2015-07-27
Spammers mine everything, Github edition
It's not news that spammers will trawl everything they can easily get their hands on for anything that looks like email addresses. But every so often I get another illustration of this effect and it strikes me as interesting. This time around it's with the email address I use for Github.
This email address is of course an expendable address, since it's exposed in git commits that I push to Github. It's also exposed to Github itself, but I don't think Github leaks it (at least not trivially. Certainly the address remained untouched by spam for years. Then back in late May the address appeared in the plain text of a commit message. Last week, the spam started showing up.
(The actual spam was one offer from an email spam service provider, one student loan repayment scam, and one relatively incomprehensive one. All came from Chinese IPs; the second and the third came from the same /24 subnet, and the first one came from a SBL CSS listed IP.)
I find the couple of months time delay interesting but probably not too surprising. It's also probably not surprising that spammers mine Github in some way; there's a lot of email addresses exposed there. I'd like to say that spammers probably only mine web pages on Github instead of looking at Git repositories themselves, but that may not be the case; although I'm on Github, my repos are nowhere near as visible as the project where this address appeared.
Still, I found the whole thing kind of interesting (and kind of irritating, too, because now I will probably have to enact increasingly strong defenses on this address until I abandon it).
2015-07-19
'Retail' versus 'wholesale' spam
A while back I mentioned that the spam received by my spamtrap SMTP server is boring; it's mostly advanced fee frauds, phishes, and the like. In light of that and that GMail based people keep trying to send me spam, I've been thinking about how one way to split up spam is between what I'll call retail spam and wholesale spam.
Wholesale spam is the high volume emitters, the people who are doing it in enough volume that they have real infrastructure and automation of some sort. These are the 'email marketing' people and the people who wind up on the SBL and so on and so forth. The modern problem for them is that their very volume makes them recognizable and thus blockable. We have DNS blocklists, we have spam feature recognition in filtering systems, and so on and so forth. As a result of this, I think that wholesale spam is a mostly solved problem for most systems.
Retail spam is the small volume and often hand entered stuff. It is people sitting in Internet cafes using stolen webmail credentials to send out more or less hand-written messages. This is the domain of a great deal of advance fee fraud and phish spam, and as a result of its comparatively small volume and hand done nature it's hard to do a really good job of blocking it today. It's probably always going to be hard to fully block this, and as a result I can unhappily look forward to GMail emitting this stuff in my direction for years to come.
(GMail is far from alone here, of course; any freemail service is a sending source for this stuff. I just notice GMail more than the others for various reasons.)
Maybe someday we'll figure out really effective tools against retail spam, but I doubt it. Stopping retail spam runs up against the fundamental problem of spam.