My spam is (mostly) boring

August 24, 2014

I've mentioned a couple of times that I'm doing an experiment with a sinkhole SMTP server to handle email for some old addresses of mine that have become nothing but spam. When I started the experiment, what I think I expected to find was a bunch of industrial spam operations, places that had my addresses firmly anchored in spam lists and were sending their 'legitimate' email to them on a persistent basis, and maybe some interesting spammer behavior otherwise.

While there has been some of this and there are a few persistent and sometimes very aggressive mailing list places trying to send me spam, almost all of what I get now is surprisingly boring. Specifically, most of what I get is now advance fee fraud with a bit of phish spam mixed in.

(Admittedly I blocked the aggressive sending places once I identified them as persistent repeat senders. When I already have enough samples of their spam, I don't particularly need more.)

This 'boring' spam comes from all over and has at best vague patterns to it. It's clear that there's a lot of people doing it, a lot of hosts being abused as senders, a great variety of origin addresses being forged onto the email, and the contents vary a lot at a mechanical level. But at the level of learning interesting things about spammer behavior there's no real variation, which is why I call it boring. Advance fee fraud spam is advance fee fraud spam; I don't think I've spotted anyone doing anything particularly ingenious, but then I haven't been paying much attention.

All of this kind of makes my sinkhole SMTP server a failed experiment. If I'm not going to get interesting spam there's very little point in running it at all, so I'm probably going to shut it down entirely soon and let all the spammers just have their email time out.

(I sometimes toy with running it with absolutely no restrictions for a limited time, say a week, and seeing what I collect in that week and how things break down and so on. But I'm not sure I have the energy for that particular experiment.)

Written on 24 August 2014.
« Some notes on Python packaging stuff that wasn't obvious to me
10G Ethernet is a sea change for my assumptions »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Aug 24 00:59:37 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.