Symphonious

Continuing my spam theme of late. Today I received a message from “* Rochelle *” that wound up in my inbox. Since I have so many carefully crafted filters to dump mail in the appropriate mailbox anything that winds up in my inbox is immediately suspected as spam that spamassassin missed. This message hit massive alarm bells in my head and I just couldn’t work out why spamassassin had missed it. The subject line was “hey!!!” and the body of the message was bright pink with embedded images that Mail.app had blocked. Worst of all, it was from a hotmail address similar to “I’m your lollypop”.

Naturally that first quick glance was enough for me to start dragging it to the spam folder. While doing so I fortunately noticed the phrase “Tom’s birthday party” and it just seemed too much of a coincidence considering I’d attended my cousin Tom’s birthday party a couple of weeks ago.

Turns out the mail was legit and from someone I’d been waiting to hear from for a fair while.

The moral of the story - trust in spamassassin. Or maybe, look before you hit delete as spam. Or maybe that you shouldn’t use hotmail addresses that include talk of lollipops along with HTML email and bright pink backgrounds. Yeah, definitely don’t do the pink background thing…..

Richard Giles comments on SpamSaver, one of the worst ideas I’ve heard of in a long time.

Essentially SpamSaver aims to feed a massive number of useless email addresses into the spammer’s database making it all but useless and swamping them with bounced mail. Sadly, the flaw lies in the last part - the spammers don’t see the bounced mail - the poor sap who’s email address they forged does. PLEASE don’t contribute to more of this “bounce-spam”, it’s already reached the point where I receive more bounce messages than I do actual spam. Mostly that’s from virus bounce messages, but an increasing amount is from spam bounce messages too and things like SpamSaver will only make that worse.

So please don’t use SpamSaver and if you’re a sysadmin configure your servers to never send automatic emails for any reason. I don’t care if the email address doesn’t exist, I don’t care if the message had a virus and I really don’t care if the person is on vacation. Unless you can be 100% sure that the From: address is real (which you can’t) don’t send mail to it.