Verizon Settles with Spammer. Verizon settles a lawsuit against a commercial e-mail company with a permanent injunction and monetary damages. [internetnews.com: Top News]
Read More… (From John Lawlor: Spam)

If you know me, you know Ive made no secret of my disdain for the Spamcop DNSBL, aka the SCBL.

Ive worked in spam prevention, deliverability, and the email realm for a long time, in various capacities. Ive created and run at least two blacklists that you know about. Later, I helped to design and create a system that processed thousands of confirmed opt-in/double opt-in newsletter signups a day. Combine those two details together and thats what led me to take issue with Spamcop. My employers COI/DOI signup servers kept getting blacklisted by Spamcop, based on some really bad math to measure email volume thresholds and make a determination as to what to list.

I was trying to do the right thing. I was implementing what Spamcop (and other anti-spam groups) want: confirmed opt-in/double opt-in. Yet Spamcop was listing the servers and subsequent mailings regardless. It made me really frustrated, and I was very disappointed. See, its not really fighting spam. Its just blacklisting mail you dont like, or dont care about. While perfectly allowed, I am of the opinion that its lame to do so under the banner of fighting the good fight to stop spam. Ive shared my thoughts on this topic in just about every available forumwebsites, blogs, discussion lists. I know Ive personally guided many sysadmins away from using the SCBL in the past, because it was easily, demonstrably, listing things that were obviously not spam.

In February 2007, I found that Microsoft was using the SCBL to filter/reject inbound corporate email. (Note that I said corporate emailmail sent to users at micrsoft.com, not users of MSN or Hotmail. I dont know whether or not SCBL data is used in MSN Hotmail delivery determination, but from what Ive observed, it doesnt seem to be.) This started me off on another rant on how ill-advised I felt this was, based on my prior experiences with Spamcop. Some kindly folks (and some less kindly) suggested that I needed to revisit my opinion of the Spamcop blacklist, because things have changed.

After a lot of measuring and discussion, Im here to tell you: Spamcops blacklist has changed, and for the better. It works very well nowadays, as personally measured by me. The open question on Spamcop was what drove me to dive into my massive blacklist tracking project. I started that back on March 10^th. Ever since then Ive been compiling data on Spamcop blacklist matches against both spam and non-spam. Heres what I see:

As you can see, Spamcop helps you attack nearly 50% of spam received, while affecting no legitimate senders. Very few lists do better. Spamhaus ZEN (which combines multiple lists) does better, but will occasionally have a false positive, based on some reputational issue perceived with a given sender.

My recommendation: Spamcops blacklist is safe to use, and will effectively help you reduce the amount of spam you have to deal with. Where I find it particularly useful is as an addition to Spamhaus ZEN: If you block mail from entities on either list, you get a 3.8% percent boost in effectiveness. Meaning, just under four percent of my spam hits are found on the Spamcop list, but not on Spamhaus.

For historical reasons only, here are links to my previous articles on Spamcop:

Spamcop Roundup
http://www.dnsbl.com/2007/03/spamcop-roundup.html
Spamcop BL: A blacklist with a hair trigger http://www.dnsbl.com/2007/02/spamcop-bl-list-with-hair-trigger.html
Microsoft using Spamcop BL http://www.spamresource.com/2007/02/microsoft-using-spamcop-and-spamhaus.html
My Problems with Spamcop
http://www.spamresource.com/2003/03/problems-with-spamcop.html

Read More… (From Al Iverson’s DNSBL Resource)

What is special about this email subject:“An unauthenticated, remote attacker could exploit it to gain root on your Solaris system.”Well at first glace, nothing it looks legit, but believe it or not, this was used a as subject for a SPAM I received (for meds of course).What baffles me more is the fact that this […]
Read More… (From SecuriTeam Blogs)

Send-Safe, a notorious developer of spamming software, has updated its program to include a remove-list feature from the controversial Blue Security anti-spam service. The latest build (803) of the Send-Safe Mailer v2.20b includes an option designed to prevent spammers from…
Read More… (From Spam Kings Blog)

The DNSBL rbl.cluecentral.net has been revived. Its maintainer, Sabri Berisha, had previously shut it down in November 2005.

This list aims to allow you to whitelist or blacklist mail from specific countries, or from certain routers (by AS number).

For example, if you wish to block all mail from the US, you could configure us.rbl.cluecentral.net as a DNSBL to be used for mail blocking in your email server software, and you would then block all mail from the US, as identified by Sabris categorization.

For more information, see Sabris post to the NANOG mailing list, announcing resuscitation of the list, or click here visit the lists website.

