http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?hpid=topnews
In 2004 Jeremy Jaynes was convicted under Virginia’s Anti-Spam law for sending 10 million spam emails through AOL servers located in Virginia.
Virginia’s Supreme Court has overturned that conviction and struck down the Anti-spam law.
“The court unanimously agreed with Jeremy Jaynes’ argument that the law violates the free-speech protections of the First Amendment because it does not just restrict commercial e-mails.”
The weak Federal CAN-SPAM law that has done nothing to stop spam remains in effect.
Here is a link to the ruling.
Posts tagged ‘Spam’
Virginia High Court Strike Down Anti-Spam Law
Pernicious Spam
One of my users is getting some spam that is really annoying to deal with. I’ve seen users get hit much worse (usually by backscatter) but I still think this is an interesting story to tell.
The spammer typically sends 5-10 emails per day from a gmail account. Usually by the next day he’s sending from a new gmail account. Thus the mail is coming from a trusted source and we can’t block by sending IP or domain. Blocking the email address is barely worth the effort since he will change again tomorrow.
If we had other tools at our disposal we might have a better chance of blocking. Personally, I feel that the anti-spam service we pay for should block these things and we should rarely have to add manual blocks.
The Display From name is actually consistent so I was able to have the user set up a client-side rule that forwarded the message to abuse as an attachment and delete the message. I dont want to repeat the name and social security number in the from field, but if you google it there are a ton of blog/forum spams of the same crap.
The recipient list is kind of interesting. Its a long list of NASA, Government, military and Voice of America addresses.
The other interesting thing is some of the messages are long repetitive rants that bypass our spam filter because the message size is too big to be considered spam. That seems like a bad idea.
Starting Your Own Blog
A commenter asked for advise in starting his own blog.
The first step in starting a blog is deciding what its going to be about. Is it going to be about everything, your life, or just one topic. While some people post about everything, and separate their topics in categories, I think a work related blog like this should stay on topic. People came here a specific reason. They dont necessarily want to hear how my day was, what the dog did on the carpet, or what I think of Hillary. To do otherwise is kind of self-indulgent and abuses the loyal readers.
A lot of bloggers give their full name or use real whois info if they buy a domain. If the purpose of your blog is self-promotion, than you’ll have to attach your name to your opinions. I think when your real name is attached to your blog, it makes it more difficult to blog about work. Its too easy for someone to gather information about the company you work for. Even if you blog pseudonymously, I would recommend blogging as if who you write about will read it later. You dont want your management, co-workers, etc mad at you later if you do end up sharing the URL with them.
When it comes to setting up a blog you can go with a hosted solution (typepad, blogger) or you can go buy hosting space and set it up yourself (movabletype, wordpress). I use movabletype although wordpress seems much more popular. I enjoy tweaking the design templates, installing plugins and doing the upgrades.
In terms of content, original content is preferred over linking. If your blog contains nothing but links, why should I read your stuff? There are already a ton of blogs out there with little to no original content. Yeah, it annoys me that they get more visits based on their (copyright violation) cut and paste of other people’s work. When you do link, have a opinion and insight. Keep your quotes brief and clearly labeled. If your target audience is the general public then its not as bad to spend time aggregating data for them. Ultimately though if you’re blogging for the right reasons, then post what makes you happy.
In terms of promotion, I am really antispam and gaining eyeballs wasn’t my goal in writing. I added a link to this site in my sig on a couple of sites where I was already a member and frequent poster and I made sure google found my site. That’s about it.
So that is my two cents. There are plenty of articles out there on ‘movabletype versus wordpress’ or other things like ‘getting your blog noticed’.
Calendar Invite Spam
Trend Micro has a blog entry on calendar invite spam. I’ve been seeing that as well.
My biggest problem is reporting the spam. How do you get headers out of a meeting invite in Outlook? If I open the msg file the user forwarded, the headers are hidden by outlook. If I look in notepad, the text is encoded. Perhaps another mail client will be nicer.
In the examples I’ve seen the invite is from Google Calendar. Its another example of spam from a semi-trusted host.
Comments
I have installed the AJAX comment system. It has the side effect of requiring javascript being enabled in your browser to submit a comment.
I’ve also re-enabled anonymous comments. Hopefully the javascript will throwoff some of the automated comment spammers.
I’ve seen a press release from Yahoo stating they are implementing an OpenID beta at the end of the month. Hopefully shortly after that there will be a plugin to make using Yahoo accounts to comment here just as easy as using AIM accounts.
The spam filter has run amok
My MovableType spam defenses have kind of run amok. It was letting through a ton of spam which led me to disable anonymous comments. For its next trick it decided to trash valid comments.
The first method used for trashing valid comments was a rule that http:// shouldn’t appear in the commenter’s name field. That wasn’t a problem until openID. The crappy OpenID plugin I’m using doesn’t put the OpenID displayname in the name field. Instead it pulls a URL including the name and the server. A quick tweak to the ruleset fixed that problem.
The next issue I found was when my own comments were getting blocked (when using a test account not my regular comment account which is set up as a trusted commenter). The Spamhaus zen filter was blocking me. Back in July, MovableType reported that one of the old blocklists was going away and they recommended using zen.spamhaus.org instead. Since I like spamhaus I accepted that recommendation uncritically. Now I find out that “ZEN is the combination of all Spamhaus DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, the XBL and the PBL blocklist”. The problem is the PBL is he policy block list. Its like the DUL. Its designed to prevent end users from sending mail directly to recipient mail servers. They should go through the ISP mail server. That is not the sort of list you should be using with HTTP. Endpoint computer should be browsing directly to my website and making comments.
A better Spamhaus list to use is the XBL. Be aware however that according to Spamhaus, “The XBL contains mostly dynamic IP addresses, meaning the user you would be blocking is probably not going to be the user with the exploited computer. Please do not block innocent users.”
You’re probably better off forcing the user to prove they are human with a Captcha rather than using (misusing) block lists.
