Category Archives: Spam

Much spam from iCMG/KnowledgeHut

At work I’m getting repeated spams from one mob which send surprisingly similar emails about conferences and training from various domains, which include: (added 2014-01-13) (added 2014-04-01) (added 2014-04-07) — (added 2014-07-24 — also noted use of the brand name KnowledgeHut ) — (added 2014-08-06 — still using KnowledgeHut name)
Sent by on behalf of (added 2014-08-18) (added 2014-08-26) (added 2014-09-16) (added 2014-09-16) (added 2014-09-18) (added 2014-09-18) (added 2014-09-26 — note typo) (added 2014-09-26) (added 2014-09-30) (added 2014-09-30) (added 2014-10-03) (added 2014-10-13) (added 2014-10-15) (added 2014-10-22) (added 2014-10-27) (added 2014-10-30) (added 2014-10-30) (added 2014-11-10) (added 2014-11-14) (added 2014-12-09 — note it appears to misspell “initial”) (added 2014-12-19) (added 2014-12-19) (added 2014-12-19) (added 2015-01-12) (added 2015-01-13) (added 2015-01-22) (added 2015-02-17) (added 2015-02-17) (added 2015-03-05) (added 2015-02-17 — includes “” in unsubscribe links) (added 2015-02-17 — other domains mentioned include,, (added 2015-03-11) (added 2015-03-11) (added 2015-03-16) (added 2015-04-10) (added 2015-05-14 — using… Is this ICMG branching out into health services, or a different company making use of the same spam sending service? Looks like the latter. They even quote an Melbourne address: Level 2, 607 Bourke Street) (added 2015-06-25 — also quotes in the dodgy unsubscribe link) (added 2015-07-15) (added 2015-07-15) (added 2015-07-15) (added 2015-07-21) (added 2015-08-24)

Apart from using many different domains, these guys also continually change the address within the domain, and Outlook doesn’t appear to be able to consign an entire domain to the blocked senders list.

Many include this footer:

You are receiving this e-mail because you happen to be either our client or were added to our comprehensive database on account of your contribution in the IT domain. However, should you no longer wish to receive any further mails from our side, please Click here Unsubscribe iCMG | Level 9, Avaya House, 123 Epping Road, North Ryde, NSW.| Phone +61 2 8005 0977

…but of course I’ve tried that and it doesn’t work… it probably only served to prove to them that mine was a live address.

Perhaps unsurprisingly, the street address quoted is a serviced office.

I have been putting these domains into the spam senders list in Exchange, but they still get through. I can only assume that the list in Exchange is a “soft” one.


I have, of course, passed on a spam message to the ACMA spam reporting people… but I don’t hold out much hope of any success there.

I’m adding additional domains as they come up. It’s interesting to see that some of them include spelling errors; most are just semi-random buzzwords stuck together.

Top spams

The work email server spam filter does not simply reject everything suspicious – this would risk us losing legitimate emails, something made worse by some companies choosing to send invoices and remittances as PDF attachments with no accompanying text whatsoever, something the mail server considers dodgy.

So (until I work out a better, foolproof automated process, or take the time to properly tweak the spam settings on the server) I manually look through some of the doubtful messages to pluck out those that are not actually spam.

The most common types of spam messages caught seem to be…

5. Your credit card is blocked (enter all your details into our dodgy web site)…

4. Work from home and earn $$$…

3. Marry a gorgeous Russian girl…

2. Cheap replica watches (Rolex etc)…

1. Cheap medicine to help gentlemen with, err, size-related personal problems.

…though it appears cheap Canadian pharmacies are also gaining in popularity, despite this being for a address.

Amusing comment spam

Amusing comment spam left on my personal blog:

Spammers leave spam comments in the belief that they will gain better search engine rankings and traffic by building as many links to their websites as possible. Spammers often employ bots or other automated systems to look for mortgage blog and website and leave self serving promotional comments links..Spam is a numbers game so if spammers can send automated spam to large numbers of websites for very little money so even if they convert a small percentage of the sites they spam they can make a profit..Spammers will also leave links to their websites in an attempt to push link juice or Google Juice to their websites but most mortgage websites and blogs add a rel nofollow tag to prevent the passing of pagerank or link juice.

And this one, from a user apparently who signed him/herself “penis enlargement”.

It’s so hard to get backlinks these days, honestly i need a backlink by comments on your blog / forums or guestbook to make my website appear in search engine. I am getting desperate Now! I know you’ll laugh while reading this comment !!! Here is my website penis enlargement [url deleted] I know my comments do not relate to the topic, but PLEASE HELP ME!! APPROVING MY COMMENT!
Regards: PoormanBH2011

Yeah right. Like I’m going to approve that.

BTW, both were caught correctly by Akismet.

Yahoo groups spam

On a couple of Yahoo Groups I’m on, we’ve noted spams coming through from long-time members in the last week or two.

