Recently in Spam Category

Now with ASCII art.... how awesome was it to find this in my inbox just now:

From: Stdenny Corning 
Subject: Nothing can  seduce women faster than a...
To: anything@arcterex.net                                                                                           
Date: Thu, 26 Mar 2009 19:01:44 +0000
User-Agent: Thunderbird 2.0.0.19(Windows/20081209) 
Message-ID: <49CBD0A6.5604658@plconsult.be> 

This is yoour penis: 8--o                                                                                           
This is yoour penis on drugs: 8=====O                                                                               
Anny questions?                                                                                                     
[spammy MS spaces link and standard spam random words]

ASCII art is awesome! Update: I love that Wil Wheaton also blogged about the same spam (though his was much funnier and more interesting of course).

Anyone else getting posts from sequencial (sometimes) IPs, to old posts with just a line of text saying "You are invited to check out some helpful info in the field of... Thanks!!!"? No URL to ban, and all nice generic words you can't ban through blacklist :( A search for the text on Feedster came up with all more blog spammy posts. Mofos. All the more reason to setup MT 3.1 with authorize commenters or something like that. Motherfuckers. I love how people can ruin things huh?

Sometimes spam makes it's way through my filters (though very rarely since I used training to exhaustion with my BogoFilter setup), and sometimes I read it just to see what the latest tricks are. This morning I was presented with this:

"I must speak that I usually do not get soft on the internet, but I am merry I located your online shop. Not just was the cost unconquerable, but the client service is better. I was greatly happy with the effects of this orders, and will refer all friends to acquire from them. Thank a lot!"

The link is to an OEM Software site which I'll not link to, but needless to say when you can get Photoshop CS for $100 I'm pretty sure it's not going to be an official Adobe CD if you know what I mean. Anyway, the email was lyrical in a way, almost like a poem....

Over the last couple of weeks my spam filter has slowly been getting worse. I don't know if it was curruption in the database, or the spammers getting smarter, or what, but I would wake up with about 30-40 spams that had slipped through into my inbox, and over the day get one or two an hour. I figured it was time to do something about it, so I read up a bit on bogofilter, and discovered I was behind by two versions, so I upgraded, and read up on how the best way to do things is.

I tried the technique called training to exaustion, and it worked great! As far as I can tell, you run a script (included in the bogofilter contrib directory), passing it a list of known spam, and known non-spam messages. It then runs each message through it's wordlists and sees if it is determined to be spam or non-spam. If it's correct, it moves onto the next message. If not, it re-classifies, or re-looks through the word-lists, or something, until that message is classified properly. I ran from my home directory (right out of the docs):

bogominitrain.pl -fn .bogofilter mail/notspam mail/spam '-o 0.8,0.2'

I was lucky enough to have some 34,000 messages available to work off of, and after a fair amount of time and numerous "NN false positives, NN false negatives" messages, it quit. Since then (noonish thursday) I've had one message slip through, which after 3-4 an hour, is pretty damn good.

So if you use bogofilter, I suggest checking this out, in conjunction with the .17.5 release.

Has anyone ever got a legitimate email from a .biz or .info domain? Ever? In the history since the new TLDs were created? I didn't think so. In fact, has anyone every gone to a .biz or .info domain on purpose? I'd just drop any email I ever get from any of those domains, but I think the spammers are ahead, as I don't have that many emails from those domains. My top 10 spam mailbox domains are random .com, .net, juno.com, yahoo.com, .de, and .jp domains.

However, looking at the HTML source for the last 10 spams, they send me to .biz, .com, .biz, .net, .info, an IP from Beijing, .biz (same one again), .biz, .biz and .biz (same one for the third time). Good little spam filter, *pats bogofilter on the head*

I've started a slightly new technique that it took $othercoder at work to point out to me. Instead of using mutts keybindings to mark a message as spam (ESC-d = mark as spam and delete, d = mark as not spam and delete), I'm just moving any spam that are missed into a "missed-spam" mailbox and then I have a cron job that runs

bogofilter -s[mark as spam] -M[multiple messages/mbox mode] < Mail/missed-spam

every hour, and them moves the mail from that mailbox into a "registered-spam" mailbox for later deletion or processing (if you're an SA user of course you'd use sa-learn).

Before I was relying on being able to use keys that are bound to bogofilter or spamassassin in mutt and couldn't really say to my spam filter "hey, you missed this one" from some random other mailer. I can't believe I never saw it. Maybe this can help someone out there :)

Hey look, another caught spam. This one is from .ro and points me to..... .biz! What a shock.

Anyone else getting flooded with 418-420k messages with forged from addresses and headers, titles like "test" and "hello", no text and just a "readme.zip" attachment consisting of a readme.htm (many spaces) .scr file? Is this the new virus that's going around or something?

