Antispam

September 12th, 2005

Proposed Spam Control Bill for Singapore

» ,

IDA & AGC Seek Second Round Views on Proposed Spam Control Bill for Singapore

The proposed Spam Control Bill includes, in addition to email spam, legal measures to manage mobile spam in Singapore. The Bill also proposes that anyone who suffers damages or loss arising from spam be given the right to initiate legal action against non-compliant spammers. The draft Bill also proposes that if found guilty, non-compliant spammers can be directed by the court to stop their spamming activities or pay damages to the affected parties.

September 12th, 2005

SPAM against SPAM

»

Microsoft-bashing has always being a favourite pastime for many geeks so I wasn’t surprised when I got anti-Microsoft spam in my inbox. Whats was surprising was that it was send by a group called SPAMIS – Strategic Partnership Against Microsoft Illegal Spam.

Sorry, when you fight spam with spam, you lost all your creditability – especially when SPAMIS is founded by Robert Soloway, one of the biggest spammers around who has an axe to grind with Microsoft.

June 2nd, 2005

OCED Toolkit

»

OCED has been talking about a Antispam “toolkit” since last year. Incidently, the “toolkit” isn’t what an engineer would normally expect: it is really more of a ‘guide’ on Antispam for regulators.

After waiting for nearly half a year, I got an email from Suresh (from Outblaze) that the OCED Antispam Toolkit is finally ready.

May 22nd, 2005

DBS Phishing

»

There is a DBS phishing spam targeted at Singaporean mailboxes. You probably get something that look like this too:

dbs-phishing-small.jpg

Do not be fool by it.

Look at the raw email and you will find that it actually comes from hostpymes.com, registered to someone called Soria, Luis based in Peru.

dbs-phishing-raw-small.jpg

Already as early as last year, we were aware the biggest problem of spam isn’t penis enlargement, viagra or even porn spams but rather targetted phishing attacks like this. Estimation of the phishing problem are in the billions in US alone. It is the reason why we still talking about Antispam (I know, most people have given up and have learnt just to delete them). It is also the reason why FBI is attending ICANN.

btw, this isn’t the first phishing attempt in Singapore. There is a smaller and poorly done phishing last year.

May 3rd, 2005

The Way Forward for Anti-Spam

»

I am now at MCMC for a discussion on Anti-Spam Strategies – The way forward for ASEAN Telecommunications Regulators’ Council (ATRC). Lots of people are here: OCED, ITU, FTC, various regulators from the region and also industry. But I think this is a close-door event so I couldn’t blog much what was discussed here.

Anyway, coming to MCMC in Cyberjaya is a challenge – even the Taxi driver couldn’t find the way here – so I end up a bit late but in time for my presentation in the morning. I think I did pretty well1 judging from the responses I got from the audience. Oh, one thing I could share tho – during my Q&A, someone asked me to explain blog spam; I started with ‘Well, Malaysian would know blog, thanks to Jeff Ooi …’ and I heard chuckles around the room. Yes, everyone read Jeff ;-)

This is my first time in MCMC new building and I actually met (and have lunch) with the Chairman of MCMC this time. It is also nice to catch up with friends from MCMC … more tea tarik later. ;-)

1 I learned something today: I do well in presentation, I sux on camera and interview. Ah, got to figure out how to improve in those areas…

April 20th, 2005

More on Weird Spam

»

William posted one very interesting spam : Spam in ASCII art!

ascii-art-spam.png

ps: William is one of the two rare programmers I come across in my entire carrer.

April 14th, 2005

Werid spam

»

Spam – everyone has it and we all know what it does. Porn spam are down and phishing, 411 and chinese marketers are the norm these days. But I am scratching my head what kind of spam is this.

Hello,

My daughter is interested in learning the Punjabi Drum,piano as mentioned by
you and I am happy with your area of specialty.

She will be in by the 1st week in May and will be
returning home by November so,I will want you to help me
in lessoning her an hour,2X a week on playing the Gurpreet
I will like to know your exact location and avail me of
your telephone numbers too.

So,please calculate the total cost from 2nd week in May to
the last week of November to me.
I want to arrange for the payment before her departure .
Please reply as soon as possible.

Thank you.
Sincerely,
williams.

N:B
HENCEFORTH, ENDEAVOUR TO MAIL ME BACK TO THIS MY PERSONAL
E-MAIL BOX.

February 4th, 2005

Solution to Trackback Spams

» ,

Several MT users has emailed me to write a Captcha solution to the latest trackback spams problem. Unfortunately, Captcha cannot be easily integrated with trackback. In fact, trackback spams are harder to catch because both legit and spams trackback are normally send by machines so any tools that tries to differentiate human from machine will not work.

Nevertheless, I promised to do something about it so here is it: MT-TrackbackAntiSpam.
(To install, unzip, put it in your plugins/ directory and make sure it is executable)

The way it works is fairly simple – if the incoming trackback does not come from the host as stated in the URL, we reject the trackback. For example, if a trackback from url http://online-poker.psxtreme.com/ comes from 194.63.235.156 (an open proxy), then it is likely to be spam. (online-poker.psxtreme.com does not resolved to 194.63.235.156).

This solution has two pitfalls however: (1) it does not stop spammers from sending trackback spams from their own host – a small problem for now because spammers has been hiding behind open proxies (2) it may reject legit trackback if it is not sent by their blog-engine (e.g. blogging client)

Nevertheless, I been using it on my Drupal4Blogger for a while and it has been working well. I hope this works out for MT users too.

December 11th, 2004

More casino comment spams

» ,

I got more of these casino comments spam in the last 3 hours. This time the tactic is a bit different – using a bug in my Drupal for Bloggers where I forgot to check for empty captcha to get their comment spam through. Like the last time, it comes from different IP addresses and the referer has also disappeared. So the best guess is that it is embedded in some casino software which then invoke the browser to spam.

While the last attack has incomplete comments body, this time it post with complete sentence except the URL points to an non-existence host. Looks like their tool is still work-in-progress: the bad news is they seem to use my site as a development kit :P

ps: In particularly, they are attacking my entry on captcha for movabletype.

November 7th, 2004

It is spam if i dont like it

»

The latest news going around is Microsoft is spamming. What’s the hell is going on? I mean they are suppose to be the ‘Good Guy’ in antispam?

Apparently, the whole thing started because Bob Poortinga posting to SPAM-L which then get proprogated into places like Interesting-People. Normally, such silliness will end but somehow a Washington Reporter thinks this could sells some paper and write a story about it. Well done: Guilty before proven Innocent.

Bill Gates posted his Towards a Spam-Free Culture over the same email channel last year but no one complains about it been spam at all. Strange isn’t it?

Don’t get me wrong: I think Steves’ email is bias but the fact I don’t like what he say does not make his email a spam. And I have strong believe Microsoft will come out clean here. But *sigh*, there are people willing to make a Linux crusade into an Spam problem and (not) surprisingly people falling for it.

As I argued in APCAUCE list, such incident is dangerous especially for opt-in advocates. It sets an example of how one could potentially be in a position of ‘guilty before proven innocent’ and would certainly not go down well with the law makers. We are just doing ourselves in. Thank you very much Bob.