Sunday, July 02, 2006
Friday, June 30, 2006
These do a great job of stopping mail because people become part of a community.
Your large ISPs now offer a similiar service if they have a "report spam" button. Ultimately, people are, on average, a good read about what is spam, and what is not. Some major ISPs, such as hotmail.com, aol.com, earthlink.net, and yahoo.com have these features built-in.
Wednesday, June 07, 2006
The news of the Texas Attorney General lawsuit has been released.
I am pleased to announce that I am now a part of the anti-spam community, having started an internet security company – Pitylak Security – that offers my clients advice on systems to protect against spam.
Over time I have come to see how I was wrong to think of spam as just a game of cat and mouse with corporate email administrators. I now understand why so much effort is put into stopping it.
The settlements with Microsoft and the Attorney General’s office have been a serious reality check: harsh, but good, and in the public’s best interest.
I’m now working earnestly to help other entrepreneurs avoid the traps that deceived me and led me to make questionable business choices.
As a recent graduate from the University of Texas with honors degrees in economics and philosophy, it's my goal to apply what I've learned and use my entrepreneurial talents to help others.
- Ryan Pitylak
Monday, June 05, 2006
After receiving some great comments in this posting, I'm revising it to explain to my visitors that there is some valuable content in this comments section. Some people have been asking me questions about spam and how they can get around some specific problems related to their spam. Herein I'm explaining my advice on how to resolve these issues.
Please post any spam-related problems you are having and and allow me to comment on them.
Sunday, April 30, 2006
Monday, April 24, 2006
Unfortunately, spam should be on the rise for the distant future. As technology gets cheaper to send spam, people will send more of it. Eventually, the returns to sending spam will decrease as filters get better, but that'll only create incentives for spammers to send out more emails, because whatever few pieces of email get delivered will be very valuable. You will continue to see a trend towards off-shore emails that are hard to track, and therefore hard to immediately isolate as problematic. On-shore email blasts will continue to become more legitimate looking, and some of these companies will try to break into the opt-in email business. Unfortunately, most spammers won't handle opt-in email with care, and those lists will slowly be handled in the same way that email lists that are not opt-in are handled.
Get more information about spam blocking and the spam business here at the anti spam blog.
Return-Path: <firstname.lastname@example.org> Tall tell sign that this is spam. A hotmail account is a perfect way to mask your true identity, and therefore counts negatively towards the spam score.
Received: (qmail 24192 invoked by uid 78); 24 Apr 2006 09:45:32 -0000
Received: from unknown (HELO ns-mr11.netsolmail.com) (22.214.171.124) by 10.49.37.11 with SMTP; 24 Apr 2006 09:45:32 -0000
Received: from hotmail.com (bay23-f10.bay23.hotmail.com [126.96.36.199]) by ns-mr11.netsolmail.com (8.13.6/8.13.6) with ESMTP id k3O9jWLk008495 for <--------->; Mon, 24 Apr 2006 05:45:32 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 24 Apr 2006 02:45:00 -0700Message-ID: <BAY23-F104315454E70A409B46FB9B0BE0@phx.gbl>
Received: from 188.8.131.52 by by23fd.bay23.hotmail.msn.com with HTTP; Mon, 24 Apr 2006 09:44:48 GMT But wait, could it be? Is this a hotmail server?
From: "willico willi" <email@example.com>
Subject: urgent plea for assistance It sounds urgent! Most people don't urgently plea, but we'll let that slide.
Date: Mon, 24 Apr 2006 09:44:48 +0000
Mime-Version: 1.0Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 24 Apr 2006 09:45:00.0737 (UTC) FILETIME=[C1426B10:01C66783]
... This is starting to look like every other piece of Nigerian spam I've received.
Well, without investigating further about whether hotmail pick ups you ip address when sending out email from their network, I can't comment about whether the email went through hotmail's servers, or whether the email was sent by forging headers.
The IP address 184.108.40.206 does not appear to be a hotmail IP, so if hotmail doesn't pickup the sender's ip address, then this definetly forged.
However, if hotmail does pickup the ip address of the sender, then the sender could be some guy in South Africa sending out email through hotmail.
Regardless of what happens, this emphasizes the importance of having the technology in place to detect these guys before this spam gets into the inbox. Also, reactive technology that can detect this crap and then delete all of the previously sent out email from this spammer would be helpful. Something that I think is great about the new landsapce of email is that emails do not need to be detected as spam right away. It's hard to determine if some emails are spam immediately, so taking some reactive measures after the spammer has been identified would mitigate this problem.
Of course, some email programs are real-time, and therefore making reactive decisions will not work, but ISPs where the email is stored at the same location as the anti-spam software(i.e. Aol, Hotmail, Yahoo, Gmail, etc), this will eventually be possible. This could help in the fight against spam, and only server-side email hosting solutions will be able to provide this service (unless an email add-on is created for outlook/etc).
This is probably a very arduous request however because of the sheer volume of email that large email servers receive. I think there is a middle ground somewhere. We'll just have to think, as an anti-spam community, about where that middle ground lies technologically. Maybe alternative approaches would be effective? I'd be interested to hear anyone's comments on this important issue.
Monday, April 03, 2006
Several major internet service providers, such as America Online, Microsoft, and Earthlink all use Brightmail’s anti-spam technology as a part of their technological arsenal used to fight against spam. Brightmail is not the only service available, but server-side anti-spam technology ultimately works better than client-side anti-spam technology. Server-side technology consists of anti-spam software that is managed by the internet service provider. Client-side technology consists of anti-spam software that is managed by the consumer on their computer.
Also, you have to be very careful where you submit your email address. If you’re submitting your email address to any service that you don’t trust implicitly, then you should setup an alternative email account that is used specially for these transactions. That way, if spam starts to become a problem on that temporary account, you can cancel the account and setup a new username.
Do not put your email address on your website. Email spiders look across all websites looking for email addresses that can be used to spam. These are considered very good email addresses to send emails to by the spammers that are not very successful. These spammers are more likely to use spamming techniques that gets email delivered by breaking criminal law.
If you do start getting emails, unsubscribe yourself from those emails as soon as you get those emails. Very few spammers sink so low as to email their unsubscribes on a regular basis. Spammers understand that these are people who do not want to get email, and that they are vocal about it, and can therefore spammers do not typically want to email these people. By emailing these people, the spammers risk getting their internet service shut down, which is a major problem for a spammer. Ultimately, if you get into a position of getting spammed, you need to try to remove yourself from these emails. This does not always work, as some spammers will email you more after you unsubscribe, but this is not typical.
If a spammer is being persistent, then you can report the spammer to its ISP. This starts to get technical, but you can determine who are hosting the spammers by running this command in msdos (cmd.exe): tracert www.spammersdomain.com. The last few lines will be the spammers internet service provider. Complain to those businesses by going to their website and finding their abuse section at the internet service provider’s Contact Us section. There are tools that automate this process. SpamCop offers an excellent product that allows a user to easily report spam. This is by far the most effective way to combat spam.