PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads



  Valid HTML 4.01 Transitional

   Stop Spam! Stop Viruses!
   Secure And Reliable Ubuntu Desktop!

   Ubuntu

   If you own a netbook/laptop~
   Download Ubuntu Netbook!






PGTS Humble Blog

Thread: Internet Security/Malware/Spam

GP JPG
Open the pod bay doors, please HAL

The Spam Season Starts Soon


Chronogical Blog Entries:



Date: Sun, 03 Oct 2010 15:37:13 +1000

Kogan Technologies is a dynamic new online business that offers aggressive discounts on computer, console and entertainment related white goods. The recent rivalry with the established discount king "Harvey Norman", has been been described by online commentators as a classic example of "clicks versus bricks". The Kogan organisation is mostly virtual, and therefore does not have to pay the substantial infrastructure costs that the old-school Harvey Norman empire must pay. Kogan has built an online presence. But how have they built their mailing lists?

A recent edition of the popular Gruen Transfer on ABC TV examined some of the clever advertising that Kogan came up with as part of their rivalry with Harvey Norman. A major TV network pulled the ads, but the campaign got even greater exposure on the Internet then it would have from the traditional advertising campaign. The panel (on Gruen Transfer) posed the question "Did Kogan ever intend to release the ads on a major network?". Considering the success they had with their online campaign, it wouldn't have mattered much if the ads were not actually intended for major network release.

Earlier this year, I started receiving emails advertising products from Kogan. And I treated them as I would any other unsolicited email ... Sicced the Assassin onto them.

Now, for those of you not familiar with "Spam Assassin" ... I will explain that this marvellous open source product is a content based filter. It makes an excellent second line of defence, if you have RTBL (Real Time Black List) at the outer perimeter. Spam Assassin, is a perl based package which can examine your email after it has been processed by your Mail Transport Agent (MTA), and before it is placed in your "official" inbox. Most people who use Spam Assassin also use "procmail", which has the ability to route email during the delivery phase of processing.

There are number of factors that Spam Assassin uses to determine just how "spammy" the inbound content might be ... It examines headers ... Are they faked? ... The number of hops? ... The type of content ... Is it well-formed? ... etc., etc. And then it starts examining the actual content.

Spam Assassin keeps a database of the emails it has examined. You may flag certain content as "spam" or "ham" (not spam). If you do flag particular content as "spam" it will weight the overall index for similar email more heavily in the "spammy" direction. However Spam Assassin still considers all the other factors as well as your "spam" report ... So it might not immediately consider email from a particular source as always spam just because of a single spam report. It depends on the overall content.

Generally I flag the mail as spam with a command such as the following:

    sa-learn --spam --mbox ~/Mail/foo

Where "foo" is the folder name where I saved the offending mail ... Well in fact the whole process has been automated so that it connects with my webmail interface.

In the case of the "Kogan" advertising, the email was well-formed, and Spam Assassin did not mark it immediately as spam.

Eventually I took the time read one of the emails ... And discovered that the content might be interesting ... And so I called off Spam Assassin ... And so now I am officially on the Kogan email list ... Even though I can't recall subscribing to it.

Now I have to say that this does not happen often. I usually take a dim view of BUCE ... The only other occasion I can recall calling off The Assassin, was when the American business and investment consultant, Mike Gasior sent spam to the PGTS domain several years. On that occasion I also called off Spam Assassin, when I discovered that Mike was an entertaining if not opinionated writer, who could actually spell and compose a small coherent diatribe in (American) English ... Of course those were the days when it was a brave new Digital Dawn, and there were no laws against spamming. These days, there is a lot more spam, but legitimate organisations are usually cautious about flagrant abuses.

So how had Kogan obtained my email address?

A little research into past emails revealed that at one time I had been receiving emails from an outfit called "Milan Direct" ... And I had unsubscribed from their mailing list. The interesting thing about Milan Direct is that it seems to be hosted by "Kogan". Of course I don't have any other evidence. But it does seem possible that Milan Direct shared their email list with Kogan.


Of course for those who don't administer your own domain, or who aren't familiar with open source solutions to the spam "problem", you may have to resort to other measures to protect yourself.

Recently I encountered a product called "Spam Arrest". This is a product which uses challenge/response technology to slow down spam. As the owner of your inbox, you login to the Spam Arrest site and delegate responsibility to their server. Any new email sender must negotiate with challenge/response. Also you can add a list of mailing addresses that you wish to exempt.

There are a few drawbacks to challenge/response technology. It doesn't really do anything towards reducing the bandwidth consumed by spam ... Which is considerable. But if we all have a brand new NBN soon, maybe we won't be concerned by the bandwidth eaten by spammers and microsoft zombies? Another more practical consideration are the genuine mailing lists that you sign up to and forget to add to the exemption list ... And the hassle that new prospective e-mailers must negotiate with ... Particularly if they aren't very "computer literate" ... And there is also the problem of commonly exempted addresses which spammers use anyway. But if post your email address on publicly listed pages and all you know about email is "Outlook" and account passwords, you might consider it as passable Spam filter ... Just go google for "Spam Arrest".


Recently, the following email got past Spam Assassin:

Date: Tue, 28 Sep 2010 17:44:33 +0100 From: User User <User@barrcode.com> Subject: RE: Congratulations ($500,000.00 USD)

RE: Congratulations ($500,000.00 USD)

You have been compensated with the sum of $500,000.00 dollars for using the internet daily, To claim your compensation fund do contact +Sr Scott Williams. via E-MAIL: scotwillis47@w.cn <mailto:scotwillis48@w.cn> <mailto:raphmorgan65@secretarias.com> +<mailto:mrchrisjefferson@rocketmail.com>
PHONE: +234 809 158 6627

Mrs. Lyn Curthoys
Ā© 2010 WORLD INTERNET PROGRAMSĀ®

The email was HTML only (so the above is just the rendered output from "mutt"). It scored quite highly but still managed to "sneak", through ... Either because of the brevity of the message ... Or perhaps because the dour Assassin has a sense of humour?


Other Blog Posts In This Thread:

Copyright     2010, Gerry Patterson. All Rights Reserved.