Internet Defense Technology

Article from Ron Edison, Founder and CTO of Internet Defense Technology

What is backscatter? These are bounces generated by spam that is sent with forged return paths (as most spam is). The bounces return to the actual owner of the email address. A great deal of backscatter returns to email addresses that don’t actually exist due to the fact that spammer’s use random/guessed email address as the return path. (The return path and from line of an email are often the same.)

While nothing really prevents spammers from originating the messages in today’s Internet, there are several measures that can be taken to minimize backscatter provided one is using domain-based email (not a yahoo.com, gmail.com, or any other ISP based email address):

1. Disable a catchall, if it exists: catchalls are a magnet for spam in general and simply accumulate huge quantities of traffic. It sooner or later becomes impractical to sort through such traffic manually thus negating any perceived benefit of a catchall. It is far better to simply return emails to incorrect addresses back to the sender as undeliverable. This also prevents a great deal of backscatter as the majority of it will be to addresses that don’t exist.

2. Use a service or server based anti spam system. Such systems employ measures that block spam and are hardened to large quantities of spam and will provide some protection from backscatter in and of themselves, however the spam protection must be implemented on the gateway to be effective in this. See our white paper for details as to why this is.

3. If the backscatter is a major problem (large quantities), and antispam service can customize rules to block it out, but not all services offer this.

Using Total Mail Defense makes possible all 3 of the above options, of course.

Habeas just finished a study on Email in Direct Marketing, Mobile and Web 2.0 Applications.

Some interesting points related to spam:

* 67% of respondents prefer email as a communications channel.

* 69% of those surveyed expressed concern about being victimized by email fraud scams (rise from the 62% in 2007).

* 43% of respondents voiced concern over the spam and virus threat to mobile devices (rise from 2007’s 36%).

* 88% said they would like organizations to give them more choices over the content and frequency of the emails they receive.

* Daily email messages ranked with pop-up advertisements as the most damaging online tactics to a company’s online reputation.

* 80% of respondents are not comfortable with businesses sharing their email address.

* Internet users believe that about 2/3 of companies are likely to share their email addresses with third parties.

* More than 80% feel that a business’ reputation is negatively affected if it shares customer email addresses with third parties.

Link to their press release

It is pretty commonly known that if you put your email address up on a website (your site or a profile) it will be found by the spammers. The spammers use programs that go through the Internet scanning any and all pages they can find to get email addresses off of it (commonly looking for a @ sign).

Also, if you have a website and are the lucky one who gets an “info@”, “sales@” or “support@” or a few other common ones, you will get spammed. The spammers know about those and automatically add them to the list.

They can also purchase lists and abuse the names (if someone gets your email address and decides to sell it, there you go.) For example, I made a brand new email address for my netflix account. Didn’t use the email address for anything else, no one has it or anything. It gets bombarded with spam, so netflix sold my email address.

The other more surprising tactic is that the spammers will find all the domains names registered around the world. Including of course, “aol.com”, “hotmail.com”, “gmail.com”, “yahoo.com” and so on and then just run programs to send the email to every possible name.

They do this systematically without even knowing if the email address is legitimate or not. Start with “a@” and then “ab@” and so on.

So sometimes you are getting an email from a spammer who doesn’t know if he has hit the jack-pot of a live person or not. This is where the recommendation to never answer spam messages, don’t download the images and so on come from. All of this can alert the spammer that they have hit the jack-pot.

Most spammers don’t follow the rules, so may never take you off the email list, just spam you more. (Rules are for the rule-followers, not the rule-breakers).

Hope this helps you minimize your spam.

Continuation of Who are the Biggest Spammers series:

Next up is Walter Rines (common typo Walter Rimes) because of the recent case he lost again Myspace, to the sum of $230 million.

MySpace sued him and Sanford Wallace (long time partners) for having sent as many as 30 million spam messages per day during a period of time in the 1990s. They spammed MySpace by creating their own accounts and stealing the passwords of others. They then went on to mass message users an estimated 735,925 times.

This isn’t the first time Walter Rines has been part of a lawsuit. Another big suit was filed by the Federal Trade Commission (FTC) against him and his company, Odysseus Marketing, in October of 2005 tied to spyware (it was settled in 2006). In 2008 he had trouble with FTC again due to them asking the judge in the spyware case to find Wallace and Rines in contempt for violating their 2006 agreement.

