Back in June I wrote about a ruling against Sanford Wallace, who is one of the most well known spammers. As of today, the case as been settled and “California awarded Facebook $711 million in damages against Sanford Wallace”. Additionally, Wallace now faces possible jail time. Despite the massive settlement, it’s unlikely Wallace will ever show up in California again, or pay the settlement.

Instead, Sanford Wallace is probably moving from country to country, trying to avoid the authorities and living off money stashed in offshore accounts. Despite Sanford’s decision to hop around the world avoiding authorities, Facebook is hailing this judgment as a big win:

    The ruling is the result of tireless effort by our Security and Legal teams, which work to find, expose, and prosecute the sources of spam attacks. As Sam O’Rourke, Associate General Counsel for Facebook, has stated, “We’ll go to the ends of the Earth to protect our users from spam and make sure those who send it are held accountable.” These efforts complement the sophisticated technical systems we continue to develop to limit the impact of these attacks, and where possible, block them altogether.

Facebook is currently dedicated to building advanced spam fighting systems and pursuing those individuals who attempt to scam users on the site. One of the early issues with MySpace was an overload of spam which caused people to go running from the site. Facebook in contrast has aggressively pursued spammers, and while many have slipped through the cracks, most issues are resolved quickly.

This is just one more settlement against Sanford Wallace who has already filed for bankruptcy, however it’s a big win for Facebook who has been working on this case for months now.

This section covers creating e-mail accounts, setting a catch-all address, mail forwarding, autoresponders, vacation messages, mailing lists, filters, and altering MX records.

Creating E-Mail Accounts 

To create an e-mail account, sign into the control panel and then click on the "E-Mail Menu" link, followed by the "POP3 E-Mail Accounts" link.  You will notice one e-mail account already exists: username@yourdomain.com (where "username" is the control panel sign in name).  This account is permanent and cannot be deleted.

To create a new POP3 mail account, click on "Create POP3 Mail Account."  You will see the following box:

Enter a username and password.  Then click "Create."  The control panel will then return a page that looks like:

Note:  You cannot create a POP3 account if the username is taken by an autoresponder, forwarder, or mailing list.

Changing E-Mail Account Passwords

To change the password of an e-mail account first access the "POP3 E-Mail Accounts" menu.  Next, click the "change" link next to e-mail address).

Once the "Modify POP3 Mail Account" box appears, enter the new password and click "Update."

Deleting E-Mail Accounts

To delete an e-mail account first access the "POP3 E-Mail Accounts" menu.  Next, check the box beside the account(s) you wish to delete and press "Delete Selected.

SMTP Authentication

When setting up POP3 account(s) in your e-mail software, you will need to enable SMTP authentication if you choose to use your hosting account for sending mail (instead of using your ISP’s mail server).

The SMTP authorization login name / password is the same as your POP3 account login name / password.

How to do this varies by e-mail client.  In MS Outlook: Tools, Accounts, select the account and click Properties.  Then, under the Servers tab, check "My server requires authentication."

Please consult with your e-mail software’s manual for further instruction.

Setting a Catch-All Address 

When The server receives e-mail to addresses that don’t exist, it has to do something with those messages.  The control panel gives you three options:

1.  Server deletes message and notifies sender that the address doesn’t exist.

2.  Server deletes message without notifying sender.

3.  Server forwards the message to a valid e-mail address.

To choose between these options, first access the "E-Mail Menu" from the control panel.  Then, click the "Catch-All E-Mail" icon.  You will see a box that looks like this:

Choose the desired option and click "Update."

Forwarders 

Forwarders allow you to direct incoming mail to a different address.  For example, assume you wanted e-mail sent to support@yourdomain.com and sales@yourdomain.com to arrive at the POP3 account customerservice@yourdomain.com.

You can create two forwarders that will let you do this.

