The 10 worst …

Spamhaus gave a bunch of us a preview of their new “Top 10 worst” (or should that be bottom 10?) lists at M3AAWG. These lists have now been released to the public.
sh_logo1
The categories they’re measuring are:

Nothing really surprising there, but it’s nice to see the numbers.
I have to wonder if the listing of the top 10 spammers will change the minds of some of the anti-CASL folks. To listen to them all the “real” spammers are criminals hiding over seas. But, according to Spamhaus, 6 of the top 10 spammers are in the US and two of the others are in Canada (albeit with Russian influence). Only two of the top 10 spammers are outside North America.
The other thing that surprised me about the top 10 spammers is that I recognize some of the names from names clients have mentioned to me as legitimate marketing partners and affiliates. These hard core spammers, some of the worst in the world, convince real companies to pay them money to send mail. It’s great for the spammers, they get paid whether or not mail is delivered. In my experience, though, it’s not so great for their customers though. Customers frequently end up dealing with major delivery problems, even for the mail the send directly.
Another thing worth discussing is the list of TLDs. This is TLDs that have the highest ratio of spam domains compared to the total number of domains in the TLD, it’s not a list of TLDs with the most spam domains. I expect that award goes to .com. I do expect this to be a volatile list. Spammers are, at heart, cheap con artists. While they will spend money to try and get their mail through, they’ll also try to find a deal when they can. As TLDs run sales and offer incentives, they’re going to attract more spammers.
I have heard some folks managing the filters saying that the new and non-standard TLDs are treated as guilty until proven innocent. I think until the TLD owners figure out they need to actually pay attention to abuse it’s best to stick with the mainstream TLDs.

Related Posts

What do you think about these hot button issues?

bullhornIt’s been one of those weeks where blogging is a challenge. Not because I don’t have much to say, but because I don’t have much constructive to say. Rants can be entertaining, even to write. But they’re not very helpful in terms of what do we need to change and how do we move forward.
A few different things I read or saw brought out the rants this week. Some of these are issues I don’t have answers to, and some of them are issues where I just disagree with folks, but have nothing more useful to say than, “You’re wrong.” I don’t even always have an answer to why they’re wrong, they’re just wrong.
I thought today I’d bring up the issues that made me so ranty and list the two different points of views about them and see what readers think about them. (Those of you who follow me on Facebook probably know which ones my positions are, but I’m going to try and be neutral about my specific positions.)

Read More

The dark side of email marketing

Everyone I talk to when dealing with issues inevitably has to tell me they are legitimate email marketers. They’re not spammers, they’re just business people. I often find it difficult to fathom why they need to tell me this. It’s not like email marketers are criminals or anything.
Two recent stories reminded me how evil some folks are. While I’ve not had any direct contact (that I know of) with any of the players on this end of things I have zero doubt that if they called me they would tell me that they were legitimate email marketers.
In one case, a members of a spam gang kidnapped the teenage daughter of someone investigating their activities. The gang held her for more than 5 years in horrific conditions. Yesterday Joseph Menn, author of “Fatal System Error” posted on Boing Boing that his friend got his daughter back. It is a heartbreaking story and incredibly sobering.
In another case, the Russian police arrested a man who ran spammit.com, a clearinghouse for viagra sellers to find spammers to send their mail. Reports say that mail volumes dropped by a fifth after the site was taken offline.
There is real evil in the email marketing industry. Sure, they’re spammers and we can all stand up and say they’re not legitimate. But, this is what the ISPs and Spamhaus and law enforcement are dealing with on a regular basis.

Read More

CASL botnet take down

biohazardmailThe CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing.
Bots are still a problem. Even if we manage to block 99% of the botnet mail out there people are still getting infected. Those infections spread and many of the newer bots steal passwords, banking credentials and other confidential information.
This kind of crime is hard to stop, though, because the internet makes it so easy to live in one country, have a business in a third, have a shell corp in a fourth, and have victims in none of those places. Law enforcement across the globe has had to work together and develop new protocols and new processes to make these kinds of takedowns work.
 

Read More