These two might want to part company and find new healthier endevours, they keep getting into trouble.

In 1998 Wallace and Rines attempted to launch a company that would provide users with low-cost Internet service in exchange for agreeing to receive spam. But Wallace and Rines’ Spambone idea died when their company, GTMI, couldn’t find a big networking firm willing to provide bandwidth. With a flourish, Wallace announced his retirement from spamming in 1998.

Walter Rines said a disclaimer at Kazanon.com, the main site where he was distributing his Trojan horse program, acknowledged that “adware” was being installed on users’ computers. He admitted that he was operating in a legal “grey area.”

Not worthy of a Wikipedia article yet (unlike his partner Sanford Wallace, who I will be doing next) but here are some links:
Sanford Wallace and Walter Rines in trouble with FTC again
MySpace wins $230 million anti-spam judgment

Hope everyone is enjoying some peace and quiet and good old fashion relaxation.

There are amazing sales going on over this weekend (some I need to get myself to right away) so just a very quick word of warning:

Make sure any emails you click on for these sales, actually sends you to the right website.

A lot of time these emails will say that you have to click to get the sale, and some are totally real.

However before you give up any of your personal information, check the website address and make sure it is the actual site. Some tips on how to do this:

* Do a search for the company and see if the site you find is exactly the same as the one you will click through on the email
* Watch for a very small “.cn” in the address. Everything else make look totally correct, like nordstrom.sale.cn.com - this looks good, except that .cn means it is a phishing attempt.
* Watch of any other very small additions in the address name. This is how they trick you and very important to look for.

Still not totally sure: call the store and ask them to give you the correct address and verify the email sale.

Have a great Memorial weekend and enjoy the free time.

I have seen three reports from twitter of a spam message with that subject line getting through.

See http://twitter.com/Romie/.

What do people think they are going to get out of sending this message around.

Just told someone recently that spammers try to send out as many messages as possible so that maybe one person out of tens or hundreds of thousands of people will click and they can make money.

Still, what is the deal with that subject line?

Update:

I keep finding more and more people getting this email (like jsjohnst and dwink on Twitter).

Another possibility for sending out this email is the idea of testing email addresses to see which one will bounce and which one will go through to a real email address. The ones that don’t bounce are then real email addresses.

I haven’t seen one of these (if someone wants to send it to me, let me know) but there maybe a small image embedded in the email and if you download it (view the spam message with images turned on), you let the spammers know that it is a real email address.

I can’t believe these are still sent out. I hope that there is no one who actually does this and gets hurt:

Subject: Business partnership
From: mrfriedel@hotmail.com
Body:

Mr. Friedel Meisenholl

Chief Internal Auditor.

ABSA Bank Ltd.

South Africa.

mrfriedel@hotmail.com

+27 735 853 490

Attn: MD/CEO/Dir.

I am Mr. Friedel Meisenholl Chief Internal auditor (ABSA) amalgamated bank of South Africa. I sent this mail to you few weeks ago but couldn’t hear from you, so I decided to contact you again through this medium based on a business proposal, which will be of mutual benefit to both of us. However, I got your contact from International business trade manual here in my country. South African Chamber Of Commerce (SACC), during my search for a reliable foreign business partner who is interested to handle this transaction in a perfect manner for onward transfer of this fund into your account there in your country.

During my last annual bank auditing, I discovered an abandoned sum of US$ 42,300 000:00 Forty two millions three hundred thousand US dollars only in an account that belonging to one of our foreign customers Willie Jackson Sr. 61 years, of Scotch Plains, N.J. USA who lost his life aboard Egypt Air Flight 990, which crashed into the Atlantic Ocean on October 31, 1999. View this website: http://news.bbc.co.uk/1/hi/world/americas/502503.stm

Since I got the information about his death, I have been expecting his next of kin to come over and claim his money but to fruitful effort, this money can not be touched because no other person has any knowledge about it and some body has to apply as the next of kin or relation to the deceased as indicated in our banking guidelines before it can be released.

Up till now nobody has come forward to claim this money. It is based on this that I decided to establish a cordial business relationship with you; hence by contacting you, if you indicate your full interest in this transaction I will let you know the steps to take for a smooth transaction and for the approval of this fund from ABSA Bank in your favor.

