Tag Archives: spam

spam!!!

i’ve been getting A LOT of spam from, or by way of russia and china recently, and in my normal news perusing, i discovered that the guy who is responsible for the “canadian pharmacy” spam that you have, no doubt, seen in your own inbox – who is really a russian, and only nominally connected to any “canadian” pharmacies – has recently been arrested for operating a business without registration, but what i notice even more in this particular article is the apparent fact that spam is not illegal in russia… which would explain a lot.

this brings up a possibility that i have considered for a long time, which is to completely block all email from russia, and/or china. i have known, more or less, ever since about 1998 that it was possible to block people from sending you email from certain IP addresses, and i was vaguely aware that different regions can be identified from the first couple of IP address blocks, but i’ve never been exactly sure of how. i’ve been even less sure (although i’m pretty sure i knew at one time, having worked as a tester for a company that makes email server software) how to drop incoming email messages from a blocked IP address range with no response – i.e. if you’re in that IP address range and you send me an email, the email message just “disappears” with no reason given, but – and this the important part – i’m about 99.8% certain that it can be done fairly easily.

anybody who has ideas about how to do this should get in touch with me. i think it’s time to block email access from russia and china. the only email i get from those two countries are spam messages or malware, and it’s time to take action.

if it works as easily as i believe it will, i’m also thinking of blocking email access from africa – yes, the entire continent – as well.

ETA: something along this line is what i’m thinking of.

spam, again…

i don’t often admit to hating pretty much anything, but i will admit, whole-heartedly, to hating spam with a white-hot passion… πŸ˜›

i’m going to use this as an example of how i determine something which is not labled spam, is actually spam.

the following is a text-dump of the entire message, with the headers intact. the only thing i have done is to obscure my host server.

Return-path: <x>
Envelope-to: ganesha@hybridelephant.com
Delivery-date: Fri, 01 Oct 2010 03:40:48 -0700
Received: from hybridel by x with local (Exim 4.69)
     (envelope-from )
     id 1P1d2m-0005OP-Im
     for ganesha@hybridelephant.com; Fri, 01 Oct 2010 03:40:48 -0700
To: "salamandir" <ganesha@hybridelephant.com>
Subject: Enquiry from Hybrid Elephant
X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169
From: "Randall Tuttle" <rachelle258@gmail.com>
MIME-Version: 1.0
X-Mailer: osCommerce Mailer
Content-Type: text/plain;
  charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-Id: <E1P1d2m-0005OP-Im@x>
Sender:  <hybridel@x>
Date: Fri, 01 Oct 2010 03:40:48 -0700
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.583091, version=1.2.0
X-UID: 
Status: RO
X-Status: R
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:  

We noticed that you are not at the top of the search engines for a number of your key terms.
We have helped companies similar to yours to achieve top organic rankings. Please reply to this
message and we will prepare a special proposal for you, to show you how we can achieve similar
results for you.

first, i look at the subject line: “Subject: Enquiry from Hybrid Elephant

this is not labled “spam” because it’s an enquiry from my web site, which means that if it turns out to be spam, i can’t report it, because it doesn’t have a message path that can be traced. i get a lot of spammers trying to abuse my response form (hint, it only sends to me, so it’s not much use for spamming), so that increases the probability that it is, actually, spam.

next, i look at the sender name and email address. usually people who submit legitimate enquiries to my business have an email address that doesn’t stand out. this one – From: "Randall Tuttle" <rachelle258@gmail.com> – stands out: “Randall Tuttle” has an email address that includes the name “rachelle”? the probability that it actually is spam just went up to 99.98%. i have never seen an example of a message that comes from someone who is apparently male, which has an email address that includes a female name, unless they were trying to mislead people in some way.

as i said, because of the fact that it is an enquiry from my web site, i can’t report it, but i can delete it without even reading further.

but i am going to force myself to read further, because deep down, i am a masochist… or something like that…

We noticed that you are not at the top of the search engines for a number of your key terms.

now i’m starting to get perturbed… i knew i shouldn’t have read any further… patience, patience… 😐

yes, i know that. it is because i haven’t gotten to the top yet. if you google “html escape sequences” you’ll probably notice my site within the top 5 on the list. that is because i have offered the only complete list of html escape seqences on the net, for the longest time, without changing its URI. i haven’t been offering incense for anywhere near as long as i have had that list of escape sequences on the net. not only that, but i just upgraded from a flat html structure to a php/database structure within the past couple of years. one of the advantages is that if you search for specific products, like “aparajita special durbar incense” you will find my web site on the first page, despite the fact that i have upgraded my web site recently.

yeah, i’m not at the top of the list for all of my keywords, but i’m getting there, and if i leave my web site alone for long enough, i’ll probably get there without using possibly illegal and most likely nefarious ways to get there sooner, which is what you’re probably suggesting…

We have helped companies similar to yours to achieve top organic rankings.

organic ratings? organic ratings!? nothing about the web is “organic” in any sense of the term. and if they were, in some miraculous way, “organic” ratings, then why would a person named “Randall” be trying to sell them to me, writing to me from “rachelle”‘s email address, at gmail.com?

