Adding Security Links to the MainSleaze Blog
Yesterday I updated the links on the MainSleaze Spam Blog. Most of the changes were incremental, but there is a new category of links: security-related bloggers and sites. I did this because malware, hacking, and abuse of security breaches — long the realm of criminal spammers who primarily used botnets or malware-infected servers — has unfortunately leaked into the activities of legitimate companies and ESPs.
This is not because these companies or ESPs have invited the criminals in: quite the contrary. Rather, the Spamhaus XBL and PBL, the (vastly improved) Spamcop blocklist, the relatively new ReturnPath reputation service list, and a number of other lists have made it nearly impossible for the criminal spam fraternity to deliver email without obtaining access to existing mailservers on IPs that have acceptable reputations. Spamhaus recently posted an excellent blog about how criminal spammers use legitimate mailservers and compromised user accounts to send spam. This and similar tactics are increasingly the spam method of choice for many criminal spammers.
Criminal spammers LOVE ESP mailservers. Some (usually former snowshoe spammers) sign up for ESP service just as they used to for ISP service, and then spam til their accounts are locked. Some compromise existing user accounts for existing ESP customers. One notable spam gang of especial interest to legitimate companies that run marketing campaigns through ESPs is listed on the Spamhaus ROKSO as Streamdirect TV on PC a/k/a “Adober” gang. There are many others.
Unfortunately this trend is likely to continue, largely because antispam efforts have successfully blocked most other ways of sending spam and having it delivered to the user. Because spammers are attempting to muscle in on legitimate bulk email servers, companies and ESPs who are responsible for those servers must pay attention to security. Otherwise their servers will end up listed on blacklists or in router deny tables because of unauthorized email sent without their permission.
As with most other links on the MainSleaze blog, the security links were chosen because the information content at those sites is (in my opinion) both current and of unusually high quality. Most of the links are to the blogs of active security researchers or organizations, people who pursue the miscreants behind malware and hacking in much the same spirit as antispammers pursue spammers. In other words, they demonstrate the persistence and patience of a cat stalking a mouse, and have dreams (or delusions) of stopping the bad guys and leaving the Internet safe(r) for the rest of us. For some reason, I like people like that…. 😉
If any security researcher whose bonafides I can establish has something to say to legitimate companies and ESPs about securing mailservers or related resources and wants to say it here, contact me and I’ll happily give you a guest blogging account.
Pingback: AwesomePennyStocks: Stock-Pumping Spam via an ESP :( » MainSleaze