Geek Drivel

Although interesting (to me) in and of itself, I’m mentioning this article because of this bit from the last paragraph:

In other developments, spammers have abandoned the use of image-based spam, file attachment spam and other such frippery by going back to basics. Nine in ten spam messages now contain little more beyond a few simple words and a URL.

I’d call that a major win for the anti-spam effort.

I’d wondered at the lack of spam recently, but I figured that SpamBayes/ThunderBayes was just doing an exceptionally good job. Which it is (when I saw the above, I checked… out of 308 spam messages in the past couple weeks, I’d only had to look at forty of them, and SpamBayes was unsure of only seventeen of those), but getting only about 22 spams a day is pretty freakin’ amazing too, considering that I’ve had these e-mail addresses for five and seven years now. (I’m not counting the GMail account or the account at the company that bought our Project Badger, since both of them have their own very effective spam-filtering stuff.) After only three years with my previous e-mail account, I was being inundated with a couple hundred spam messages a day.

Uh-oh! Better lock up your e-mail program ’til he’s re-caught!

Two of my favorite targets in a single (and pretty good) article — bonus!

Maybe spammers don’t need to have even average intelligence to make money at it?

I’ve gotten a large number of spams recently (all caught by SpamBayes with no real difficulty) that have one sensationalistic headline in the subject line, and a completely different one in the body of the message. Case in point:

Subject: Facebook hacked into, millions of accounts lost

Apple ipod sells one billion units
[URL removed]

–
Using Opera’s revolutionary e-mail client: http://www.opera.com/mail/

(A large number of them also include that Opera line. It’s said that any publicity is good publicity, but I’m sure the people behind Opera view that kind of support as a decidedly mixed blessing.)

Maybe the spammers think that two headlines are better than one, or maybe they hope to get around some anti-spam defenses with that, I don’t know. To me, it just makes it obvious that it’s garbage. But it begs the question… if they’re still making money with that kind of thing, who’s stupider — the spammer, or the people that must still be clicking on the spam links?

(And yes, it’s a rhetorical question.)

As noted previously, I rarely post about spam anymore, simply because there’s little new or interesting to post about. In fact, I rarely even see spam anymore, maybe one or two messages a day at most. This one is slightly interesting though, because it’s a perfect example of the contortions that spam purveyors have to go through to even have a slight chance of getting their messages read anymore:

Hej,

VL Ia A G R VA

1) Open your browser
2) Enter http://www.capedyinlaxyz[IZ]com
3) Replace “IZ” with “.”

This is followed by the now-usual block of semi-random text that attempts to disguise the contents of the message from Bayesian spam filters.

Three items of interest:

If this is the kind of thing spammers have been forced into, I think the spam problem is all but solved… at least, until the next evolution in computer science gives them a new way around the current defenses.

A friend of mine noticed that an envelope had been slid under his apartment door yesterday, containing a hand-written note:

Hi!

Every time I see you I think how beautiful and georgious you are and want to get to know you better.
Don’t get me wrong, I just want to be your friend.

If you are interested, I am your neighbor. My name is Travis and my phone number is [removed to protect the not-so-innocent].

Call me!

My friend is most decidedly heterosexual, and says that he “could not shred the thing fast enough!”

My first thought, on the other hand, was that the message was very generic and could have equally well been sent to anyone — the hallmark of spam. I imagined someone desperate writing these out in mass quantities and papering the entire building with them, floor by floor, relying on the statistical likelihood that someone would bite… I really should stay away from my spam folder.

GoddessJ had a wedding shower to attend, so we packed up and took an overnight trip to the shores of Lake Huron. It was interesting… I saw a large number of power-generating windmills, including a couple that were still being put together (the first time I’d seen them close up — they’re freakin’ huge! I was fascinated by them, much to GoddessJ’s bemusement), and met someone who works for a large company’s “executive e-mail” section (one of many people who handle the e-mail directed at the company’s president). I managed to get a small but crucial portion of Project X coded too… I love portable computers!