Tell me again why we don't draw and quarter spammers again?

In not checking my email between sometime yesterday afternoon (or evening) and now (10:30 on Saturday) I discovered the following breakdown of email that wasn't caught by spam filters and that wasn't sorted off into individual mailboxes:

• 44 email bounces (from the TDIClub messageboard, oh lucky me being postmaster and all )
• Two notices from Big Brother telling me that my CPU usage on arcterex.net was high (was compiling a new kernel)
• One message telling me that another complete moron has posted on an old UFies.org post asking for hotmail passwords
• 7 spam, breaking down into nigerian scam, diet patch, attract men now, pills, viagra, real estate, and more viagra.
• 1 possible spam, or perhaps just another idiot, saying he read my article on the big bang (???) and how "it's the most dumb theory ever", partly by questioning how it could be a coincidence that everything (planets, stars) is round, and partly by.... well, I really don't know, it was a bit of gibberish. His spelling of "ca-laps" makes me wonder if he's really bad at spelling or it's a spam avoidance technique. Either way it was an amusing email to add to my spam folder.

Along with about a hundred that were put in my spam folder by bogofilter. That was twenty-four hours in the life of my inbox.

The end of one of the spams that made it through the filters amused me greatly:

                        THIS EMAIL IS NOT SPAM

   Sign from God is the last Key to Paradise and has to be spread
   Worldwide,becouse Mankind faces the last Judgement and  is
   threatened to leave the Earth.Sign from God is the Salvation.

This didn't explain the bad spelling and other obvious spam-filter avoidance techniques.

Some bastard spammer used a @ufies.org email address to send spam advertising anti-spam software. Now all email to that account is routed to my "mailer-bounces" mailbox, which is 25 megs in size and almost 7000 messages strong. Weee. Ask me why I love commercialism again? Oh right, "progress" :-P~

I also got an email last night from someone saying that they recieved spam from an account at my domain, and helpfully included headers. Sadly, even though the first mail server was called ufies.org, it had a completely different IP address. If anyone wants to track the user down and either beat him within an inch of death (if they are innocent and just left their computer unpatched or infected) or two inches further (if they are a spammer), that would make me very happy.

Could someone please, please lend me a small tactical nuke? Please!

It started out as a discussion of the spam that was hitting the gentoo-dev list, and I was told about bogofilter, a Bayesian spam filter that use word count stats and analysis to filter spam. Up until now I've been using spam assassin and it's been working pretty well. I just purged my spam folder of 310 messages since August 30, so you do the math as to the volume of spam get. Anyway, bogofilter promises to be better, faster, and more environmentally friendly (oh, and no false-positives). A lot about the technology behind Bayesian spam filtering can be here. Anyway, I've installed it on ufies and am going to give it a shot to see how well it works. From the install instructions, I'm not positive whether the user (that's me) has to tell it what is spam and what isn't, or if it's all automated. It integrates nicely with mutt and procmail though, so I'm not complaining :)

Why are you up at such a horrible hour you may ask? Well firefly got some work working a compactor for a few days, and this means that she has to leave at 6am. So at 5:30 I was pulled from an odd dream....

I was at cat5's place, which was again down the hill from my parents house, but the property that we were on wasn't one from the hill. Anyway, he had a large dog, and we were getting ready to go and see a movie (the next Harry Potter one actually. For some reason cat5 was having problems getting the dog put away, and had cleaned up his doghouse and had no spare mats to put in (and seemed quite distressed by this, similar to the way I was distressed yesterday when I discovered that I had just used the last garbage bag). Anyway, we finally got going to the movie theatre and the old teacher from the tv show Boston Public, Harvey Lipshultz, was going with us. We got to the theater and they obviously had to expand it because of the popularity of the new movie. The seats were un-even and I remember it felt like we were actually sitting in rows of school desks, and the movie was playing on a large TV, not a projector.

Lipshultz acted perfectly in character, and had brought along a TV remote (which I might add, looked a lot like the one I have at home for my TV) and at one point accidently hit "mute" (nothing was being said on screen so no one noticed, as it was only for a second). He then started playing with the volume and balance controls during a quiet part, and then somehow hit a button that made a horrible wailing alarm go off, which is what woke me up.

So this morning I get to watch the sun come up over the trees that I can see out the office window, and when that happens I'll have to close the drapes, as there's a few hours in the morning where it comes right into my face. I'll probably use that time to organize my books and paperwork though, as now the office is quasi-clean, that's the next thing that has to be done.

Now if you'll excuse me, I'm going to go back to waiting for my spam to come in.