I’ve gotten a handful of the Nigerian money-laundering scam emails over the past year, although it seems like I’m getting one or two a week now. I’m reminder of a story in Wired Magazine about some Netizen who decided to catch the scammers on film. Apparently this person had a lot of time to waste because they exchanged over 50 emails. Read the Wired synopsis now for some quick entertainment, and read the full story when you’re really bored (and don’t mind a dirty sense of humor).

But spam is a not-so-funny problem. I publish my email address pretty openly on my website, so I end up getting a lot of spam. I have been filtering email it for a couple of years with some home-made procmail recipes. I came up with a heuristic in 1999 that worked quite well:

  1. if the subject line happened to mention toner cartridges, it probably was spam.

  2. if my email address (or one of the mailing lists I subscribed to) was on the To: or Cc: line, it probably wasn’t spam.
  3. everything else was probably spam.

This heuristic worked pretty well, but had a few drawbacks. Most notably, when my friends would throw a big party and Bcc: me, the invitation would end up in my possible-spam folder.

In addition, spammers started getting more intelligent. Beginning around 2001, they started sending individual spam messages that were actually addressed directly to me! So my underlying heuristic was starting to fail me.

To solve the “Bcc” and “unknown sender” problem, I came up with a new plan. I was going to load my addressbook into a DBM hash and add a procmail rule that classified anything that came from this list of approved senders as guaranteed non-spam, and anything from someone unknown as likely spam. Then, I would add people to the DBM hash one-by-one when I confirmed that they were an actual friend of mine.

I was about to get started on this project but I hadn’t found the time to do it. It didn’t even occur to me to look for someone else’s software to solve my problem. (This is the problem with being a software engineer. You know how to solve problems like this, and it’s so easy to do, that you often start working on a solution without checking to see if anyone else has done it yet. We call it re-inventing the wheel).

Luckily, before I could waste a whole bunch of my time, someone at work mentioned a nifty server-side spam filter called SpamAssassin. I took a look and installed it on my ISP. It’s not perfect, but it does a remarkable job of detecting spam, and it’s about 50 times better than anything I could’ve written.

SpamAssassin works well because it’s got a group of volunteers who are constantly updating a rules database that says what patterns in an email make it more (or less) likely to be a spam message. For example, if the email message mentions “herbal Viagra” or toner cartridges, it’s likely to be spam. It even has something called a whitelist, which matches my idea of allowing people in your addressbook to send you mail. But I’m not even using that feature, because the 2.4x series of SpamAssassin works well enough out-of-the-box.

Yahoo! has a completely different system that it uses for Yahoo! Mail. Instead of running pattern detection on the email (an effective but labor-intensive solution), our former Chief Scientist (who recently left Yahoo! for a job at came up with an automated algorithm. Unfortunately, I can’t say much about Udi’s approach without giving away trade secrets, but you’ll be able to read the patent when it’s finally approved.

ISPs should take a long, serious look at providing SpamAssassin as a service to their users. It won’t catch every piece of spam, but it’s probably got the best ratio of low sysadmin effort yielding a high quantity of spam detection.

4 thoughts on “Email from Nigeria – RE: URGENT BUSINESS PROPOSAL”

  1. do you have a suggestion for ending these proposals from a yahoo account? i am not a programmer.

    thanks. i thought i was alone with this shit.

    -chris wright

  2. Dear

    Permit me to inform you of our desire of going into

    business relationship with you. I know you might be

    surprised on recieving this mail due to we have not

    met before.

    By brief introduction , I am frank jones, with me

    is my younger brother. We are citizens of Cote

    d’Ivoire and the children of late Dr. and Mrs.jones

    My late parents were killed by the military rebels

    in my home town BOUAKE the second

    Economic Capital of Cote d’Ivoire during the recent

    political Crisis of 19th september 2002.

    My parents were wealthy Cocoa Merchants before they

    were brutally assasinated by the rebels. Before

    their death in a private specialist hospital , my

    father secretly confided to me of the total sum of

    US$9 million dollars he deposited in one of the

    well known commercial banks in

    Abidjan, capital of Cote d’Ivoire to be transferred

    to the account of his foreign business partner for

    investment abroad in his proposed business which he

    wanted to established abroad with the assistance of

    a foreigner as co-beneficiary to the fund. My father

    also told me his intension to invest this money in

    any lucrative business with companies in

    countries with stable economy.

    Dear, we are honestly seeking your assistance to

    stand as a business foreign partner to our

    late father and to act as guardian to this money and

    provide a bank account for the transfer of this

    money into your bank account on our behalf for our

    our future management.

    The amount is US$9 million dollars.

    We have agreed that you will assist us invest the

    money in any profitable business with low income tax

    in your country or where ever you felt is politically

    condusive for

    investment opportunities. I will also like you to

    make arrangement for me and my brother

    to further our Education in your country.

    We also have agreed to offer you 20% of the total

    sum as your compensation after the transfer is made

    into your account and you will serve as guardian to

    the company that you will establish for us until we

    are capable of managing it ourselves.

    Please contact us through the above email on

    acceptance to this our request.


    Yours in need

    frank and brother

Comments are closed.