Please reply to this message and we will prepare a special proposal for you, to show you how we can achieve similar results for you.

reveal more about how my mailserver works to you, and give you new and innovative ways to break into my web site and email server, so that you can “prepare a special proposal” for me? i don’t think so, especially since you haven’t actually proven to me that you have actually done that for anyone.
 

PLONK!!!
 
for those of you unfamiliar with the term, “plonk” is the sound a spam message makes when it is deleted,
or the sound of a person’s email address being added to a “do not send” or “banned” list.

 
oh, by the way, the form gives me a little bit more information about the sender than he probably realises:

X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169

aha, his IP address. a quick “host 122.163.114.169” tells me that his computer is named “abts-north-dynamic-169.114.163.122.airtelbroadband.in” which is a dynamic range coming from AirTel Broadband, in india.

yeah, i’m really going to respond to a person who didn’t give me his real name, offering sketchy SEO services from a wireless connection in india… 😐

by the way…

LinkedIn Zeus spam run targets prospective business marks – i’ve been getting this spam for three weeks and i haven’t picked up the ZeuS trojan yet…

of course, i haven’t been clicking on any links in mail that crosses my desk labled as “spam”, and i have been reporting messages that claim to be from LinkedIn that are labled “spam” for three weeks… i have opened (as text-only, not as html) precisely one message that claimed to be from LinkedIn that was labled “spam”, about three weeks ago, to determine that it was, in fact, spam, and that has been it.

once again, the principal reason that email should not be sent as “formatted” or containing html code, is because, if it is, you can’t tell immediately that things are not as they should be. most people don’t think to look at the bottom of their screen, at the status bar of their email client or browser, to make sure that the link that they think they’re clicking is actually the link they’re clicking. most people assume that when they see a link, if they click on it they will be taken to the site indicated in the link, but that is NOT TRUE and especially so when the link is in an email message.

if i type in a link – http://www.hybridelephant.com/ – if that link is “active” (which this one is not), most people would assume that clicking it will take you to the site indicated, which is Hybrid Elephant. however, if you see the words Hybrid Elephant with no link, unless you look down, at the status bar of your browser (because you are viewing it in a web page, which is formatted using HTML), you won’t know that the link takes you to somewhere you may not have been expecting.

email was originally intended for communication on a very basic level. the web was intended for delivering “richer”, more “complete” content. you can say “check this out” without saying it in letters that are “formatted”. it may be “cooler” to say it in bold, purple, 72-point letters, but if you send such a message, the only thing you’re doing is forcing people who may not want it, to get a large quantity of essentially meaningless code along with a relatively short message, and sending people the possibility of getting their machines infected with a virus without you or them knowing about it, until it’s too late.

it not only saves space, but doesn’t have the potential for screwing up someone’s entire machine, as this LinkedIn/ZeuS spam tries to do.

HTML in Email is EVIL!
TEXT-ONLY EMAIL!
THE WEB IS THE PLACE FOR HTML-FORMATTING!

πŸ˜›

spam sucks!

on saturday, i was present when a post to freecycle south king county arrived, with an offer of a tunturi recumbent bike. naturally, i replied instantaneously, but i got no response. two days later, i replied again, but no response. two days later, i replied a third time, but again, no response.

there has been no “taken” message posted to freecycleskc, so i decided to do a bit of sleuthing, and discovered that the person who posted the message has only posted one message, started their account shortly before posting that message, is not currently online, and hasn’t been online since saturday. to me, this is an indication that the post offering the recumbent bike is a ruse to get people who will be sent spam the “chance” to respond, so that the spammer will have their email addresses, which, then, will be added to spam lists that are circulated among other spammers.

i wrote the list owner for freecycleskc, a person with the charming email handle “PrayingMommy4”, who isn’t concerned, because the person “gave very good answers when they applied for membership a few days ago”, but i’m not convinced. to me, this has all the earmarks of a spam harvester, in fact it may be an automated process… 8/

a few days ago, i got a google alert for my name, which was a link to a spammer’s discussion group, where they were discussing this “opt in” list that had my email address, and other email addresses from spamcop.net on it, and the spammers were wondering whether or not this was “really” an “opt in” list or not. the conclusion of the discussion is that it was “really” an “opt in” list, but they recommended that they “not use” the spamcop.net addresses.

by the way, it’s off topic, but are there any speakers of what i assume is turkish out there, who can tell me what this is all about?

i have NEVER signed up for any “targeted” lists with my spamcop.net address, so any list that includes my spamcop.net address is, by definition, going to be reported as spam. automated processes and clueless list owners don’t make this any easier, but i’m going to keep reporting spam until i stop getting spam.

imagine a day where 100% of ALL EMAIL TRAFFIC ON INTERNET are legitimate messages, and not a single UCE of any kind… it’s possible, you know…

i don’t normally do this, but…

this is so over-the-top ridiculous that there has to be an exception this time…

McDonald’s announces a drink made of Shrek-jizz.

Mint Shrek-Jizz monstrosity

yeah…

not as if i ate at McD’s regularly (or irregularly) anyway, but this doesn’t encourage me in the least. it is either going to be good for business in a way that they probably haven’t realised yet, or it won’t last very long and they won’t know what you’re talking about once it’s gone…

i wonder how long it’s going to be before someone makes a bukkake joke and ruins it for everyone…