Hell hath no fury like a marketer duped. A company called Javelin Marketing has posted a press release in which they claim that an email list vendor sold them a 100,000 address mailing list with an 85% bounce rate. According to Javelin, the list cost them $14,000 and the massive wave of non-deliverables led to their email hosting service canceling their account. Ouch.

Some spammers apparently have a sense of humor. Some of our spam traps were recently hit with a run of test messages with the subject line:

in sov r bot test you

The spamtrap addresses affected were originally 'scraped' by spiders running on servers rented from Everyone's Internet/EV1Servers, and gather the usual mess of penis enlargement, pills and fake watch spam.

Using a distinctive test message rather than simply sending out another batch of pill spams would make sense if spammers were collecting bounces in order to eliminate undeliverables from their spam lists. This doesn't seem to be the case, however: the 'From' addresses on the messages use randomly-generated addresses at other people's domains, so there's no way for the spammer to collect the bounces. They could monitor the actual SMTP transaction — but then there's no advantage to using a distinct test message. It's therefore likely that the messages are no more than they appear to be: simply test data used for checking a botnet or trying out a new email module.

One type of spam that I've been spared so far is SMS spam, where spam messages are sent directly to your cellphone (often very expensive for the recipient). Stock spammers in the US often use SMS spam, while in places like China it's already a huge problem. In Britain, two-thirds of cellphone users have received SMS spam.

Jonathan Zittrain, co-author of an excellent study of stock spam, has just released a book called The Future of the Internet - And How to Stop It, available both on paper or as a Creative Commons-licensed download.

The book isn't primarily about spam, but any discussion of the future of the Internet — which Zittrain sees as potentially bleak, by the way — must necessarily cover the topic. Zittrain outlines the problem and then talks about responses to the problem in the form of open collaborative grassroots projects. I haven't had time to do more than skim it, but it looks like it might be worth a read, if only as a possible source of new ideas and a way to look at spam as an instance of the larger problems facing the Internet.

Over the last couple of days, we've seen a number of spams with titles like ‘Amazon.com is down?’, ‘Amazon.com crashed’ and so forth. The body of the spam reads:

Hello! News agency Reuters informs about not to working capacity of a site amazon.com in current of two weeks since June, 9th and corresponding it to falling of share price. Be close at work with them.

The message contains no URLs, no malware payload, nothing except the text above. It's difficult to tell what the purpose is - a botnet capacity test, a short-and-distort attempt on AMZN, a test to identify active addresses — or just another spammer misconfiguration?

It's true that Amazon recently had system problems that took it offline for a couple of hours. What's not clear is why spammers want us to know that.

Today's convoluted explanation of why something isn't spam is provided by rasimport.com.br. Here's a (somewhat free) translation from the Portuguese disclaimer at the end of their messages:

Important Message: Our message is not spam, here's why: email is a form of correspondence equal to a telephone connection or a letter. In Brazil and in the rest of the world, in the same way that no authorization is necessary to send letters or to telephone somebody, it is likewise unnecessary [to have] prior authorization to send emails in whatever form, there is nothing in Brazilian legislation that refers to the practice of spam, ...

At this point the Portuguese becomes quite opaque (so much so that I wonder if it's not their grammar rather than my very limited grasp of Portuguese that's at fault) but they appear to be arguing that in any case, should such a regulation exist, it will be restricted to requiring that the sender provide an opt-out mechanism.

I'm sure you'll all agree that this is a fascinating argument. I look forward with great eagerness to hearing their justification of why they should be allowed to forge my email address in the 'From:' line of the spams that they send out.

A team of European researchers have announced a revolutionary new spam detection technique that promises to change forever how we filter incoming email, and, the researchers claim, could end spam as we know it. I suspect that claim may prove to be overoptimistic, but the technique does sound interesting and their early tests apparently show vanishingly low rates of both missed spams and false positives. What's more, they say that the next version of their detector will reduce the error rate still further.