Spam

Here is the good news: the amount of image spam in your mailbox may begin dropping off.

The bad news: that's because at least one spammer is switching from image files to PDF documents to carry their spam.

I received my first such spam today. Some Google searches show articles starting to appear this week on the issue. Here is one.

The spams I've seen contain graphic images—similar to the ones you probably are used to seeing already—only embedded in a PDF document.

There will be a lag while spam filters are retrained to find spam in PDF attachments. So expect several bumpy months ahead. Of course, once the defenses against PDF spam are in place, the spammer will switch to some other carrier, say MS Word documents.

This only underscores the point that content-based methods for identifying spam are a lose. Spam needs to be managed at its source.

Lazyweb: I wonder if there is a tool that would reduce the following collection of text lines to a minimal matching regular expression.

$EEK$UALLY E}}{PLICIT
$EEXUALY EK$PLICIT
$EKK$UALY EK$PLICITT
$EK$UAALY EK$PLICIIT
$EK$UALLLY EXXPLlClT
$EK$UALLYY E}{PLIICIT
$EK$UALYY EK$$PLICIT
$EXUAALLY EXPLICITT
$EXUALLLY EXPLIICIT
$EXUALYY EK$PLLICIT
$EXUUALLY EK$PLIICIT
$EXXUALLY EK$PLICIT
SEKKSUALLY EXPLICITT
SEKSSUALY EKSPPLICIT
SEKSUAALLY EKSPLICITT
SEKSUAALLY E}{PLLICIT
SEKSUAALLY EXPLlCllT
SEKSUAALY EKSPPLICIT
SEKSUAALY EXPLLlClT
SEKSUALLY EXPLlClTT
SEKSUALLY EXPPLlClT
SEKSUALLYY E}{PPLICIT
SEKSUUALY EKSPLIICIT
SEKSUUALY EXPLlClT
SE}{UAALLY EXPLICIT
SE}{UAALY EKSPLlClT
SE}{UALLLY EXPLICIT
SE}{UALLY EKSPLICIT
SE}{UALLY EKSPLlClT
SE}{{UALLY EKSPLLlClT
SE}{UALLY E}{PLICIIT
SE}{UALLY E}}{PLICIT
SE}{UALLYY EKSPLICCIT
SE}{UALYY EXPLICIIT
SE}{UUALLY EKSPPLlClT
sexually explicit
SEXUALLY EXPLICIT
SEXUALLY-EXPLICIT
SEXXUALY EXXPLICIT

The Bob Gammage for Governor campaign has started spamming me. Sorry, Bob, I vote for politicians that want to end spam, not ones who do it.

Political spam is ugly and annoying, but it's not illegal. That's because the politicans exempt themselves whenever they write laws to outlaw spam. Nonetheless, just because it's legal doesn't mean it's right. Spam is abusive and politicians shouldn't do it.

The exemption for politicians isn't necessarily a bad thing. Political speech deserves a much higher level of first amendment protection than commercial speech. Spam laws tend to focus on just the latter. That may be one reason why they've survived all court challenges to date. But it does create a huge loophole for sleazy campaigns to crawl through.

The Gammage campaign spam is some of the worst I've seen. First, the periodic mailings are annoying, ankle-biting screeds that just attack his primary opponent. Worst of all, there is no way to stop them. The campaign does not put an "opt out" link in the emails. If you try to respond to the email to ask them to stop, your message just bounces. This goes beyond annoying into the realm of incompetent, which is not a quality I want in my Governor. (By the way, I hadn't a position of any kind in this race until Gammage started spamming me.)

The reason why politicians spam is that it's a cheap and easy way to reach people. Traditional mechanisms, such as covering a neighborhood in door hangers, take significant money, effort, and volunteers. Those factors are built-in inhibitors: there is only so much a campaign can do, and they have to work hard to make sure what they do is most effective. Spam, on the other hand, requires few of these resources, so candidates can, if allowed, send you as much crap as they want.

The best way to end spam is to make it ineffective, so here is my plan: from now on whenever a politician spams me I will make a nominal donation to their opponent. If enough people do this then politicians would be harmed more than they are helped by campaign spam. Then maybe they will stop. Or, at least, maybe we'll elect fewer spammers to office.

Gregg Knaupe is running for a seat on the Austin City Council. Gregg Knaupe is also a spammer.

