maximum of 5 years imprisonment.
Mitchell was the last remaining defendant in
the case.
Back to top
Dutch Upper
House OK’s Anti-Spam Legislation
The
Dutch parliament’s upper house has finally
approved amendments to its telecoms legislation
that will make spamming illegal, Joe Figueiredo
reported for DMEurope.com. This parliamentary
action was taken, months after the October 2003
deadline, in answer to the call of the European
Union (EU) for member states to establish and
implement anti-spam laws.
The
amendments, the report continued, will be enacted
into law this month or in June. Under the revised
law, Dutch consumers will have to agree or opt-in
to receive unsolicited e-mails before they can
be legally sent.
However,
there is an outstanding debate as to whether
to include workers, since this legislation will
only protect the consumers. The Dutch minister
of economic affairs, Laurens Jan Brinkhorst,
announced that he will initiate actions to ensure
that anti-spam protection covers the employees
sector.
It
has also been proposed that the government will
seek the assistance of Spamvrij.nl, a Dutch
anti-spam association, in tracing spam mail-headers,
providing guidance and the like.
Employers Liable
for Porn Spam in Workplace
European employers could be
in deep trouble for promoting an unfavorable
work environment if they fail to control or
get rid of sexually explicit e-mails circulating
among or generated from their workers, Reuters
reported.
According to Dutch researcher
Lodewijk Asscher, under the new European anti-spam
legislation "European employers must be
aware of the risk of new computer-related liabilities."
He also noted that companies must take appropriate
measures to protect employees against pornographic
spams, lest employers will be held liable and
face litigation.
In
effect, companies that operate an e-mail network
are advised to notify their employees the nature
of spam and use filtering technology, the report
said.
Back to top
Happy
Days are Over for Aussie Spammer
After
nearly a million complaints from various individuals,
Federal Trade Commission (FTC) of the United
States of America filed a case against Global
Web Promotions (GWP), an Australian company.
This
is the second case filed by the FTC under the
U.S. CAN-SPAM ACT, which took effect in January
of this year. FTC’s first anti-spam case
was filed against four defendants in Detroit.
Global
Web Promotions is accused of selling a diet
and “ineffective” Human Growth Hormone
products.
Source:
thespamweblog (spam.weblogsinc.com)
China Hosts
71% of Spam in April;
U.S Running in Second with 22%
An independent research conducted
by Commtouch shows that China hosts 71% of URLs
that are found in spam e-mails. Most of the
Spam messages spreading around have one or more
links that leads to information about the alleged
products or services being sold online.
Most
of the unsolicited messages sent over the Internet
have one or more link (URL) in the message;
spammers are setting those links to provide
more information regarding the products/services
they are trying to promote, or to allow users
to buy the promoted products online. Commtouch
found that in April, 71 percent of those URLs
are hosted in China, and the United States was
second, hosting just 22% of the spammer websites.
While China is hosting the most spammer websites,
the United States continues to be the point
of origin for the dissemination of spam, sending
60.5% of spam. The fact that 71% of spammers
websites are hosted in China and 60.5% of the
global spam is sent from the United States demonstrates
that spam is a global problem and that spam
is being sent from one country while another
country is used as a hosted website to 'close
the loop' of the spam transaction.
"The fact that most of the spammer websites
are hosted in China adds layers of challenge
and complexity to the enforcement of the U.S.
CAN-SPAM law and other spam legislation,"
commented Avner Amram, executive vice president
at Commtouch. "Legislators in the United
States and in other countries will have to consider
the global nature of spam when looking at how
to deter or punish those involved in making
the business of spam profitable -- be it the
spammer or the companies whose products/services
the spammers promote."
Commtouch reports that the top 10 countries
in global distribution of spam websites in the
month of April are:
China-
71%
U.S. - 22%
Brazil - 2.3%
South Korea - 1.8%
Russian Federation -1.5%
Canada - 0.6%
Pakistan - 0.24%
U.K. - 0.07%
Romania - 0.03%
Germany - 0.03%
France - 0.06%
In
regard to the global origin of spam in the month
of April, Commtouch identified spam being sent
from Internet Protocol (IP) addresses in 155 countries,
with Hong Kong (separately from China) breaking
in to the top 10 list of countries that send the
most volume of spam email:
U.S. - 60.5%
China - 6.2%
South Korea - 4.9%
Canada - 4.3%
Brazil - 2.9%
France - 2%
Hong Kong - 1.7%
Spain - 1.7%
Japan - 1.2%
Netherlands - 1.2%
While Commtouch reports
that it saw a record number of spam outbreaks
in the month of April, the company also reports
an increasing number of email messages complying
with CAN-SPAM. Amram said that about 5% of all
spam messages in April complied with CAN-SPAM
requirements, an increase from 3% in March.
Back to top
Sasser
Breaks Out
A
new worm called Sasser has broken out, spreading
globally across the Internet. It is touted that
its effects, at its worst when its begins infecting
workstations, could possibly cause banks in
Finland to shut down and flights to be canceled
in Atlanta.
The
Sasser worm exploits recently identified security
weaknesses in a number of Microsoft Windows
platforms. Infrastructure management and anti-virus
experts agree that the best strategy against
this worm is containment owing to the “nature
of the vulnerabilities that it exploits, wrote
Greg Scher for thespamweblog (spam.weblogsinc.com).
Mr.
