Why You Want to Pay for Your Reputation Database

As some of you may know,  ORDB.org (aka the Open Relay Data Base) was one of the original real time or IP based black lists. The idea was that as your mail server or anti-spam service (like CudaMail) was getting a connection from a sending mail server you could ask ORDB.org if the senders IP address was known to ORDB and if it was you had a pretty good idea that you didn't want to accept this e-mail as it was most likely spam being routed through an open relay mail server.
 
Well after running as a free service for years the ORDB.org service was shut down on December 18, 2006 and instead of replying it would just time out.  Not a big deal and since your mail server didn't get a reply either way you went on to other tests. They announced that they were going off-line and at some time in the future they would be replying with a positive result to any new queries. This has happened many times over the years with various free anti-spam databases for a variety of reasons. Most administrators didn't notice the ORDB.org announcement or put the removal of this test on their 'to do' list and promptly forgot about it until now.
 
So on March 25, 2008, after giving fair warning, the DNS servers for ORDB.org started to answer every query with a positive result. All mail servers still using a SPAM filtering solution that references ORDB (relays.ordb.org) started to immediately block all incoming e-mails regardless of their real status as spam sources. You can't blame the admin of ORDB.org as they were doing this service for free and had been paying for the bandwidth used up by all these timed out queries for the last 2 years.
 
While the CudaMail system does still use some of the no charge databases out there to block spam it does not use ORDB.org. Barracuda Central has also been actively working on their own internal reputation system. The Barracuda Reputation system is very mature at this point with the end result is that this database is flagging new spam sources before the no charge databases like ORDB.org used to do. The real benefit of Barracuda Central maintaining this database is that there are dedicated people paid to maintain it as part of their business plan and the problems experienced by people who rely on the free databases will not happen to CudaMail.

Now go have a nice spam free day!

- Shaun Sturby

What is 'False Spam?'

False Spam are messages that are blank or contain garbled text with no links or real message.

Yes, they are unwanted messages but there is no real 'body' to the Spam - just some garbled words. The message that the Spammer wanted to send was not included and thus these messages are ineffective as Spam.

Why would the Spammers want to send 'False Spam'?

Just speculating here but it could be anything from someone doing a 'test spam run' that got away on them and sent nonsensical random text without the advertisement. If that is the case then 'Silly Spammer - you wasted your money on this one!'

It could also possibly be an effort to see what did get through by utilizing the 'Out of Office' or 'Delivery Receipts' to capture valid e-mail addresses. If the Spammer gets any response back except 'undeliverable' then they know that there is a valid e-mail address on the other side. It is a good idea to not send these 'Out of Office' messages outside your organization if at all possible. It is also a good idea to disable the 'Delivery or Read receipts' in both your e-mail client and your mail server as some people rely on them.

A third possibility is that Spammers may be trying to poison the Bayesian or statistical database by sending out these random words and phrases. A poisoned database will make it that much harder to pick the Spam out of the noise and could result in more false positives.

Rest assured that CudaMail is working hard to clean up these 'False Spam' messages as quickly as we can.

- Shaun

Will Robert Soloway's Guilty Plea Mean Less Spam?

Notorious 'spam king' Robert Soloway has pleaded guilty to additional charges (fraud and tax evasion) related to his previous conviction for sending out huge volumes of Spam.
 
US Department of Justice indictment against Soloway:

> www.usdoj.gov/usao/waw/press/2007/may/soloway.html

Seattle times article on Soloway's guilty plea on the new charges:

> http://seattletimes.nwsource.com/html/localnews/2004283998_spamking15m.html 

The question to the reader therefore is 'Do you think that this sentence will result in less spam to your inbox?'
 
Sadly the answer is probably 'no' as the trend in Spam is still increasing and human nature, on both sides of the equation, being what it is won't change.
 
