|
28 Feb 03 - 04:20 AM (#900338) Subject: Tech: Spam probs. From: John MacKenzie Apart from the Nigerian/Togo/African begging letters which have the correct address on them, why do I get all sorts of other crap which isn't even correctly addressed. It is just an approximation, sometimes only the first two letters of my handle are correct, the rest is junk and often has more then the four letters in the name I use. Surely there is serious ground for complaint, if I get crap by this method, how many genuine e.mails go to the wrong recipient, and they may be sensitive stuff too. Giok |
|
28 Feb 03 - 04:42 AM (#900345) Subject: RE: Tech: Spam probs. From: JohnInKansas Giok - The spammers generally obliterate or otherwise fake both your address and the return address. The subject line is often meaningless gibberish to get past spam filters. What shows on the "document" you receive has nothing to do with who they sent it to, or where it came from. Think of it as a "form letter" that's sent by a machine. It sends it according to its list of You can sometimes find some additional information about where it came from and how it was routed by doing a right click - properties on the header, but doing even this can be enough to trigger a "delivery confirm" that tells them you looked at it - and that puts you on the "live address" list for sale to other spammers. Don't open, don't read, don't even let it sit "selected" long enough to "open," and don't bother trying to "investigate" (unless it's an isolated item that's particularly obnoxious AND personal) - just delete. And NEVER click on the "click here to be removed from our mailing list" button. That just confirms they've hit on a "live" address, and most of the slimeballs make their main income from selling your address if they can confirm it. John |
|
28 Feb 03 - 03:13 PM (#900582) Subject: RE: Tech: Spam probs. From: John MacKenzie Yep that's what I do, just delete them, and add them to my blocked senders list. The thought still remains though, "How is it possible to receive an e. mail that does not have your correct address on it? Giok |
|
28 Feb 03 - 03:19 PM (#900589) Subject: RE: Tech: Spam probs. From: Amos Giok: It doesn't _show_ the address correctly, but it has to have your mailbox' destination and its server somewhere or it wouldn't get to you. I suppose some hackers use wildcards, which is the equivalent of saying "mail it to everyone in Smallsville". I don't know how you would make that work without some kind of hack into the UNIX command interface of the mail server. I am not sure of the mechanism you are asking about. Anyone know how this is done? A |
|
28 Feb 03 - 03:32 PM (#900599) Subject: RE: Tech: Spam probs. From: Stilly River Sage John, I've set up my email program to not respond to requests for notification of any kind. I use the Spaminator program from Earthlink, and the way that one works best is if you DO open the spam, just long enough to do a control-H (open the header), control-A (select all), control-c (copy) then paste it into a blank mail to go to spaminator. It gets added to what they filter out. It goes in spurts, working most of the time, then some new server comes on line and starts getting past the spam filter all over again. I have had a rule of thumb about the spam I open, and anything over about 25K I don't open. But I just read through the stuff at Symantec and see that some of these viruses can go in the body of the message. It may now be time to delete all with out forwarding. A question: is there a rule of thumb to take bytes to K? Is it a simple matter of decimal points? It isn't helpful if Symantec tells me that a given virus will appear as 143,360 bytes if my email only reports my message size to me as K. Should I look at the above number as the same as 143K? Or 14K? Or something close to a megabyte and a half at 1433K? I used to know how to do this, but I remember there was some squirrely stuff involved with translating some of these numbers. SRS |
|
