Cloudmark has won another 5 out of 5 Editor’s Choice Award from PCMag.com with its Pro Mode of Cloudmark DesktopOne.   Cloudmark’s signature community-based spam filtering blocks virtually no valid mail while correctly blocking almost all spam.  “You can add as many accounts as you like to the Pro edition’s list of accounts. That alone will be worth the cost for some users,” says Neil Rubenking.  “It’s an excellent choice if you need a bit more protection than the free edition offers.”

Download at www.cloudmarkdesktop.com

Read the Review: http://www.pcmag.com/article2/0,2817,2367545,00.asp

Thank you to all of those who entered the Cloudmark Desktop “Show Us Your Spam Video Contest.” The submissions were creative and original and really put a visual context around the nuisance of spam.

The online community has voted and determined who the winners are. It was close, and the Grand Prize of the Cloudmark Desktop “Show Us Your Spam” video contest is VisionaryThe, with “Delete Spam” http://www.youtube.com/watch?v=P-yrFfEi-N8

Runners up are:

- The Worst Spam Email from Everdraed http://www.youtube.com/watch?v=QhLkTKEkOwQ
- Spaminator from Akrochmal http://www.youtube.com/watch?v=pyQ4GIL3Hm8
- Spam Police from Keshen8 http://www.youtube.com/watch?v=asMYiAG6FqU

Cloudmark DesktopOne received PCMag’s top award “Editor’s Choice,” for fast, accurate and FREE community-based spam filtering. Cloudmark DesktopOne received 5 out of 5 stars, higher than any competitive solution. It is great at telling spam from valid mail. It’s easy to install and use, and it’s free!     Download at www.cloudmarkdesktop.com

Go to www.cloudmarkdesktop.com/contest and cast your vote for your favorite “Show Us Your Spam” video!

A policy proposal has been floated for discussion at the next ARIN Public Policy Meeting, to be held in Toronto in April. This new policy, if implemented, would allow ISPs to substitute their own contact information in place of their customers’ information in network reassignments and reallocations, in the name of protect business interests. Functionally, this would be similar to the whois “Privacy Guard” services that many registrars offer their domain registrant customers, but it would apply to information provided while researching network owners, rather than domain owners.

This policy, if implemented, would have multiple consequences, both positive and negative. Cloudmark would like to hear from our readers regarding their opinion of this possible change – please feel free to use the comments section below to let us know how you feel about it.

The controllers of the Zeus botnet have been rotating through several old baits, looking for things that will get unsuspecting users to download attachments and infect themselves. In recent days, they’ve been trawling fraudulent VISA transactions and “some jerk has posted your picture” in front of us. Today, we’re seeing something new.

Emails with the subject “You are in a higher tax bracket”, from “Tax Commisar”, have been making the rounds for the last 20 hours or so. After reminding you that the US uses a progressive income tax, you’re told that you’re making more money than last year, and that you should review your annual tax report. The included link takes you to a double threat – the page itself tells you that you need a new Flash player, and it will attempt to automatically download (and run) a PDF file. The “Flash updater” is an installer for the Zeus bot, and the PDF file takes advantages of some known vulnerabilities in unpatched Adobe Acrobat versions to take control of your machine if the Flash updater doesn’t get it first.

Make sure you’ve grabbed the last Acrobat updates from Adobe, along with all of the other security patches that you should be keeping on top of. Malefactors have been using Acrobat as an abuse vector for a while, and it’s just getting worse.

… or, at least, that’s what the scammers want you to believe.

There are a lot of email and SMS messages flying around over the last few days containing text like this (payload website name removed):

Hey, Obama's giving Gov Grants to help families in your area to stimulate the economy. Check it out, SCAMWEBSITE.com, don't miss out. It won't last long!