Scher continued, “Most recently an e-mail
has been spreading purportedly providing a patch
to the worm, but instead, the attachment to
the e-mail contains the Netsky ( removal tool)
virus. Clearly an opportunistic hacker looking
to ride the wave of fear and paranoia currently
setting in.
“So
far, lessons have shown that for large enterprises
the best way to stop the worm is to contain
it. Here’s how:
-
Shut down and/or immediately block outgoing
communication from the infected hosts immediately
to protect further infection.
- Once rebooted with communication blocked,
remove the worm (it has a known signature)
update your virus scanners definitions.
- Patch the hosts immediately using tools
like SMS or sneaker.net…whatever works
for you.
- Scan your host immediately or, download
a free tool (step 3) from Microsoft.”
For
those whose computers have not been affected by
the virus, Mr. Scher suggested they do the following:
-
“Run Windows Update, download and install
the critical security updates that it
recommends.
-
“Check the virus signatures on your
anti-virus scanners, immediately download
updates if they are available. If you have
auto-updates enabled, run a manual update
and confirm that the you have the latest version
installed. All anti-virus vendors have “preliminary”
signatures on this worm. If you don’t
have a virus scanner…get one immediately.
- “Once the signatures are updated,
scan your machine immediately for viruses.”
Back to top
 |
Opinions From Inspector Mails
| Inspector Mails is the AI entity for Bigfoot's
Anti-Spam
Solution. He will be
giving regular updates and opinions
on current anti-spam trends. |
|
Putting
the Cart Behind the Horse
I think many of the solutions people are trying
to reduce spam is putting the cart behind the
horse, so to speak.
I
think the aim at finding a solution is to keep
anyone who collects e-mail addys (for software
registration, domain registration, etc.) from
making your e-mail address available to others
without your permission.
By
default many state that you can OPT OUT to remove
your e-mail address, but why should we have
to go through all that trouble when it would
be much easier for us to have to OPT IN ...
only if we wish to have them share our e-mail
address.
After
a few years I finally gave up my domain name
just so I could eliminate over 100 spam messages
a day. Once it ran out, spam was reduced to
1 or 2 a month.
I
really think by preventing Internic and other
registrars from being able to legally sell your
email address would cut down on a tremendous
amount of spam.
It's
much like the phone companies and having to
pay to NOT have your phone number listed. They
make who knows how much money selling our information,
but it is to no benefit to us, such as reduced
phone bills.
So
many things like that seem backwards to me.
Like registering your phone to be on a no call
list. Why not just have people who want to receive
calls sign up. Just think how much smaller a
database they would need to maintain. But then
again maybe nobody would sign up.
The
same idea would work against the fight of spam
mail. Stopping the source of those selling the
lists would greatly help to reduce this problem.
I would think that a survey of volume of spam
messages received by those with domain names
and those without would be very interesting
to see. It also would be a way of seeing how
services such as Internic are contributing to
the problem.
Lois
Robinson
Thank you for sharing with us your views
on the matter at hand. It’s greatly appreciated.
Since
most Internet companies provide free services,
they have to find ways to get revenue, one of
which is e-mail list rental. Why not make it
illegal for Internet companies to sell their
email list?
Sounds
like a good plan.
But
let’s think about the repercussions of
such actions. As you know, I’m playing
the devil’s advocate here. Lets say we
did make it illegal. What then? Making e-mail
list rental illegal has a significant impact
on their revenue since it takes up about 15%.
Usually, when you sign up for a free service
you have to sign some form of agreement that
you concur to receiving legitimate marketing
e-mails from them or their partners. So, my
advice is to read the terms and conditions before
you sign up. Try to find out if they will or
won’t sell your e-mail address. Find out
if you can choose to opt out from receiving
such emails. So you’ll know what you’re
getting into.
Back to top
Does
Bigfoot sell a spam list?
If
not then how did they get these?
Cc:
newong@bigfoot.com, neworks@bigfoot.com,
neworldsw@bigfoot.com, neworleansclubs@bigfoot.com,
neworleanzlady@bigfoot.com, newowner@bigfoot.com,
newpac@bigfoot.com,
NOTE:
Just blur the email addresses
|
Peter
|
No, Bigfoot does not sell its e-mail list
to spammers. But how did they get my address?
Well as stupid as it sounds, spammers
get your e-mail address by guessing and
other methods. Now I won’t go on
the details for obvious reasons but basically
this is how it goes.
Spammers
guess e-mail addresses, send a test
message (or a real spam) to a list which
includes the guessed addresses. Then
they wait for either an error message
to return by e-mail, indicating that
the e-mail address is invalid, or for
confirmation. A confirmation could be
solicited by inserting non-standard
but commonly used mail headers requesting
that the delivery system and/or mail
client send a confirmation of delivery
or reading.
So
it's good advice to set the mail client
to “not” preview rich media
e-mails, which would protect you from
accidentally confirming your email addresses
to spammers and viruses.
|
We
appreciate all of the comments and response
we have received about the newsletter and we
will be addressing your concerns in the next
issue. You may send your comments to antispam.review@bigfoot.com.
Since we print some of the comments we receive,
simply advise Bigfoot if you prefer that your
complete name and email address be withheld,
and provide us a first name, city and state
as an alternative.
Back to top
 |
The following message was sent to you as
a subscriber of Bigfoot.com. We will continue
to bring you valuable offers on the products
and services that interest you most. If
you wish to unsubscribe, click
here. |
|