The good news is there’s no need to panic. Most probably a spammer out there has worked out that person X posts to list Y, and is forging emails from them from a remote location. Which means it is unlikely that X’s computer has been compromised. (Though of course it’s good practice to have virus protection and regularly do scans.)

If you’re an Admin of a Yahoo Group, you might like to check the Posting settings (group management / Group Settings / Messages / Posting and archives). There is a Spam Filtering option which I believe is switched off by default (it might be a newly added setting).

On the groups I’m on, we had spam coming through, but setting the Filtering on seems to have prevented more of it.

Hello to Sam Hamilton and James Dee

So I was looking at the comments awaiting moderation. Two showed up on this post: Why Facebook sucks, a rollicking read about over-bearing security dialogues just to use Facebook’s video application.

Here’s the first comment — I’ve zapped the email address, but one was left:

Sam Hamilton
Submitted on 2009/05/29 at 9:37am

If you are tired of facebook but want a way to connect with artists and musicians
then you should check out
If you are tired of facebook but still want to connect with your friends then pick up the phone…

Fair enough.

Here’s the second:

James Dee
Submitted on 2009/06/03 at 3:16pm

I’m an artist and I haven’t been satisfied using facebook or myspace to promote myself… too slow and too much junk. I’ll give putiton a try… it looks clean

The problem here is that the first comment is still awaiting moderation. (Yes, it’s several days old. I don’t check as often as I should.)

So why would “James” decide to try putiton, a social networking site which basically nobody has heard of (well at least I haven’t) if nobody else has suggested it (eg the first comment isn’t visible to anyone)?

Curiously, “Sam” and even “James” have left similar messages on other, similar posts on other blogs.

(Sam has a profile on the offending site.)

Captcha FAIL

I think my eyesight is okay. I know I’m a bit colourblind, but other than that and a lack of perspective, it’s okay.

These captchas, seen on the Oz-Astra web site forums though, these are too much. I know you have to fight spammers, but there comes a point where real humans are going to be defeated too, and eventually give up in frustration. Thankfully you can refresh the image and hope for something a bit more readable, but why not bring the difficulty level down from eleven so it’s not so hard?

Captcha image Captcha image Captcha image

(I’m not trying to single this site out; there are others that also frustrate. And I suspect this is down to an over-zealous implementation in vBulletin.)

Twitter spam

Spammers have discovered Twitter. That's not really surprising; it had to happen sometime.

What is surprising is that, in this example, 45 people have blindly followed the spammer when they followed them. Do people not even look at who it is?

I mean really. “Jenny” of “online friend”, with such an obviously spammy bio?! Could it be any more obvious that this person intends wasting your time?

Twitter spammer

Spam bounces

I’ve been getting an extraordinary amount of spam bounce email. One mailbox got thousands and thousands over the weekend, and I know I’m not the only one.

Which means of course that my address is being used in vain by some git of a spammer.

Unfortunately my spam detection software isn’t so crash hot on zapping the bounces, because it’s a bounce, not an actual spam message. And there’s probably not much to be done about spammers forging my address.

After trying in vain to keep up with it all, I eventually blocked the common bounce From address, by adding them to the Plesk blacklist:


Hardly ideal, since I’d never see genuine bounces. But it has slowed the flow.

What’s annoying is that about 10-20% of bounces come from a myriad of other addresses. These include the intended recipient’s address, and a variety of apparently semi-random addresses set up as support emails or automatic bounce processes.

There’s also a smattering of “MAILER-DAEMON@” — which isn’t even a legal address. And a lot of them come in with no date field. Very dodgy!


And maybe it’s time someone came up with a viable way of verifying sender addresses, and stopping From address fraud.

How many people still use Mailwasher?

Does anybody still use Mailwasher?

“MailWasher retrieves information about all the emails on the server. With that information (some of which is also processed by MailWasher) you can decide what to do with each individual email – download, delete, or bounce back.

If you check your account with MailWasher first, you can delete or bounce the emails you do not want. Then, when you use your email program, it downloads only the remaining emails, those that you want to read.”

MailWasher’s been around for a while, and I know some people still use it. I tried it some time ago, and it just didn’t seem worth my time to review the headers and choose which items to delete/bounce, as a prelude to actually downloading and reading my email. I might feel differently if I was still on dialup, or perilously close to my download limit. But as it is, if any spam gets through to my mailbox, I’m happy enough deleting it from my email client.

And given the spammers use fake originating addresses and rarely seem to validate the lists they use (I know this because they’ve faked my address as an originator, so I’ve seen the bounces), I’m not convinced bouncing spam back does any good.

So Mailwasher was great in the olden days of dialup, but these days… I guess some people still use it, but I don’t see the need.

Some people have taken to passing their email through Gmail (forward from your email address to Gmail, then read via Gmail’s POP or IMAP access), to make use of Gmail’s spam filters. My ISP has spam filters which work fairly well, so I haven’t resorted to that yet.