Saturday 13 October 2012

A flurry of PPI spam

In the last few days, I've been getting a flurry of spam about PPI (Payment protection insurance) and Accident Claims (if it's not your faul, you could get compensation).

And I think what happened was this.

Some new spamming company (call them Spamalot) bought a big list of UK email addresses. Then they made a list of insurance companies (or bought a list) and spammed that list. Some of the insurance companies, being a bit naive, and believing the claim they they are all opted-in, paid Spamalot to spam their big list. So, if 20 companies paid Spamalot, Spamalot spams me for the same service, on behalf of those 20 companies. Spamalot doesn't, of course, mention to the naive insurance companies that their spam is only going to be one of 20. And the naive insurance companies don't ask. Or maybe they do ask and get lied to?

Either way - the victims here are the 20 insurance companies that have paid good money for a useless service.

So. I told one of them that I've had a couple of dozen offers in the last few days for PPI reclaim services, and they were quite surprised. "It wasn't us," they said. So I explained again, no, it wasn't you, but if in the unlikely event that I am in the market for PPI reclaim services, they're only one of 20 candidates, and if I do go to one of them, they only have a 5% chance of being the lucky one.

Of course, I never did buy PPI, it always seemed to me to be the sort of insurance that never pays out because you're always caught by one of the exclusions.

So anyway. I decided that, since this email address has been bought-and-sold, I need to put a despammer on it. I've been running this particular address naked up till now.

It's fairly easy to despam emails; I've done it for another of my email addresses, and that gets thousands of spams per week. Very few of them get as far as my Inbox.

The easiest way is to use one of the commercial email services; gmail, hotmail, yahoo etc.  They do everything for you, including they decide what's spam and what isn't, and that's why I prefer to do it myself.

So here's how I did it.

1) Install perl's  Mail-Procmail (which meant I had to install  MailTools and LockFile-Simple. That's easy, you just download it and install it in the usual way.
2) Write a perl program (I called it What that does, is it looks for:

 - email that isn't actually addressed to me (I'm just getting a copy of it). Spam.
 - email with one of a bunch of keywords in it, such as "Payment protection insurance", Viagra, etc.
 - email sent by one of the programs used only by spammers (yes, some of them they make it that easy)
 - email sent by one of the prolific spammers
 - email with one of a bunch of keywords in the subject, such as "You have won", etc.
 - email that's sent to several other people as well as me.
 - email that seems to have come from myself. Huh?
 - email with a lot of unreadable characters in the body; maybe it's spam and maybe it isn't, but since I can't read it anyway, I don't want it
 - email with a lot of spaces in the subject

Then, after analysing this, it does the same after removing all spaces, tabs etc in the email. So via   gra will show up as viagra
And again with accented characters, so if you use accented characters to spell out your spam, it's still caught.
And again after removing weird characters in words.

If it includes a zip, rar or other compresssed file, put it in a mailbox of attachements
If it includes an exe file, or other executable, put it in a mailbox of possible viruses
If it wasn't actually addressed to me, put it in a mailbox of "not-for-me".
If it fails the spam tests, put it in the mailbox for spam

And if it passes all those tests, then put it in my Inbox.

And now the insurance companies can spend as much of their ill-gotten money on spamming me as they like - I won't actually see their spam unless I check my spam box.

1 comment: