Category Archives: spam

Wear Your Email Safety Helmet

Whenever I want to feel fearful and depressed I usually visit one of the news websites. Earthquakes, murder, war, theft, snoops, kidnappers, recession, depression, corruption, and all other sorts of horrible news. When I read the news sites I’m reminded of how unsafe the world is. Soon I tire of the bad news and move on to investigate the net for news on tech and design. Today had the audacity to remind me that I am unsafe even on the web. The site highlighted the news from Microsoft that thousands of Hotmail passwords had been exposed. It scared me to death. I nearly jumped to my Hotmail account before I even finished the article. Reading on I discovered that Microsoft had deactivated all the affected accounts until true control could be restored. Why do I care? Hotmail only collects my spam from sites that demand an email address. Hotmail lets through all the other spam anyway! But I digress.

email icon The point of all this is: we are never safe. Their is no safe haven in the world or the web.  Every company does it’s best and so must we.  Yet, sometimes problems may come. If we live with that understanding we can truly do our best to protect ourselves. When we react in panic there is not a clear path of thinking. So with this reminder of our web-identities fragility, what should we do? Let’s refresh four basic email and online account rules:

  1. Always use a secure password. Your birthday, name spelled backwards, address, mothers name, dog’s name, middle name, favorite food, and initials hardly qualify. Use one of the many free random password generators on the web or if you insist on an easier to remember one then create a mixture of information that you can remember. For example and purely fictitious: !S1eP99t9 This could be a combination of the month and year you and your spouse were married. Now while I would only call this a basic password it sure beats “Fluffy”. Of course if you want your bank account to be protected by Fluffy, then more power to you.
  2. Never use the same passwords for multiple accounts. For that matter don’t do what I did at the start and use the same password with just the last letter different! Why would you want someone to have a free-for-all with all your accounts? Use different passwords and find an open-source or free password vault. I personally love 1Password for the Mac.
  3. Change your passwords periodically. I must admit it takes the misfortune of someone to remind me to do this.
  4. Don’t use a public computer. Many public computers are not adequately protected against the installation of malicious password key logging applications. Just don’t log in on a public computer. Just say no. And certainly don’t buy something online with your credit card information! Browse the web on it, read the news, just don’t give any information.

I understand these are basic tips, but sometimes we just need to be reminded to stay alert and on guard.  Kind of like reminding our kids to wear their helmet when they ride a bike.  Resist the urge to become lazy online. I don’t want to read about you on

Do You Open Spam Email? If So, Why?

According to a recent study by the Messaging Anti-Abuse Working Group, subtitled “Of course, I never reply to spam – except sometimes,” we are clicking on spam more often than may be assumed.  According to the survey, half of the respondents clicked and/or replied to spam messages for the following reasons:

  • Clicked on it by mistake: 17 percent
  • Not sure why they did it: 13 percent
  • Sent a note to complain about the spam: 13 percent
  • Interested in the product or service: 12 percent
  • Wanted to see what would happen: 6 percent

Further, the study states that 1 in 6 users actually responds to a spam message in some way, and up to half of those purchase a product or service offered in a spam email.

Doesn’t sound like a lot, but when you consider how many millions of spam emails go out every day (it is estimated that 85% of all email being sent is spam), that is a considerable number.  A spammer’s overhead is very very low; even a few sales will line a spammer’s pockets quite nicely.

I always wonder who it is who buys this stuff.  Besides – ahem – “male enhancement” products, I also see spam for hair growth, weight loss, and physical fitness products.  And there’s the millions of insurance offers, mortgage offers, and the Nigerian scams as well.  Is anyone really dumb enough to apply for a mortgage through an link in an unsolicited email message?

Obviously, someone is, or the spammers would have no reason to exist.  My husband is always looking at spam and clicking on things, “just for the fun of it,” he tells me.  I keep reminding him this is why I have to keep his computer so locked down, because at least 20% of those messages include links to either dangerous software, or to Internet sites that will infect your computer.  He seems unwilling to be trained, ergo, I’ve got him so throttled his computer can barely function.

I feel bad for those that don’t have a household techie that can take the sting out of spam-clicking.  Spammers are like drug dealers:  they would have no income if it weren’t for the fact that people were actually buying what they were selling!  When people stop responding to spam, the spam will go away.

Your first initial can earn you more spam

I guess its my own fault for being called Matthew, but my email address (almost all of them) start with a letter that means I get more spam than those with other starting letters. Those letters are “A”, “M”, “S”, “R” and “P”. Email addresses that start with these letters on average have 40% of their incoming messages being spam.

The results of a study by the University of Cambridge and reported by the BBC looked at around 550 million emails going to a British ISP to determine what factors could attract spam and found the link to how the first letter of your address can affect your spam levels

The most popular letters for spammers were “A”, “M”, “S”, “R” and “P”. about 40% of all the messages arriving in the e-mail inboxes of accounts with addresses that had one of those characters as their first letter were junk. Much less popular were “Q”, “Z” and “Y”. For these cases, spam was running at about 20% or less.

Other factors were a bit more obvious, like having email addresses that are susceptible to dictionary attacks and having multiple addresses that are the same name at different domains. What annoys me about this study is that they were able to identify which messages where spam a lot better than my ISP. I might do well to change my name to Ziggy.

Spam King Follow-Up

To follow up from Todd’s mention on the Podcast today, officials have found the Spam King: Edward Davidson, his wife and daughter in a murder-suicide. Apparently the Spam King and family were found 25 miles out of Denver in an SUV. All three were shot with indication that Edward pulled the trigger.

