I Don't Like Spam!

<img src='/images/2007/07/mail_server-doesnt-like-spam.jpg' alt=‘The mail server doesn’t like spam’ />

In the last days, Fred and I are noticing a highly increased number of spam messages delivered to our mail server, most of them containing file attachments to prevent spam scanners from filtering or blocking the spam messages before the end user sees them.

For now we might have found a way to block most of these spam mails, but they spammers aren’t dumb: they slightly mutate the mails from one day to the other. They started with plain-text spam, created variations of buzzwords ("/1@G|>.A"), set up image attachments, scrambled the images to complicate the OCR process, used PDF attachments and now seem to be moving to every available kind of documents out there in the IT world (namely: Excel spreadsheets, Word documents etc.). Their goal is clearly defined: bypass the filters that are currently set up by systems administrators.

Most of these administrators are responsible for ensuring that a higher number of mails per day is delivered correctly to the recipient and hence they cannot allow themselves to let their filters produce a higher number of false positives.

One other thing I see right now: hiding your e-mail address from web pages is not enough anymore. Sure, you will get much more spam once your e-mail address is published on a website and can be found through search engine crawlers, but the latest spam run only was addressed to an address that was never used on a website. I highly suspect users with infected Windows machines i.e. their Outlook [Express] etc. address books as the source for the spammers' address lists. Cheaper than the address lists you might buy off eBay or from the guy in that dark street on the other side of your town. And of course, much more up-to-date.

So just imagine an e-mail message containing a spam attachment and malware at the same time, infecting a personal computer in that way it acts as an open mail relay, sends its address book, credit card information etc. to the spammer and continues infecting other PCs. Spam and malware combined. Cyber criminality in the 21st century.

Repeat after me[1]: E-mail is dead!

P.S. For those who missed the famous Monthy Python spam sketch: here’s the YouTube video.

Update: Joern found a good solution for this problem (in German) using additional ClamAV databases. Mika explained how to reject this type of spam with postfix (in German).

Update 2: If we’re unlucky, what we see right now was only the beginning. German IT magazine “Heise” speculates that these spam sightings might only be a test-run or (as I would rather say) a proof of concept.

[1] Borrowed from vowe.net. DRM is bad for the customer.


comments powered by Disqus