Internet Defense Technology

Article from Ron Edison, Founder and CTO of Internet Defense Technology

What you should do to deliver legitimate email (please don’t spam people)?

The main key being it isn’t spam. It is something the people really want, the double opted in for it and what you are sending them is what they asked for exactly. Additionally:

• Some providers support various technologies that may be able to help you including SPF and DomainKeys. Such technologies have various drawbacks and some disagree that they are useful but here they can very well help a great deal. They essentially provide a way for the recipient’s mail server to validate that your system is authorized to send mail from your domain. Here are some links: http://www.openspf.org/ and http://www.dkim.org/
• Analyze your messages using as many different systems as possible. If you use a bulk email provider such as Constant Contact or something similar, they may be able to assist.
• Consider using or at least testing out an outsourced email service such as Total Mail Defense (http://www.internetdefensetechnologies.com/) — this allows you to send email back to yourself and review the spam analysis of the message that will help prevent your messages from being classified as spam based on content and other factors. This will also give you an idea of some of the tech in play in this areal.
• Ensure you follow the various laws as well as policies in place by anti spam organizations such as spamhaus (http://www.spamhaus.org/).
• Ensure your system detects bounced message and what type and stops sending to recipients that don’t accept your email. Continuing to attempt delivery to non existent addresses can result in your mail servers being blacklisted.
• Get assistance from someone who really understands this field. It has changed greatly in recent years due to many different types of technologies and methods used to attempt to cut down on spam.

Subject lines:

• Saddam Hussein found dead
• What a stupid face you have here
• Your email mail has won yahoo prize of the year 2008
• How to grab boobies
• Beautiful samples of grandeur
• Barb you look so stupid
• If you can read this, email marketing works
• Dear Respected One
• Dear Client! Please update your informations.
• You look stupid
• Bill Gates is giving away his money and will be sued if he doesn’t
• This email is not intended to be spam

They definitely never rest do they, some of these seem such a waste to send around. But I guess sending email spam around doesn’t cost much to the big spammers.

So, if you get an email that falls in one of these categories:

• Seems suspicious or makes you wonder if it is real in some way
• From someplace you don’t have an account as far as you can remember
• From someplace you do have an account but the message doesn’t seem right (and sometimes even if it does seem right)

Don’t click on the link in the email!

One of the ways spammers make money is by stealing your personal information and then using it (definition of phishing).

This doesn’t always have to be your bank account number.

For example, say you are paying someone to advertise for your business (like Google AdWords). Someone pretending to be the advertiser send you an email that says you need to login to your account and check/verify/change/fix something.

You click the link from the email into the site.

You think you are going to adwords.google.com but you are actually going to adwords.google.cn.com or something similar.

When you put in your account username and password, you have just given the spammer your username and password.

Sometime later you login to the account yourself and discover that you have been running ads for another website and you got charged for it.

The morale of the story:

If you get an email, don’t click on the link in the email. Instead open your browser and type the address yourself. Then you can check it yourself and make sure there isn’t really something you need to do and you don’t give your information to a spammer.

Want more survey results for my Email Spam Survey, will only take a few minutes if you don’t mind.

You can be pretty sure you are looking at spam if the subject line includes any of the following:

• The word “free”
• The word “viagra”
• The words “you won”
• The word “lottery”
• The word “[Subject]” - sometimes it is () around the word or other symbols
• Any mention of prescription drugs
• Any mention of cheap watches
• Any mention of cheap jewelry
• Any mention of body parts
• Anything of a sexual or explicit nature
• Words with numbers of funny characters in the middle of the word, like “V1agra”

I have gotten asked why someone sending email would put a number of funny character in the middle of a word on the subject line.

This is an attempt to get passed the spam filter. Spammers know that some spam filters mainly look at keywords. So if the program is looking for “viagra” then it will miss “v1agra”.

Of course, there is spam that doesn’t fall into one of the above as well, so you can’t just use the above rules. Our Total Mail Defense spam filter looks at much more than keywords, so we catch all these attempts too.

Want more survey results for my Email Spam Survey, will only take a few minutes if you don’t mind.

Continuing my Who are the Biggest Spammers series:

Mr. Alan Ralsky’s organization, based in Michigan since 1997, uses Chinese, European and US-based servers to host and send spam to millions of email boxes daily. He apparently began his spamming career when his licenses to sell insurance were revoked in Michigan and Illinois in 1996.

He personally (well, his company) sends millions of unsolicited email messages selling everything from diet pills to online gambling. He claims that his business is legitimate and that his emails are not spam.

Unlike most spammers, he has provided interviews to various newspapers, although he claimed to be a commercial e-mailer rather than a spammer. He stated that his was a legitimate business which complied with all laws.

He gained much of his notoriety following a December 2002 interview with The Detroit News. The article was soon posted to Slashdot and the address of his newly built home was posted to Slashdot not long after that. Hundreds of Slashdot readers then searched the Internet for advertising mailing lists and free catalogs and signed him up for them. As a result, he was inundated with junk mail. In a Detroit Free Press article on December 6, 2002, he is quoted as saying “They’ve signed me up for every advertising campaign and mailing list there is … These people are out of their minds. They’re harassing me”.

Another fun tidbit - Not only does Ralsky operate as a spammer, but he also provides hosting services to other spammers.

