Pernicious Spam
One of my users is getting some spam that is really annoying to deal with. I've seen users get hit much worse (usually by backscatter) but I still think this is an interesting story to tell.
The spammer typically sends 5-10 emails per day from a gmail account. Usually by the next day he's sending from a new gmail account. Thus the mail is coming from a trusted source and we can't block by sending IP or domain. Blocking the email address is barely worth the effort since he will change again tomorrow.
If we had other tools at our disposal we might have a better chance of blocking. Personally, I feel that the anti-spam service we pay for should block these things and we should rarely have to add manual blocks.
The Display From name is actually consistent so I was able to have the user set up a client-side rule that forwarded the message to abuse as an attachment and delete the message. I dont want to repeat the name and social security number in the from field, but if you google it there are a ton of blog/forum spams of the same crap.
The recipient list is kind of interesting. Its a long list of NASA, Government, military and Voice of America addresses.
The other interesting thing is some of the messages are long repetitive rants that bypass our spam filter because the message size is too big to be considered spam. That seems like a bad idea.
Categories
Spam0 TrackBacks
Listed below are links to blogs that reference this entry: Pernicious Spam.
TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/721
2 Comments
Leave a comment
Powered by Ajax Comments
Roger, happy(belated) 4th blogaversary!
Found your site while searching for endpoint data security products, are you familiar with GuardianEdge's offerings?
I can't believe I missed my blogaversary. I normally post those.
I do have a couple posts about GuardianEdge. We have used GuardianEdge Hard Disk for about a year. (I think it was called GuardianEdge Encryption Anywhere Hard Disk when we bought).