[colug-432] Uptick in "Foreign Investor" Spam
rfunk at funknet.net
Tue Dec 22 20:09:09 EST 2009
Joshua Kramer wrote:
> Has anyone else been seeing an uptick in the amount of Spam that gets
> past the greylisting filters? This spam is of the "foreign investor"
> variety, that is, "I am an African Priest who must move 1 500 million
> dollars to the U.S. and I need your help". I used to get about 1 of
> these a week, now it's averaging 2-3 per day. Did someone recently
> release spamming software that is fully compliant with SMTP resending
I've been seeing a lot more of that and other spam all year. Not quite as
much in the past week or so, but definitely a lot this year.
It was inevitable that spammers would eventually catch on to greylisting.
The trouble is that they're also managing to take down some of the
realtime blacklists (dsbl, ahbl, dnsbl), so that retry time that used to
give a chance for them to get on the blacklists doesn't do as much good.
And they have an army of Windows zombies at their disposal for both tasks.
(Aside: in the past month I've managed to convert two non-techie friends
from Windows to Linux, plus my wife converted after the last Ohio Linux
Fest, so I'm doing my best to diminish that army!)
Because of all the spam and the filtering response, it's gotten to the
point that a protocol that was once a paragon of reliability must be
considered unreliable. People are even using the horrible Facebook mail
system instead, to get more reliability and less spam.
This week I finally gave in and implemented SPF, DKIM, and DomainKeys on
funknet.net, just to make it more likely that my mail would go through to
sites like Yahoo. But that's a reaction other people's over-filtering, and
does little or nothing about the spam coming in to me.
==============================| "A microscope locked in on one point
Rob Funk <rfunk at funknet.net> |Never sees what kind of room that it's in"
http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind"
More information about the colug-432