Spam

About Spam, Junk Mail, UCE, etc etc.

If you're a Kiwi you'd have to have been hiding under a rock to have missed the fact that Xtra's email service has been under siege lately.

In February, a significant number of xtra.co.nz email addresses - hosted by Yahoo in Sydney - were compromised. It appears that an organised botnet was able to access the mailboxes of many thousand subscribers, and use those mailboxes to generate spam emails (pointing at malicious web content) to email addresses found in those mailboxes - pulled from address books, sent items or similar.

The root cause has not been publicly announced by Yahoo, as far as I know, but I recall reading about a Cross Site Scripting issue involving Wordpress that sounds plausible in some respects. That said, I know that several of the accounts compromised (including one of mine!) have not been used in a long time - or at least, hadn't been, until this issue came to light... which makes one wonder how long this has been parked, waiting - or whether there is some _other_ vulnerability at work.

Anycase, there was a public outcry, and lots of 'change your password' advice being given out to account holders, and the rest of us got to suffer under a deluge of spam originating from Yahoo's servers - let's make it clear, it's not just the account holders that've suffered here, it's the folks they've corresponded with! - and in the aftermath Telecom had to announce a review of their email arrangement with Yahoo (to whom xtra.co.nz email has been outsourced for some years). NBR has a good article with the background, and their public announcement to stay with Yahoo on the grounds of a promise from Yahoo to 'do better'.

After having to challenge yet another unsolicited connection attempt on LinkedIn today I was inspired to throw some words into Google and see if anyone else had published anything regarding LinkedIn Connections.

I came across the following interesting reads:

Stuff has the article thanks to @roanne1 for tweeting about it.

I know for a fact one of my email addresses is in that database. So i'm keen to see this plonker, plonked...

Even Fair Go last night had an article about spam but a current frustration is a phonecall I had from the Department of Internal Affairs Antispam Unit which explained that the unsolicited email I've received from 'Celia for Mayor' (a Mayoral Candidate in Wellington) is not actually illegal.

Here's the email I received subsequent to our conversation:

The Department of Internal Affairs is responsible for enforcing the Unsolicited Electronic Messages Act 2007 ('the Act'). Please note that any information provided in this communication is not legal advice and is given without prejudice.

After reviewing the received message from the address [redacted from the web] sent on the 10th August 2010, the Department has found that the message is not considered a commercial message under Section 6 of the Act in that it does not promote goods or services:
6 - Meaning of commercial electronic message
• For the purposes of this Act, commercial electronic message—
o (a) means an electronic message that—
? (i) markets or promotes—
? (A) goods; or
? (B) services; or
? (C) land; or
? (D) an interest in land; or
? (E) a business or investment opportunity; or
? (ii) assists or enables a person to obtain dishonestly a financial advantage or gain from another person; or
? (iii) provides a link, or directs a recipient, to a message that does 1 or more of the things listed in subparagraphs (i) and (ii).
Please also note that Section 6 states exceptions to messages that — provides the recipient with information about goods or services offered or supplied by—
• (A) a government body
As per our discussion, this is somewhat of a grey area in that Celia is sending the message as a candidate for a local government body. Previously the Department stance has been to contact the likes of MP's and advise that their campaign messages would be in the best interest to include an unsubscribe facility and contact details so recipients can remove themselves from such messages. The Department understands that there can be frustration in receiving such messages, however you may wish to remove yourself from the mailing list by clicking on the unsubscribe facility. Or you may wish to contact the administration team by using the email address [redacted from the web].

The Department will also contact Celia's administration team and request how they are obtaining recipient email addresses for their campaign and advise accordingly. In regards to using an address from a unpublished source, you may wish to make a complaint with the Domain Name Commission.

The latter is a response to the suggestion I made that my email address had been harvested out of 'whois' data. I had another look, and the email address being used is unlikely to have come from this source.

However am dissapointed that the law in NZ (which I initially thought to be fairly well written) seems to have such a grey area around political advertising. I wonder if a mayoral candidate's advertising could be construed an advertisement of services that is not (yet) a government body...

I do appreciate the DIA attempting to educate Celia's administration team, and I wish them well. In any case, I would never vote for a spammer, so the advertising that I received from this candidate did the exact opposite of what was intended. And I remain dissapointed that the laws about spam have a gaping hole in them...

[EDIT: IMPORTANT UPDATE BELOW]

Just received an obvious Spam; it was directed to an email address used solely for domain name management (i.e. it was plucked out of a domain 'whois' output).

That was the first sign of trouble. Plenty more...

Next we have a firm offering a special on aerial photography of NZ. I should be grateful they got my country right, I suppose?
Then you keep reading.

Embedded links point to a .co.nz (aerialimpressions.co.nz) - it appears to have valid, if limited, registration details (registrant = Aerial Impressions, address in Australia (City, no state given, though it appears it's in Victoria).

A look on the Australian ABN Lookup tool for 'Aerial Impressions' reveals that it is a Trading Name for a company actually known as DGB Technologies Pty Ltd.

IMPORTANT UPDATE ON THIS BLOG ENTRY!

When I used Google to search for "DGB TECHNOLOGIES PTY LTD" (copy/pasted from the ABR Site), they 'automagically' provided me with DBG Technologies - note the B and G are transposed! - as the first hit, along with several more. I didn't notice this until I was contacted by a helpful reader - and by one of the directors of DBG, seeking to clarify!!

I apologise profusely to DBG - the legitimate, South Australia Registered firm who appear to be unrelated to DGB.

Just for entertainment, feel free to compare their entries in the ABR:

DGB Technologies (Trading as Aerial Impressions)

and

Warning: Once you incorporate a company and provide your details to the Companies Registry, you're doomed to receive unsolicited junk mail on a periodic basis.

I won't go into the electronic kind; the Companies office don't require you to provide electronic contact means (though when the forms are submitted, contact numbers are provided...) What i'm talking about here is plain old unsolicited postal junk.

Today we received a windowed envelope with our street address (per the companies office) in the window. Above that was no name; instead it was addressed to 'Dear Lover of Fine Wines'.

Enclosed was a self-addressed envelope (with 'Affix Stamp Here'; obviously they're not interested in supplying postage!), a glossy brochure advertising the firm 'Pieroth Wines (NZ) Limited' with an address at North Harbour Industrial Estate (Auckland); and a 'Consumer Survey' which then asks 'Are your name and address printed correctly?' Please check, so you are sure to receive your Thank-you-gift and the free 6 bottle International Wine Sampling without any delay.' To the right are three boxes with contact detail options and a title 'Details of Interested Friends!'

On the reverse is the survey, which starts with 'Your support is very important. With the help of your answers we may better adapt to the friends of Premium Wines and improve our services in future'. Goes on to ask questions for demographics and a bunch of wine preferences. It then asks for contact phone numbers (home and work) in order to arrange for the free gift and 6 bottle wine tasting.'

What's the bet that the free gift isn't 6 bottles of wine!

This is the 'please forward this to all your friends!' of the 20th century.

It's funny, when you keep a relatively close eye on the places your details are filed, and on your buying habits, you can get a good idea for all the dirty, dirty tactics out there.

Noted a couple of simultaneous subscriptions to NZLUG mailing lists this morning from different addresses @zeusmail.org - this immediately looked suspicious, and a Google confirms my fears.

A warning for those others dealing with mailing lists, forums and such; that's one domain with a baaaad rep.

Those of you who used (or registered) for Ferrit, beware....

This morning my wife received a spam email with ominous overtones; the destination address concerned was only ever used on ferrit.co.nz.

The bonus with using role-driven email addresses is that you have instant ID on where an address was sourced from. Thus the email concerned could only have come from one place; Ferrit's Database of customers; or someone associated with Ferrit.

My wife did infact purchase things through Ferrit. Twice. One has to ask though, how do someones personal details wind up being used for spam purposes?!

Telecom NZ - Over to you! Meanwhile I guess we have to engineer yet another spam-black-hole on an email address that's now a write-off :(

Tags:

This is what I posted to NZNOG a little while ago...

Tags:

Was recently asked by a colleague about the current spam situation at a generic level - and more specifically 'what can be done about it'.

I proceeded to send him what could've almost be called a Tirade - Of exactly what'll need to happen before spam will be a thing of the past. Not sure i'll go there just yet...

In an unrelated tack, a recent discussion on NZLUG cited some problems an individual was having sending emails to Hotmail.com, as they were apparently requiring SPF records of domains sending them mail - and were deferring through to failure, inbound mail that didn't have it.

I checked - they're not. (I don't currently publish SPF, yet I can send to them fine.). But I threw some terms into Google and found a gem of a link - http://www.richi.co.uk.

http://richi.co.uk/blog/2005/06/yet-more-on-hotmails-move.html

Which References http://www.computerworld.com/blogs/node/440

http://richi.co.uk/blog/2005/06/hopefully-last-on-this-subject_24.html

http://richi.co.uk/blog/2005/05/why-challengeresponse-is-bad.html

I consider all of the above to be useful reads.
I also have to confess I do agree with much of the following - anyone looking to implement spam filtering needs to bear the below in mind...

Syndicate content