To create a forwarder, first access the "E-Mail Menu" from the control panel.  Next, click on the "Forwarders" icon and then click the "Create New Forwarder" link at the top of the page.  You will see a box like this:

Enter the forwarder name, destination address, and then click the "Create" button. Note you can forward to multiple address by simply separating the email addresses with a comma (no spaces). ex: email@domain1.com,email@domain2.com,email@domain3.com
Other valid forward values are :fail: and :blackhole:
:fail: will return a failed message to the sender.
:blackhole: will accept the email and discard it.
You can also use forwarer to pipe emails to a script, eg:
forwardername -> "|/home/user/path/to/your/script.php"

Modifying / Deleting Forwarders

All forwarders are listed in the forwarders menu.  To delete a forwarder, check the box(es) beside the forwarder name(s) and then click the "Delete Selected" button.

A forwarder can be modified by clicking the "modify" link next to the forwarder address.  The modify feature allows you to change the destination e-mail address but not the forwarder name.

Autoresponders 

Autoresponders are e-mail robots that reply to all incoming messages with a standard outgoing message.  The autoresponder will reply to all messages received, regardless of their content.  For example, some companies keep updated price lists on an autoresponder.  Potential customers would e-mail pricelist@domain.com and they would receive the price list in their e-mail inbox within moments.

To create an autoresponder, first access the "E-Mail Menu" from the control panel.  Then, click the "Autoresponders" icon and then the "Create New Autoresponder" link.

First, choose an autoresponder name.

Second, enter the autoresponder message in the text box.  You may NOT include HTML tags.

Third, you may optionally enter a CC address.  This will send a copy of each autoresponder output to the address specified in the text box.  Enabling the CC feature allows you to monitor how many requests your autoresponder receives.

Note You must have a pop account or a forwader associated with the autoresponder.
If you wish to save a copy of the incoming email, then create a pop account with the same name as the autoresponer.
If you wish to discard the incoming email, and only send the reply, then you would need to create a forwarder with the same name, and forward the email to :blackhole:.
Failure to create a forwarder or pop account along with the autoresponder, will result in a failed message being sent to the sender, on top of the autoreply email.

Modifying / Deleting Autoresponders

All autoresponders are listed in the autoresponder menu.  To delete an autoresponder, check the box beside the autoresponder name and click the "Delete Selected" button.

To modify an autoresponder, click the "modify" link next to the autoresponder name.  The modify feature allows you to change the autoresponder message and CC: address.  When you are finished, click the "Create" button.

Vacation Messages 

Vacation messages tell others that you are away.  A common vacation message may sound like: "I have received your e-mail message but I am away on vacation until June 21.  I will respond to it then."  Vacation messages are used in conjunction with already existing POP3 accounts.

To create a vacation message, first access the "E-Mail Menu" from the control panel.  Then, click the "Vacation Messages icon," followed by the "Set New Vacation Message" link.

First, select the POP3 account you want to add a vacation message to.  Second, enter the vacation message.  Third, select when the vacation message will take effect and when it will stop taking effect.  Fourth, click the "Create" button.

Modifying / Deleting Vacation Messages

All vacation messages are listed in the vacation messages menu.  To completely delete a vacation message, click on the checkbox next to the vacation account and click "Delete Selected."

A vacation message may be modified by clicking on the "modify" link next to the vacation account.  The modify feature allows you to change the message text, vacation start time, and vacation end time.

Mailing Lists 

To create a mailing list, first access the "E-Mail Menu" from the control panel.  Then, click the "Mailing Lists" icon.  There will be no lists present, so click on "Create Mailing List."

Enter a name for your list and then click the "Create" button.  You will then be taken back to the main mailing list menu and your new list will be visible in the table.

Note:  You cannot create a mailing list if the name already exists as a POP3 account, autoresponder, or forwarder.

Subscribing / Unsubscribing by E-Mail

The server uses the popular Majordomo mailing list software.  Traditionally, mailing lists have been operated and configured exclusively through e-mail.  There are two ways to subscribe to a mailing list:

1.  Send an e-mail to majordomo@yourdomain.com and type "subscribe listname" (without quotes) in the message body.

2.  Send an e-mail to listname-request@yourdomain.com and type "subscribe" (without quotes) in the message body.

Each list is also available in digest form.  This means that messages are stored and then sent out once per period (e.g. weekly) in one big message.  This is useful in larger lists to assure that recipients don’t get overwhelmed by daily messages.  To subscribe to the digest version of the list, follow the same procedure for subscribing except use:

1.  "subscribe listname-digest" instead of "subscribe listname."

