Spam – Good News, Bad News, and SOS

Various news on the spam front. The minor good news is that I got another cheerful note from the folks at Project Honeypot telling me this site has helped indentify another spambot. The bad news is that I got a couple dozen spam messages in my inbox this morning that had made it through the maze of blacklists I’m using.

The blacklists are still doing a good job, blocking over 60 spam messages per day, and until today, letting through only a couple. It looks like some enterprising spammers found a bunch of vulnerable machines that hadn’t been blacklisted yet, and hijacked them. With luck, this will be a temporary aberration, as these machines will probably soon be on at least one of the blacklists I use (and, at this moment, some of them have already gotten blacklisted). If it continues, I might have to add a couple more blacklists to my gauntlet.

One of the most popular, SpamCop, is one I’ve avoided because its website warns against a high risk of false positives (blocking legitimate mail). They recommend using it only to tag mail, rather than blocking it. On the other hand, my employer has recently switched their mail servers to block, rather than tag, mail from Spamcop-listed servers. If a major public university, having a diverse user base that receives legitimate mail from all kinds of obscure locations, can use Spamcop for blocking without problems, surely it can’t cause problems for the more limited sources that send me legitimate email.

Another list that looks promising is UCEProtect-Network. One list I’ve learned to avoid is SPEWS. They have a reputation for being a little too aggressive, which I learned the hard way. As well as blocking Comcast’s client range (which is good because moronic Comcast customers whose machines have been hijacked are a hugesource of spam), they also block Comcast’s outbound servers, which prevents legitimate email from Comcast users from getting through. I’m not sure if this is an oversight or deliberate. Some hardcore spam vigilantes think the only way to stop spam is to take a very hardline attitude and block all mail from any site which they consider to be “spam-friendly”, insisting that blocking good email is the only way to make these guys clean up their act. They may be right, but I’m not ready to start throwing away email from my friends as part of the crusade.

And, in the Same Old Sh Stuff category, the Bulgarians are still pounding on my website, at a rate of maybe 1000 hits per day. At this point, these guys are burning up bandwidth for absolutely no gain. At best, the gain from this type of “referrer spam” is very marginal. They hope that, if they hammer a site enough times with a forged referrer tag pointing to their own site, that they’ll get a link or two in that site’s statistics, if it even publishes statistics. And, if they get enough links that way, maybe they’ll move up a couple of notches in Google’s ranking.

After these guys started hammering my site, I removed the referring site section from my stats page, so spammers won’t get a link there no matter how hard they try. I also updated my robots.txt file to keep search engines out of the stats page, hoping that will prevent other spammers from finding it and trying the same attack. But apparently there’s no way to make the Bulgarians give up. Firewalling them wouldn’t work, partly because I don’t think I can implement a firewall on my host, but mainly because they’re using so many hijacked proxies that keeping the firewall up to date would be impossible. One of the Geeklog authors said that at one point, he identified over 1600 addresses these guys had hijacked. So apparently there’s nothing to do but ignore them and know they won’t go away.

Leave a Reply

Your email address will not be published. Required fields are marked *