The payload websites try to look legitimate, with “As seen on CNBC, MSNBC, and CNN” logos everywhere, fake comments (with additional commenting “disabled due to spam”), and testimonials from people who claim this actually worked for them. These sites direct you to another site, liberally sprinkled with American flags and logos of the major news networks, which asks you for your contact information and a credit card, from which they will charge you a $1.95 shipping fee to send you an information packet. Hidden in the terms and conditions, however, you’ll find that this $1.95 only covers your “one-day trial period”, and that they’re going to bill you approximately $60/month until you cancel. You can read more about this, including a large number of archived complaints about this scam, at complaintboard.com.

Remember – if it seems to good to be true, it probably is. Careful reading of terms and conditions, along with research and a healthy dose of skepticism, can help keep you from being a victim.

Within the last few hours, Cloudmark has seen a marked increase in messages claiming that the recipient’s AIM account is about to be closed and that, to prevent that from happening, the recipient must download and install a new update to the AIM software.

Subject lines include:

• AIM critical update
• Your AOL Instant Messenger will be deleted
• AOL Instant Messenger critical update

Kaspersky identifies the downloaded file as an installer for the Zeus bot, which has been used both for spamming and for stealing personal information and was most recently in the news for having made a home within the Amazon cloud.

As always, practicing safe computing will help you. Be wary of ’security alerts’ that ask you to download files, pay attention to those URLs (www.aim.com/download is not the same as www.aim.com.download.botdomain.com), and keep your anti-virus and anti-malware programs up-to-date.

…scammers don’t. But they really want them.

The FBI and Better Business Bureau are both warning people about scam donation sites related to the recent earthquake in Haiti. Users should be extra wary of requests for donations that come to them unsolicited, from people they do not know.

Of course, there are legitimate ways to donate. The American Red Cross is taking donations through their website. They are also accepting donations by text message – texting “HAITI” to 90999 will donate $10 to the Red Cross, billed to your cell phone. A similar donation process is being handled by Yele.org – texting “YELE” to 501501 will donate $5. When you visit a charity’s site to donate, be certain that you’re at their legitimate site – be careful of links (especially shortened links) spread through social networking sites, as they may not be taking you to the official charities’ sites.

While there are many methods by which email messages can be blocked (for example, DNSbl listings can results in IP addresses being refused connections, subject lines could match previously seen spam, or URLs or email addresses in the body might trigger a receiver’s content filters), there is one main reason that filters to the top when you consider why an ISP or anti-spam company blocked or bulk-foldered a given email message:

• end-users have complained, in volume, about your email, or other email from your IP address

It is that simple. ISPs and anti-spam filters take steps to block mail because their users tell them it’s unwanted. They are not blocking email because they don’t like you. Senders of all sizes need to be aware that ISPs are paying much more attention now to the behavior of their users and, when their customers say “we don’t want this mail”, it has real meaning. As noted, in part, in this blog post by Laura Atkins at Word to the Wise, ISPs and deliverability experts have been saying similar things for quite some time. Keeping your recipients engaged and making sure that what you’re sending is wanted and requested before you send it goes a long way to making sure it makes it into the inbox. Also – once a user tells you they don’t want your mail by unsubscribing, don’t send them more mail! It seems obvious, but it’s happened more than once, and one of the worst things that you can do to your reputation is accidentally send mail to your suppression list.

Something else to consider – the concept of “end-user complaints”, for many ISPs and anti-spam filters, also includes email messages sent to long-dead addresses or to addresses that have never existed. If an email address has been dead, and the ISP has been sending you “no such user” or “invalid recipient” bounces, for the last few months and you’re still trying to send to it, that’s going to put your acquisition and retention policies in doubt, and the reputation of the rest of your email will sink. Al Iverson with Exact Target talks a bit about that in this post. The takeaway here is that maintaining a mailing list is more than just acquiring addresses – it’s making sure with that you respond quickly and appropriately to every unsubscribe request or bounce message you receive for every mailing you send out, it’s making sure that you are proactive in determining why your recipients don’t want your mail and taking steps to make sure they do want it, and it’s nurturing your relationship with your recipients.