Note that while these lists may be used to block spam, they’re not exactly spam-blocking lists. Rejecting all mail from China simply means that you’re going to reject all mail from China, spam or non-spam. It’s up to you to determine whether or not this is an acceptable compromise. I assume, like with users of korea.services.net, administrators who choose to use this list are fed up with spam from a certain country’s servers, and receive little enough legitimate mail from a country that the risk of false positives is considered acceptable.

Read More… (From Al Iverson’s DNSBL Resource)

Great piece from The Guardian’s Technology editor about the dangers of working in an office, having a telephone line and living in a place swarming with bad PR: clipped from www.charlesarthur.comMaybe its just me, or maybe its the swarm of…
Read More… (From loose wire blog)

Rival spam gangs are fighting for control, with the makers of the Bagle, Warezov and Zhelatin (Storm Worm) viruses launching electronic attacks on each others’ assets and other sites.
Read More… (From Spam News)

Spam Law Foe Reverses Direction. After testifying against anti-spam legislation, Direct Marketing Association now wants help from Washington. [internetnews.com]

Read More… (From John Lawlor: Spam)

A DNSBL is a DNS (domain name service)-based spam blocking list. Some people call them blacklists, while others call them blocklists.

These blacklists are IP address-based. This means that they contain IP addresses, generally of email servers that you might receive spam from, or that the blacklist maintainer has indeed received spam from. There are dozens of such lists available, all compiled with different criteria, at every conceivable point in the sanity spectrum. Some lists work better than others, and some list maintainers are more trustworthy and respectable than others.

The original (and still primary) use for DNSBLs is to block mail. Most mail servers nowadays have DNSBL support (either built in, or through use of a plug-in) that allows a mail server administrator to block mail from sites listed on a specific DNSBL. The site would choose to do this as part of their attempt to reduce the amount of spam their users would receive.

More recently, DNSBLs are often used as a part of spam scoring system, such as SpamAssassin. If youre listed on a spam blacklist that is referenced in a spam scoring system, your spam score could be increased by some amount. (The amount varies and is often configurable.) If that, in addition to other scoring tests performed, makes an emails score rise above a certain level, it could be discarded, or routed to the spam folder.

Note: you might hear people refer to RBLs when talking about spam blocking. The first DNSBL was called the RBL, created by a company I once worked for, the Mail Abuse Prevention System (MAPS). MAPS claims RBL as a service mark, but as far as I can tell, anybody using the term RBL is usually using it interchangeably with DNSBL.

Read More… (From Al Iverson’s DNSBL Resource)

Spam Annoyance on the Rise. A Harris Poll finds overwhelming support for legislation banning spam. [internetnews.com: Internet Advertising Report]
Read More… (From John Lawlor: Spam)

Kevin Werbach: “One-third of the 30 billion e-mails sent worldwide each day are spam.” [Slate]

One-third of the 30 billion e-mails sent worldwide each day are spam. That’s 10 billion daily pitches for herbal Viagra, Nigerian scams, and genital-enlarging creams piling up in our inboxes. Neither legislation nor litigation against spammers has stemmed the tide, and they’re not going to have much of an effect in the future, either. It’s time to give up: Despite the best efforts of legislators, lawyers, and computer programmers, spam has won. Spam is killing e-mail.

Read More… (From John Lawlor: Spam)

I really hate being asked for lots of private details just to download a product.In short: People shouldn’t have to register totry something out. An email address, yes, if absolutely necessary. But better not: just let the person decide whether…
Read More… (From loose wire blog)

With Symantec, Markus and I have developed an attack called “Drive-by Pharming” to which many people with home broadband routers are vulnerable.

In short: visiting a web page can cause malicious JavaScript to execute, changing the DNS settings on your broadband router. As a result, you cannot trust domain name resolution on a compromised router. The Solution is to set a hard-to-guess administrator password for your router.

Link to my blog post
Link to Zully’s Blog Post (Symantec)
Link to the Press Release

Read More… (From Stop-Phishing @ IU)

Television New Zealand’s “One News” program has obtained an on-camera interview with Brendan Battles, in which he admitted to being the American spam king who had apparently retired last year. Rumors of the Florida spammer’s relocation started last October, when…
Read More… (From Spam Kings Blog)

Commtouch unveiled its new defense against spam containing pictures but no text or Web hyperlinks.
Read More… (From Spam Daily News - Top Stories)

Phoenix from the flames

The people behind Blue Security, the anti-spam firm brought down by a rogue spammer earlier this year, have launched a new social action firm.
Read More… (From The Register - Security: Spam)

The thing I like about Lessig is that he has original ideas and he puts his money where his mouth is. In this post he offers a solution to spam, and says if it doesn’t work he’ll resign his job. [Scripting News]
Read More… (From John Lawlor: Spam)