There are a number of sites you can go to if you want to look at Spam trends and one such site is Barracuda Central:

www.barracudacentral.com/index.cgi?p=spam
 
You can go there if you want to look at the pretty graphs but the number that jumps out at me is that worldwide the number of messages processed by all Barracuda Anti-Spam Firewalls yesterday was over 2 Billion. 2,277,470,908 to be exact and of that number the vast majority or 2,170,841,992 (95.32%) were blocked as Spam. This is in contrast to the same statistics a year ago where the number of messages processed per day was around 1 Billion per day and the Spam percentage was around 92%.
 
Sadly, the Spam mix is still about 50% off-brand pharmaceuticals and about 25% knockoff products which tells you what is profitable to the Spammers. If people stopped responding to these advertisements and voted with their cash then the Spammers would not be profitable and would have to look elsewhere for their next easy meal.

Will human nature change overnight?
 
Probably not. Consumers want a good deal and are not likely to change and the Spammers have found a financial niche that they fit into so expect the volume of Spam to continue and even increase as the effectiveness of anti-spam solutions like the Barracuda appliances, which CudaMail is powered by, makes the Spammers job that much harder. They will ramp up their efforts to sneak Spam past such solutions rather than change their nature.
 
- Shaun

The Wild Wild West of a Civilized World

A recent report that Spammers are taking advantage of the interest in the US Elections to try and peddle Viagra along with the other things that Spammers are taking advantage of - like Valentines day - make me think that things are getting worse instead of better and also makes me wonder if we are going to have to go to some form of 'walled city' for our e-mail.

The SMTP standard was designed to be open and people at that time (about 30 years ago now) wanted such an open system that there are now gaping holes that Spammers are using to send a deluge of Spam to our users.
 
What the Spammers are doing at the moment must be effective because I review the daily logs from our systems and this is really brought to light when on a Sunday, not a typical business day, our systems processs in excess of 1.5 million messages. Out of that number less than 13,000 or LESS than 1% (0.866%) were allowed through to the mail servers. Now we don't claim that we can block 100% of Spam so there is a very small percentage that get's through so let's say that 1/10 of 1% of the 13,000 is Spam. That means that out of 1.5 million messages only 13 Spam messages got through to our users.
 
This brings up two interesting questions:

1. How many people are buying from Spammers?

- If only a handful of messages are getting through the Spammers must have a high close ratio and a high margin to make this make economic sense.
 
2. Are we going about solving the Spam problem the wrong way?

- Why should we have to process 1.5 million messages when less than 1% are legitimate?
 
Some organizations have to be more open to whom they accept e-mail from because that is the nature of their business - online sales from almost anyone - but what about those organization that only get a few e-mail messages from a few select partners? Could they setup a closed e-mail system where there is a process to be added to their accept list and reject all other e-mails? They could even setup 2 e-mail domains. The first with a few common e-mail addresses like sales@ support@ and billing@ for their public mail presence and the second - by invite only - domain for their real mail boxes?
 
The first domain will get a ton of Spam but will act like a switchboard with only a few select people having to review the messages and forward them internally to the people that will take action on them. The second domain will not accept e-mail from just any domain so it will be very easy to track down the source of any "Spammy" messages and stop them.
 
What do you think? Have you thought of or implemented a 'walled city' plan for your e-mail? Let us know in the comments.
 
- Shaun

Don't Get Tricked By e-Card Spam!

According to this article at the Internet Storm Center (http://isc.sans.org/diary.html?storyid=4054) the bot handlers are working to build up their Spam sending bot network by sending out e-Card spam.

These seemingly harmless e-mail's claim that there is something special for you, either a joke or a surprise and more often than not will trick you into opening it.

Be part of the solution and don't get tricked by these e-Cards. If you know the sender then confirm with them (not by e-mail) that they really sent it to you.

If they didn't send it or if it is sent anonymously then don't open it no matter how curious you are. There are a lot of other joke sites on the Internet or you can always go have a chat with your Grandpa. :)

- Shaun