2.  listname-digest-request@yourdomain.com instead of listname-request@yourdomain.com

The steps to unsubscribing are identical to subscribing except that you replace the word "subscribe" with "unsubscribe" in the message body.  Majordomo will send you a results e-mail if the subscribe/unsubscribe was successful.  In addition, you may view the list of subscribers from the control panel.

Subscribing / Unsubscribing Using the Control Panel

You may add and remove subscribers yourself through the control panel.  Please note that recipients get no confirmation message from Majordomo when they are added in this way.  This means they have no way of knowing they are on a list until somebody e-mails the list or you tell them.

The first step involves selecting the list you want to modify.  All mailing lists are visible from the mailing lists menu.  Click the "view" link next to the list name you want to work with.  You will then see a box that looks like this:

Adding a subscriber can be done by checking either "Add to listname" or "Add to listname-digest" and then clicking the "Submit" button.  Unsubscribing is done by clicking the checkbox(es) next to the address(es) you wish to remove, and then click the "Delete Selected" button.  All subscribers will be listed here regardless of how they subscribed to the mailing list (by e-mail or through the control panel).

Changing Mailing List Settings

The control panel provides you with a graphical interface to change the Majordomo configuration.  To access this feature, go to the main mailing list menu and click the "view" link next to the list you want to modify.  At the top of the screen you will see another link: "To change list and digest settings, click here."  This link will take you to the configuration menu.

The configuration menu allows you to change features of the mailing list including:

- List description

- Digest settings

- Subscribe policy

- Maximum message length

- Moderators

- Much more…

The configuration menu is best used by those who have experience with Majordomo.  We suggest you visit the Majordomo Home Page for more information.

Filters 

Filters allow you to block certain types incoming mail.  Filters are universal; that is, you cannot set a filter for specific e-mail accounts.  To create filters, first access the "E-Mail Menu" from the control panel.  Then, click the "Filters" icon.

The first option allows you to block all e-mail from a specific e-mail address.  Type in the full address and click "Block." 

The second option allows you to block all e-mail from a specific domain.  Enter the domain name (without the "www") and click "Block." 

You can block all e-mail containing a specific word by typing in the word and clicking "Block."  This feature will look for banned words in both the e-mail subject and body. 

You may also set the maximum file size of incoming mail by entering a value in kilobytes (1024 kilobytes = 1 megabyte) and clicking "Block."

The adult filter can be turned on and off by clicking the "Enable" button.  The adult filter will block the most common adult phrases, words, and addresses.

Deleting Filters

All filters will be listed in the filters menu.  This will look something like:

In this example we no longer want to block all e-mail coming from badsite.com.  Check the box next to the filter(s) you want to remove and then click the "Delete Selected" button.

MX Records 

Free e-mail services such as everyone.net require that MX changes be made in order for their software to work.  This change allows mail destined for your domain to be directed to their server.  Please note that changing MX records will prevent your current POP3 accounts, forwarders, autoresponders, and mailing lists from functioning.

To change the MX record, first access the "E-Mail Menu" from the control panel.  Then, click the "MX Records" icon.

First, delete the old MX record by clicking the checkbox to next to the record name and click "Delete Selected."  There should now be no MX records listed.

Next, type in the hostname, followed by a period, given to you by the e-mail provider.  Then select the priority level (usually 10) from the dropdown box on the right.  The priority level will also be given to you by the e-mail provider.  Click "Add."

Note:  Be sure to put a period at the end of the hostname.

To restore the original MX settings, enter yourdomain.com. and priority 0 after deleting the other MX record.

Webmail 

To access webmail, click the "E-Mail Menu" link in the main control panel menu, then click the "Webmail" icon.

First, enter your full e-mail address in the "E-mail" field.  Then, enter your password.  Click the "Login >>" button.

