Monthly Archives: December 2006

Using RBLs for email security can bite when you least expect


A situation that arose today illustrates the problematic nature of RBL use for spam filtering: A business owner who had been using the same email address to correspond with a client for the past seven years suddenly got a bounceback message from that client stating that she is being blocked by a public blacklist (SORBS). Further research on that site revealed that her IP address was contained in a range of addresses owned by her ISP host that have sent spam in the past.

Our intrepid communicant then tried to contact her customer using her Yahoo email account instead. She was bounced back again, but this time the message stated that her email had been blocked by yet another blacklist (SPAMCOP) in another spamming netblock. At this point, she picked up the phone and called her customer instead. As you can see, the use of blacklists can create high false positive rates…with the capacity to interrupt and damage your business communications with trusted customers.

On another note, many of the reports over the past two days have involved SBC, QWEST, VERIO and BellSouth customers — both hosted and non-hosted — who have been included in ISP spammer netblocks by JAMMDNSBL, SORBS, SPEWS, NOMOREFUNN and DNSBL. Once again, the blacklist companies are not saying that these companies’ specific domains and IP addresses have been spamming…but they are still suffering the consequences.

Reverse DNS issues have expanded again…and include missing PTR (domain name) or “A” (IP address) records…multiple PTR record listings for the same IP…with other checks showing upstream host PTR records instead of the user’s. Keep in mind that while these scenarios don’t usually create NDRs (Non Delivery Reports), they can make it difficult to get de-listed from various RBL sites.

Dog Days of Summer return

Things have pretty much returned to normal over the weekend — we’re seeing the usual scenario: RBLs such as SORBS, SPAMCOP, FIVETEN and others are netblocking entire IP address ranges from ISPs that have included known spammers in the past…which means they’re continuing to catch non-spamming companies in their nets as well.

There have been a few new reports of open relay problems, while reverse DNS issues have dropped off again…and no new Non Delivery Reports (NDRs) from the major ISPs have popped up so far this week.

Technology Blogs - Blog Top Sites

FARS Require Government Contractors to Archive Emails, IM and other Digital Communication

Government Contractors (large and small) have special electronic message archiving requirements, which they must follow to be in compliance with the Federal Acquisition Regulations (FARS). The specifics of the retention requirements are complicated, and, are further complicated by additional requirements placed by various branches of the Federal Government (DOE, DOD, etc.). Consult your legal counsel for specifics.  

Does Pump and Dump Spam Work?

Unfortunately, the short answer is yes.  A recent study conducted by Jonathan Zittrain, an Oxford University professor and Laura Frieder, a Purdue University assistant professor, found that heavy volumes of pump and dump spam significantly increase the trading activity and short term prices of the llegially touted stocks. Most pump and dump scams use stocks on Pink Sheets listings, which are stocks of companies that do not have to file with the Securities and Exchange Commission. The probability of a heavy trading day for stocks that were actively touted via spam compared to those that weren’t jumped from 4% to 70%.  The study concludes that spammers typically see a return of 5.79% over a matter of a few days. On the other hand the people who read the spam and buy the touted stock typically lose 5.5.% over the course of two to three days.

To me, the most incredible aspect of the study is that it confirms people actually act on the spam “tips” that show up in their inboxes. In large numbers, no less. That’s mindblowing! Until end-users stop clicking on links in spam mails, stop buying pump and dump stock and secure their bot infected PCs nothing will change for the better.

For any readers who do not know, Pump and Dump works something like this- Spammers buy large amounts of penny stocks with relatively low liquidity. They then send massive amounts of spam touting the stocks they hold as “must buys” or something akin. Once the spam reciepeints start buying the stock and pushing the price up (and, they do), then spammers unload their stokcs at a profit. This floods the market with a high supply of a stock for which there is no natural demand. The marks who buy the stock are now left holding the bag and lose money when they go to sell.

To see a specimin of Pump and Dump spam, go here


Digg! Add to Technorati Favorites  Save This Page


Rising Trend of Mass Mailer Worm Infections

MX Toolbox blacklist consultants report a significant upward trend in the number of mass mailer worm infections leading to blacklisted mail servers. These infections are spewing third party spam from legitimate mail servers and landing businesses on email blacklists.

This is a perfect illustration of the symptom-cause paradigm. According to a Sr. Consultant, “When we speak with people who are getting email bounce backs, they believe that their problem is the blacklist, when in fact it is not. The blacklist issue is usually just a symptom of a deeper problem- open relay, virus/botnet infection, etc.”

Currently, the most common root cause is worm infection. Administrators have to bear in mind that the blacklist problem will continue to occur unless and until the worm or other root cause is fixed. They must also be vigilant, as threats change almost daily.

In the case of the worm infection, administrators have two options- find and remove the worm, which can be next to impossible; or, use a better  email filtering and security service to keep the bad stuff off of your network and to neutralize any of it that may altready be there.

Start-Up Seeks to Charge For Delivery of Commercial Emails…and Cut You In On The Revenue

San Fran start-up Boxbe wants to bill email marketers and spammers for sending consumers email. The model works like this: Consumers set up a free email account and defines an approved senders list. Approved senders can email the consumer for free. Anyone else who wants/trys to send the consumer a message will be charged anywhere from $0.03 to $99 (consumers set the price). Here’s the twist- Boxbe will give 75% of generated revenue to the consumer.

 It’s hard to imagine how this will stop spammers (unless everyone switches to Boxbe), but it may change the game for legitimate email marketers.