Damn spam

spam come-ons
Illustration: electricpenguin.com

Can't someone stop this?

When Google went public yesterday, the company got a check for $1.6 billion (that's billion with a B!), and a whole lot of 20-somethings and 30-somethings in Silicon Valley became instant millionaires. I don't begrudge them their good fortune. Google is a terrific search engine. But if a company could come up with a sure-fire way to stop email spam, it would be worth twice that! At least!

spam 28 million
What a deal! (click picture to enlarge)

It used to be said that the only two things that are certain in life are death and taxes. For the 21st century, surely that has to be amended to death, taxes, and spam.

In yesterday's harvest of spam was an amazingly brazen solicitation: I was being spammed to entice me to spam 28 million perfect strangers! (Don't worry, before opening the message I determined that there were no attachments and no automatic return receipts.)

If you looked just at the information in the intray, you would think that this message was from a Ms Annette Flynn and that she was replying (Re:) to something I had sent her.

intray

But if you look at the internet headers for this message, you discover that almost everything about it is spoofed.

Return-path: <toddwoods@surfy.net>
Envelope-to: my-real-email@real-domain.com
Delivery-date: Fri, 20 Aug 2004 03:05:19 -0700
Received: from [4.31.4.42] (helo=69.50.192.6)
	by ns4.atjeu.com with smtp (Exim 4.34)
	id 1By6Gs-00087R-Mu
	for my-real-email@real-domain.com; Fri, 20 Aug 2004 03:05:19 -0700
Received: from 102.111.246.150 by 4.31.4.42; Fri, 20 Aug 2004 04:56:18 -0600
Message-ID: <GNZGHDLXXGICDKZVXMOPJPZ@yahoo.com>
From: "Annette Flynn" <trollins@mypersonalemail.com>
Reply-To: "Annette Flynn" <dlong@flashmail.com>
To: my-real-email@real-domain.com
Subject: Re: Email to 28 Million People for Zero 
Date: Fri, 20 Aug 2004 15:04:18 +0400
X-Mailer: AOL 1.0 for Windows US sub 560
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--4700067866775898"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP:19.224.88.120

The Return path is alleged to be "<toddwoods@surfy.net>" whereas the From and Reply to are the aforementioned "Ms Flynn" using two different email addresses, neither of which appears to have much to do with someone named Flynn.

My email tracker program presented the following analysis:

From: IP address 102.111.246.150. 
Location: 'Americas' - For a detailed geographic trace, run VisualRoute. 
Mailer: The sender used 'AOL 1.0 for Windows US sub 560' to send the e-mail. 
Received Headers: '102.111.246.150' is an attempted misdirection in R2 (E13). 

Counter measures

There's no really good way to combat this stuff. It would help a lot of it were made impossible to transmit email using a phony address, but that would require changing the protocol used to send mail over the internet. Fat chance of that happening.

Another option is to install filters that prevent stuff from ending up in your intray. But the problem with those is that they are easily fooled and block out email from real people that you really want to get.

I've started using an Anti-Spam package from Computer Associates. It made an Approved Senders list by reading my address book. If a message does not come from one of those addresses it goes into a special folder, where I can either approve or block the sender. But it still means having to at some point review what has come in.

There is another technology from Qurb that also uses an approved sender list, but with a twist. When an unfamiliar sender appears in the intray, the sender is challenged by sending them a message asking them to reply with a validation code that adds them to the approved senders list.

In the context of so much phishing going on, I'm dubious about people actually replying to the challenging message.

As I said, there's a fortune to be made by the company that can figure this out!