CAT | Frequently Asked Questions

Spammers exploit increasing anxieties in young adults over weight problems.

· · · · · ·

The internet security firm has said that spam soaks up the same amount of electricity per year as 2.4 million homes.

· · · · is trying to fight wiki, blog and guestbook spam. They do this by linking the spammers’ keywords to pages that contain information about spam and the spammer. We hope that these pages documenting the spamming will be higher up on the search engine results pages than the pages of the spammers.

No tags



How To Stop Comment Spam

Sitepoint recent published an article with some tips for dealing with comment spam, here we discuss some of the options…

No tags

Fighting spam is a tough job, but somebody’s gotta do it. Unfortunately, you’ve got time and budget concerns on one side, users on another, and a burning desire to reduce spam without deleting, rejecting, misdirecting, or delaying a single piece of legitimate mail.

No tags

More detail on the 419 fraud, commonly associated with Nigeria

No tags



Spoofed Recieved headers

Some of the newer spamming programs put in fake Received: headers in order to prevent users from finding the first ones. This is rather foolish, as most spammers don’t understand the net and put in wildly bogus values.

Here are a few things that let you know a header has been forged:

  • Look for a wrong Eastern Timezone of “-0600 (EST)” (EST is normally -0500, while EDT is -0400) in conjunction with an SMTP id which will always start with “GAA…” This is perhaps the most common Stealth Mailer signature seen (an example of it appears below)

  • A new, laughably “repaired” Stealth Mailer has surfaced recently; its signature errors are an SMTP id which always starts with “XAA…” and an Eastern Timezone correction which is even more wrong than before, now listing “-0700 (EDT)”

  • Look for a spoofed address in the Received: header. A real Received: header has the address of the recipient as the address (i.e. in the above example). If the address there isn’t yours, it’s a forged header.

  • Look for a spoofed SMTP id. A real one generally matches its first letter to the hour of the time the hand-off occurred; e.g., if the time listed in this header is between midnight and 1:00 a.m., its SMTP id should start with “A…”; between 1:00 a.m. and 2:00 a.m. should indicate “B…” and so on.

  • Look for IP node numbers of 0 or greater than 254. IP addresses only range from 1 to 254. (0 indicates a network address and 255 is for broadcasting).

  • Look for a system named “alt1″, this can be filtered on as I have caught many spams with zero false positives in this manner.
A few examples of spoofed headers:

Received: from by (8.8.5/8.6.5) with
SMTP id GAA02084 for <>; Thu, 26 Jun 1997
10:52:37 -0600 (EST)
Received: from ( by
(8.8.5/8.6.5) with SMTP id GAA06154 for <>; Wed, 25 Jun 1997
23:00:38 -0600 (EST)

No tags

These are simply underhand tactics to get ‘active’ e-mail addresses.

Some other tips to avoid getting spammed in the first place:

No tags



alt.spam FAQ

This detailed posting explains how to find out where a fake post or e-mail originated from

No tags



How do I stop getting spam?

{mosimage}A couple of simple precautions and software available online can dramatically reduce the amount of spam you get.

No tags