You know the spam houses have merged their databases with those used by the junk 'snail mail' services when the spam you receive is totally personalized and customized for the receiver.

Date: 5/30/06 2:47 AM
Received: 5/30/06 2:47 AM -0400
From: rblackburn@mortgagesprocessing.com (Robert Blackburn)
To: <my email address> (Seth Dillingham)

Dear Seth,



Our office is attempting to follow up with you in regards to your MYSTIC Home.

Your home is located in the 06355 streamline refinance zone and qualifies for a payment reduction of $48780 (which is a 38% savings per month) over the next 24 months.

Our Service is Free of Charge to the homeowner and we require No Checks of any kind with Zero Upfront Fees.

Please call our office at 1-866-570-0858 we are standing by to serve you.


Sincerely,


Debra Masson
mortgagesprocessing.com – MYSTIC Office
6303 Owensmouth Ave
10th Floor ME-15
Woodland Hills, CA 91367
d.masson@mortgagesprocessing.com
1-866-570-0858





This message is confidential to Seth Dillingham regarding 76 DOGWOOD LN Property on May 18, 2006. And was brought to you by mortgagesprocessing.com if you received this by error or feel that you should not have received this communication please contact abuse@mortgagesprocessing.com

Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.

This piece of spam contains my office phone number, my home address, and my zip code! This is much more sophisticated than the spam of the old days.

On the other hand, they clearly don't know everything about us. We've been renting the same house for almost eight years.

Still, I can see how this extra information could easily persuade people to think the message was legitimate. If I owned this house, the biggest clue would be gone and all that would be left would be the fact that I received a dozen copies of the same message. ;-)

I don't get it. Spammers have been signing up on my site (and others), and then posting 'unsolicited commercial messages'. This has now happened five times here on [tw], and I've seen it happen on other sites, too.

No, I'm not stupid. I know spammers do that all the time. The problem is that they've been doing it *manually*.

What profit or advantage could there possibly be in non-automated spam!? Is this just about search rank?

The logs make it clear that it's being done manually. If you follow the logs, you can him/her making mistakes, going back and trying over again. In the end, s/he posted an incomplete message and had to do it a second time.

What's the deal? Has anyone else seen this sort of thing?

Other than unpaid, unfed, slave labor -- literally -- I can't imagine the cost of any human labor being low enough to generate any chance of profit.

Perhaps it's just about page rank?

Maybe I'll just chalk it up to stupidity. (But somehow that just doesn't feel right.)

Levi pointed to an Interview with an Internet Vampire, also known as a Link Spammer.

Reading the interview, I have to admit that I agree with a lot of what he says. He's able to take advantage of weblogs because they simply aren't designed, in any way, to stop him. Most of them hardly do anything to even slow him down. We (the software developers on the other end of the system) spend most of our time making the software more feature-rich and easier to use, and expend very little effort on preventative measures. Lots of reactionary measures, very little prevention.

The interviewer misunderstood one of "Sam's" comments. He said:

Will the initiative by Google, Yahoo and MSN, to honour "don't follow" links defeat Sam and his ilk? "I don't think it'll have much effect in the short, medium or long term. The search engines caused the problem" - we didn't quite follow this bit of logic, but Sam continued - "and they're doing this to placate the community. It won't work because most blogs and forms are set up with the best intentions, but when people find hard graft has to go into it they're left to rot. To use this, they'll all have to be updated. The majority won't be. And there'll just be trackback spamming."

By this Sam means spammers setting up their own blogs, and referencing posts on zillions of blogs, which will then incestuously point back to the spammer, whose profile is thus raised.

Not a big deal, but I'm pretty sure Sam was literally referring to "trackback spamming." Trackback is supported by most weblog software these days. Most sites just accept trackback pings without doing any verification whatsoever. You send a ping claiming that you've linked to them from an online casino or pillz site, and they'll just include your link on the page, automatically.

How easy is it to write a script that sends trackback pings? I wrote one in ten minutes, to help me test Conversant's trackbacks as they were being developed. Another five minutes and I could have been crawling the output from sites like weblogs.com, and sending pings to every site I found. There's really nothing to it.

(Note that my script stopped working with my Conversant sites once I put in the test to make sure that the incoming ping was legit. However, if a spammer really wants to hit Conversant sites, he'll find a way around this problem. I have more tricks up my sleeve, though.)

This morning, I set up my first Sender Policy Framework (SPF) record for one of the domains hosted by Macrobyte.

SPF is a new type of DNS record which is designed to prevent (or at least limit) email spoofing. Basically, Server B is receiving an email from Server A. Server A says the mail is from yourname@yourdomain.com. Server B checks the DNS for yourdomain.com to see if Server A is allowed to send email for yourdomain.com. If it is, great. If not, it's considered a spoof (what happens from there is probably up to the administrator of Server B.)

The SPF wizard makes it easier than it would have been otherwise, but it's still a huge pain in the butt. It's made especially difficult by the fact that all of the domains we host have mail sent through the clients' home ISP's. The names of those ISP's — or anyone other domain through which a client might send a legitimate email that appears to come from the domain we host (got that?) — must all go into the SPF record. In other words, if I host your domain foo.com, and you occasionally send mail from yourname@yourdomain.com through your ISP's mail server (which Earthlink, for example, actually requires), then I have to list that ISP in the SPF record.

If Macrobyte's DNS servers are going to include SPF records for all of the domains they host, then we have two choices: talk to every single client and work out a list of domains through which they might send email for the domain we host, or we can create a form for them to fill out so they can basically do it themselves.

With the latter route, of course, we then need to contact most of the clients who use it to correct the mistakes they'll inevitably make. This isn't their fault, though... most people understand literally NOTHING about the domain name system. I can't even imagine how I could explain what I need from them in a general way which will "click" with the average joe, nevermind allow them to fill out a web form with the information I need.

In the end, I'm probably going to start with the most technically adept clients, and work from there. One client at a time. Perhaps it will become easier as I gain experience, and I'll find the right way to ask the right questions.

Since Macrobyte's new server needs to be configured from scratch anyway, I decided to check the status of SpamAssassin 3. If it was ready, I'd start out with that rather than 2.63. Unfortunately, it's not due out until next month.

Still, it looks great! Check out the release notes for SpamAssassin 3.0.0-pre2, which is expected to be the last pre-release version. It looks like they've improved nearly everything, and they've rolled in most of the custom rulesets that we're all using anyway.

Lots of performance improvements, too.

Oh, and I see they've built in support for SPF, the Sender Policy Framework. I've been trying to ignore SPF since I first heard about it, as supporting it will require a lot of changes to DNS, the mail servers, and probably other areas. Now that some of the big guys (like Hotmail) are supporting or planning to support it, I'm starting to think it's not going away. Yippee.