email Spam | Tech Off

Shark_M

Hi guys,

lately I have been bombarded by 10s of spam emails, and I kept my email address private. No one knows it except those I give. But now , and only now, i start getting lots of spam andjunk mail. Outlook express does not filter the spam or junk mail. So I am left to go through each one of them and its a hard time consuming thing to do.

The interesting thing I observed, the destination email is not even mine it has parts of it, as if they are using software that generate randomal emails at a given ISP. and its sent as a carbon copy to all these variations one of them by chance happen to be mine.

How can one prevent this? Do i just make a new email? its just sad.

PerfectPhase
"This is not war, this is pest control!" - Dalek to Cyberman

It seems to have got out of hand in the last few weeks, we are getting bombarded by hundreds of spam emails that seem to have found away to get by the IMF in exchange. It's getting to the point where I'm think I'm going to have to buy something else to kill all this crap.

pathfinder
Hard work never killed anybody, but why take a chance?

Yesterday alone we got the following statistics on spam reaching our Scottsdale location.

Inbound Messages:

	Total	Good	Blocked	% Good	% Blocked
Day	12427	1746	10681	14.05	85.95

Harlequin
http://twitter.com/TrueHarlequin

Don't forget, your ISP knows your email. Sometimes they sell mailing lists.

yman

I am just getting bombarded with spam messages recently, something in the region of 4-6 per hour. Outlook does a good job at removing most of the filth, but just the ideal of the messages' presence in my junk folder makes me cringe Perplexed

MB

100/hour... ok, that's a problem... but, so long as it's not kiddie (I need to watch my language)... then pressing [DELETE] every now and then... it just doesn't bother me... there are plenty of things that bug me more than that.Of course... YMMV

MB

...why is the word P0RN unacceptable ??

Matthew van Eerde
AKA Maurits

Harlequin wrote:
your ISP knows your email

Well, only if you use the email service your ISP gives you.

EDIT: Admittedly your email service provider could sell your email even if it's not your ISP.

SuperSkunk
keep the vibe alive

"I kept my email address private. No one knows it except those I give."

Some companies have pre-existing contracts to share their email listings. Where your address goes from there who knows.

Matthew van Eerde
AKA Maurits

Some email servers allow you to slip identifying tags into your email address. So if your email address is

joe@example.com

... then you can give out any of the following, and they will all come back to you:

joe+company1@example.com
joe+newsletterFoo@example.com
joe+siteXYZ@example.com

If you start getting spam as a result of signing up on site XYZ, then you could reject all email to that address.

figuerres
???

IMHO email as we know it today esp. SMTP is just a mess and needs a re-work.

for a while I was on an IETF group and gave up when I saw that they all felt that any changes that did any real fix to email were to much.

what we need is a new protocol that replaces SMTP.

why?

SMTP has no checks on validity of the message and no accountability of the sender or the relay or the reciver.

for example you can often create a "double" set of headers and get an smtp server to deliver a message such that when you get it the outer headers are gone... the *REAL* ones that point back to the sending server.

the inner set can say anything.

also I have seen mail sever addons send error messsages for attachments etc... to the email of somneone who never sent the email.... also based on the fake headers used by the spamer.

as long as the sender can hide the spam will keep coming.

fix the system to allow me to know who sent the message and the spam will stop.

the thing is forget about the "spam" it's not the problem...

really !

it's a symptom of the basic problem.

the way to combat this is based on the fraud and abuse.

for example if I can take some a$$ to court and make them pay me for the theft of my money -- by stealing my cpu time, disk storage, network bandwith, electric bills, man-hours etc...
now just me no big.... but if say I find 10,000 users and 2-3 ISP's who have each suffered damges and we all sue the abuser....

Bing! one down, and soon others will find a new line of theft to follow.

we can do this if we can prove who the sender was and that they were not legit.

spam blocking is a bandaid. it slows it down but your system is still hurt by it.

for example if 70-90% of the inbound traffic to an ISP's mail server is junk the users don't want then the ISP has to charge the users for the cost of the bandwith and server.

also if an ISP has users with zombi pc's sending junk then the legit users are paying for this also.

bandwidth and more network gear to keep the spam flowing.

and this also makes the ISP's do more work manageing the network and trying to halt the junk.
and again the users will pay for that.

so we pay for spam even when the ISP is trying to block it.

so fix SMTP to make the sender's pay for it or stop sending it.

the only way to make that happen is not not let them hide behind proxy's and hacked mua / mta software that fails to identify them.

if smtp fails to do this then someone will create a new standard and we will move to it.

and smtp will die.

littleguru
<3 Seattle

The bombardement has also started here. I've been using SpamBayes for quite a while. It works well. The build in Outlook feature isn't that bad too.

Pace
In The Mix...

I feel better for reading this Big Smile

Even with my intelligent message filtering set to extremely strict in exchange and using GFI Mail Essentials im still getting about 10/hr through...

I wish someone would castrate the people that make these new spam bots.

Matthew van Eerde
AKA Maurits

Alas, spam is likely to continue so long as
a) people want to buy the products spamvertised
b) the spamvertising merchants are more attractive than other, legitimate merchants

But there are RFCs by various orgs that should help, if they become more widely adopted:

RFC 4405
RFC 4406
RFC 4407
RFC 4408

Yahoo and Cisco are also working on an RFC for their DKIM technology, which looks promising.

Shark_M

Yeah, But guys, suppose your email is myEmail@MyISP.com.

why would you be receiving spam email not even directed to your email address? I am receiving email that is directed to myEma@MyISP.c om, and other variants but not my actual myEmail@ myips..., it really is amazing. Is there something wrong with my Isp's addressing or something that allows emails intended to others to reach me? I am not myEm, or MyEma, or MyE....etc. but i keep getting these spam addressed to an email not entirely mine.

Strange! Sad

Matthew van Eerde
AKA Maurits

Well, that's a lot easier to explain. It's popularly known as BCC. Smiley

Shark_M

Matthew van Eerde wrote:
Well, that's a lot easier to explain. It's popularly known as BCC.

but some emails have only 1 email in the TO: field and its not even mine.

Matthew van Eerde
AKA Maurits

That is, indeed, how BCC works.

Shark_M

Matthew van Eerde wrote:
That is, indeed, how BCC works.

Explain how I can be receiving an email not addressed to me using BCC?

I send an email to X@ISP.co m and then Y @ ISP.co m gets it? although X is similiar to Y but not equal to it strictly speaking.

How does BCC work in that way?

Matthew van Eerde
AKA Maurits

From: spammer@example.com
To: fake-address@nowhere.example.org
Bcc: you@your-isp.example

Buy, buy buy!
Don't bother checking into the validity of this offer. I already did that and I can personally assure you it's totally above-board.

It was mentioned on CNN and Oprah uses it herself.

... etc.

LaBomba
Summer

If you are getting a lot of spam from the same address, or subjects similiar, and you were using Hotmail, you could setup custom filters.

These messages would then be delivered straight to your....

trash can.

littleguru
<3 Seattle

Sometimes it is better not speaking english as a native language. Most of the spam mails are written in english, which makes it easier for me to filter them out.

cheong

Shark_M wrote:

Explain how I can be receiving an email not addressed to me using BCC?

I send an email to X@ISP.co m and then Y @ ISP.co m gets it? although X is similiar to Y but not equal to it strictly speaking.

How does BCC work in that way?

But, don't BCC in email header immediately discarded when placed in mailbox and never be seen by the receiver? All receipents(including receivers on the BCC list!) won't know who is on the BCC list.

littleguru wrote:
Sometimes it is better not speaking english as a native language. Most of the spam mails are written in english, which makes it easier for me to filter them out.

On the contrary, most of the spam I received is in Chinese, so writing emails in English makes it easier for me to filter them out.

figuerres
???

Matthew van Eerde wrote:
Alas, spam is likely to continue so long as
a) people want to buy the products spamvertised
b) the spamvertising merchants are more attractive than other, legitimate merchants

But there are RFCs by various orgs that should help, if they become more widely adopted:

RFC 4405
RFC 4406
RFC 4407
RFC 4408

Yahoo and Cisco are also working on an RFC for their DKIM technology, which looks promising.

Hmm... when I get time I'l try and see what they do,
can you coment on any of them stoping the spoofing and hiding aspects ?

Matthew van Eerde
AKA Maurits

They're all about accountability of the "From" address, really.

You can read more about them here:

Microsoft Sender ID
OpenSPF Sender Policy Framework
Yahoo! and Cisco DomainKeys Identified Mail