Gautam's Blog

Active Spam Killer (ASK)[using challenge response idea]: http://a-s-k.sourceforge.net/howitworks.html

What’s out there!: http://freshmeat.net/search/?site=Freshmeat&q=spam&section=projects

P-Messaging uses Jilter to classify emails. Please check the email communications about jilter installation between Blake Ramsdell, Sendmail Inc.,  and I:

http://sourceforge.net/mailarchive/forum.php?thread_id=9459272&forum_id=43585

In order to hold senders accountable for the email they send we need to update the email infrastructure to support a new set of authentication, accreditation and reputation services

http://commerce.senate.gov/hearings/testimony.cfm?id=1199&wit_id=3438

myspace.com is now facing attacks from spammers. Spammers create fake profiles and entice users to the profiles. When a user attempts to view the profile, an adaware is installed.  http://www.cnn.com/2006/TECH/12/25/myspace.security.ap/index.html

Calculate the losses per year as Barracuda calculates it: http://www.barracudanetworks.com/ns/resources/spam_cost_calculator.php

Read this September issue on wired.com: Splogs are the latest thing in online scams – and they could smother the Internet.http://www.wired.com/wired/archive/14.09/splogs.html

An article (about pump and dump spam) on Slashdot had recently caught my attention [http://it.slashdot.org/article.pl?sid=06/11/17/1415244]. I just tried to look up some figures and here is what I come up with: http://en.wikipedia.org/wiki/Pump_and_dump.

I reproduce what wikipedia’s here:

“Pump and dump stock schemes are now a common part of spam, accounting for about 15% of spam e-mail messages. A survey of 75,000 unsolicited emails sent between January 2004 and July 2005 concluded that spammers could make a return of 4.9%-6% by using this method, while recipients who act on the spam message typically lose 5.25% (and sometimes up to 8%) of their investment within two days – not including the costs of trading shares. Stocks targeted by this spam are typically “penny stocks“, selling for less than $1 per share, not traded on organized exchanges, have small capitalization, are thinly traded, and are difficult or impossible to sell short. Consequentially, stock spam messages are universally positive. Spammers likely acquire stock the day before sending the message (as suggested by increased market volatility, and the generally negative average returns of targeted stocks), and sell the day the message is sent.(Hanke and Hauser, 2006)”

US Securities and Exchange Commission website also calls it “hype and dump manipulation”: http://www.sec.gov/answers/pumpdump.htm

Spammers are now outsourcing the blog spamming according to the Guardian. http://technology.guardian.co.uk/weekly/story/0,,1954160,00.html

This is being done so that spammers can outdo captchas. Personally, I do not allow people to leave comments at my blog. The other way is to allow authenticated users to leave comments at my blog.

I think the solution would be to have a semi-open system; neither completely-open nor completely-closed. By open and close, I refer to the authentication credentials.

Interesting reads: Alternatives to captchas: http://isc.sans.org/diary.php?storyid=1836

The maillog has multiple entries for a single mail that has been received. When a mail is received, the mail is put into the queue and an entry is made in the maillog with a queue id. To check if the mail is spam, the message is removed from the queue and checked. Upon determination that it is not spam, it is put back into the queue with a different queue id. There are other parameters that determine that the mail has been verified. The mail is now delivered to the end user. There would be more entries if there are additional entries if there are multiple receivers or when an email id is forwarded. each time, the assigned queue id is different.

One of the best (and modifiable) postfix maillog parser is pflogsumm http://jimsun.linxnet.com/postfix_contrib.html. Written in Perl, it analyzes the logs and provides an incredible amount of detail.However, I had to modified the code to parse the logs to provide an output in the following format:
[status] [time] [sender] [receiver] [reason].

This can be put in crontab so that it is run at midnight to provide the analysis of the maillog for the day. In case you are having trouble with postfix logs and its configuration: visit: http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html