[PLUG-TALK] Uptick in Spam Volume

Keith Lofstrom keithl at kl-ic.com
Sun Jan 15 00:33:24 UTC 2012


On Sat, Jan 14, 2012 at 09:55:35AM -0800, Rich Shepard wrote:
>   Has anyone else noticed a large increase in spam since the December
> holidays? The ol' 419-type cons are coming through in more than the
> Baskin-Robbins 31 flavors and are not being caught by postfix or SA.

It came at a pretty bad time, too.  For some reason, Google 
safebrowsing started complaining that my use of the service
( 2x/hour ) was too frequent and won't talk to me any more. 
I'm guessing some spammer is joejobbing it "on my behalf". 
This is possibly related to the uptick.

If someone is feeling ambitious, perhaps they could contact
Google and ask nicely for a rapid feed.  We can redistribute
that feed as a "mailing list" from one of our servers.  My
server is available, but we would need help from a local
Perl monger to rewrite the safebrowsing spamassassin module,
along with some kind of public key certification on the
messages (so WE don't get joejobbed).  I would rather be
part of a group of 20 people getting updates every 5 minutes
from google (12/hr), than one of 20 loners getting updates
twice an hour (40/hr).

A moderated mailing list feeding a spam module might be an
interesting way to deal with this stuff.  See a spam, bounce
it to a bot compiling the next spam list, which adds to the
score for that potential spam.  Web of trust plus rough
consensus plus weighting to your own score based on that
consensus.   Later, perhaps a mod for the mail reader so
that it checks spam scores before they present you with
email (rather than procmail/spamc checking it the moment
it hits your machine).  That would give "catches" more
time to percolate through the system, and do pattern
recognition on "similar" spam mutations.

This kind of organization would not work very well if it
was big and flat, but with a web of trust we could help
each other catch spam, just a little, and confederate 
with other small organizations.  It is too much to hope
that we could use such a system to accurately track spam
to the source, then retarget the occasional re-entering
satellite.

Will the spammers just keep getting more clever?  As
always, there's an xkcd for that:  http://xkcd.com/810/

Keith

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs



More information about the PLUG-talk mailing list