Here is where the story gets weird. There was a 7-8 month old boy that was also in the SUV and was unharmed. Also, Edward shot a Teenage girl who then ran for help. She was treated at the local hospital.

Davidson was serving 21 months in minimum security prison for sending email using hijacked computer networks.

It is a sad, tragic ending to this story. Nobody should take lives like that, whether it’s their own or somebody else’s. I am just speechless.

Spam is not protected free speech

We all knew it, and now the Virginia Supreme Court has confirmed that spam does not count as protected free speech. Jeremy Jaynes, a prolific spammer sentenced to 9 years prison had appealed on constitutional grounds claiming that denying him the right to spam violated his 1st amendment rights. If this appeal had been granted it would have forced states to rethink their anti-spam laws.

Not that this will really mean much for the volume of spam on the Internet. The advent of the laws in the US simply meant the portion of spam that was being produced by American ‘business men’ moved to former Soviet and Asian countries. At least the control of the spam has. The origins of the actual messages are wherever there are people with bots on their systems. The dispersal of these closely matched to distribution of Internet users, unsurprisingly.

Points for Ingenuity

It disturbs me that I might say something positive about a spammer, but I must admit that I respect the ingenuity of this.  Reported by the BBC, spammers have invented a windows game that progressively displays more of an image if the player correctly decodes a distorted phrase.

The image is tuned to the male libido (of course) and the phrase to be decoded is a Captcha from a free email or comment entry window.  The Captcha is collected by an automated bot that tries to post or register at a protected site.  It sends the Captcha back to the player of the game and if the player correctly guesses it, they get to see more of the image and the bot gets past the protection.

From the report this system is not particularly prevalent at the moment, and hopefully the anti-virus vendors will treat this as a threat and block it, even though it poses no risk to the computer it is installed on.  It is yet another demonstration though that there is no protection that can stop human resourcefulness.  Shared access and protection are mutually exclusive.

The only way to stop spam is if we can find a way to stop it working.  If everyone just deleted it there would be no reason for it to exist.  It will be interesting to see if the increased IT literacy over time changes the efficacy of spam.

Google Apps for Your Domain!

GoogleappsAs many of you know that listen to my show you have been hearing me complain about the amount of Spam I have been getting. I have been looking all over the net for a solution and those that I found where either too expensive or they were made for people with small volumes of mail.

As I was talking to Angelo he and I decided to try a Google Service that has been around for a while in beta testing. We both have used Gmail quite a bit and I know it is as good or better than the Spam checker we have been running on our own servers. Up to this point we have been using Qmail with Spamd and several others utilities to filter the mail and scan for viruses.

I decided to take the plunge and applied for a couple of domains tonight and within about 20 minutes I had the mail moved over to Google and was down-loading it into outlook like I always do. I logged into the very familiar Gmail interface and instead of a domain I was not on my very own domain.

So I have been watching the filtering here for a couple of hours, and can tell you so far I am very happy, the true test will come in the morning when I down-load my mail as normal, and then cross check on the Google site to see how much Spam it has caught that I have not had to deal with it. If it works out we are going to see if we can move over a few more domains.

What amazed me was how easy it was to setup, Google has done a really good job here, I am sure that some people would be very worried about having Google host their e-mail and I am not a 100% sure how I feel about it yet. One thing for sure,  I feel pretty good that none of it will go missing. []

Judge may ask ICANN to shutdown SPAMHAUS domain!

Spam In what I can only describe as sure stupidity on a judge’s part it seems that one of the organizations that keep a lot of Spam out of your inbox may be in trouble over a recent lawsuit. It seems after being sued by an accused spammer and then not showing up for the court case they lost by default.

Spamhaus is a volunteer group that is well respected but if this judge shuts them down it could spell big trouble for ISP’s worldwide that rely on them to curb the amount of Spam in your inbox. It’s really sad that apparent spammers have more rights to abuse people than those of us that are not abusing the Internet! [Techdirt] [Ambersail]

Spam is out of Control!

We have been using all of the regular stuff you use on ones own dedicated server but I will be honest the Junk mail is killing me. I have started to hunt for a solution out there that will help with the situations. What I would like to use is a service like but there site design is such I cannot even figure out how to sign up with them. Pretty sad when the site is not intuitive enough to figure out how to setup an account.

I also don’t care for how their pricing is tiered I will need more than a thousand inbounds a month but I need a lot less than there next level of service. If you have a good solution that you are using I really would like to here from you as I am about to get a solution that will help me deal with all the junk coming in.

How much of your e-mail is going lost?

I often ponder that exact question when I hit send. The majority of time I think the e-mail makes it but there have been times when e-mail just goes missing. Last night I sent out over a 100 invitations to podcasters I have been following online inviting them to to become content producers on the Podcaster News Network how many of those went missing is unknown but it can be scary.

Next week I send out over 500 e-mail to parties that have been clamoring for information about a new podcast site we are launching called Blubrry I am very concerned that some of those e-mails will just get sucked up and destroyed by Spam filters. But in the case of one company that was bidding on a school contract the school awarded a contract that cost them $250,000 more because a spam filter tagged a inquiry the school had sent out on the bid. Bad news for the contractor, bad news for the taxpayer and with both parties headed to court more money will be lost.

So just how much e-mail is your company loosing? []