As security threats from viruses and spam continue to grow and plague Internet and email users, LinuxMagic, a British Columbia based Linux support and product development company, recently launched its latest … via Earth Times
Read More… (From Email Spam News)

For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution. via Web admin
Read More… (From Email Spam News)

It dawned on me today that I haven’t been logging the recipient addresses identified in the spam messages I’m cataloging and reporting data on. I think it’d be a good idea to expand my data set sideways and start adding that info, as spot checking the data has been quite insightful. I’ve found, for example, that spammers are dumb enough to harvest from Google Groups, because I have a fair number of recipient addresses with … in them, indicating they were truncated versions of real addresses I used when posting to newsgroups years ago. Then there’s lots of spam directly to those newsgroup-harvested addresses, spam to addresses obviously harvested from the web, spam hitting abused co-reg addresses, and god knows what else to actual once-valid but long-dead actual user addresses.

There’s one alias that is getting just a metric ton of spam, and the construction of the username portion makes it clear to me that it was an alias I gave to somebody and they misused it, or somehow leaked it to some real bad dudes. I wish I could remember who I gave the address to but that info is stored on a drive pulled from my old unix server when I moved to Chicago. I’m dying to know which random bad actor is responsible for that bit o’ feed, because the mail it’s getting is so far from CAN-SPAM compliant that it’s not even funny.

Even though I’m getting more than six thousand spams a day, I’ve only been tracking an average of 2200 a day for the past forty-one days. At first I had to do a lot of manual review of the spam to ensure that it wasn’t accidental ham, there was a fair amount of that to be weeded out. It was easily weeded out and rules were put in place to help keep it out, but doing so took time, and I couldn’t run the whole spamtrap feed through the measuring stick until I reviewed it all.

Now that this is out of the way, the only things holding me back here and there are software bugs and/or server issues. Occasionally the drive on the server handling this mail fills up, so I had to do a lot of fancy coding around that, to make stuff sit and pause and wait for the disk usage to come back down. That’s no fun. But now that I’m able to work around it, I should start consistently logging data about at least five thousand spams each day.

Here’s some random statistics for you. I recently added Gmail bulk foldering to my spam results, and so far I’m seeing that Gmail is only 88.8% affective against my spam feed. Meaning, 11.2% of spam I receive is not going to the spam folder in Gmail. Of the 92,730 spam messages I’ve tracked so far, over the past forty-one days, they have come my way from 68,516 unique IP addresses, and 58,022 unique /24 blocks.

Just yesterday it dawned on me that I should start tracking domains used in spam. I decided to focus on from lines, and log unique from domains that actually exist. Just since I turned it on, I’ve tracked over 5,500 unique domains. I have a few ideas of neat things I can do with this data, after I compile enough of it, but I’m not sharing any of those secrets quite yet.

What I will share though, is information showing what IP addresses and netblocks actually send me the most spam. It’ll be interesting to see how it compares to what other people are seeing on their own mail streams. Look for that soon!

Read More… (From Al Iverson’s Spam Resource)

One of my mail servers runs FreeBSD 6.2 and uses the PF firewall. Mail is filtered using Anti-SPAM SMTP Proxy (ASSP) and is then handed over to Postfix. ASSP is working very nicely now that the Bayesian filter is mostly trained.I was reading through this article on Greylisting with PF and it got […]
Read More… (From IT Infusion anti-SPAM)

The best way to avoid getting Spam in your inbox is by preventing it from getting to your server in the first place. That is where “greylisting” comes in.I recently installed a Greylisting daemon called Postgrey on my Ubuntu Linux mail server and it is awesome. It has reduced the amount of Spam […]
Read More… (From IT Infusion anti-SPAM)

From the FuzzyOCR site:FuzzyOcr is a plugin for SpamAssassin which is aimed at unsolicited bulk mail (also known as “Spam”) containing images as the main content carrier. Using different methods, it analyzes the content and properties of images to distinguish between normal mails (Ham) and spam mails.FuzzyOCR combines nicely with Amavisd-new, Spamassassin, Postgrey, and ClamAV […]
Read More… (From IT Infusion anti-SPAM)

A friend just sent me this link. Take a look.NewsGator Online. Indeed, it’s usually a smart strategy for keeping track of your company, products and identity in the blogosphere.Except when Nude Japanese Nurses sneak into the pictureGadi Evron,ge@linuxbox.org.
Read More… (From SecuriTeam Blogs)

It dawned on me today that I haven’t been logging the recipient addresses identified in the spam messages I’m cataloging and reporting data on. I think it’d be a good idea to expand my data set sideways and start adding that info, as spot checking the data has been quite insightful. I’ve found, for example, that spammers are dumb enough to harvest from Google Groups, because I have a fair number of recipient addresses with … in them, indicating they were truncated versions of real addresses I used when posting to newsgroups years ago. Then there’s lots of spam directly to those newsgroup-harvested addresses, spam to addresses obviously harvested from the web, spam hitting abused co-reg addresses, and god knows what else to actual once-valid but long-dead actual user addresses.

There’s one alias that is getting just a metric ton of spam, and the construction of the username portion makes it clear to me that it was an alias I gave to somebody and they misused it, or somehow leaked it to some real bad dudes. I wish I could remember who I gave the address to but that info is stored on a drive pulled from my old unix server when I moved to Chicago. I’m dying to know which random bad actor is responsible for that bit o’ feed, because the mail it’s getting is so far from CAN-SPAM compliant that it’s not even funny.

Even though I’m getting more than six thousand spams a day, I’ve only been tracking an average of 2200 a day for the past forty-one days. At first I had to do a lot of manual review of the spam to ensure that it wasn’t accidental ham, there was a fair amount of that to be weeded out. It was easily weeded out and rules were put in place to help keep it out, but doing so took time, and I couldn’t run the whole spamtrap feed through the measuring stick until I reviewed it all.

