My Spam analysis for Jan 5 - 11, 2009
Spam Spam Spam Spam Spam Spam Spam! That repetition of the word Spam comes from a comedy routine by Monty Python's Flying Circus, in 1970. They were referring to the canned cooked ham products that have been marketed by Hormel Foods since 1937. While canned Spam is still very much alive and well, so is another kind of so-called spam; unsolicited commercial email (UCE). This is the crap that contaminates email inboxes with all manner of junk promotions for fake pharmacies, counterfeit watches, pirated software, junk stocks, fake Viagra, bogus male enhancement products, fake diplomas, phishing scams, bogus loans and Nigerian 419 financial and lottery fraud scams. We call junk email spam, based on the Monty Python skit that abused the word by repeating it over and over again, to the point that it becomes obnoxious.
There are quite a few different types of email spam and my Spam Analysis articles categorize them according to what junk they are promoting. To do this I use a commercial email-screening program named MailWasher Pro. MailWasher Pro uses a combination of user configurable filters, blacklists, and a Bayesian learning filter to identify what the users of the program consider to be unwanted spam email. Once messages are identified as spam they are deleted manually or automatically, based on the users' preferences (I prefer automatic deletion). Normally, MailWasher identifies three categories of email: Friends, Known Spam (via a subscription service called FirstAlert!) and Blacklist. However, because the program allows users to create their own filter rules, it can label and categorize many different types of spam messages. I have created many custom MailWasher Pro filters to categorize and delete spam and I use the "Statistics" reports each weekend to share my findings with the rest of the World. You can learn more about MailWasher Pro here.
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
Note, that the small percentage of reported spam is a recent development that began on November 11, 2008, with the takedown of the McColo server colocation hosting company. This company was allegedly turning a blind eye to illegal activities being conducted by spammers using servers hosted at the McColo facilities. Many of those servers were used by criminals to command and control the Botnets they owned. The compromised computers in those Botnets are used as zombie agents to send spam, scam and phishing emails, to launch DDoS attacks and to host hostile websites, all without the knowledge of the owners of those PCs.
MailWasher Pro spam category breakdown for Jan 5 - 11, 2009. Spam amounted to 12% of my incoming email this week.
HTML Tricks: (ex: vertical, colored, or right-aligned spam words) | 24.00% |
---|---|
Blacklisted Domains/Senders: (by pattern matching wildcard rules like: lin+met@+.de) | 16.00% |
Hidden ISO Subject: | 8.00% |
Fake "Canadian Pharmacy" spam (fake Viagra, Cialis, etc): | 8.00% |
Counterfeit Watches: | 8/00% |
Known Spam Domains: (mostly pharmaceutical spam) | 8.00% |
Misc. Pharmaceutical spam (inc. Viagra, Cialis, Levitra & misc. pills & herbals): | 8.00% |
Other filters: (See my MWP Filters page) | 4.00% |
Viagra spam: | 4.00% |
Known Spam Subjects (by my filters): | 4.00% |
Subject All Capitals or No Subject: (Nigerian 419 and Lottery scams) | 4.00% |
Miscellaneous filters: | 4.00% |
If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never buy anything that is Spamvertised and recommend you don't either! Remember, almost all spam is now sent from compromised home or business PCs, zombies in various Botnets, all of which are controlled by criminals. If you purchase anything advertised in spam messages, you have given your credit or debit card information to the criminals behind that enterprise. If you are really lucky you will only be charged for the fake items you purchased, but, if not, you might find your credit limit used up, or your bank account emptied (for debit card transactions), by cyber criminals.
Also, unsubscribing through links in botnet-sent spam messages is futile, as you never opted-in, in the first place; your email address was captured by an email harvester on an infected computer belonging to somebody you corresponded with. Instead of receiving less spam as one might expect (by unsubscribing), all it does is confirm that your email address is active and you will see even more spam than before.
Another common way your email address may get harvested by spammers is if it appears in a large C.C. (Carbon Copy) list on a computer that gets Botnetted. Many people engage in forwarding messages among all their friends. Each time they forward chain letters their address gets added to the growing list of recipients (called Carbon Copy, or CC). If just one recipient of that message has an email harvesting malware infection, all of the email addresses listed in that message will be sent home to the spammer behind that spam run.
Smart folks who want to forward or send a message to multiple recipients use B.C.C. instead of C.C. Using B.C.C. hides all of the recipients from displaying. The To field will just show "Undisclosed Recipients" in a message sent using B.C.C. This is safest for you and your friends or mailing list. All email clients have a means of displaying a B.C.C. field.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.