Spam / Recently Commented

Gmail Collaborate With eBay and PayPal to Fight Phishing

Google has recently announced that it has succeeded in working with eBay and PayPal, also owned by eBay, to fight phishing by using authentication standards DomainKeys and DomainKeys Identified Mail (DKIM). According to Google, this is the main tool used by Gamil to keep spam out of its inboxes. However, Brad Taylor, Google's Software said in a blog post, that "these systems can only be effective when high volume senders consistently use them to sign their mail -- if they're sending some mail without signatures, it's harder to tell whether it's phishing or not. Well, I'm happy to announce today that by working with eBay and PayPal, we're one step closer to stopping all phishing messages in their tracks." Google hopes this will set a good example for other organizations to follow suit and work towards making email trustworthy. more»

Cloud Computing Services Increasingly Used by Spammers to Host Their Junk

The spam attacks which occurred this weekend and claimed to have come from Microsoft, are reported to have used Amazon's Elastic Compute Cloud (EC2) servers. Brian Krebs of Washington Post's Security Fix has investigated this issue -- from the report: " spammers and scammers accustomed to paying for all kinds of Web services with stolen credit cards, Amazon's service is another place to host their junk, said Suresh Ramasubramanian, head of anti-spam operations at Outblaze, a Hong Kong-based outfit that has listed all of Amazon's EC2 Internet space on its spam blacklists..." Also reported: "Anti-spam group Spamhaus also has flagged a large swath of Amazon's EC2 Internet address space on its "policy blocklist," which subscribers use to block e-mail from dynamic Internet addresses..." more»

Identifying Spam: MAAWG's Latest Documents Improve Accuracy of Reputation Systems

The Messaging Anti-Abuse Working Group (MAAWG), of which Return Path (my employer) is a very active participant, met recently in Heidelberg, Germany. Among other exciting projects, they finished two new best practices documents which have been lauded in the press as a big step towards stopping botnet spam... more»

Antispam Group, MAAWG, Outlines Defenses Against Botnet-Induced Spam

A major antispam organization is pushing a set of new best practices for ISPs to stop increasing volumes of spam from botnets. The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded email and email that is sent from dynamic IP addresses. From MAAWG's news release issued yesterday... more»

New Report Found Over Half of Malware-Infected Websites Based on Chinese Network Blocks

The majority of the Internets malware-infected websites are located on Chinese networks, finds a new report released today by, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China. more»

Anti-Spam Law Violates Free Speech Protections, Says Virginia Court Appeal

A lawyer for Jeremy Jaynes, a man once considered one of the world's most prolific email spammers, has urged the Virginia Supreme Court to strike down a state anti-spam law, arguing it violates free speech protections under the First Amendment. more»

ICANN Responds to "Worst Spam Offenders" and the Recent Knujon Report

ICANN has made an official announcement following earlier reports which suggested domain names registered by most spam sites where linked to a handful of domain registrars. From the ICANN Annoucement: "ICANN has sent enforcement notices and notices of concern to certain registrars, including those reported this week as being the registrars for the majority of websites advertised in spam emails... more»

Wow, Sanford Wallace Owes a Lot of Money

Last September MySpace sued ur-spammers Sanford "Spamford" Wallace and Walt "Pickle Jar" Rines were for egregious violations of CAN SPAM. Neither responded, so as was widely reported, earlier this week the court granted a default judgement. Since they sent a lot of spam, the statutory damages came to an enormous $235 million. Even for Spamford, that's a lot of money. more»

Spammers Handed Record $230 Million Anti-Spam Judgment

A federal judge in Los Angeles has awarded MySpace close to $230 million in its lawsuit against "Spam King" Sanford Wallace and his business partner Walter Rines. Judge Audrey B. Collins of United States District Court in the Central District of California ruled in MySpace's favor on Monday after the two men failed to show up in court, according to MySpace... While many spammers have been designated "Spam King," Wallace earned the title back in the late 1990s as a result of spam messages sent by his company Cyber Promotions. more»

Serious Gmail Flaw: Security Group Demonstrates Sending Unlimited Spam Using Google's Own Servers

Researchers at Information Security Research Team (INSERT) have dissevered a serious flaw in Google's Gmail service. The group demonstrates how anyone with no special Internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail account in order to be granted nearly unrestricted access to Google's massive whitelisted SMTP relay infrastructure. Read more from the report... more»

Coders, Crackers and Bots, Oh My!

There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more»

Black Hats, White Hats, Crackers and Bots

One of the other web sites I subscribe to is Stratfor. It's a global intelligence website and doesn't really have much to do with spam. But I like politics so I read it. They have some articles which you can get for free, but the better stuff you have to pay for. About two weeks ago, they ran a three-part series on Cyberwarfare. The first article was the title of this post, which you can access here (requires registration). In the article they described different types of cybercriminals and not-so-criminals which they referred to under the umbrella as "hackers." more»

Significant Chunk of IP Address Space Hijacked by Notorious Mass Emailing Company

Internet address space long ago issued to San Francisco Bay Packet Radio, an organization that was involved way back in the 1970s in testing ARPANET, a predecessor to the global commercial Internet that we all use today. That organization was given the rights to do whatever it wanted with address block. That entire swath of Internet space is now registered to an entity in Westminster, Colo., called SF Bay Packet Radio LLC, but except for a similar name, this company has no relation to San Francisco Bay Packet Radio... ? more»

Colorado Has a New Spam Law

The governor of Colorado recently signed a new anti-spam law [PDF] into effect. Since CAN SPAM draws a tight line around what states can do, this law is mostly interesting for the way that it pushes as firmly against that line as it can. Other observers have already done a legal analysis of the way it's worded to avoid being tossed out as the Oklahoma law was in Mummagraphics, and to make it as easy as possible for suits to meet the falsity or deception limits in CAN SPAM. To me the most interesting part of this law is its one-way fee recovery language... more»

Comcast 1, E360 0

The judge in E360 vs. Comcast filed his order yesterday (read previous postings here and here), and to put it mildly, he agreed with Comcast. It starts: "Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer." ...and from E360's viewpoint, goes downhill from there. more»