Now that this is out of the way, the only things holding me back here and there are software bugs and/or server issues. Occasionally the drive on the server handling this mail fills up, so I had to do a lot of fancy coding around that, to make stuff sit and pause and wait for the disk usage to come back down. That’s no fun. But now that I’m able to work around it, I should start consistently logging data about at least five thousand spams each day.

Here’s some random statistics for you. I recently added Gmail bulk foldering to my spam results, and so far I’m seeing that Gmail is only 88.8% affective against my spam feed. Meaning, 11.2% of spam I receive is not going to the spam folder in Gmail. Of the 92,730 spam messages I’ve tracked so far, over the past forty-one days, they have come my way from 68,516 unique IP addresses, and 58,022 unique /24 blocks.

Just yesterday it dawned on me that I should start tracking domains used in spam. I decided to focus on from lines, and log unique from domains that actually exist. Just since I turned it on, I’ve tracked over 5,500 unique domains. I have a few ideas of neat things I can do with this data, after I compile enough of it, but I’m not sharing any of those secrets quite yet.

What I will share though, is information showing what IP addresses and netblocks actually send me the most spam. It’ll be interesting to see how it compares to what other people are seeing on their own mail streams. Look for that soon!

Read More… (From Al Iverson’s Spam Resource)

The Distributed Checksum Clearinghouse (DCC), created by Vernon Schryver, is a very powerful tool to help system administrators identify and block bulk mail. The project’s website suggests a strong correlation between “bulk” and “spam,” but as I do a bit more research, I don’t think it’s always that simple.

There’s a common misconception in the spam filtering world (and the sending world) — people think DCC is a spam blacklist. It’s not, though. It’s a tool to help users block bulk mail, not spam mail. That’s an important distinction.

Think about it. There are a lot of types of bulk mail you might have signed up for and might want, things like newsletters you actually subscribed to, messages from companies you’ve done business with and actually want to hear from, or news, weather and traffic alerts you might be waiting for. (I don’t need an email message to warn me that it’s snowing outside, but I know that lots of people sign up for these.)

DCC tells you whether or not the mail attempting to be delivered was sent to lots of people besides you. Sure, spam is sent to lots of people all at once, but so is a bunch of solicited mail. What defines spam is whether or not you signed up to receive it. If you signed up to receive it, whether or not other people are getting it too has no bearing on the fact that you asked for it.

If a filter like DCC rejects a piece of mail you actually solicited and wished to receive, I would consider that a “false positive.” To help prevent false positives, proper DCC usage dictates that you whitelist, ahead of time, all the sources of legitimate list or bulk mail you wish to receive. They include this sample file to get started, and they recommend this whitelist of example small messages that are most likely to be caught up in the filtering, even if solicited.

As Vernon Schryver himself said on the DCC mailing list recently, false positives “speak to a misuse or misunderstanding of [DCC].” He says that in a sense, there’s no such thing as a DCC false positive. My interpretation of his comments is that he means that it’s up to users of DCC to know what they’re getting in to. DCC blocks mail sent to multiple recipients, and it’s up to you to whitelist any mail sources you want to receive mail from.

DCC is a very powerful tool. That’s both a plus and a minus. If you know what you’re doing, comfortable working without a safety net, manually compiling lists of sites you want to receive any sort of bulk or list mail from, then maybe it can work for you to help reduce spam.

But, if you’re not clear on the difference between bulk and spam, are not clear on what sites are sending you bulk or list mail that you or your users will want, then it’s not going to work the way you think, and it’s going to reject mail that you or your users asked for.

Internet Service Providers (ISPs), when deciding whether or not to accept a sender’s mail, do measure whether or not your message is being sent to multiple people. It’s not the only thing they look at, though. The smarter ISPs tie in a reputation measurement to that process. Meaning, is this mail coming from a good sender, or a bad sender? Does this sender generate spam complaints? Does this sender generate an above average percentage of bounces? Wrap that all up together, and an ISP has good info available to them to decide what mail to accept. Don’t measure any of those things, and you’re left with an incomplete view — no easy way to tell the good mail from the bad. It’s up to you to know about and whitelist the good senders ahead of time. If you don’t, you’re going to reject mail from them, presumably mail that you or your users wanted to receive.

Read More… (From Al Iverson’s DNSBL Resource)

If you remember, e360 filed against Spamhaus. Now they filed against the NANAS Usenet newsgroup maintainer.This is what happens when you open the door.http://www.taugh.com/e360-complaint.pdf (Thanks to John L).Gadi Evron,ge@linuxbox.org.
Read More… (From SecuriTeam Blogs)

“We are very proud of the new and enhanced capabilities offered in these solutions, and we are confident that through the use of these new products, we will quickly expand the number of SMB users devoted to the BitDefender brand.”

Attention Business And Technology Editors > MOUNTAIN VIEW, Calif., June 25 /CNW/ — BitDefender , a global provider of award-winning antivirus software and data security solutions, today unveiled three new … via Customer Interaction Solutions
Read More… (From Email Spam News)

Linux Linux essentials:It’s free for download but you have to pay a tiny bit to mail order it or buy it from a company. If you’re getting Linux for more than 2-3 PCs, you can also get training and support at a small free, if you choose to have it. Else it’s the Linux community […]
Read More… (From Technology News for your Daily Use)

I use Realtime Blackhole Lists and Distributed Checksum Clearinghouse clients on Postfix and SpamAssassin to reduce the impact of spam. via Linux Today
Read More… (From Email Spam News)

All the news, opinions, and reader reaction over the hottest controversy yet.
Read More… (From Network World on Security)