Greg scraped the City of Austin web site, downloaded the list of city board and commission members, and added all of us to his emailing list without asking. Because of my interest in city affairs, I probably would have tolerated a one-time mailing. This, however, is unacceptable—not to mention a likely violation of the terms of service of his mail sending service.

I cannot imagine supporting somebody for elected office who displays such poor judgment. Could you?

In a previous article, I complained about spammers who were pretending to collect funds for tsunami victims. Turns out, the practice became widespread quite quickly. Now comes some good news. At least one of the bastards has been caught.

It's been an awful long time since I've been upset or offended by a spam message. I recently received a spam from one of the Nigerian fraud spam gangs. The advance fee fraud these scammers run typically prey on the greedy and stupid. This time, however, they were pretending to be the Red Cross, collecting funds for tsunami victims. I hope there is a special room in hell reserved for these evil people.

Recently, I ordered a gift box of salsa from Jardine's Foods (of Buda) for my mom. Jardine gave me an extra little present that is causing me indigestion: they started spamming me with junk email advertisements.

Technically speaking, even though the unsolicited email is annoying and abusive, it's not really spam. That's because I bought something from them, so I have a business relationship with them. It's generally considered acceptable for businesses you work with to email you, but most reputable companies will at least verify you want to opt-into their advertising materials before they start spamming you.

So, I today I severed that relationship. I directed them to stop spamming me, and I vowed to never purchase another Jardine's product. Before you purchase any Jardine's products, you might consider whether you want to open yourself to the risk of junk email, and whether you want to support businesses that use spamming practices.

Spam Assassin and Movable Type got into a little tussle today. I have comment notification enabled, so I can see whenever somebody posts a comment to my blog and I can respond to comment spam quickly. My favorite part of the MT-Blacklist module is that it adds a de-spam link at the bottom of these notifications. It allows me to remove comment spam with a single click. My blog ends up being pretty spam free, but this depends upon receiving prompt notification.

I was perturbed to find that a bunch of spam had accumulated on my blog today. I never saw any notifications of the postings, so they've just been sitting there all day.

On a hunch I checked my email spam folder and—sure enough—the notifications had been classified as spam and refiled. I never saw the notifications because they never made it to my mailbox.

So, if you are running Spam Assassin (or similar spam filtering tools) you may want to take care to ensure comment notifies aren't classified as spam. I added a whitelist_from entry to my system /etc/spamassassin/local.cf file, and set it to accept all email generated by the web server.

Link: Software Archive: better_spam_protect

In the Movable Type weblog system, the names of entry and comment authors often are linked to their email address. Movable Type has a spam_protect feature to protect these addresses against harvesting by spam spiders. This feature, unfortunately, is not effective.

A new plug-in called better_spam_protect provides improved spam protection. Javascript is used to produce email addresses, thus making it less prone to harvesting. Users without Javascript (and—hopefully—spam harvesters) will see the name, but not the email address.

Last month I wrote about stopping spam by placing a per-message charge on email. I think it's a bad idea. The proposal is getting a lot of serious attention, though, because Bill Gates is its most visible advocate. He points out people are willing to pay 37 cents to send a letter, so why not a penny for email?

I think there is ample evidence this just won't fly. John Levine has pointed out we've already been there and done that. There once were commercial email systems such as MCI Mail, which were supplanted by flat rate Internet email, and are now just a dim memory.

I don't think we need to reach into the distant past for a good example. How about celullar phone subscribers? At least for basic voice service, subscribers seem to demand a fixed rate subscription and will do anything to avoid per-minute charges. I think any Internet service that implements per-message charges will find themselves hemorrhaging subscribers.

This morning at SXSW, the "History and Lessons of the Cellular Industry" panel offered an opportunity to sanity check this theory. After the panel I approached Jeff Nelson of Verizon and asked him what he thought about switching from fixed rate to per-message charges as a spam solution. He discussed business models and was quite unapologetic that his goal was to get subscribers to pay as much as he could get them to. I was curious what he thought about this anti-spam proposal.

Like most people, just the mention of "spam" tripped his alarms. He said that spam is a huge concern for cellular providers. They careflly watch what happens on the net as a whole, which serves as a leading indicator for activity on the cellular networks. All the providers are worried and working to keep spam at bay.

I dragged him back to the question: what about switching from flat rate to per-message charges? He just rolled his eyes. He said under his breath, "If my Internet provider tried to charge me for email I wouldn't stand for it."

It was like he viewed per-message charges as a third rail issue. I think it shows that scheme isn't going to get very far.