28 Feb 03 - 05:13 PM (#900660) Subject: RE: Tech: Spam probs. From: GUEST,Jon I don't kow Amos. Here are the headers for one I recieved the other day. The to address is 4679@hotpop.com. The only thing I have spotted is the X-Envelope header. That does give my email address. Jon --------- Delivery-date: Thu, 27 Feb 2003 21:24:07 +0000 Received: from sangoma.ceg.co.za ([196.15.163.52] helo=winns.ceg.co.za) by buckaroo.freeuk.net with esmtp (Exim 3.33 #3) id 18oVVe-0004aT-00; Thu, 27 Feb 2003 21:24:07 +0000 Received: from streamsvr.smfm by winns.ceg.co.za with SMTP (MDaemon.PRO.v6.0.7.R); Thu, 27 Feb 2003 23:29:52 +0200 Received: by STREAMSVR with Internet Mail Service (5.5.2448.0) id Received: from avgs.iusi.bas.bg (233-209.196.35.dellhost.com [209.196.35.233]) by streamsvr.smfm with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id DJSFHRXF; Thu, 23 Jan 2003 16:40:53 +0200 From: URGENT NOTICE Reply-To: slaninaamerica@int.rts.co.il To: 4679@hotpop.com Subject: INVEST-GET YOUR FAIR SHARE MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Return-Path: skidgeleugenia@iusi.bas.bg Message-ID: Date: Thu, 27 Feb 2003 23:29:52 +0200 X-Envelope-To: jonbanjo@freeuk.com X-claradeliver-Version: 4.15.0 X-UIDL: 1046381047.17736.buckaroo.freeuk.net X-RCPT: jonbanjo Status: U |
|
28 Feb 03 - 06:03 PM (#900691) Subject: RE: Tech: Spam probs. From: JohnInKansas Stilly - Easiest ones first - bytes to K. Everything is "binary" so "sizes" of things on computers should be in "powers of 2." The "power of 2" nearest to 1,000 (a kilo-something) is 1024 = 2x2x2x2x2x2x2x2x2x2. For in-line printing, that's sometimes written 2E10 "two to the tenth power." So to those who are "fussy," a KiloByte is 1,024 Bytes. This is the "traditional" size of a KiloByte. Similarly, a Megabyte should be 1,024 KiloBytes, or 1,048,576 Bytes. And a GigaByte should be 1,024 MegaBytes, or 1,073,741,824 Bytes. The terms are used very loosely, especially by the "ad-speaks." It is not uncommon for some one to refer to a "million bytes" as a MegaByte, and mostly it's not too much of a problem. The real problem is determining whether the person who uses "suspect conversion" is 1.) being sloppy just for convenience, 2.) is really ignorant, and doesn't know any better, or 3.) is a John |
|
28 Feb 03 - 06:11 PM (#900694) Subject: RE: Tech: Spam probs. From: JohnInKansas And I should have given the example for the value asked for: 140 KB = 140 x 1024 Bytes (143,360 Bytes) John |
|
28 Feb 03 - 06:44 PM (#900713) Subject: RE: Tech: Spam probs. From: GUEST,sorefingers Ok here is a question, if I make my A drive the location of my Inbox. can I now remove the floppy with the mail inside it, remove it to another identical machineNOTNETWORKED and OS, where later I take the each email to pieces literaly bit by bit. For example I get a spam from Joe Blustien Spam Dot Inc Florida but the header is hashndashed, now I accept it to my Netscape Email proggy in PC A - which is Lan networked into a server. I specify my Inbox as the A drive OC. Now after closing down PC A I take the foppy to PC B - networked but cable removed from card - and there after opening it's copy of Netscape I open the offending emails with VIEW SOURCE for example there to find the assholes ISP etc... Ok Mr 'Header King' John in Kansas whats a goin to happen? |
|
28 Feb 03 - 06:48 PM (#900716) Subject: RE: Tech: Spam probs. From: GUEST John is right but be wary of Kilo, Mega etc. Computing is the only area (for reasons of binary maths) I know of that they dont mean exactly what they imply. If you bought 1kg of margarine for example, you would be buying 1,000 grams. Same would apply if you were and engineer needing Young's Modulus (years since I went through that stuff and I never ended up an engneer but GigaNewtons per metre squared if memory is right) It's always seemed funny to me that our normal and seemingly logical maths system (base 10) does not suit binary. Perhaps if we had been created with a different number of digits (fingers and thumbs) our own couting system would have been different. Jon |
|
28 Feb 03 - 07:12 PM (#900726) Subject: RE: Tech: Spam probs. From: JohnInKansas Yeah, but Guest - if you bought a hundredweight of corn, you'd get 112 (or is it 120) pounds. Email in most of the programs I've seen is stored in a database format, so that you can't readily move an individual message "off the machine." You need to "export" the whole folder, which can then be copied (caveats here) to another machine, but then you usually need to "import" the folder before you can open individual email files on the new machine. In most cases copying a single folder is not really sufficient, since there is at least an "index" folder that needs to go with the "message" folder. You can do a "save as" to put an individual message "outside the email" program, but it's problematic whether such a save will get everything you want. It depends on which program you're using, the save-as filetype, and sometimes on preferences that you may have set without realizing it. (One of the features of Outlook Express is that you can save as .eml which does give a true individual message file with attachements and headers intact. I'm not familiar with any other program that does it as simply.) The best I can recommend is that you try what you have in mind and see if it works. Be advised though, that if you select a message long enough to save, export, send, or otherwise manipulate it in any manner except to DELETE you have "received" it for purposes of the spammers confirmation of your address. Consider whether the miniscule chance that you'll "nail the b..d" is really worth it. John |