Alan Ralsky legal history:

In January 2008, Ralsky and ten others were indicted based on results of a three-year investigation. The indictment included stock fraud charges stemming from a “pump and dump” scheme. Ralsky was arraigned on the charges but was silent during the arraignment, so a plea of not guilty was entered on his behalf.

In early October 2005, a warrant was unsealed, showing the Federal Bureau of Investigation (FBI) raided Alan Ralsky’s home in September. In the raid, the FBI took computers, financial records, and even The Detroit News article cited earlier.

In 2002, Verizon sued Mr. Ralsky for causing their network to freeze twice. The lawsuit originally sought $37 million, but was settled out of court for an undisclosed amount. Ralsky is no longer allowed to send email over Verizon’s networks, but admits no wrongdoing in the case and has vowed to continue sending bulk email.

In 1994, Mr. Ralsky was convicted for falsifying documents to defraud two banks in Michigan and Ohio and was fined $74,000.

In 1992, Ralsky was sentenced to 50 days in jail and ordered to pay $120,000 in restitution for failing to deliver a contract involving unregistered securities.

For other more informational posts, please pock around and keep reading (sign up for my RSS).

Ok, tutting our own horn here, but starting to get stories from clients to share:

A client had outrageous amounts of blocked spam in our logs - like 1,200 or more, per day, to just one user. It was mentioned to the client (the number seen in the logs) and he said that was pretty spot on to the amount of spam he got everyday before he installed our product.

He said that’s why he was such a quick sign-up (our quickest ever). They were really inundated with spam. Thousands per day! Amazing!

Since then, he’s had no problems!

It looks like MySpace has finally won their lawsuit again Scott Richter.

On Friday June 13th (yes, on Friday the 13th), the American Arbitration Association awarded MySpace over $6 million in damages and attorney fees, as well as the entering of a permanent injunction against Scott Richter and Media Breakaway.

This is the second win for MySpace this year against spammers, and we are talking the big hitters too.

While I am not a huge MySpace user (I believe I do have an account there somewhere) I am very happy to hear that they are winning these battles.

I was doing a search on Yahoo today and found the below:





In case you can’t read it, it says at the top:
“1 potentially harmful website is marked on this page”

Then under the link to the actual listing (and before the description text) it says:
“Warning: Unsolicited Emails”

Seems that the spammers are sending around a lot of spam with just one line or maybe two.

I have heard a lot of “Update your Penis”, that is it all the message says.

I did an earlier article on “Your Life is Crap” which got a lot of searches and a lot of comments (for my fledgling blog).

Not sure what the fascination with updating male genitalia is, but if you do a search on Twitter for that line you can see the huge amount of people who are talking about getting that spam.

So, why does someone send around spam like that?

• Just to be vicious (there are people like that)
• To see how many bounce backs they get off the list to then mail something else to it
• To try to bring down someones servers (either from the spam received or the bounce backs)
• To prove to a possible other client that they can send out massive emails and get them received

I am sure we can come up with more reasons.

Please feel free to click around this blog to learn more about spammers, who they are, what they do and why.

Want more survey results for my Email Spam Survey, will only take a few minutes if you don’t mind.

More good stuff for the Who are the Biggest Spammers series:

Robert Alan Soloway is the founder of “Strategic Partnership Against Microsoft Illegal Spam,” or SPAMIS, but is said to be one of the Internet’s biggest spammers through his company, Newport Internet Marketing (NIM). He is also considered one of the top spammers on the planet (well, until he got arrested).

Soloway used computers infected with malicious code to send out millions of junk e-mails since 2003. The computers are called “zombies” because owners typically have no idea their machines have been infected.

He has been sued multiple times (more below). In the summer of 2005, a court ordered him to no longer break the law. That didn’t help as he continued.

Recently, he was arrested on May 30, 2007 after a grand jury indicted him on charges of identity theft, money laundering, and mail, wire, and e-mail fraud. He was nicknamed the “Spam King” by prosecutors. In March of 2008 he pled guilty to most of the charges against him.

The indictment (actually the third indictment, since each time Soloway asked for a postponement, the government got to refile with more charges) made three categories of charges.

Counts 1-10 were mail fraud, due to Robert Soloway delivering his spamware through the mail, notably including 30 million addresses purported to be opt-in. Counts 11-17 seven were wire fraud, sending spam making false claims about the product, support, guarantee, etc. Count 18 was CAN SPAM fraud, forged mail headers. Counts 19-25 were identity theft, sending spam forging other people’s return addresses. Counts 26-27 were for failure to file income taxes, and 28-40 were money laundering, using his ill gotten income to pay for further lawbreaking.

According to news reports he pled guilty to wire fraud, CAN SPAM fraud, and tax evasion, but not identity theft.

Previous legal problems include:

Microsoft filled a lawsuit in December 18, 2003, against NIM and 20 “John Doe” defendants for spam sent through MSN and Hotmail services. Microsoft won a $7.8 million civil judgment against him.

In early 2005, a King County (Washington) superior court judge ruled that Soloway was in default on the spam lawsuit originally filed by Microsoft (Microsoft never got paid, not that they need it).

Later in 2005, Robert Braver, an internet services provider based in Oklahoma, was awarded $10,075,000.00 in another spam-related case against Soloway. In this lawsuit, a permanent injunction was issued against Soloway, enjoining him from further spam activities.

Update: Robert Soloway Update: 4 Years in Prison