Vioxx Replaces Porn as Spam King

An anonymous reader noted that CNN is running a story crowning vioxx the new king of spam, upsetting poor old fashioned pornography. Of course, for me all my spam seems to be about rolexes.

Vioxx topples porn as spam king?

[tyleroar]

Actually what the article says is that Vioox prescriptions, ID theft scams, and stock pick information toople porn as spam king. And this is only talking about the spam received by AOL users, not all spam in general.

Wanna R()()1-E-X?

[catscan2000]

Rolex spam has increased for me as well. I'm currently using the following regular expression on our Astaro firewall to block them, which has caught the recent "rolax" and "R-O-L-E-X" variants (remove the extraneous whitespace):

(?i)r[[:space:][:punct:]_]{0,3}(o|0|\(\)){1,3}[[ :s pace:][:punct:]_]{0,3}(l|1){1,3}[[:space:][:punct: ]_]{0,3}(e|a){1,3}[[:space:][:punct:]_]{0,3}x

So, bring on the R0001ex!! spam :-)

Hopefully, the next revision of Astaro will include Rolex spam filters in SpamAssassin so that I don't need to use this custom regex anymore.

Here's one message that I'd love to see (and hopefully blocked):
=========

Gr33tingz, Dear Sir! I'm Dr. Jfjweaiofjweoif Iejfiowefjioe from an official bank in Nigeria and am trying to move $39,000,000 MILLION (million) US DOLLARS (United States currency) worth of \/1@gra pills and C1@li5 out of the country but need to confirm your CitiB@nk banking account details. In exchange for the sum of the transfer, you will have the opportunity to be a man like Britney Spears with real-like r()()()()()1eX watches with a screw-in bezel and a second hand that looks like the real thing. All you have to is click here (http://4.12.44.52:39/removeme/now.idc?really=yes) to install a FREE screensaver, which, if you're using Outlook [Express], should already be installed by the time you read this sentence! WOW! HOW CONVENIENT! Our online pharmacy is ready to take your orders for cheating housewives in your area, but HURRY! At these prices, they won't last long!

Re:NULL body messages

[dragonman97]

If you look at the headers, you'll find that they're extraordinarily sparse. In some cases, the receiving server will add a little bit of data to keep clients happy, by adhering to RFCs (adding "Date:" and the like. As far as I can tell, this is being done as the most accurate recepient verification system they can dream of. VRFY is not accurate, as many receiving systems will say "Well, I don't know that address, but it's in my domain, so I'll try and receive it." If you do everything up to, but not including the DATA part, there's a chance the server might be sloppy or ignorant. If it accepts the message for delivery without error, then there's a decent chance that address exists. This battle is really getting ugly, and will keep escalating - there is no FUSSP, other than hunting down the spammers and stringing them up with piano wire where it'll hurt them.