If you are interested in this regard, kindly get back to me so that we will negotiate your percentage before we can proceed, however when you receive this money into your account there in your country, I shall obtain a visa from my embassy as to travel to your country for my own share and as well as investment. You can as well contact me through my private phone number +27 735 853 490 for more information regards to this transaction.

I will also like you to furnish me with this information below via this my private email account below:

Your full name, age, occupation, contact address, private phone and fax numbers,

Thanks and I am looking forward to hearing from you soon.

Best regards.

Mr. Friedel Meisenholl

mrfriedel@hotmail.com

+27 735 853 490

I hate it when any system is abused by using our compassion for our fellow man to make a buck.

During times of disaster the spammers have been known to take advantage of our desire to help each other by phishing us and getting our information.

Because of the recent earthquakes in China, there are scams running to “donate” money to help these people and the only thing you will be doing is making someone else rich.

Please don’t get scammed, but please do whatever you can to help. If you can donate money, go straight to a site and donate.

More information here:
US-CERT (United States Computer Emergency Readiness Team) warning
Federal Trade Commission’s Charity Checklist

First post in my Who are the Biggest Spammers series:

First person I am going to feature is Scott Richter, I am starting with him because of Myspace pending case (filed in 2007) against him for allegedly stealing passwords to spam MySpace users (Update: MySpace won the case).

Scott Richter is famous enough to warrant a largish article in Wikipedia.

Mr. Richter is the owner and CEO of Media Breakaway, formerly known as OptInRealBig.com LLC (facing a $50 million judgment in Washington state from the Microsoft case, in March 2005, OptInRealBig.com filed for bankruptcy protection).

He was once listed in the Register of Known Spam Operations (ROKSO) top 200 spammers, but his inclusion in the list was deleted in 2005, when Spamhaus acknowledged that Richter and his company had not received any complaints for over a year.

His company once sent some 100 million emails a day. One of the most famous emails was the offer of most-wanted Iraqi playing cards in 2003; Richter claims to have sold 40,000 decks before they were even printed.

Richter attempted to start up a “Spam King” clothing line before Hormel (the company who holds the original edible SPAM trademarks) put an end to his trademark-infringing idea.

There is talk that Scott Richter has now moved on to schemes to promote ringtones through dubious means, often to unwilling buyers, such as through websites claiming to offer free ringtones, but which then actually charge the customer with a monthly subscription.

To be fair, you can see some conversation with him about this view on spamming here:
http://www.pcworld.com/

You can also view this funny video which does take some punches on YouTube

Check out this SPAMologue: http://www.zefrank.com/request/index_better.html

My friend DaisyAvenue (twitter link) got the below email and passed it on to me. I had to let everyone read it because it is really funny:

Dear,
This letter is not intended to course you any embarrassment
in whatever form, rather I am compelled to contact your in
other to establish a business relationship with you.
I am Hon. Engr. Benson White, former chairman for the peace
keeping in Yugoslavia, before I was paralyse due to a bomb
attack. I was able to accumulate the sum of Twenty-five million US Dollars
(25,000,000.00 )only before the sad event, which was
deposited in Europe.
After a careful study of the lists of reliable business men,
I found you worthy in trusting the money into your care for
any investment that will generate good profit for us at the
end
I will like you to move the money to your country for safe
keeping pending when we are ready to invest the money.
Contact me immediately on the receipt of this email on your
acceptance because I need to discuss this transaction in
detail with you and to acquaint you with the details of the
bank where the money was deposited which will proof the
genuineness of the proposal.
On your acceptance, we shall arrange for a meeting to enable
us acquaint with each other, sign the business agreement
because I can not involve myself into any business that is
not legally documented nor genuine, thereafter we shall
proceed to the bank for claiming of the Twenty-five million US Dollars
(25,000,000.00) only which will be wire to your account
in your country simultaneously.
This transaction is highly confidential because no other
person knows that I had acquired such huge of money in a
bank during my service in Yugoslavia expect the bank
director and now we want to invest the money in your
name/company name.
With this, honesty, good understanding and devotion are
required from you to enable us accomplish this transaction
successfully without any hinge and for your assistance; you
will receive 15% of the total sum.
I am looking forward to your timely response via by my email
address.
Your urgent reply is highly anticipated.
Best regards.
Hon. Engr.Benson White