CAT | Spam FAQs
29
Young People Anxious over Weight Problems Targeted with Spam
No comments · Posted by Dan Coysh in Scams & Fraud, Spam FAQs
Spammers exploit increasing anxieties in young adults over weight problems.
fraud · health · spam · spam email · spam emails · weight loss · weight problem
28
Spam’s Hefty Carbon Footprint Revealed by McAfee
No comments · Posted by Dan Coysh in Products, Software, Spam FAQs
The internet security firm has said that spam soaks up the same amount of electricity per year as 2.4 million homes.
carbon emissions · carbon footprint · emails · spam · spam filtering
24
Fight back against wiki, blog and guestbook spam
No comments · Posted by admin in Spam FAQs
chongqed.org is trying to fight wiki, blog and guestbook spam. They do this by linking the spammers’ keywords to pages that contain information about spam and the spammer. We hope that these pages documenting the spamming will be higher up on the search engine results pages than the pages of the spammers.
No tags
Sitepoint recent published an article with some tips for dealing with comment spam, here we discuss some of the options…
No tags
17
Stupid Spam-Fighting Tricks: Sucker Moves To Avoid
No comments · Posted by admin in Spam FAQs
Fighting spam is a tough job, but somebody’s gotta do it. Unfortunately, you’ve got time and budget concerns on one side, users on another, and a burning desire to reduce spam without deleting, rejecting, misdirecting, or delaying a single piece of legitimate mail.
No tags
Some of the newer spamming programs put in fake Received: headers in order to prevent users from finding the first ones. This is rather foolish, as most spammers don’t understand the net and put in wildly bogus values.
Here are a few things that let you know a header has been forged:
- Look for a wrong Eastern Timezone of “-0600 (EST)” (EST is normally -0500, while EDT is -0400) in conjunction with an SMTP id which will always start with “GAA…” This is perhaps the most common Stealth Mailer signature seen (an example of it appears below)
- A new, laughably “repaired” Stealth Mailer has surfaced recently; its signature errors are an SMTP id which always starts with “XAA…” and an Eastern Timezone correction which is even more wrong than before, now listing “-0700 (EDT)”
- Look for a spoofed address in the Received: header. A real Received: header has the address of the recipient as the address (i.e. dmuth@ot.com in the above example). If the address there isn’t yours, it’s a forged header.
- Look for a spoofed SMTP id. A real one generally matches its first letter to the hour of the time the hand-off occurred; e.g., if the time listed in this header is between midnight and 1:00 a.m., its SMTP id should start with “A…”; between 1:00 a.m. and 2:00 a.m. should indicate “B…” and so on.
- Look for IP node numbers of 0 or greater than 254. IP addresses only range from 1 to 254. (0 indicates a network address and 255 is for broadcasting).
- Look for a system named “alt1″, this can be filtered on as I have caught many spams with zero false positives in this manner.
Received: from email4all@aol.com by email4all@aol.com (8.8.5/8.6.5) with
SMTP id GAA02084 for <email4all@aol.com>; Thu, 26 Jun 1997
10:52:37 -0600 (EST)
Received: from lconn.net (alt1.lconn.net(206.25.61.0)) by lconn.net
(8.8.5/8.6.5) with SMTP id GAA06154 for <gpg@lconn.net>; Wed, 25 Jun 1997
23:00:38 -0600 (EST)
No tags