Archive for the ‘spam’ Category


Killing the 419 through a high signal-noise ratio

Most of the spam that hits my mailbox these days is the “Contact us urgently for your $1.5 million” type rubbish. Everything else seems to get caught by my email provider. I guess that the 419 looks like something that may be legitimate, so they let it through. Sending the mails on to email providers to shut down mailboxes is a time consuming affair and is like trying to stamp out little fires that keep spreading – it tries to cure the symptoms rather than the problem.

So what’s the underlying problem with the 419 emails? It is profitable for a guy in some third world country to scam the Unsavvy. Send out a hundred thousand emails, and the people who email you back are ripe for the picking. Now, what if the guy started getting a huge number of fake personal details that he follows up only to find that they’re crap. The cost of doing the 419 automatically goes up.

The idea: a 419 killer service. You forward the email to the killer mailbox. It works out whether it’s dealing with a legitimate 419 email, and if so adds the from and reply-to addresses to a list. It then periodically generates rubbish personal details that it forwards in an authentic looking reply message to those addresses. Now instead of having a few legitimate details, they’re hidden in the hundreds that these guys need to go through to find an actual person. The result: an increased cost of doing 419s, and hopefully getting these people to do something else with their time.

Posted on July 20th, 2007 in questionable ideas, spam, technology | No Comments »

Dealing with scam emails

Spam filters are pretty good these days. Most of the spam you get gets blocked either by your email provider or by your mail program of choice. But every once in a while scam emails have a tendency of slipping through. You know the type – “WINNING NOTICE – CATEGORY A WINNER”. The great Nigerian 419 scam. Most of us would simply delete it or leave them in our Junk mailbox, but there’s a better option.

What makes them different to standard mailbox crap is that they require someone to reply to them, which means that they can be traced back. The mailboxes in use are normally temporary accounts on a free email provider (AIM/Yahoo/MSN/Google). Most email providers have someone sitting checking for abuse of their systems. This is typically done by scanning the abuse@ mailbox. When you get a scam mail, check which provider is listed in the FROM and REPLY-TO fields of the message (there may be two different ones involved). Then forward the mail to the abuse mailboxes on those services with a message along the lines of “This scam email uses a mailbox on your service. Please take whatever action you feel appropriate.”.

Why bother? Most of these emails are targeted at the Unsavvy. The Unsavvy does actually think they have won a lottery they never entered, or that Nigerian astronauts are stuck on an abandoned space station and need money so the Russians can get them down. It’s not their fault really. Your Grandma could be Unsavvy. We the blog readers of this world, tend to be a bit more clued in, and have an obligation to help the Unsavvy – or at least to screw the Spammers. Forwarding to an abuse email address means the offending mailboxes will be shut down before Grandma or Jim-Bob can send Njembe the Ousted Oil Tycoon who needs to recover his $60 million their bank account details. It’s the right thing to do.

Same applies to banks, paypal etc. The minute you get a phishing site, send it on to the abuse mailbox at the bank in question and they will go after it.

It would be cool to write a Thunderbird plugin that does this automatically. Another pet project to do as soon as I finish the 100 others…

Posted on June 27th, 2007 in spam, technology | No Comments »