|
28 Feb 03 - 07:16 PM (#900729) Subject: RE: Tech: Spam probs. From: GUEST,jaze I just wish you could hit reply to tellthem to take you off their list instead of having to cut and paste the address. All I know is if I took even half the offers to "make it three inches bigger" I'd have a dong the size of Ohio! |
|
28 Feb 03 - 07:24 PM (#900735) Subject: RE: Tech: Spam probs. From: GUEST,Jon Don't know the 120lb one John. I've never understood our (UK) in terms of why our Imperial system though I had both that and metric in school days. 16oz in a pound, 14lb in a stone 8st (112lb) in 1 cwt (hundedwieght) 20 cwt in a ton... Jon |
|
28 Feb 03 - 07:37 PM (#900745) Subject: RE: Tech: Spam probs. From: JohnInKansas Guest jaze - NEVER hit the button to tell them to take you off. It's there to confirm that somebody "lives" there, so they can put the address on their "address for sale" list. They don't care what you think of them, and in all probability the "button" is a dead link anyway. It's just to tempt you to actually keep the mail open long enough to confirm that it was opened. And even if you "find" them, what they are doing is "perfectly legal," there being no law against being an asshole. (Part of a Congressional Retirement benefit, I understand.) John |
|
28 Feb 03 - 07:39 PM (#900747) Subject: RE: Tech: Spam probs. From: Stilly River Sage Jon, There's a lot going on in that header. I tried plucking out a couple of parts of it to research and they all end up at dead ends. I tried the very top line, with address markers:
If you put sangoma.ceg.co.za into Google you get some hits, but I can't make much sense of them. If you plug in the ([196.15.163.52] bit then you come to a tidy little dead end with the two following addreses linked: www.tlgusa.net/ kburgess.com but you can't get there from here. I can't plug an address into my Norton to research any web addresses other than those it receives and sees as suspect, so I can't track down any of this further. But I'll bet we have some geeks on the list who can. I get a lot of these that appear to be to someone other than me, but it's just a gimmick. All of it is just a gimmick. SRS |
|
28 Feb 03 - 07:45 PM (#900750) Subject: RE: Tech: Spam probs. From: JohnInKansas I should have included to jaze: sending them any "reply" will only get you on more spam mailing lists. There is NOTHING effective you can do except to "SHUN" them - i.e. REFUSE TO ACKNOWLEDGE THAT THEY EXIST. DELETE. jon - the 120 was just 'cause I couldn't remember for sure what the value was - just that it was not what rational persons (i.e. non-Brits?) would expect. John |
|
28 Feb 03 - 07:51 PM (#900754) Subject: RE: Tech: Spam probs. From: Bill D .za is Zanzibar, isn't it?...several small countries make extra $$$$ allowing/selling proxy email/WWW addresses. Just a way to hide who is really doing it and insulate them about 4 levels from prosecution. |
|
28 Feb 03 - 07:51 PM (#900755) Subject: RE: Tech: Spam probs. From: JohnInKansas Stilly - There are ways to attempt to extract header info, but the problem is that saving the message so you have something to look at - or even just looking at it for too long, gives the spammers what they want. They know that you received it. And there is no useful purpose in finding out who they are, because even if you do, you can't (under current laws and policies) do anything to stop them. The ONLY reason to worry about who they are is if they are doing something that is CLEARLY ILLEGAL, and would be of sufficient weight to enlist LAW ENFORCEMENT AUTHORITY to take care of it. Set your filters (but blocking their address is ineffective, because it's a fake and they'll have three new ones tomorrow). Don't open. Don't worry. DELETE. John |
|
28 Feb 03 - 08:03 PM (#900761) Subject: RE: Tech: Spam probs. From: GUEST,Jon jon - the 120 was just 'cause I couldn't remember for sure what the value was - just that it was not what rational persons (i.e. non-Brits?) would expect. Hey Jon, do you mean us Brits were rational with those systems!!! (say's me with a very big grin on my face). Back to the topic, I did complain once that I can remember. That was not about personal spam which just gets dragged to the deleted items folder (I'm not too good at remembering to clear the cache - that's how I found headers for the one I gave above above) but a newsgoup, I think it was alt.banjo but could be wrong. Whatever, the idiot was persistant and posting very graphic porn pics. In this instance it did turn out there had been loads of complaints and the ISP was very good - his(?) account got killed. Doesn't always work that way though. Jon |
|
28 Feb 03 - 08:11 PM (#900763) Subject: RE: Tech: Spam probs. From: GUEST Just out of curiosity, what if I used the shell account my ISP gave me and copied the spam onto /dev/fd0? Would that trigger anything? The Shell uses pine. |
|
28 Feb 03 - 08:25 PM (#900768) Subject: RE: Tech: Spam probs. From: Snuffy 120 is a "long hundred" - 10 twelves instead of 10 tens. 12 is a much better base, because you can divide it by 2, 3, 4 and 6 instead of just 2 and 5. |
|
28 Feb 03 - 09:49 PM (#900810) Subject: RE: Tech: Spam probs. From: Stilly River Sage John, I have my system set so it doesn't send any response if I receive or open an email. These are settings you can choose (I use Pegasus for much of my email). It should be the same as if I were reading my email offline. I only was poking around in there out of curiosity. If I tell the Norton firewall software to track down a source of intended assault on my computer (the little exclamation point in the red circle is always blinking) then it goes to some pretty exotic places. Sometimes. It's just interesting, what in the world is going on out there with Internet predators, and where they operate from. I know little can be done about them, unless they truly come from the U.S. and their IP is from the U.S. and you complain. Sometimes that gets results. Now that there are so many fake addresses around it doesn't do much good to complain. SRS |
|
28 Feb 03 - 11:55 PM (#900879) Subject: RE: Tech: Spam probs. From: JohnInKansas As I indicted above, I've reached the point of simply ignoring the trash, so I haven't made any thorough investigation of what the spammers can do, even for my own software. Obviously, I can't give any definitive answers about other programs or their settings. Your ISP does have to send the email message to you, or you wouldn't see it. Your ISP also needs some way to know which ones he's sent, and which ones are waiting for you. This information obviously goes into the header, since you can look at how the item was routed. Most email programs allow you to request a notice of delivery, and in most you can request a notice when the item is read. Usually, if read-confirm is requested, you will be asked if you want to confirm, and you can say no to prevent the notice from being sent back. It's a little less certain whether you'll even be notified of a delivery-confirm, since that happens before you take any action with the message. I'm sure there is software to reject anything that asks for a confirmation, but that could reject "good" mail too. My own conclusion is that there's nothing useful you can do with any information you might get from these headers, it takes time and effort to look at them, and junk mail deserves no effort on my part except to trash it. I did make a few complaints to my ISP when I first opened the email account, and continued to get increasing amounts of junk. When I started just deleting without attempting to examine it, the volume gradually began to decrease. I wouldn't say it's at a satisfactory level now, but it is less than about 10% of what I was getting for a couple of months after I quit trying to figure out who was sending it. There are many resources where you can look up how the spammers operate, and you can spend a lot of time and effort trying to figure out ways to "combat" it. Lots of effort, for marginal return. The cost/benefit isn't there. Delete and don't worry about it. Viruses are another thing. You must use a current AV if you're getting email - even without the spam. But most AV programs cannot scan a file until it has been written to disk. (that means "delivered.") It's a bug/vermin/pest. Squash it. Don't try to psychoanalyse it. John |
|
01 Mar 03 - 02:49 AM (#900928) Subject: RE: Tech: Spam probs. From: Liz the Squeak Bugger. Wish I'd read this before I spent 20 mins telling the four I got today to get me off the lists..... trouble is I know one of them is one I asked to be removed from 6 weeks ago..... Bugger, bugger, bugger............. LTS - kneedeep in Spam and I can't even eat it! |
|
01 Mar 03 - 03:18 AM (#900940) Subject: RE: Tech: Spam probs. From: GUEST,.gargoyle Have multiple mail accounts - only use the "real one" for closest friends and family.
Sincerely, |
|
01 Mar 03 - 03:56 AM (#900949) Subject: RE: Tech: Spam probs. From: JohnInKansas LTS - If one of them is one you told to take you off the list, the other three are probably just other names he uses - or other vermin he sold your "confirmed" addy to. They move veryquickly. Many "experts" do suggest having one email account for correspondence, and another "junk" account to use when some "questionable" site demands an email address. At least one reasonably reliable source says you don't need a "junk" account - you just make up something for the questionable ones. (Make it look reasonable though?) Since the spammers use "guessing" quite a lot, it is recommended that you use a name on your "good" account that won't be easy to hit on just by putting in "common" characters. For a really secure name, you need to include at least one or two numbers, some alpha characters, and one or two "symbol" characters - although your friends may have a little trouble remembering something like j0hn1nkan#as -- . The spammers also use crawlers to look for email addresses on any site they can get into. This is the reason it's recommended that you never "clear-type" your addy, for example on the 'cat. Mostly they look for the "@" that's part of all email addresses, and/or for anything with the "dot" in it. The dot is less commonly searched, since it appears so often in website names. So there's some protection in spelling out - like my example j0hn1nkan#asATjunkmailDOTcom. Clever people who want to reach you will usually figure it out, but the mechanical harvesters are a little more likely to miss adding you to their lists. My own rule is never use my email address except with "trusted friends" or in the same places where I feel reasonably safe using a credit card (not too many). And as a courtesy to your friends, DON'T give other people their personal email addresses and certainly don't post them anywhere unless you have the owners' permission (implied or otherwise). Business email addresses pretty much have to be made public, or you don't get much business; but the spammers don't usually hit quite as much on addys that look like a business. They're looking more for the "idiot" category of "client." John |
|
01 Mar 03 - 10:13 AM (#901045) Subject: RE: Tech: Spam probs., spamjammed, From: GUEST,sorefingers Interesting, John in Kansas, the government -USA- is seriously talking about making it a criminal offence to spam, except where the client has asked for it. The reason, the internet is being bunged up with it, and the Home Security people think that might become a security issue. |
|
01 Mar 03 - 10:49 AM (#901068) Subject: RE: Tech: Spam probs. From: GUEST,Oldguy Having been on the net since 1996, I have found the perfect solution to spam and even e-mail viruses. Never use the e-mail address given to you by your ISP. You never even have to use outlook which is a target for e-mail viruses. Get a free e-mail account at yahoo.com or hotmail.com. When you start getting spam there, just get another one, inform your friends of your new address and abandon the old one. It is that simple. When I am showing someone who is new to the internet how to use e-mail I set up an e-mail account for them at Yahoo.com and bypass all of the learning involved in using their own e-mail client. Old Guy |
|
01 Mar 03 - 12:51 PM (#901148) Subject: RE: Tech: Spam probs. From: Stilly River Sage John, I agree with most of that the remarks in the last several posts; I have now set up accounts that my friends and family use and that (knock on wood) don't get spam. I have all but abandoned the one that I started with, the one that my computer thinks is default and is the address left behind if I visit web sites that collect such data. (I use Anonymizer for some browsing, just to avoid this). The difficult thing to convince a few friends of is to NOT add my now-serenely spam free address to one of their long open address lists when they send an online petition or humor piece. There are some people who just don't get it--that if you send a whole bunch of friends' addresses in the CC line and someone else who doesn't know how to remove all of that sends it on, your quiet little address is bound to end up somewhere you never intended it to go. A little BCC goes a long way. I've ended up with a sort of graduated email system. The first one is where the spam goes and email from accounts I set up using that address (I'm gradually changing them to my current business address as they turn up). The new business address is where I've directed the friends who continually make email faux pas--I still get their mail, but I hope to keep the junk that might travel in their wake out of my most personal mail box. As you suggested, numbers and bits of names work very well. I've combined a few letters from my name, numbers from the house address, and a couple of letters from the street to a form incomprehensible to a machine, but in which my friends and family recognize enough of the words to know that it is me. And that's a very good idea of yours, writing out AT and DOT. I'll adopt that technique. I never use Outlook at home, and I don't use any of Microsoft's address books. I