We were staying at the home of the bride-to-be’s mother, who doesn’t have Internet access. I knew that in advance, and made preparations. But when we returned this afternoon, I discovered that blog-comment spammers had pounded Geek Drivel unmercifully in my absence… roughly eight times the usual level of spam comments, on a variety of posts. Do spammers have some kind of spy watching me or something? If so, it didn’t help them, Spam Karma stopped every one of them before they were published.

Now back to your regularly scheduled drivel.

A few days ago, I received three identical spam messages, one to each of three different e-mail addresses (clickable areas removed):

From: Spock Team
Subject: Head Geek wants you to check out spock.com

I am testing out this new people search search engine called spock.com. It seems pretty interesting and you might want to do some searches on it for yourself, your friends, or your favorite celebrities.

Their homepage is www.spock.com

PS - If you click here, Spock can instantly find where all your friends are on the web.

Later,

Head Geek

-
Unsubscribe: Click Here

Wow, apparently my future self is working for this group of cretins and has access to a time machine, and wanted to make sure that I knew about them. Either that, or they’ve harvested the addresses from my public GPG key, which (so far as I know) is the only place where all three of them are listed. Hm, I wonder which of those scenarios is more likely?

(According to the headers, it actually is coming from them, so it’s not some third party trying to get them into trouble. And yes, I’m quite familiar with fake e-mail headers, and this one isn’t faked at all.)

I’m extremely irked by this. Not only are they spamming, but they’re lying and claiming to be me as well. The service might well be useful, but I refuse to ever deal with spammers.

UPDATE: A few days after I posted this, Jay from spock.com wrote a comment explaining the problem, so I wrote a follow-up to this post.

I received an odd newsletter e-mail this morning. Odd because it looked like a perfectly legitimate newsletter, but it was from an outfit calling itself IDG Connect and claiming that I’m a “valued customer.” I’d never heard of the company before this, so far as I know, so I did some research.

It’s hard to find much information on them, other than their own website, but I finally discovered two comments on a mostly-unrelated Computerworld blog post. The first says:

I just happened on this blog, Googling to see if anyone else has trouble and/or was entered into the “challenge/response unsubscription loop from hell” while trying to unsub from IDG Connect…a newsletter I never subscribed to.

Well, these things do happen, and it might still be a legitimate mistake. But directly under that comment was this one:

I am unable to unsubscribe to IDG as well - I’ve tried using the option they listed in the email since they appeared to be a legit operation, but the only result is that now I get emails from them every day, not just once in a while.

So much for the theory that they’re legitimate. I’ll start training my spam filter to block their crap.

I’m writing this entry in the hopes that other people looking for information on this company (or trying to find out why they’re being spammed by them) will discover it, since there’s so little easily-accessible information about them.

CAPTCHAs, the automated tests that are meant to prevent spam-bots from overrunning free e-mail services and comment forms, have been defeated. What’s next? Hopefully not something like this… I tried it three times, and only succeeded twice.

Statistics also indicate that it wouldn’t work too well — there are less than 30 variations, so even randomly choosing three of the pictures would result in a greater than 3% success rate, which is likely sufficient for spammers. And if there are only a set number of pictures to choose from, it would be easy to have a human classify them the first time they’re seen, and the computer to remember the classification (several of the same pictures came up multiple times while I was trying it). And I could think of fairly simple algorithms that would bump up the accuracy. It’s a tough problem.

When you run into a tough problem in math, it usually pays to see whether parts of it can be transformed into an easier one. For example: using public-key technology, it’s easy to confirm whether two digital signatures refer to the same ID or not, without giving out the information needed to duplicate that ID. Find some way to verify someone initially, and public-key technology could be used to confirm that it’s the same person later. It’s not foolproof (the private part of the key data could still be stolen), but it would be a major pain in the spammers’ tails.

Of course, all of this may become moot as soon as someone develops a true learning AI, one that could solve such a problem as well as a human. That kind of AI could easily be used by the bad guys to get around any CAPTCHA problem, but it could also easily identify and delete spam messages with an extremely high accuracy level. I suspect that the latter would more than make up for the former, because there are only a limited number of ways that you can write a message advertising something.

It’s a very interesting subject, all around.