Bot Nets Behind Recent Spam Surge

gsslay writes "Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams. The Register reports that anti-spam companies have seen a 30% increase in the last two months and, more worryingly, more of this spam is getting through to mailboxes due to the spammers' change in tactics. Rather than use unsecured mail relays spammers are using bot nets, making spam harder to identify and eliminate. Bounced spam is also on the up, and some experts reckon it's past time to start worrying. "

Not noticing the increase

[suso (153703)]

Honestly, it was past time to start worrying about 2 years ago. Two years ago I was had the feeling that the rising amount of spam was going to cause significant problems to the point where mail servers would no longer be maintainable and the internet may become unuseable. But now here we are, nothing truely significant. More spam taking more space and driving the load up a bit on servers, but not necessarily cripling everything as we expected.

    I also haven't really noticed this increase that people have talked about lately. On average I receive over 11,000 spam messages a month to my primary email account. Here is the count per month for the past two and a half years:

2004-07: 9088
2004-08: 9057
2004-09: 8990
2004-10: 14318
2004-11: 9910
2004-12: 11521
2005-01: 11251
2005-02: 9381
2005-03: 10843
2005-04: 10084
2005-05: 11785
2005-06: 10987
2005-07: 10505
2005-08: 9333
2005-09: 9704
2005-10: 12329
2005-11: 12394
2005-12: 14934
2006-01: 13764
2006-02: 13235
2006-03: 14562
2006-04: 11946
2006-05: 14204
2006-06: 13801
2006-07: 9671
2006-08: 10395
2006-09: 11373
2006-10: 12221

Smarter Spammers

[eldavojohn (898314)]

It's not about the amount that comes to you, but rather the tactics being used. I think the spammers have learned to make it past Bayesian filters and, as a result, we can't just automatically dispose of mail. More and more of it is making into mailboxes whether it's attaching dummy text to fool the filters or just making the pitch come in the form of an image and using good text to get that image to the user.

Are your mailbox counts filtered or unfiltered? If so, what strategy is used?

Re:

[Incongruity (70416)]

Hmmm, odd... I have seen more spam in my spambox but really, no more has made it in to my inbox, and all with Bayesian filtering based SpamSieve, so my anecdotal results don't match with the story... lucky me, I guess =)

Re:Smarter Spammers

[tehwebguy (860335)]

there is one problem though, they continue to spam.

despite all their shortcomings, somewhere, someone is obviously making money, so they continue.

Re:Smarter Spammers

[Bastian (66383)]

Won't reply to all of your points because you're right, but I have thoughts on a few:

1) Spelling is not a skill they possess.
Spammers don't have to even try to be intelligent about the content of their e-mail, because the people they're looking to make money off of aren't the kind of people who have decent spelling skills.

3) The idea of 'doubling the flood' all the time, choking the internet and making email unusable, is plain dumb and equivivalent to sawing off the branch you're sitting on - if nobody can use email, nobody will be seeing your next spam.
Two thoughts: Classic prisoner's dilemma, and selfishness. (ie, "Who cares if I broke the internet? I made this fat stack o' cash!")

4) Doing business that annoys 99% of everybody else and breaking the law in the process is both dumb and asking for trouble. You will be shut down, you will lose your money and you will not get much sympathy anywhere, including from the courts. Wonder whether spammers or pedophiles are getting the worst treatment in the slammer these days... ;)
If that were the case, then how come nobody has been able to curb spam, spammers routinely get away with extremely blatant practices like DDoS attacking antispam servers and using viruses to create zombie armies? How come spammers are continuing to make money almost unchecked?

5) Seeing interviews with spammers usually reveals that they're really stupid in every way of the word. Some may have a certain extent of technical knowledge, but as people they're bordering on the moron/retard level.
???

6) Smart people can strike it rich using regular sales methods with no need for spamming. Only those too dumb for that have the need for spamming.
A good number of folks feel that regular sales methods - annoying advertisements, billboards everywhere, planting "I'm ugly" mind viruses in children's brains so they'll buy more beauty products and who cares if it's also creating an eating disorder epidemic, planned obsolesence and congenital wastefulness, squeezing every penny you can out of workers in 3rd world sweatshopss, etc. are at least as troublesome and unethical as spam.

Re:

[aussie_a (778472)]

I too am not noticing the increase. Now I've got my e-mail everywhere (and I do mean everywhere) without any hiding. And yet I haven't noticed any spam increase. In fact, I barely notice my spam as it is. That's mainly because of Gmail's spam filter though :) With it, you don't need to worry about spam.

Although it would be nice to get something more proactive done about it.

Re:

[mgblst (80109)]

Don't know if your are just talking rubbish or really lucky. I used to get about one a week with gmail, now I wouldn't be surprised to get 1 everyday. At least 4 or 5 a week.

However thought of these stock tips spamming was a genius. There is no way they can be traced to a company, and still a chance of making some money. Bastard.

Re:

[mgblst (80109)]

Just to clarify, you can lose 8% a day, the Scammers can make 4-6% a day. I thought that I need to point this out, in case some silly fool gets the idea of following the scammers advice.

AI to Stop the Spam

[eldavojohn (898314)]

I know it's an old article, but Paul Graham's A Plan for Spam [paulgraham.com] seems as applicable now as it ever has. It's not the best but even when international alliances [stopspamalliance.org] (albeit recently formed [pcpro.co.uk]) can't stop spam, you have to start using your imagination.

But this Bayesian strategy has been overcome by the spammers. They use hilariously strange word ordering trick the spam filter and lower their threshold (see Graham's Lisp code) down to an acceptable range. Here's a piece of text from some spam that made it into my mailbox this morning:

However 'Beyond' is also butt ugly, the first week's worth of posts are a bit boring and the blogroll is narcissistic.

And it goes on for about 7 paragraphs with absolutely nothing to do with its pitch. It's because of this nonsense that it makes it into my mailbox in the first place.

How do we eradicate this problem? What strategies do we use next?

Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing. Yes, I know it sounds absurd but I really think that an engine could be written in Prolog using WordNet or another dictionary with some basic English rules in an attempt to parse and analyze incoming text.

Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?

Re:AI to Stop the Spam

[gnasher719 (869701)]

Right now, spam goes past spam filters by including a large amount of random nonsense text that resembles English language reasonably well. So we will get spam filters that detect large amounts of random nonsense text. So spam will include text that makes actual sense. Give it twenty years, and your average spam email will consist of 300 pages of text that is better than anything Shakespeare has ever written, followed by two lines begging you to buy viagra. Thirty years, spam will be two hour Quicktime movies better than anything you can watch in the cinema today, with the hero using viagra bought from the spammer in the right places.

Re:

[Tsagadai (922574)]

I think your onto something there. In no time at all my spam will be a better read than the mail I get from my illiterate contacts.

Re:

[jimstapleton (999106)]

It's interesting, these rarely get through on my spam filter...

But, I do a couple things that helps:

The filter doesn't 'auto train', I only train it on uncertain mails. I notice a problem before where overtraining could cause a lot of false positives. Also I have about 850 "spam" trained mails and about "450" not spma mails. So far, my false positives have only been from my boss sending me one-liners with just urls in them. My false negatives have been these "lotsa random words" things, but they still mostl

Re:AI to Stop the Spam

[Ctrl+Alt+De1337 (837964)]

Your post advocates a

(X) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Bayesian Has Failed

[ObsessiveMathsFreak (773371)]

Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing.

No. Bayesian filtering has failed, just like every other filtering method before it. Modifying it will not work. Adding OCR for image text will not work. Creating a new filtering mechanism will not work. The spamming will continue, more and more of it will get in.

Frankly, given that both processing power, disc space, bandwidth etc, are all increasing, I for one foresee the current spam/ant-spam arms race continuing indefinitely, with the amount of spam sent slowly increasing, and the amount caught by the filters being just enough to keep the amount of spam you get into your inbox at in and around a constant level. It's an endless cycle.

I say, turn it all off. All of it. The filters, the blacklists, the whitelists, Spamhaus, the lot. Let every single spam sent reach its destination, if just for one day. Let Joe Sick Pack finally realise the scale of the problem and just how much strain is being placed on mail servers. It will be both terrible and beautilful at the same time.

Then take off and nuke the site from orbit. It's the only way to be sure.

Re:

[Tom (822)]

After some years of fighting the war, I've come to agree with parent.

There are a lot of very innovative anti-spam techniques out there. Teergrubing, greylisting, blacklists, baysian filters, now we get OCR and what-have-you.

Problem is: Every filter is a tool for the spammer. Since the filters are readily available (and have to be), the spammer can just take them and tweak his spam until it passes.

I'm with parent. Let's make the problem obvious. Let the world drown in spam for a couple of days, a week or two

Pennies from heaven...

[creimer (824291)]

Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams.

You mean I wasn't getting emails for being the most popular penny stock buyer in America?

Current Problems

[herwin (169154)]

I've been noticing a lot of the pump and dump spam recently, partly because non-existant addresses associated with a domain I own have been used as return addresses. I've also recently learned that the address of an academic website I maintain on a university server was poisoned on at least one major DNS so people accessing the website were redirected to a fake site that attempted to take over their machine. It's really getting rough out there.

Like Nancy Drew used to say...

[$RANDOMLUSER (804576)]

"The client called me up to say, 'I've probably got a thousand e-mails in my inbox that seems to be nothing by bounce backs from spam,'"

LOOK!!! A clue!!!

Use IM Techniques + Captcha

[cucucu (953756)]

I think 2 simple solutions can be combined.

1- As in IM, no one can email you if you have not emailed before.

2- For first time email, the receiving server could sent back a http://en.wikipedia.org/wiki/Captcha [wikipedia.org]CAPTCHA or a product of two large primes to factorize.
The captcha would be solved by the human sender, or the factorization problem by her MUA. Nowadays email is almost instantaneous, this would not add a noticeable delay. All the protocol could be implemented over current email protocols with little mo

Re:

[Svartalf (2997)]

The problem with using the MUA to factorize is that the spam spraying engines can do the same thing.
Captcha's are a little better, but only really slightly. Most of them can be busted quickly with
modern machines- and once they've done the captcha, they can spooge the crap to you indescriminately.

What needs to be done is better design and an actual re-think of email with a new RFC- but that's not
likely to happen; if it were it'd have happened a long time ago instead of all this reactive crap
to the problem.

Re:

[sqlrob (173498)]

So, how does the factorization stop compromised clients like these bot nets? Computing power is free to them.

Re:

[antifoidulus (807088)]

What about things like emails from graduate schools? I am applying right now and a lot of the communication comes from places I have never emailed before(I apply on the web and they send me an email confirmation and an email of the results, usually from different addresses). Should admissions secretaries be inundated with captchas? There are thousands of sites like that, I think that most people would find the cure worse than the disease.

So what about prime factoring? Well, a huge amount of email no

SPAM processing - server meltdown

[andrews (12425)]

Over the last couple of months the spam count on my mail server has gone from an average of 10K a day to over 20K a day. I had to turn off virus scanning and actually drop some of my spam filtering because the server couldn't process the mail fast enough. Now I'm having to upgrade the mail server hardware to handle the increased SPAM load. I'm sure I'm not the only one forced to do this.... SPAM gone from an annoyance to a financial problem.

Re:SPAM processing - server meltdown

[LinuxDon (925232)]

Wouldn't DNS blacklists be something for you?
It would certainly solve your load problem.
There are a couple of providers who can provide the lists commercially for heavy load mailservers.

See my post earlier today at: http://ask.slashdot.org/comments.pl?sid=203971&cid =16671889 [slashdot.org]

(Ps. I'm just a very happy blacklist user)

Original article

[TomatoMan (93630)]

Credit where credit is due: this article is from SecurityFocus. The Register just scraped it.

http://www.securityfocus.com/news/11420 [securityfocus.com]

Image to text

[Overzeetop (214511)]

If we could OCR these incoming images, maybe that would eliminate at least the deluge of stock pumpers. I made the mistake of setting an autoreply on my account recently (at the server end). Now I get a zillion bounce-spams using my domain (I monitor a catch-all) and randomly generated usernames.

I think law enforcement should be working harder at catching spammers (internationally, if necessary) than they are at tracking down copyright infringers. Not because of any moral posture, but because I suspect the total economic impact of spam is greater than infringing use of content. I also think the prohibition against cruel and unusual punishment should be lifted.

Hey, now that I come to think of it, maybe spam is a bigger issue than oil. I say we start invading countries with spammers!

Re:

[Xzzy (111297)]

Now I get a zillion bounce-spams using my domain (I monitor a catch-all) and randomly generated usernames.

I haven't gotten a single spam to my "real" email address, but my catch-all has been getting hammered the past month with bounces. It seems about time to disable them, I wonder what percentage of emails floating around are actually just errors from spammers sending to nonexistant accounts.

New Sophisticated eBay Phising Spam Scam Wrinkle

[Nova Express (100383)]

Today I finally got an ebay phising scam spam e-mail that was almost good enough to fool me, if I hadn't been paying attention:

1. It looked like a real question from eBay.
2. It was actually for a real item I had listed (albeit a closed auction listing).
3. The contact name was a real eBay bidder, and clicking on the linked name brought up the actual eBay user's page.
4. BUT...clicking on the response button took you to a sign-in page on a phising site.

Most of the eBay phising attempts I get are pretty laughable, but this was good enough to be worth warning about, as someone has finally written a sophisticated enough phising bot to send these out based on listings.

So, if you weren't already doing this before, to answer eBay mail, go in through your MyEbay link rather than any mail link to answer eBay mail.

and?

[user24 (854467)]

I saw this on securityfocus.com* and TBH I just thought "tell me something I don't know" - seriously, who is suprised by this?

*http://www.securityfocus.com/news/11420

I want to find these spammers

[pair-a-noyd (594371)]

so I can smash their FN hands with a hammer.
They'll have to do their spamming by holding a stick in their FN mouth.

I'm so sick of this shit.. They fly in totally under spamassassins radar. I have SA threshhold set at 2.1 and this shit still scores less than a 1.0..

I'm about ready to whitelist the people I know and blackhole everything else.

Re:

[denis-The-menace (471988)]

re:I'm about ready to whitelist the people I know and blackhole everything else.

Not a bad idea but instead of a full blacklist, do a greylist and Whitelist.
Any address on the Whitelist gets through your email server @ full speed.
Any address NOT on the Whitelist gets through your email server @0.01% of full speed (or even slower).
This will bog down the spammers email server and make your server a place to avoid if they want to hit more suckers/hour.
I know the SW exists for email servers on Linux (?called Tar

bot wars

[MECC (8478)]

I recently saw a surge from about 15 spams a day to well over 200. So, I got a spamcop account, and changed my email to go there, and then from there I forward it to where I read my email. Now I'm back down to about 15 per day. Spamcop catches the rest, and they land in my 'held mail' folder, where it takes about 10 seconds to report as much spam as I want. In the email account where I actually read my email, I pushed up the sensitivity of the spam filters, and now I see maybe two a day in my inbox. I just report the rest to spamcop.

Maybe we need bots to fight the bots. Bot Wars. In a galaxy far, far, away...

Unsecured mail relays

[Bromskloss (750445)]

Where are those anyway? I never saw them.

Not so hard to catch

[pscottdv (676889)]

If law enforcement really wanted to catch these pump-and-dump spammers it would be easy to do. Just investigate the people who have purchased large volumes of the penny stocks being spamvertised. I doubt anyone cares enough to do it, though.

Oh, and Slashdot? If you keep hitting me with animated advertisements that cannot be closed, I will be moving to Digg.

"it's past time to start worrying."

[Britz (170620)]

It's been past time to start worrying a long time ago. There used to be a slim chance to fight spam by closing open relays (or blacklisting them) and using legal methods. But going through the legal system to fight spam is not easy in countries such as China and Russia (let alone Vietnam or Nigeria). The German computer magazine c't had an article on bot nets sending spam in april 2005:

http://www.heise.de/kiosk/archiv/ct/04/05/018/ [heise.de]

That was pretty much the time I started worrying.

When I read that Microsoft o

Something I don't understand about recent spam

[Sloppy (14984)]

I see a lot of nonsense text, but no ad. No stock tip, no viagra, etc. Just nonsense. How do you make money not even trying to sell something?

Is it just an attempt to desensitize my filters, so that maybe an ad can get through later?

Or are they just "email terrorists" trying to DoS email altogether, with no commercial agenda?

Email is a broken protocol

[Ignorant Aardvark (632408)]

Let's face it, email is a broken protocol. It has no built-in safeguards against these kinds of attacks. The problem I'm seeing is that we're giving up and just saying it's inevitable, when it's clearly not. There's lots of good methods out there that stop spam cold in its tracks. Some sort of actually enforced sender ID protocol would be a good start. The problem is that everyone thinks the current system has too much inertia, and that it can't be replaced.

sendmail w/Joe Jobs

[nuintari (47926)]

We have seen a huge increase in the number of Joe Jobs [wikipedia.org] lately, and as a consequence, our postmaster mail is filling up at record pace. Yesterday, I saw bounce notices from a single Joe Job coming in at several thousand a minute. Literally, thunderbird could not open my postmaster folder. I had to copy /dev/null into it, wait a few seconds, and open it with mutt if I wanted to see any of the data. Over fifty 50% of our processing time was spent sending mail to the postmaster admins, and we had a backlog of 25,000 messages. Our dual mail server beast could not keep up, fortunately, we found out why.

By default, sendmail uses a single queue runner. We found this, and not amavis, was our bottleneck. The single queue runner is fine for low and medium volumes, but fails miserably when presented with a huge volume of mail. So we fired 4 queue runners instead, and increased the number of available amavis children to compensate. The queue runners each have a behavior:

1) the default sendmail queue runner, starts at the front of the queue, and runs serial through it, then starts over.
2) tries to find the oldest members of the queue and process them first. Keeps stuff from being left alone for very long.
3) tries to find letters that are all going to the same mail server, and send them together. This one is awesome, as it opens a single tcp connection, and sends as many letters as it can. No time waiting for tcp handshaking per letter.
4) hops around the queue at random, and sends messages.

The combination of these four queue runners, and we have seen a huge increase in the load average on our mail servers, but we have also seen a great boost to performance. We are still seeing tons of postmaster bounces from Joe Jobs, but we aren't being slugged out by them anymore. If your mail server seems to be under performing, try this, it really does help.

Increase? What increase?

[grasshoppa (657393)]

Seriously, with all the guards I have in place, I haven't really noticed anything. I got three spams for all of last week ( and this address is on mailing lists. You can google it for christ's sake ).

So yeah, haven't noticed it. Sorry.

( and yes, smartasses, if it makes you happy, sign me up for whatever spam you want to; it still won't bother me. :D )

Re:

[jidar (83795)]

So you got lucky.
What's your point?

Email Weaknesses and Compromises

[Xaremos (972594)]

This is my own experience. I once got a library card, and gave my email address. Within a month I started receiving a huge amount of spam using my name, physical address, and/or email. I moved (for other reasons ^_^), and got a new library card. I set up an email address specifically for using as my library email. Same thing happened. In a few years I moved again, new card, new spam. I got a ticket. I gave my email address to the municipal court. Within a month, more spam. I worked for the state for a while. I set up an account specifically for that and had no mail until I had given the state the email address, and then I started getting spam. So, my thinking is, it is the government or at least my state government that has issues with security.

Allofmp3 sold their email address list

[klossner (733867)]

At about the time that allofmp3.com [allofmp3.com] lost their credit card charging rights, I started to receive this spam at an address I set up just for their service announcements. Nobody else has it, so it's clear that allofmp3 monetized their email address list.

Re:

[Nos. (179609)]

Pick a penny stock, but it cheap. SPAM a bunch of people, and hopefully, get them to buy the stock. The increased demand for the stock causes it to go up. Spammer sells, and thus profits.

Re:

[jimstapleton (999106)]

Actually, couldn't that be used as a good way to trace the spammers?

I mean somebody does a couple of these pump&dumps where he or she is the primary profiter, or several people often appear in conjunction, isn't it traceable?

Forward it to the SEC

[Cadre (11051)]

Actually, couldn't that be used as a good way to trace the spammers?

It is. When you receive an investment related SPAM email, forward it to enforcement@sec.gov (go here for more information on reporting investment related SPAM email to U.S. Securities and Exchange Commission [sec.gov]).

Re:

[ronanbear (924575)]

1: Buy worthless penny stock
2: Spam millions of people telling them this stock is gonna make them lots of money
3: Some people actually buy the stock
4: Price rises
5: Spammer sells stock
6: Profit!!!!

It's a standard pump and dump scam.

Re:How to they make money

[/ASCII (86998)]

The spam is just one part of a larger model that looks kind of like this:

1. Steal underpants
2. Spam people about rising underpants prices
3. Sell used underrpants at high prices as people stockpile underpants
4. Profit!

Re:

[Overzeetop (214511)]

If they make money on the pump and dump, then they were successful. Causality is not required to be proven.

Re:

[Overzeetop (214511)]

I use a domain where I give every vendor a unique email. I also have a catch-all on my domain, with known compromized emails sent to :blackhole:. I have had three vendor emails startup with genuine spam (not the partner-marketing type), including one financial company - Emigrant Direct - for which the only time the email was used was during signup, and the only time the email in in the wild is when they send me information about the account - which might happen once per quarter. Now, the email address is E

Re:

[sqlrob (173498)]

Baloney. The machine still needs to be tied down. Idiots still run anything sent to them, and nothing inherent in Linux/BSD/OS X prevents a program started by the user changing ~/.bashrc or various files under ~/Library so it comes up next login and sending out mail.