like Pegasus Mail and I also use Eudora. Netscape Communicator also has a very good email program. These are all downloaded and resident in your computer. The outside email I use (stays resident on someone else's server) is Yahoo mail, which has several good features, such as built in virus scanning abilities. Netscape has a Netscape Mail that is much like Yahoo. I gave up a long time ago trying to get any of the spam to stop by reporting it to the supposed originating company. Just because it says "Yahoo" or "Hotmail," that usually isn't where it comes from. But the way to keep Spaminator working for me is to send the offending post and header back to the spaminator; this was part of their instructions when I first signed on. Meanwhile, I have tested the theory of reporting back about posts or not--I have all of my emails set so they don't report back anything. You have to go into options or preferences to set this. I've tried sending mail to myself and when it was set to allow a response I heard back, but with it set to prohibit feed back, I got none. I never use all of these email programs all of the time; I have one at work and a couple at home, and as I said, I'm gradually eliminating the original email assigned by my internet provider. I probably won't unlist it as my default mail as far as Windows in my computer is concerned. The information may be collected by a web site, but if they try sending anything they'll get an error message. For anyone curious about what other sites can learn about your computer, you might want to try Anonymizer's Snoop Test. Now all that shows up is my IP address (but that's enough to send spam). Before the firewall, via modem, it used to show all sorts of stuff, including my name, email, the size of my monitor, the programs I'm running, versions of things--very invasive. SRS |
|
01 Mar 03 - 04:05 PM (#901246) Subject: RE: Tech: Spam probs. From: Uncle_DaveO Sorefingers, you referred to "except where the client has asked for it". Makes sense. BUT! I get spam all the time that says more or less "This is not SPAM because you permitted it", without any suggestion of where or when I'm supposed to have done that. I don't believe I did, because I'm pretty rigorous about looking over any forms I fill in, either on paper or on the web, to avoid authorizing their "offers". Those SPAMs that include a link to be taken off, saying in effect, "Oh, heavens! We don't want to send this to anyone who doesn't want it!" very often (I found out back when I used to use them) refer to a nonexistent account--even within hours of receipt of the SPAM. My Norton's is pretty good about labeling SPAM messages, and Netscape shuffles them off into a Spam folder I've set up. I check that folder just occasionally, just to see whether some desirable-looking message has been mischaracterized. I haven't found any such mistakes so far. I certainly won't open any messages that got to that folder unless I am pretty sure it's been sent there by mistake. Everything so far has been summarily deleted from that folder. \ Dave Oesterreich |
|
01 Mar 03 - 04:14 PM (#901248) Subject: RE: Tech: Spam probs. From: JohnInKansas Stilly - It sounds as though you've handled your email quite well. The problem of people forwarding to long mailing lists is a perpetual one, and we've had to be "quite forceful" with a couple of people to at least minimize the amount of that kind of stuff. As you say, they must realize that they are publishing the address of everyone on the list, everytime they do that. Most of the methods spammers use to collect addresses are pretty much "legal," even if not ethical. Intercepting email falls in the category of "possibly not even legal," but it is done, and apparently is not too difficult. Outlook and Outlook Express get something of a "bad rap" simply because so many "persons of less than moral character" seem to have a hatred of Microsoft, and because it's widely used; so "cracking" an Outlook feature has more "impact" than getting into something less widely used. Recent meetings of "the guys that worry about spam and viruses" have brought out concerns that many other programs that have enjoyed "immunity through anonymity" have some serious security flaws - even worse than in current IE, OE, and Outlook. A particular concern is discovery of very serious "loopholes" in the Unix and Linux operating systems, and evidence that the hackers and spammers are beginning to increase their attacks on them. The number of "corporate" and "server" users of these systems, and fairly widely known vulnerability, makes it a real concern in any "terrorist" scenario. Many of us doubt that a Federal anti-spam law will have much effect, since it's so easy to move out of the country to get "immunity." Many of the main spam distributers, while located in the US of Canada, route all their "message origination points" via servers outside the continent already. For now, it's mainly because it's easier to find an "offshore" ISP that won't kill their account if too many people complain. And the same problems occur with the (telephone) telemarketers. You just don't see the whole list all at once when you go in for your mail. John |