Living with an accidental honeypot; or, A rise in industrial-scale spam?
One of the odd side-effects of having owned and used my own domain for a *long* time now is that I wind up with an interesting and sometimes annoying view into the world of Spam. I've had waks.org for well over 20 years, and I used it as my primary email for much of that, as did Jane.
More importantly, we were both great devotees of giving out bespoke addresses to anybody we didn't entirely trust. Hotels get *very* confused when I tell them to use, eg, "radisson@waks.org" as my email address, but it means that I've been able to detect who has bad email security and filter out anything to that address if it gets picked up by the spammers. If you sell your email address list, or are just careless about it, I will know. (As it turns out, political groups tend to be the worst.)
(NB: you can do this in Gmail, at least most of the time, by putting a "+" suffix onto your email address. So if you are actually "joe@gmail.com", you can give out "joe+radisson@gmail.com" -- it'll still go to you, and lets you do smart filtering based on the To: field. Some sites choke on the "+", but it usually works.)
The result is that I have given out hundreds, maybe thousands of email addresses on waks.org over the years, including my legitimate ones, the ones given to vendors, and specialized addresses I've put on websites, like "cookbook@waks.org". And it turns out, that makes waks.org a remarkably effective honeypot for spam.
A "honeypot", in computer security, is something you put out there to lure the bad guys in -- typically some fake data that looks real and appealing, that you use to draw them in and trap them. In this particular case, much of the content of my spambox is *wildly* obvious spam -- not so much because any individual email is conspicuously bad, but because I receive two dozen copies of it to two dozen email addresses.
So for instance, today's biggest example has the subject line "Image[some random number].pdf", and the body "Sent from my Sony Xperia™ smartphone", plus an attached "image" that is, of course, actually a virus. It's unlikely I would fall for such a thing anyway, but I'm certainly less likely to when I have multiple screenfuls of them. Google is smart enough to notice that these contain viruses, and put them into Spam -- I'm downright surprised that they aren't smart enough to notice that there are so many near-identical emails, and just trash-can them. I would far rather they did.
I've long been amused at the lack of honor among thieves -- it's been very clear for 10-15 years that some people are simply taking existing waks.org email addresses, modifying them in trivial ways, and reselling them in order to bulk up the lists. For example, caitlin@waks was a real email address, but about ten years ago I started to notice "caitlinn", and then "caitlinnn", or "aitlin" -- non-existent email addresses that somebody invented. (I rather like "ookbook", which sounds like I'm writing about monkeys.) I'd bet good money that that was done simply so that people could sell packages of "ten million email addresses!" and suchlike. Indeed, many of them are even less real -- addresses that look like nothing so much as a cat walking across the keyboard.
The really interesting thing I'm noticing this week, though, is a sudden spike in what I can only describe as industrial-scale spam. There's been an *enormous* uptick in the number of spams landing in my Spambox. Traditionally, I would get ten of something; now, I'm getting a hundred. And they are from all of the above categories -- addresses stolen from vendors, addresses from websites, and the various multilated forms that have gradually come into common use over the years.
I suspect somebody has gotten serious about selling Spam as a Service. This feels like some site has bought up *all* the lists they can find, and opened up an API for blasting out trivial variations of a template to umpteen million addresses at high speed. The virus-laden ones have a straightforward business plan behind them (one thing you learn in financial security is how much spam is all about stealing ACH credentials); the ones that are simply, eg, "Hi ekyz how are you?" are a bit more mysterious, but I assume are attempting to lure a victim into a conversation.
Anyway, just some food for thought. There is one sad consequence of all this: I think it's time for me to turn most of Jane's email addresses off. The various forms of "jane@waks", "caitlin@waks", and so on, have been coming to me over the years, but we're down to well under one legitimate email per year, and a fair number of spams per day. So I think it's time to filter those into the bit-bucket. I will admit, even knowing that it's the sensible thing to do, it's remarkably hard for me to set up those filters...
More importantly, we were both great devotees of giving out bespoke addresses to anybody we didn't entirely trust. Hotels get *very* confused when I tell them to use, eg, "radisson@waks.org" as my email address, but it means that I've been able to detect who has bad email security and filter out anything to that address if it gets picked up by the spammers. If you sell your email address list, or are just careless about it, I will know. (As it turns out, political groups tend to be the worst.)
(NB: you can do this in Gmail, at least most of the time, by putting a "+" suffix onto your email address. So if you are actually "joe@gmail.com", you can give out "joe+radisson@gmail.com" -- it'll still go to you, and lets you do smart filtering based on the To: field. Some sites choke on the "+", but it usually works.)
The result is that I have given out hundreds, maybe thousands of email addresses on waks.org over the years, including my legitimate ones, the ones given to vendors, and specialized addresses I've put on websites, like "cookbook@waks.org". And it turns out, that makes waks.org a remarkably effective honeypot for spam.
A "honeypot", in computer security, is something you put out there to lure the bad guys in -- typically some fake data that looks real and appealing, that you use to draw them in and trap them. In this particular case, much of the content of my spambox is *wildly* obvious spam -- not so much because any individual email is conspicuously bad, but because I receive two dozen copies of it to two dozen email addresses.
So for instance, today's biggest example has the subject line "Image[some random number].pdf", and the body "Sent from my Sony Xperia™ smartphone", plus an attached "image" that is, of course, actually a virus. It's unlikely I would fall for such a thing anyway, but I'm certainly less likely to when I have multiple screenfuls of them. Google is smart enough to notice that these contain viruses, and put them into Spam -- I'm downright surprised that they aren't smart enough to notice that there are so many near-identical emails, and just trash-can them. I would far rather they did.
I've long been amused at the lack of honor among thieves -- it's been very clear for 10-15 years that some people are simply taking existing waks.org email addresses, modifying them in trivial ways, and reselling them in order to bulk up the lists. For example, caitlin@waks was a real email address, but about ten years ago I started to notice "caitlinn", and then "caitlinnn", or "aitlin" -- non-existent email addresses that somebody invented. (I rather like "ookbook", which sounds like I'm writing about monkeys.) I'd bet good money that that was done simply so that people could sell packages of "ten million email addresses!" and suchlike. Indeed, many of them are even less real -- addresses that look like nothing so much as a cat walking across the keyboard.
The really interesting thing I'm noticing this week, though, is a sudden spike in what I can only describe as industrial-scale spam. There's been an *enormous* uptick in the number of spams landing in my Spambox. Traditionally, I would get ten of something; now, I'm getting a hundred. And they are from all of the above categories -- addresses stolen from vendors, addresses from websites, and the various multilated forms that have gradually come into common use over the years.
I suspect somebody has gotten serious about selling Spam as a Service. This feels like some site has bought up *all* the lists they can find, and opened up an API for blasting out trivial variations of a template to umpteen million addresses at high speed. The virus-laden ones have a straightforward business plan behind them (one thing you learn in financial security is how much spam is all about stealing ACH credentials); the ones that are simply, eg, "Hi ekyz how are you?" are a bit more mysterious, but I assume are attempting to lure a victim into a conversation.
Anyway, just some food for thought. There is one sad consequence of all this: I think it's time for me to turn most of Jane's email addresses off. The various forms of "jane@waks", "caitlin@waks", and so on, have been coming to me over the years, but we're down to well under one legitimate email per year, and a fair number of spams per day. So I think it's time to filter those into the bit-bucket. I will admit, even knowing that it's the sensible thing to do, it's remarkably hard for me to set up those filters...