Rachael, Adeline and Alejandra; or, What’s in a Spammer’s Name?

by

A riddle for you: when is being in the top three not cause to celebrate? The answer: when the ranking is for the top three largest mailboxes in the company.

Yesterday I was kindly informed by our IT dept. that my mailbox is one of the fattest in the company. I knew it was time to trim the fat since I’d been receiving gentle automated reminders from our mail server for some time now. But it’s hard to take the time away from other higher priority tasks to simply clean my mailbox. And I long ago discovered that those automated reminders have a certain built-in buffer before they actually start dumping my mail. However it became a must; my mailbox was weighing in at over a Gigabyte, and a personal prod from beloved IT put me in my place.

But how did my mailbox get so chunky in the first place? Well, I am in marketing, and you know how we love to email back & forth huge graphic files and enormous PDFs and PPTs amongst ourselves and our graphic designers. So I have pretty much always been a chronic mailbox quota abuser. But lately, there is a much more significant reason for my inbox bloat. I have stopped deleting spam.

OK, it’s not as dramatic as it sounds, since IT has configured our Commtouch Anti-Spam Gateway to stamp all of my spam messages in the subject line, so I set up a rule that automatically moves them to a folder, so I don’t have to actually go through them every day (thank goodness!). That would be almost impossible. But the idea behind this seemingly brilliant (although in retrospect not so brilliant) idea is that I could sample spam from time to time, gathering anecdotes for our partners, the blog, etc. But the problem is that there is just too darn much of it. The combination of being on almost every possible distribution list in the company, plus having my email address prominently posted on every press release (for journalists, not spammers, and while I’m at it, the phone number is not for telemarketers either), I receive over 1000 spam messages per day. (Why, you may ask, do I put my email address on every press release when I know it’s being harvested by spammers? Well, simply put, it needs to be there for the media, and since we drink our own kool-aid here, and I really trust the Commtouch anti-spam solution that is defending our inboxes, I know the garbage will be filtered out. Enough plug for Commtouch)

Before I deleted the 121182 unopened spam messages in my spam folder, I decided to finally take a look at them, which was the original intention for keeping them. Unfortunately Outlook has to work pretty hard to open, sort and scroll through a folder with that many messages in it, so the process was too slow and cumbersome to get very far. But one thing I did notice is the “from” names. How bizarre are they? Most of our reports on interesting spam or malware outbreaks have focused on the content of the message, or technically how it was built. Has anyone ever really analyzed the names in the “from” field? Some are just plain idiotic, like the series of spam messages I received from “A Guy Who is Rich”. Interestingly of the over 100,000 spam messages, 109 of them had no from name whatsoever. 524 of them had the from name in quotes. Have you ever seen a legitimate message with the from name in quotes? No, neither have I.

Then I started scrolling down to see some of the more popular names – I had this idea I would count up the first names & report on which were the most popular. Great in theory, but it took what felt like hours for each scroll action (probably just a couple minutes since I gave up on the whole project after 40 minutes), and stupidly I had sorted by name, so all the A’s were together, and so forth.

Even with the few I got through…what is with these names?

  • Adan
  • Adeline
  • Alejandra
  • Alejandro
  • Arman (The A’s were taking too long so I started to skip around a bit)
  • Brodie
  • Carlton
  • Clarissa
  • Ethel
  • Rachael (not many Rachels spelled the traditional way, mind you)
  • Zachariah (by this time I’m tearing my hair out & skip right to the Z’s)

It’s no mystery that spammers rotate through names, trying to make the spam message appear to be sent from someone the recipient knows. Maybe I live a very sheltered American/Israeli wheat-bread life, but I don’t personally know anyone with any of these names (not 100% true, but all the Zachariah’s I know go by Zach, and the Rachel’s spell without the second A).

I assume the spammers have downloaded some fab name lists, and don’t distinguish between the common names (John, David, Rebecca, anyone?), and the less common ones. For any of you that are named something above, don’t get me wrong – they are great names, just not ones that I hear too often. Believe me, even if these messages were delivered to my inbox (and thank goodness they are not), just one look at the from address gives it away as spam. Forget about the subject line… that’ll have to be another post altogether.

Incidentally, in the time it took me to start the analysis, get annoyed it was taking so long, and just go ahead and delete the whole spam folder, I received another 47 spam messages. Which actually makes sense since on average I am getting 1 spam message a minute, every minute of the day.

Go back