Losing the spam war

I’ve often wanted to post on my frustration with the spam that bombards my blog, but I figured that quoting any of it would just draw more of the same kinds of spammers.

Lum does it with pictures. Uhm, I’ve just been waiting for the right picture ;)

My home domain gets between 300mb to 2.5gb of spam mails (and faked-header bounces) per day, all traffic that I pay for. I’m not a violent person but if I caught wind of a spammer lynching, I would literally run to the store to buy rope. After all – this is a war.

I’ve been doing internetty stuff since 1992, I’ve had my domain since 1994 (aside: I was briefly “o@uk” due to my involvement in the creation of a non-accademic UK registry, and I was “oliver.co.uk”) and I was the coder responsible for this:

>According to Netcraft, [thttpd]’s used
>on 1.82% of all HTTP servers, behind only Apache, IIS, Enterprise, and
>Rapidsite.
is somewhat of an overstatement. There are actually only a hundred or
so sites running thttpd. One of them is Demon Internet, a British
company which serves over 100,000 domains on a single SGI box running
their modified version of thttpd.

(Bah, “modified” – there’s something to put you off open source; rewrote the thing to be asyncrhonous, submitted somehow the next version looks exactly like a reformatted version of my submission and I didn’t even make the credits)

Anyway, lets just say that my career has lead to some dabbling in pr0n (not to mention my stint at page3.com [sfw – but they might not appreciate the URL]).

Even so, some of the spam the “guestbook” spammers are posting into comments on my wordpress blog I find nauseating and as a result I’ve become lazy about checking my spam trap.

Which makes things worse, because after you get a few pages of spam, Akismet stops properly paginating them forcing you to look through the same nasty stuff again and again and again.

I still find that I can identify over 95% of the spams from the sender, website link or first line of text. But they show you the whole spam, and some of them are insanely long – 3-4 scrolls worth, which makes you tend to skim even less carefully. I’ve suggested that they add a “scan” mode which lets you winnow out the obvious cruft, but they got all uppity on me.

I’m pretty sure this is leading a lot of folks to periodically just click “delete all” and mistrain Akismet on a whole bunch of legit links, leading to more false positives and less careful checking.

The unfortunate truth is that there is money in spam, so fighting it is a real arms race, if you’re going to fight spam, you have to be prepared to fight evolution. I’ve seen a ton of open-source/free anti-spam tools fall off and die because the authors get their ego-panties in a twist that the spammers seem to be smart. It’s not true. They’re just prolific so that sooner or later one of their bacterium finds resistance.

Example: Every now and again you’ll see a spam email that makes no sense. It’s clear text with no hidden mime stuff, no link, no “sniffer pic” (an embedded 1x1pix blank image that your mail client fetches exposing your IP address on their web server to verify your email address), no link of any kind infact. Just a bunch of words that form incoherent sentences.

Those are corruptors: they’re bits of other emails mashed together with the sole intent that you corrupt your email software’s spam training by association. If you mark it as spam with all those un-spammy properties, its going to confuse your software when real emails come in; but if you delete it without marking it as spam, the genuine spammy properties of it will dilute recognition of actual spam emails.

Tonight I saw my first comment-referencing spam here on WordPress:

Playstation » Comment on Sony, sell me some gold! by Krenn, on October 25th, 2007 at 9:12 pm Said: Edit Comment
[…] unknown wrote an interesting post today onHere’s a quick excerptCool, looks like you’re scheduled for spamination on the 25th of the month. Gotta like dependability. […]

referencing a comment by Krenn here. I – stupidly – followed the link to find a rather bare and innocent looking landing platform – possibly indicating that the spammer is probably just developing or testing his new mechanisms.

I know, pingback spams are nothing new – but this one actually referenced a comment remarking on a (now deleted) spam.

That is new, in my experience.

Most spammers, like the majority of self-named “hackers”, aren’t any smarter than the ecoli bacterium that inevitably become resistant to the disinfectant you continually kill 99.9% of with your kitchen wipes. Sooner or later, that 0.1% is going to survive due to some fluke genetic deviation and sooner or later they’ll pass it on. Maybe the labels on those things should indicate “percentage will decrease over time”.

The good thing about this war is that I think we can all agree that unlike Hitler or the Miloshevics – we’re actually dealing with the genuine subhuman article.

17 Comments

Or intentionally posting a message that looks like spam. I’ve done it a couple time as a joke to some of the spam you get. needless to say, they have been lost. ;)

Akismet’s one redeeming feature is that it recognizes all of Snail’s comments as Spam. SUCCESS. It hasn’t yet learned the same is true of parasit – FAIL! ;)

Craziness.

BTW, there’s still a spam in that thread from September 25th – it was the two spams both being on the 25th that lead to my joking comment.

are you using spam tools also on your blog?
http://akismet.com/
http://chrisjdavis.org/category/wp-hacks/
are the once i use, kills 99.9% of all SPAM

br para

On my blog I get 0 automated spams. Using AJAX to post comments I leave nothing for a spambot to identify as the form that submits comments. Every once in a while someone paste a few links in as spam but it’s always manual, which is not very efficient.
Using gmail nowadays as my primary email (forwarded to my local mail) I get maybe 3-4 spam emails a day at most, which Apple Mail generally catches.

Have SPF failed at cutting spam rates, or is it just not in wide enough use? I know it’s causing me grief for rejecting the mails i send from whatever computer I’m on, looking like it’s from my domain. But maybe it just causes me grief and does nothing to cut down on real spam.

I don’t remember seeing it for WordPress, but back when I was running Drupal one of the plugins was Captcha or somesuch thing. You know where you have to type in the letters in order to post a comment. Blogger has it as an option too. It’s not too annoying and pretty effective.

Using blogger.com for my rugby club’s site. No comment spam that I’m aware of at all.

The article you mention on Scott’s (Lums) website… I really didn’t agree with that post at all. I post on that website as Diamonds. If you read the comments, I really couldn’t help feeling that his post was full of sensationalism.

I like this post better, more descriptive and is more realistic over the problem described. Lum’s post just seems to be: “My blog’s anti spam mechanisms aren’t working, therefore the internet is going to explode.”

Just as you explained, the real problem is that spam evolves with the changing counters to it. This has been true… how long now?

//BTW: No self respecting email client auto-displays remote images. If your’s does that, I’d switch clients.

Buy Viagra cheap!

;) it’s a joke

What makes it funny is that Akismet let it thru :)

The reason it thinks so is my sig.

However, since my sig is a small bit of artistic eloquence that predates the web and all the assorted crap that came with it, I’ll be damned if I’ll let some stupid spam war affect its use.

…@/

very interesting, but I don’t agree with you
Idetrorce

Well, the comment thing is here for you to have the opportunity to state your case.

I do understand you, because I have seen this tons and tons of times. Spam is the worst thing around, not for the people receiving it: at the end it is 5 seconds to delete all waste of email. It is really a cost for online websites.

My advice is: link akismet or any antispam to htaccess to forbid the IP(s) that is giving you headaches. Even if they use multiple IPs, forbid them all with temporary monthly bans, and you will see a real improvement in bandwidth. As well use a host that has IP bans on the server based on barracuda or spamcop blacklists. That as well helps a lot

Q

Trackbacks and Pingbacks

[…] 1 Megan Fox site!!!1 Posted on April 25, 2008 by kfsone Apparently, this old post has become the number one search result in a certain search engine for the query “Megan […]

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: