Spoiler alert. This past weekend, I got a chance to watch the 4th installment in the Die Hard series, Live Free or Die Hard .  I hadn’t seen the whole thing end-to-end before, only parts of it.  It was nice to finally get a chance to see the...

MAAWG is an organization that started up in response to the spam problem.  Its official name is the Messaging Anti-Abuse Working Group, and they are meeting this week in Philadelphia to discuss all things abusive.  I didn’t go this time around...

Just for the fun of it, I decided to check some statistics on the waledac botnet.  I got the total number of distinct IPs sending us spam and broke them out by how much spam they were sending us, by country, for Oct 22, 2009.  Below are the...

Does anyone remember that cartoon from the 1990’s, Animaniacs? It was a pretty good cartoon for its short run.  One of the segments that they aired was called “Good Idea, Bad Idea”.  It was a short clip segment.  It would go something like...

A couple of months ago, I posted a one-day snapshot of how much spam we see from individual botnets.  I’ve been keeping track since July 29 on the biggest ones that have names, and only for IPs that get past our RBLs.  At the time of my first...

I don’t know what it is, but whenever I hear the name of the waledac botnet, I always think of Wario from the Super Mario Bros. series.  Something about both starting with the letters Wa, both being three syllables, both being bad guys, both using...

Today, I got a spam in my junk mail folder that nearly fooled me.  Below are the headers with some information removed to protect trade secrets: Received: from VA3EHSMHS008.bigfish.com (unknown [10.7.14.235]) by mail29-va3.bigfish.com (Postfix) with...

One of the questions that I am frequently asked is if we get a sudden burst of outbound mail from a customer using us to send outbound, will we throttle their mail?  Throttling is the process of slowing down outbound mail such that a sending organization...

Results Forefront Online (ie, us) has come a long way in reclaiming its outbound reputation. The question now is this – has it worked? I will report on some anecdotal evidence. The Good To determine whether or not we have gotten better, I prefer to check...

Continuing on in my 9 part series , the process of mitigating an outbound spam problem occurs in a two-fold manner. Usually they are mutually exclusive, but one can lead to the other. Cutting off mail only for the offending email address This is the default...

Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak.  The question we now ask is whether or not we are seeing an increased amount of spam from those services.  The folks from All Spammed Up recently posted that various...

Islands Islands are named that way because their appearance looks like an island – a time zone infraction in which the middle sticks out above the others. Another term for this pattern is the head-and-shoulders pattern. Islands are the most ambiguous...

I wasn’t going to comment on this until later, but the story is spreading; there’s a link off the Yahoo Canada homepage.  10,000 usernames and passwords were posted this past week, victims of a phishing scam.  From Computerworld : If (technology...

Mountains A mountain pattern is when each subsequent monitoring of an outbound spam problem is worse than the previous time. It looks like you are climbing a mountain. Once a threshold is crossed, an alert is generated. Mountains generate the most obvious...

I received a spam message the other day that went to my Junk Mail Folder.  I decided to take a look at it and dissect it piece by piece.  It really is amazing to see how spam crosses so many international borders and exploits so many different...

Pattern Detection and Noise Reduction The amount of noise inherent in outbound spam detection is high. End users will routinely mark messages as spam that aren’t actually spam. An example of this would be company billing reports; these are not spam but...

Monitoring FOSE has implemented a lot of different mechanisms to mitigate the spam problem. These include, but are not limited to, the following: Routing all mail from non-customer domains that is marked as spam through the NDR pool. Changing (1) and...

Option 3 - Keep track of the mail disposition and cut off the entire organization This was one of the original ideas proposed to solving the outbound spam problem.  The idea is to filter the mail and write the disposition (spam vs non-spam) to an...