The Musings of Chris Samuel

There’s been a lot written about a spammer listed by SpamHaus sueing them in the US, but this lawyers account is worth a read. Basically it looks like SpamHaus made a legal mistake in the way they dealt with the US court:

3. That said, Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. [...] it would have been possible for an attorney to make what is known as a “special appearance” before the court without acknowledging the court’s jurisdiction in the case. Reading the record, I’m puzzled that this wasn’t the strategy Spamhaus’s counsel chose.

4. Unfortunately, since that’s not what happened, Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today).

Most importantly, he says:

9. Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S. Talk all you want about the evidence that you believe demonstrates e360 is a spammer. Talk about how important Spamhaus is to the functioning of email. But calling the judge stupid doesn’t help the case. Given the record, the judge had little choice other than to do what he did. So far as I can tell, Spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.

Anyway, he says a lot more than that so please go and read.

Update: The spammer who is suing SpamHaus is now being sued themselves in California on 87 counts of spamming.

Someone tried to spam me with the subject “bearded civilize“. How did they know ? Us bearded people are the only true way to civilisation!

This is almost a program falling for the SULFNBK.EXE hoax.

From ZDNet:

Some Windows 2003 users have been experiencing problems with the operating system after CA antivirus software wrongly detected part of the operating system as malicious software last week.

I could beg to differ with about detecting Windoze as malicious software being wrong..

CA could spin this in one of two ways, either the eTrust virus checker signature for Win32/Lassrv.B had an unfortunate bug that caused unwanted side effects, or, the virus checker was taking extreme proactive measures to protect the rest of us from Windows systems being used as spam sources and denial of service zombie botnets.

I was very puzzled to see Russell Coker write:

Therefore the only acceptable method of dealing with spam is to reject it at the SMTP protocol level. Currently I am not aware of any software that supports Bayesian filtering while the message is being received so that it can be rejected if it appears to be spam, it would be possible to do this (I could write the code myself if I had enough spare time) but AFAIK no-one has done it.

I’ve been doing exactly this with Postfix, amavisd-new and SpamAssassin for many years now with great success, rejecting spams at the SMTP level via Postfix’s pre-queue content_filter mechanism using SpamAssassins Baysian filtering, anti-spam rules and blacklist support.

Unfortunately because Russell is using Blogger and requiring people to register I can’t leave a comment for him (as I’ve no desire to sign up for an account with them just to leave a comment).

Update: Corrected link to point to the actual post on Russells blog that I’m talking about!

This is a type of information attack where the attacker is attempting to bury an unfavourable article in search results through posting a large number of other articles that contain the keywords that they wish to obfuscate.

Had a 419 spam this morning that slipped through the filters (now fed to SpamAssassin) that started with the following - do they know something that I don’t ?

Dear Fiend,

Sadly it’s probably just an attempt to evade the “Dear Friend” test..

0.8 DEAR_FRIEND BODY: Dear Friend? That’s not very dear!

It used to be the joke was “Friends don’t let friends do Windows” - well now it’s a case of many a true word spoken in jest.

The UK anti-virus company Sophos is reportedly recommending that you don’t use Windows any more due to its increasing vulnerability to attack.

Security threats to PCs with Microsoft Windows have increased so much that computer users should consider using a Mac, says a leading security firm.

As someone who is constantly having to fight spam because of Windows PC’s that have become infected by viruses, trojans and other malware I second the call - please think twice before buying a Windows PC!

Recently I’ve added a three new tools to my anti-spam arsenal. A few weeks back Rich gave me a heads up that he’d gotten the time to modify the WP 2.0 Akismet plugin to allow you to simply ban spamming IP addresses to your blog based on what Akismet classifies as spam.

Basically you get a top-10 of comments ordered by IP address and URL allowing you to quickly dispatch (and ban in the case of IP addresses) those evil posts. It works rather nicely, I must say.

This evening I’ve just added the Did You Pass Maths plugin from Aussie Steven Herod which is kind of a numeric captcha plugin for comments.

But this won’t stop trackback spam which seems to come in bursts, so I’ve also added the Trackback Validator Plugin from the Computer Security Lab at Rice University which visits the referrers of trackbacks received to ensure that there is really a link to you from that site in that page.

It’s not infallible as spammers can still configure a fake blog with links to your site, but they believe that when that happens it is no longer completely a spam trackback as it does originate from a real posting somewhere - just that you may disagree with the content and agenda behind it.

So, we’ll see what happens!

Upgraded to Bad Behaviour 2.0 Beta 1 as a test - if you are having problems and getting blocked and can see this through an RSS aggregator like PLOA then drop me an email (chris at csamuel.org will work) to let me know please!

In an attempt to trim down the load on my little Xen hosted box I’ve now added another two plugins to my install here after finding good recommendations for them out on the web.

Continue Reading »