NYCkayaker Email Database of small companies in the US [post-mortem]

Mon Aug 31 08:30:08 EDT 2009

Sorry about that, folks.

As far as we can tell, this is the first spam message to make it through
to this list this year -- after 6971 attempts.  This one appears to have
been particularly clever and we're analyzing it to figure out how it was
done, who did it, and how we can most effectively stuff a sock in it.
Unfortunately, since someone on this list replied to the spammer, they
now know that it worked and are likely to make a focused effort to send
a lot more very soon.

IMPORTANT:

This is all addressed to generic "you", so don't take it personally.

1. If any spam makes through to the list, we'll know.  Unlike some
other mailing list operators, we actually watch traffic pretty closely,
monitor the logs, and constantly make behind-the-scenes changes to
try to anticipate problems like this before they're visible to you.
James spotted this one and I had a text message about it waiting for me
by the time I got off the river and back to my car yesterday.  Within
an hour we had a temporary ruleset in place that might stop subsequent
attempts, within four hours we had added two more rulesets.

2. NEVER reply to spam.  NEVER.  There is absolutely nothing good that
can come of it -- for you.  All possible positive outcomes are on the
spammers' side.  For example, if you reply to any spam message, one of
the things you've just told them is "it worked".  This is very useful
intelligence, and you just handed it to the enemy.  You've also told them
what program you use to read/compose/send mail, which in turn gives them
a pretty good clue as to what malware is "best" to send to you.

3. Especially don't reply to it on a public mailing list and quote the
entire spam, thus sending it to everyone AGAIN.   This is not only rude,
it's very wasteful and abusive.  *Everyone already knows it's spam*,
and does not need you to inform them, nor do they need you to broadcast
the fact that you know, nor do they need you to help out the spammer by
rebroadcasting their content.

4. NEVER follow any URL provide in spam.  NEVER try to use their
"unsubscribe" function.  NEVER "just take a peek at the web page to see
what it is".  All of these things also provide useful intelligence to
spammers and they will use it to send more spam.

So: we're on it.  We can't guarantee it won't happen again (there are
no guarantees) but we're aggressively pursuing the issue and won't stop
until we've done everything we can.

---Rsk (who, when not out paddling, is an active member
of the Internet Engineering Task Force Anti-Spam Research Group)