March 2010 Archives

Every so often, the Google news alert that feeds me a steady diet of spam-related news throws up an article written by someone who we might charitably call a 'non-expert'. Sometimes it's a junior journalist who has been told by his editor to go away and write something about spam. Sometimes it's a columnist who wants to share their own frustration or some folksy wisdom on the subject.

In the best cases, there's usually little new or actionable information in the piece. The better junior journalists just summarize a few other articles on the topic, while the columnists let their readers know that spam is making them sooooo mad. In the less good cases, the writers obviously haven't quite understood what they read, so the article is full of misinformation. And in the worst cases of all, the writer may try to offer advice, usually based on their own cursory study of the issue. These are the ones that have me screaming "No!".

So how bad is Microsoft's spaces.live.com spam problem?

Recently, I've been seeing heavy use of spaces.live.com URLs as spam gateway pages, promoting everything from pills to fake watches, from Russian brides to — embarrassingly for Microsoft, whose own products are among those offered — pirated software. The use of these domains gives spam messages a kind of limited 'respectability'. Instead of directly listing the Chinese-hosted sites that sell their products, easily identifiable by spam filters, they can trade on the name of the corporate giant to get the message through.

Spamhaus has announced the Spamhaus DBL, a new spam-blocking advisory list, based on near realtime listing of known spam 'landing page' domains. A new version of SpamAssassin with support for the DBL is available.

It will be interesting to see if the DBL includes domains registered by affiliate spammers, who are a constantly-growing nuisance, as well as the more conventional high-volume pills and fakes spam.

If the DBL does prove effective, we can expect to see spammers redouble their efforts to exploit 'clean' domains. For example, Microsoft's 'spaces.live.com' service is currently infested with spam landing pages. Other currently popular tactics used by spammers include exploiting URL shortening services, or simply using security loopholes to allow them to upload gateway pages to legitimate servers. These are not cases that can be detected by a domain-level blocklist like the DBL, or at least not without the risk of false positives.