[OT] Beware, Spam Source

My ISP (Cox Communications in San Diego) jut started offering SPAM filtering as a free service. All suspected Spam is modified so that the header includes

-- Spam --

which makes it easy to divert into a separate folder for later examination (so far nothing has gone in there by mistake). I'm down to about 5 or 6 spams leaking through per day, and currently there are 19 in the spam folder since I cleared it out about an hour ago.

I had heard that Cox was going to offer that service. I presume it'll make it to Phoenix soon (I'm a Cox subscriber also).

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
|  Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    |
|  Phoenix, Arizona            Voice:(480)460-2350  |             |
|  E-mail Address at Website     Fax:(480)460-2142  |  Brass Rat  |
|       http://www.analog-innovations.com           |    1962     |
             
I love to cook with wine.      Sometimes I even put it in the food.

My ISP, LMI.net, runs SpamAssassin for me, and I can call them and ask them to tweak the parameters; their personal support is very good. They put **SPAM** in the header of anything suspect, and I have Netscape route that into the Trash folder. But I get maybe 10% that don't get detected, and an occasional false positive, sometimes for no apparent reason. So I peruse my Trash folder before emptying it, just to make sure I don't toss something good. But it still helps a lot.

They also run MimeDefang, which is supposed to keep worms and stuff out. That seems to work, and I can't receive an unzipped executable any more.

John

I got one (only) about 5 years ago just because I was listed as the technical contact in a Network Solutions listing.

--
-Reply in group, but if emailing add 2 more zeros-
-and remove the obvious-

They scan virtually all sources... I registerd an enterprise number for my company (MIBs 'n' stuff). I used an alias in the list to mak my email address more formal and I get spam on that too. It's the only place I have ever used it.

They will send fake emails with random userid to see which bounces and which don't. I bet they catch quite a few since userid is often quite easy to guess (sales, info, john, mary, feedback, admin etc etc). So they don't even have to scan.

Its getting really really bad lately. I have seen a solution where anyone who wants to send you an email for the first time needs to follow a link, read a random generated number (it appears as a picture so software can't grab it) and type it into a provided field. This gets you whitelisted and you can send email to that address.

SioL

who wants

random generated

I've seen server-side Java pages which have a few fields and a send button. No actual address *anywhere*, completely undetectable by a bot.

Nothing's going to help if they start spamming incremental addresses though... I'm suprised it's not more widespread actually. Then again my accounts are relatively long in name (my hotmail account is 10 characters long, less the @.com part).

Tim

-- "I have misplaced my pants." - Homer Simpson | Electronics,

- - - - - - - - - - - - - - - - - - - - - - --+ Metalcasting and Games:

Get a spamcop account and use the "plus technique" to create a unique email address just for domain registry listings. When you get the first spam, change the address and set a filter to autoreport anything sent to the old email address as being spam.

RFC 2822 (which replaces section 6 of RFC 822) says that "+" is legal when used on the left side of the "@" character in email addresses. See sections 3.4.1 and 3.2.4 at

or for details.

Newer versions of Sendmail accept such "plussed" email addresses, discarding everything from the "+" to just before the "@". This can help you to track who sells your email address and in spam filtering. Many ISPs accept plussed email addresses. Virtually all ISPs allow you to send plussed email addresses.

spamcop [

] offers email accounts that allow you to use plussed addresses.

button.

This is exactly how we do it for the sites we host, no mailto: anywhere on the site.

Saw a really nice skim-trap that fills email listers with s**te based on the mailto: principal, it even generates links back to itself so skimmers get locked into a loop filling up their lists with crap... where was it now...

Ah yes... here we are

a link to this from the front page...quite a nice idea I thought to "salt the ground" for spammers

What if they get pissed off and fake their "From:" field to reflect your email? Its happened before. Usually they just use a random email from their spam email database, but sometimes they pick on a person who tries to report them and use their email longer.

Siol

the

get

now...

"salt

email?

email database,

email longer.

How do they know who reports them?

email database,

email longer.

Yeah, I wish they would change it more often! I have spent the last 4 months dealing with hundreds of "Your spam message has been rejected. Please try again..." messages from all these ISPs who don't know what a forged FROM address is. Finally, when COX gave us spam filtering, just turned it on to full reject to get rid of it. So, if you send me a message, and don't give a reply, it is because I didn't care! 8-)

--
Charlie
--
Edmondson Engineering
Unique Solutions to Unusual Problems

the

get

now...

"salt

email?

email database,

email longer.

don't fully understand here... are you saying they send mail from the web form using my email address? or send mail from anywhere using my email address (which is already happening as I get bounces for mail I never sent)

They fake the E-mail header in such a way that it appears as if you've sent the spam. Nothing to do with webforms or your computer/ISP.

Siol

Let's say there's a bad ISP in Brazil. They have an agreement with a spammer. Someone complains, they tell the spammer. $ is all it takes.

They used my domain/email in their "From:" field in the past. I noticed due to bounced spam, it appeared as if I had sent it. So I researched this particular problem and found a company who had complained and got burned. They did not just use their email occasionally, but most of the time. It seems from their website that they're dedicating a large percent of their activity to fighting this problem, there's a special notice on their website (fairly large one with multiple links, explanations etc), they've created a special newsletter to figth this with other victims etc etc. Obviously they got hurt badly by this episode.

I decided not to try to fight them, I disabled the catch-all tag for my domain and shortly they stopped using my email.

The spammers were selling medicine. The usual crap.

SioL

...

Spamcop does not reveal who did the reporting, and replaces all instances of your email address in the quoted spam with "x."

Why are you crossposting to alt.binaries.schematics.electronic???

I just checked the local Cox website... the spam control was introduced here on 4/27. Since I currently route thru spamcop I hadn't noticed that the change had actually occurred.

Does anyone happen to know what method they're using, SpamAssassin perhaps? If so I'll drop out of spamcop when my paid-up period ends.

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
|  Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    |
|  Phoenix, Arizona            Voice:(480)460-2350  |             |
|  E-mail Address at Website     Fax:(480)460-2142  |  Brass Rat  |
|       http://www.analog-innovations.com           |    1962     |
             
I love to cook with wine.      Sometimes I even put it in the food.

I'm using SpamAssasin, it works well, but misses some 5% of the spam messages. If I set it to a more aggresive mode, it marks some of the valid email. So I prefer to set it to a non-aggresive level and avoid having to verify emails marked as spam. There are just too many and I don't bother anymore, I just delete them.

Those leftover 5% of spam that don't get detected can be dealt with manually.

SioL

web

sent)

sent

already hapening *sigh*