Important:

To sign in with your default e-mail address (control-panel-username@yourdomain.com), do not add @yourdomain.com to the webmail login name.  For example, if you log into the control panel with the user "gary" , then use only "gary" (without the quotes) to sign into webmail.  All other mail accounts must sign in with accountname@yourdomain.com.

Today Facebook obtained a ruling against noted spammer, Sanford Wallace. While a formal ruling has not been posted yet, Facebook has told us that “Judge Fogel agreed that there were grounds for criminal contempt and that the US Attorneys office should investigate Wallace. Wallace filed for bankruptcy, which is not unexpected and only delays our judgment temporarily.” It’s not surprising to see one of the more well known spammers bankrupt.
Then again, Sanford Wallace probably has a lot of money sitting in off shore accounts distributed around the world. Facebook has aggressively pursued spammers since early on. Whether it’s spammers that are trying to dupe users out of their email addresses and Facebook passwords or attempts to get users to download spyware, it all damages the overall user experience. Facebook has also provided the following statement:

“We see Fogel’s ruling as a strong deterrent against spammers. Spammers feel that they are immune from criminal prosecution. Fogel’s ruling demonstrates that judges will enforce restraining orders and spammers who violate them face criminal prosecution. This appears to have had an impact on Wallace who was in court today. To our knowledge, he has not appeared in any of the many previous cases against him.”

While Sanford Wallace has never appeared for a court appearance in his life, at least Facebook is aggressively pursuing the spammers. This ruling appears to be more of a statement than anything else: Facebook will not put up with any spammers anywhere on the site. Have you continued to see spam across the site or has the volume been decreasing for you?

Spammers knocked offline two weeks ago when their hosting company, McColo Corp., are finally coming back online, security researchers said on Wednesday.

San Jose, Calif.-based McColo was believed to be responsible for up to 75 percent of all spam, according to Brian Krebs of The Washington Post, who broke the initial story.

Spam volumes, which dropped about 80 percent when McColo was shut down on November 11, remained relatively flat since then until a few days ago when they started climbing up, said Matt Sergeant, senior antispam technologist at MessageLabs, now owned by Symantec.

Since Sunday, the spam volume has risen to about 37 percent of what they were before McColo was unplugged, MessageLabs said.

McColo was hosting command and control servers that were being used to send instructions–like send spam or Trojans–to bot software that has been planted on PCs, mostly in the U.S., according to Sergeant. “With no work orders to process, the machines simply stopped spamming,” he said.

Some of the botnets, with names like “Srizbi,” “Asprox,” “Rustock,” and “Mega-D,” are back up after connecting to different domains, Sergeant said. Some are connecting to ISPs outside the U.S., which will make it very difficult to shut them down again, he said.

“The problem now is that it was a lot easier to get a U.S.-based ISP shut down than it will be to get, for example, this Estonian ISP shut down,” Sergeant said.

“We’ve stunted the spammers for a couple of weeks, which is a good thing for the Internet,” he said. “We’ve increased their costs and, hopefully, that might put some spammers out of business.”

Researchers are collaborating on the matter and providing information to U.S. law enforcement agencies, said Paul Ferguson, an advanced threat researcher at Trend Micro.

Some of the bots are programmed to connect to a new domain after a certain amount of time of inactivity, he said.

Researchers have been able to get some registrars to suspend some domains being used and have filed abuse complaints with some ISPs that appear to be unwitting hosts, Ferguson added.

Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.

For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.

Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as a result on Wednesday.

Jose Nazario of Arbor Networks, a company that monitors botnet activity, speculated that McColo vanished at around 9 a.m. Eastern time on November 10. Botnets are frequently used to relay spam, and McColo may have hosted some of the command and control servers necessary to coordinate spam campaigns.

Adam O’Donnell, writing on the ZDNet Zero Day blog, speculates that the spammers might regroup in Eastern Europe.

The Post credits Benny Ng, director of marketing for Hurricane Electric, an upstream provider for McColo, for pulling the plug on the company. Another provider, Global Crossing, declined to comment, telling Krebs the company “communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.”

Something similar happened in September when another hosting site, Intercage/Ativo, was shut down by its upstream providers.