Mark Fletcher and Trustic

Mark Fletcher is the guy behind Trustic, a new system which combines aspects of DNSBLs with (what Raph reckons is) a ‘PageRank-ish trust metric’.

My take on Trustic is that it needs a way to accumulate trusted, non-spam-relaying addresses; I’m not sure how they intend to get that, apart from people setting up accounts to say ‘this is my server’.

Anyway, he also has a blog, with this very interesting (and scary) snippet:

Elance, Spammers, and the Global Economy

eLance is a web site that connects contractors with companies looking to outsource projects. Companies post projects, including detailed descriptions of the work to be done, and contractors or contract houses bid on them. … So what were many of the projects on eLance about? A quick scan revealed project titles such as: Email Address Extraction From Web Site, Ebay Email Extractor, Linux highspeed directmailer, and Bulk E-Mail and E-Mail Extraction Project. Elance is providing a way for spammers to develop new spam technologies, utilizing a cheap, skilled global work force!

Yikes. Sure enough, a search of eLance for ‘bulk mail’ reveals a seller called bulkemail01 (1-5 employees, headquartered in the USA): Bulk Mailing and Offshore Hosting Solutions: ‘ We provide bulk email soultions and offshore hosting for the advanced bulk mailer.’

And these projects — as Mark notes, the project descriptions require a login, but the prospective-seller comments do not, so I’ve reproduced some snippets here. A search for bulk mail reveals 11 open projects, including: Bulk Mail Server and Bulk Mail Service Needed Immediately, Bulk E-Mail and Targeted E-Mail Extraction Project, Distributed Bulk Emailer, and bulletproof hosting and mailing needed.

A bunch called DbInnovation, 10-13 employees, based in Hungary and Russia, comments on one project that ‘we are developing a high performance linux e-mailer. Sends through all kinds of proxies, uses several antifitering techniologies, uses random subjects and ‘from’ addresses, etc, etc, etc (LOTS of other features). Web-based control centre for it. The mailer can be run on 30-50 servers simmultaniously and controlled from one place. Every server sends LIGHT FAST – 5-7 millions daily. It is VERY complicated and POWERFULL clustered software. It was written on C and it tunes Linux kernel to make the speed as fast as possible. The sw is under redevelopment and will be ready to March.’

Hostrus, aka ‘Hosting R Us’, 6-19 employees, Toronta, Canada: comments ‘We offer reliable spam tolerant bullet proof hosting that will NEVER get shut down!! we provide reliable bullet proof hosting We can provide you with references,test IPs and provide you with a solution’.

dsln (profile ‘no longer available’): We have servers in Jakarta, Indonesia, India, Japan , Brazil, Arentina, Russia. And all of them are BULK EMAIL FRIENDLY. You server will never e SHUT DOWN due to complains. The ISP’s will take up all the heat,what soever. The line would be 2MBPS one.You will also get 16 IPs per server, which can be changed every 15 days as you want. New Pool of IPs can be given to you every 15 days. These servers can be utilised very well for the mailing, you ae looking at. … We can do these kind of mailing for you. We mail arround 8-10 Million email IDs , using several servers and can do this kind of mailing for you as well. The cost for sending 10 Million emails would be $1050.

MobileSoft (Karachi, Pakistan): ‘We can provide you the SPAM Friendly Dedicated servers with control panel , we can handle more than 50 K Complaints daily, we will provide you the ips as your requirement’.

prompt (Anmol Solutions, Argentina): ‘I can host you at 4 bullet proof places, 2 in Arg and brazil each, i can give you 2 *256 ips if you want and you will have 10 MPBS line. For each server you will be charged $250 per month and $400 setup charges, you may easyly go upto 25 servers with the same amt of bw yes u may mail u may host u may do what ever you want :)’

A couple of other sites show the same situation: here’s a project at to build a ‘Bulk Mailer using open Proxies’.

In other words, these sites provide what seems to be a good look into the heart of spamware development. Scary stuff.

BTW an open invitation: if any ‘white hats’ out there get their hands on specific spamware, I’d appreciate them dropping me a line (email addr here). The idea is to analyze the tools and get good signatures for their spam, then add those signatures to SpamAssassin.

In other news, Slashdot reports that SpamAssassin apparently blocks Crypto-Gram. Not quite the case: as Dan points out, it gets 3.2 on version 2.44, and 1.9 on the nearly-released 2.50. That’s well inside the ‘this is ham’ range. However, this comment reports that the mail has been listed in Razor, which pushes it up to 5.9…

So more correctly — Razor thinks it’s spam, not SpamAssassin ;)

This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.