29 January 2007

Spam by the Bucket

Spam needs no introduction. Everyone who uses email suffers from a deluge of it. When you have our own web domain, you suffer even more. In this post I'm going to deviate from the chess topic to document a few spam stories related to my own domain, mark-weeks.com. It's not really much of a deviation, because the most important reason for maintaining the domain is to have a place to store chess info online.

One of the resources that usually comes bundled with a domain name is the ability to associate mail boxes with it. I can invent an email address like anyname@mark-weeks.com and have mail for that address forwarded to a destination determined by the value of 'anyname'. Most of my real, non-spam email is routed to the email address provided by my ISP, which I never give to anyone.

I use this feature to assign a new email address when I create a new web resource. For example, I have one page about Kasparov's career record and another about Kramnik's record. The first page has a contact address of kasparov@mark-weeks.com, the second has kramnik@mark-weeks.com. If someone stumbles onto one of those pages and sends me an email like 'I am a big fan of yours. Please send me a copy of your book and autograph it', (a message which I've received several times), I know from the email address who is meant, and can steer the correspondent toward the desired hero.

The downside of this scheme is that spammers collect email addresses from various web resources. Having many public email addresses means being listed many times in the spammers' databases of email addresses. This means getting multiple copies of some spam messages.

For the first five years or so that I had the domain, my scheme worked nicely, and I rarely had more than 50 pieces of spam of day. This is an annoying, but manageable, number. Around the beginning of 2004, spammers started to invent email addresses like john@mark-weeks.com or mary@mark-weeks.com. I suppose they did this to impress their own clients with the number of email addresses in their databases. Most of these addresses were rubbish, but spammers aren't known for honest business practices.

Within a few months I was getting as many as 5.000 messages per day, most of them for invented email addresses. I went on vacation for a week and found close to 30.000 messages when I returned. To deal with that quantity I had to set up special handling for spam. I routed it to a spam bucket, where I would scan the message subjects once a day to see if any real messages were mixed up with the spam. This system isn't perfect. A real correspondent who forgets to enter a message subject or who uses a subject like 'Hi there' isn't going to stand out from the 50 other messages with no subject or the 100 with 'Hey there' as a subject.

In the last few years, companies like Microsoft and Yahoo have been going after the spammers in a big way. The cases have been well publicized and have had a positive impact on the number of spam messages I receive. Now an average day brings around 1.500 messages; if I go away for a week, I have only 10.000 messages to wade through when I return home.

Once in a while the number of spam messages shoots back up to 5.000 in a day. This happens when spammers send a batch of messages out using mark-weeks.com as the sending email address. Many people aren't aware that nothing requires them to use a real email address when they send mail. If they use an email address like just_me@invented-name.com, the message will be sent without any problem. Their correspondents won't be able to reply to the message, but they will receive it.

A few years ago I played in an email chess tournament where one of the players had entered his own email address incorrectly in his PC software. When he sent a move, his opponents would reply to the bad email address, not realizing that the reply address was incorrect. Then the messages would bounce. It took about a week for the poor fellow to understand what he had done wrong and to correct it. In the meantime his clock was ticking in all games.

Getting back to the spammers, I imagine they select the domain for the outgoing email address at random. I see my own domain being used about once a month. How do I know when it's been used? After all, the messages are being sent not to me, but to other people. When a spammer has forged my domain, I receive at least three types of response from the target email systems:

  • Challenges from spam detection systems : These are messages like 'Please confirm that your message is not spam by clicking on this link'. Spam detection systems that do this are almost as bad as the original spam. Spammers don't sign their real email addresses, so these messages are just bothering innocent people who had their email address hijacked by a spammer.

  • Error messages that say the recipient's email address doesn't exist : This makes up the majority of the bounced messages I receive, since many of the recipients' email addresses were also invented.

  • Temporary glitches for real email addresses : These are messages like 'your correspondent's mailbox is full'.

Even worse than all this is that some email systems apparently think that the message really came from my domain. I suspect that mail sent using my domain is locked out by certain receiving domains.


Here's a real example that hit me last week. The spammers used the following image, followed by some nonsense text. Note the low quality of the image. The product, a diet supplement that is undoubtedly worthless, is popular among spammers.

I had thousands of specific examples to choose them. The first message I saved bore 'Undelivered Mail Returned to Sender' as the subject. The original message sent by the spammer had this header...

From: "Olin Tyson" <TadzKrhubarb@mark-weeks.com>
Subject: Re: Information

...The HoodiaLife image was linked to www.hcompanyy.com. A single batch of spam uses several different domains which are randomized across the different messages. This particular domain was registered to 'paul gregoire, vanier, on, CA'. The other domains that I looked at were registered to the same person. Since everything the spammers do is forged, I imagine this is a false trail as well.


The end result of this is that spammers are sending tons of email from invented addresses to invented email addresses. I'm sure that I'm not the only person who finds this scenario ludicrous. While doing this they are creating a headache for countless innocent victims.

Spam will never be regulated away. The spammers are the parasites of the web. The only way to elminate them is to cut off their funding. Please don't ever buy a product or service that was offered to you through a spam link.

No comments: