Is anyone else sick of PDF spam yet?
This has to be one of the dummest forms of spam yet. Outlook does not auto preview PDF files. And since we all know that spammers target Outlook what is the point? You would have to double click the PDF and launch Reader to see the stock image embedded in the PDF. Some of the new ones now include only text, and some are now zipping the PDF to get around the PDF block some companies have put into place.
Sad. I guess not enough idiots bought the pump and dump stock from just PDF spam, now they have to send millions more. I received over 5,000 in ONE email box yesterday. Wow. Like anyone would bother to open all of those and buy some stock that way?
What you should do
First, if you do not need PDF's in your company attachment list, just remove them. Set PDF as a blocked attachment. This is not a great solution, but it works.
Make sure your userlist is uploaded and wildcard receive is turned OFF.
Turn on Relay Delay. Yes, this slows down your first contact from remote users, but it really does work well for this type of spammer. If you can't afford to have email delays during the day, turn it on Friday night and leave it until Monday. That will help you with the huge deluge of spam you see first thing Monday morning.
Up the trust level of the RBLs, and set them to REJECT. Most of these new spammers are smart enough to stay off the RBLs, but it does help some.
Use a nonstandard port on your server. Spammers know that companies like Emerald exist and will try to get around us and connect direct to your server. Especially if your server is named mail.domain they will hit it more and more these days.
Spammers and bot nets getting smarter
They are now getting smarter in their blasting techniques. They will only send 10-20 at a time from a machine, and then let the machine stay idle for an hour or more. It means they have to run more bot nets, but it keeps their bots alive longer. The person with the machine probably does not notice a slight slowdown once an hour, and they stay useful to the spammer longer. I personally applaud the efforts of some of the ISP's now to block outbound port 25 from their residential customers. 99% of this traffic is probably bots sending spam.