Tech Reporter Pursues Spammer

girish writes "Technology reporter extrordinaire, Mike Wendland, is at it again tracking down spammers. Wendland conducted the infamous interview with Alan Ralsky, the alleged mega-spammer, a few years ago. That article spawned a lively discussion on Slashdot and eventually resulted in hundreds of pieces of junk postal mail flooding Ralsky's million-dollar home. Now Wendland is using a new tool from a service called Project Honey Pot to track email address harvesters. He posted on his technology blog this morning about catching a company that is holding itself out as a legitimate bulk mailer, but appears in fact to be sending to harvested addresses and conducting on the side some other seemingly seedy businesses. Interesting stuff."

spamtraps...

[mmThe1]

An relevant note here would be to mention Spamikaze system (intro here).

In a nutshell, it sets up spamtrap e-mail addresses, and any IP that sends mail to that address is automatically added to the blacklist, and further mails from it are rejected at SMTP level. A false positive can be easily removed from the blacklist manually (example, PSBL).

Re:I have no fear of spammers

[bigberk]

My hosting service tried to filter all the viruses with clamav, but they got so many viruses that it was too much of a CPU load

This is why renattach exists. You run that baby in kill mode, and you can handle millions of viruses a day without breaking a sweat (load average wise). This filter just drops mail when certain types of attachments (by file extension or file names inside a ZIP attachment) are found. Not as proper protection as a virus scanner, but coupled with spamassassin it will do the job.

Re:Does it really take that much effort?

[Beryllium+Sphere(tm)]

>Seems to me that this kind of thing should be fairly straight forward. I mean, sending millions of e-mails can't exactly be done "quietly" can it?

Sure it can.

Creepy spammer approaches creepy trojan writer. Creepy trojan writer rents creepy spammer access to 10,000 compromised PC's on DSL and cable. Creepy spammer commands each compromised PC to send three emails per minute from 11PM to 7AM. Creepy spammer has now sent 1.44 million pieces of email without an obvious flood anywhere and without an obvious IP address to block.

Tracking down a spammer in my home state

[adzoox]

I have been doing a little tracking down of a Spammer myself from my state.

A few months back, when the free iPod craze started - a company in my state started sending out emails from:

Product Test Panel
Consumer Research Corporation
Subscriberbase.com

Saying, "Product Testers Wanted". They would go from hot product to hot product. Sometimes, not even released products - like the Nintendo DS was advertised almost 2 months ago - claiming immediate shipment.

I found that they were in my state by reading the actual email and seeing a location in my state and then by confirming it with whois information.

I then sent off an email to the contact. I got an email from a guy named Brian Benehaley. In typical fashion, all of my accusations were denied.

Turns out, if you Google this guy's name - he has written a well respected piece [respected amongst bulk emailers] about how the Can Spam Act will bring a new renaissance in email marketing.

I have since written the Better Business Bureau about him, found the record for the company is now in the 1000's of complaints

I have contacted my state attorney general which is conducting thorough investigation

I contacted the host ISP - Exodus - they have over 12000 complaints lodged against Subscriberbase.com

I have written a piece that has gotten into Google searches - that receives a few emails and comments each week.

More info about Product Test Panel

It has been quite fun to research this guy and put various internet tools to my disposal.

This was a good story to see what techniques Mr. Wendland used.

Google, Whois, MY BLOG, The BBB online, My attorney general all helped me ...

How I stay spam free

[Examancer2]

This is how I keep spam from ruining my email while also catching spammers in the act:

I have a domain (examancer.com) and a cheap hosting company that allows unlimited email accounts. Every time I give out an email address I make up one that will remind me why I gave it out (like slashdot@examancer.com, nytimes@examancer.com, someotherservice@examancer.com, etc...). I don't actually have to set up each account because I have all undeliverable mail sent right to my main account. If I start receiving spam, I just look at which address its sent to and I know right away which company sold my address or which online forum my email was harvested from. If the spam gets too bad, I actually go and create a real mailbox for that address and route it to a black hole... viola, no more spam.

I have a slightly better version.

[Inoshiro]

/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\ .(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dbx|dll
|e xe|hlp|hta|in[fs]|isp|lnk|js|jse|lnk|ocx|md[etw]|m s[cipt]|nws|ocx|ops|pcd|pi|pif|prf|reg|scf
|scr|s ct|sh[bms]|swf|uue|vb|vb[esx]|vxd|wab|ws[cfh]))"?\ s*$/ REJECT Files attached to emails
that contain or end in "$3" are prohibited on this server as they may contain viruses. The fil
e named "$2" was rejected.

This covers more executable types and is a bit more permissive in the matches to the content line.