A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

� March 2006 | Main

April 19, 2006

Moving on

Three years ago, around the end of April 2003, I started getting hammered with annoying spams from a mysterious company called Amazing Internet Products, which was advertising human growth hormone, government grants, and penis pills.

Those hundreds of spams led me to write a couple articles in the summer of 2003 about Amazing Internet's amazing profits and the company's colorful co-founder, former neo-Nazi leader Davis Wolfgang Hawke.

My research eventually grew into my book Spam Kings, which was published by O'Reilly in October 2004. Around the same time, I launched this blog dedicated to the book and to news in the world of kingpin spammers.

I've enjoyed the past 18 months of trading notes about the spam scene. But due to the demands of a new (non-spam-related) job, I'm going to have to pull back from blogging and probably won't be posting any further updates. I'm also likely to disable comments and trackbacks, since I won't have time to clean up after the blog spammers.

Contrary to what some spammers might think, I never saw myself as an anti-spammer. My role was just to chronicle the spam scene, which I see as a fascinating intersection of entrepreneurism, crime, technology, and vigilantism. As a heavy user of the Internet, however, I admit that I'm rooting for the day when crooks, frauds, and freeloaders run out of ways to abuse the system.

Three years used to seem like an eon in Internet time. But as I look back to that summer of 2003, I am amazed at how little of substance has changed in the spam scene.

Hawke and his company are gone, and I no longer receive as many HGH or "make penis fast" spams. But in their place are new spam operations touting penny stocks, Hoodia, replica watches, and mortgages. More email in-boxes are protected by spam filters, and more anti-spam lawsuits have been filed and won. But despite such progress, my spam folders are still filling up with hundreds of spams each day, and many of the same names are on the Spamhaus list of the world's biggest spammers.

I blush to admit that when I sent the final Spam Kings manuscript off to O'Reilly in August of 2004, I worried somewhat that the book might be obsolete before it came back from the printers. Looking back, I realize that was just the naive fretting of a first-time author. As I wrote in the book's introduction, "Study the rise and fall of one spammer, Davis Wolfgang Hawke, and you will learn all you need to know about the intractability of the junk email problem."

I hope you've enjoyed this blog. My special thanks to Spam Kings readers.

Posted by Brian at 1:22 PM | Comments (20)

April 5, 2006

Detoothing a Barracuda

barracuda.gifSome people are warning about a security flaw in the popular Barracuda spam firewall. The vulnerability in how Barracudas handle zoo archives potentially could enable a remote attacker to gain control of the firewall program using a buffer overflow exploit. Fortunately, Barracuda has issued a patch to prevent attackers from exploiting this bug -- and potentially turning off the firewall and unleashing a torrent of spam on the unprotected mail servers behind the firewall.

But what's up with all the outbound spam from apparently uncompromised Barracudas? According to the product site, the appliance "prevents spamming" and "includes all the features needed to eliminate your outbound spam." Yet there are numerous reports of spam messages containing the "Scanned: by Barracuda Spam Firewall" header.

Some recent drug spams are apparently coming from webmail providers including Frys.com and some public libraries, such as one in Maryland. There have also been recent 419 scam-spams from a Barracuda-protected mail server run by Liberty USA.

Maybe these are all cases of operator error or Barracudas being misconfigured. The product does have a reputation for some annoying default features, including one known affectionately as backscatter. In any case, makes you wonder whether a bad guy with remote access to a Barracuda could do much additional damage.

Posted by Brian at 7:21 PM | Comments (1)

April 3, 2006

Verizon pays for spam blockade

A settlement has been proposed in the class action lawsuit over Verizon's aggressive spam blocking. Under the deal, affected Verizon Internet Services customers may receive up to $49 if they failed to receive "legitimate email" between October 2004 and May 2005 from Asia or Europe.

Notice of the proposed settlement was emailed to some Verizon subscribers over the weekend. Information is also available online at emailblockingsettlement.com.

The lawsuit stems from Verizon's anti-spam strategy of briefly blocking all email from large swaths of IP addresses, effectively cordoning off entire countries from emailing Verizon customers.

Under the proposed deal, Verizon has revised its blocking policy but reserves the right to implement blacklisting "as long as a serious threat remains."

Verizon got kicked around pretty hard last year over this practice. I was a bit surprised that such a big ISP was resorting to such unselective blockades, which are used quite frequently by administrators of smaller email systems. But I'm a little baffled when Internet users blame their ISPs for trying too hard to protect them from spam.

To be sure, Verizon certainly isn't perfect in blocking incoming spam. But unlike some other big US providers, they're not on the Spamhaus list of the world's worst spam havens for facilitating outbound spam. In fact, the ISP currently has only nine listings on the Spamhaus block list, compared to 217 for MCI. So, in my book, the Abuse team at Verizon seems to be getting the job done.

I also continue to be amazed at the ire I see directed at ISPs, including even free webmail providers like Gmail, for misdirecting legitimate emails into users' spam folders (aka "false positives"). Folks, the delivery of email, especially of the free kind, isn't guaranteed. Blame the spammers, not ISPs, when you find yourself caught in the crossfire of the spam wars.

Oh, and Kohn, Swift & Graf, the attorneys for the class, have asked for $1,400,000 for handling the Verizon case.

Posted by Brian at 10:02 AM | Comments (4)

April 1, 2006

Hardcore Islam

veiled.jpgApril Fool's Day brings us a tacky spam apparently designed to ignite Muslim anger rather than humor. The message, sent late Friday night to a variety of Islamic groups, announces the upcoming release of "four Muslim themed adult films." A PDF attachment to the fake press release depicts what are described as "video covers & posters" used for promotion of the allegedly pornographic movies. (I've uploaded a copy of the attachment here.)

While the 'Yaa Allah" message may produce a chuckle from some western, non-Muslim readers, that's apparently not who was targeted by the email. Seems likely this is an effort to whip up a reaction similar to last September's furor over the Mohammed cartoons.

hardcoreislam.jpgThe titles of the four films, said to be produced by an unnamed independent studio in California, are "Hardcore Islam," "Spring Break In Mecca," "Islam Rated XXX," and "Medina Ghetto Hoochie Mama."

The email claims that sexual repression and violence are linked. It quotes a Martin P. Klaus, the (imaginary) producer and director of the films, as saying that "sexually active men have much better, and more positive, things to do than hack off heads, blow people up, and generally try to (expletive) things up. If Muslim men would take off the dresses and bomb belts, rip the veils and panties off their women, then take a little dip in the Zamzam, the world would be a more peaceful place.”

The author of the email didn't identify himself, and the return address on the message was an account at an anonymous email service. But the email headers show it was sent from a computer named "jprodan" using a Pacific Bell DSL line in the Los Angeles area. The message was routed through a mail server operated by etrafficers.com, a mortgage leads site that has been listed on the SPEWS blacklist.

Based on that header information, I'd have to conclude that Joe Prodan, who runs Polaris Lending Group in Irvine, CA, is probably involved.

Posted by Brian at 12:32 PM

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: