I did the same thing. I took a spam with a very clear disclaimer (although they used a tiny font):
[...] We have received 250.000 free trading shares from a third party, not an officer, director or affiliate shareholder. We intend to sell all 250.000 shares now, which could cause the stock to go down. This company has : negative cash flow from operations, no revenues in its most recent quarter, an accumulated defecit, a negative net worth, nominal cash, a going concern opinion from its auditor and related party transaction. [...] This is a penny stock and is a high risk security. URGENT: Please, Please Read the Company's SEC filings before you invest.
The stock was ASIQ.OB, before this spam, it was around $0.25 So the 'third party' gave around $62.500 to the spammer in free shares. Few days after, the stock was priced around $0.75 If the spammer sold everything at this price, he actually gain $187.500.
The 'third party' bought probably a million or more of trading shares. Imagine how profitable this operation was for both of them.
In fact, spam is usually received from dsl accounts, and not only from china. BUT the URL for the website is hosted generally at ChinaNet. Denying smtp sender is not enough. You can find a patch for spamassasin who parse the URL, and try to match it against blackholes.us http://docsnyder.de/nospam/sa270cvs _check_blackhat _isps.patch.gz
(from the author):
Since spammers often host their spamvertised sites at spamfriendly ISPs
(e. g. Chinanet), I've been doing some tests with "hat-checking"
spamvertised URLs.
After resolving the URL hostname, the resulting IPs get RBL-checked
against *.blackholes.us to find if they belong to a known spamfriendly
ISP. If yes, the spam score will rise.
Slashdot Mirror
I did the same thing. I took a spam with a very clear disclaimer (although they used a tiny font):
[...] We have received 250.000 free trading shares from a third party, not an officer, director or affiliate shareholder. We intend to sell all 250.000 shares now, which could cause the stock to go down. This company has : negative cash flow from operations, no revenues in its most recent quarter, an accumulated defecit, a negative net worth, nominal cash, a going concern opinion from its auditor and related party transaction. [...] This is a penny stock and is a high risk security. URGENT: Please, Please Read the Company's SEC filings before you invest.
The stock was ASIQ.OB, before this spam, it was around $0.25
So the 'third party' gave around $62.500 to the spammer in free shares. Few days after, the stock was priced around $0.75
If the spammer sold everything at this price, he actually gain $187.500.
The 'third party' bought probably a million or more of trading shares. Imagine how profitable this operation was for both of them.
In fact, spam is usually received from dsl accounts, and not only from china. BUT the URL for the website is hosted generally at ChinaNet.s _check_blackhat _isps.patch.gz
Denying smtp sender is not enough. You can find a patch for spamassasin who parse the URL, and try to match it against blackholes.us
http://docsnyder.de/nospam/sa270cv
It's EXTREMELY efficient.
You can also use this patch :. patch.gz
:
http://docsnyder.de/nospam/sa_check_blackhat_isps
(from the author)
Since spammers often host their spamvertised sites at spamfriendly ISPs (e. g. Chinanet), I've been doing some tests with "hat-checking" spamvertised URLs.
After resolving the URL hostname, the resulting IPs get RBL-checked against *.blackholes.us to find if they belong to a known spamfriendly ISP. If yes, the spam score will rise.
and you can use http://www.blackholes.us for the country/ISP zones.