[OT] Beware, Spam Source

J

Jim Thompson

Guest
As many of you know I have been finagling my E-mail addresses so that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

Fortunately the address is so unique that it's easy to filter and send
spam straight to the blackhole, yet receive legitimate registrar
E-mails.

So be careful.

(Apparently someone is offering "blind" registrations, BUT they
actually hold the registration which makes me a bit uneasy.)

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.
 
"Jim Thompson" <thegreatone@example.com> wrote in message
news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com...
As many of you know I have been finagling my E-mail addresses so that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

Fortunately the address is so unique that it's easy to filter and send
spam straight to the blackhole, yet receive legitimate registrar
E-mails.

So be careful.

(Apparently someone is offering "blind" registrations, BUT they
actually hold the registration which makes me a bit uneasy.)
My ISP (Cox Communications in San Diego) jut started offering SPAM filtering
as a free service. All suspected Spam is modified so that the header
includes

-- Spam --

which makes it easy to divert into a separate folder for later examination
(so far nothing has gone in there by mistake). I'm down to about 5 or 6
spams leaking through per day, and currently there are 19 in the spam folder
since I cleared it out about an hour ago.
 
On Thu, 13 May 2004 17:01:53 -0700, "Richard Henry" <rphenry@home.com>
wrote:

"Jim Thompson" <thegreatone@example.com> wrote in message
news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com...
As many of you know I have been finagling my E-mail addresses so that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

Fortunately the address is so unique that it's easy to filter and send
spam straight to the blackhole, yet receive legitimate registrar
E-mails.

So be careful.

(Apparently someone is offering "blind" registrations, BUT they
actually hold the registration which makes me a bit uneasy.)


My ISP (Cox Communications in San Diego) jut started offering SPAM filtering
as a free service. All suspected Spam is modified so that the header
includes

-- Spam --

which makes it easy to divert into a separate folder for later examination
(so far nothing has gone in there by mistake). I'm down to about 5 or 6
spams leaking through per day, and currently there are 19 in the spam folder
since I cleared it out about an hour ago.
I had heard that Cox was going to offer that service. I presume it'll
make it to Phoenix soon (I'm a Cox subscriber also).

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.
 
On Thu, 13 May 2004 17:05:47 -0700, Jim Thompson
<thegreatone@example.com> wrote:

On Thu, 13 May 2004 17:01:53 -0700, "Richard Henry" <rphenry@home.com
wrote:


"Jim Thompson" <thegreatone@example.com> wrote in message
news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com...
As many of you know I have been finagling my E-mail addresses so that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

Fortunately the address is so unique that it's easy to filter and send
spam straight to the blackhole, yet receive legitimate registrar
E-mails.

So be careful.

(Apparently someone is offering "blind" registrations, BUT they
actually hold the registration which makes me a bit uneasy.)


My ISP (Cox Communications in San Diego) jut started offering SPAM filtering
as a free service. All suspected Spam is modified so that the header
includes

-- Spam --

which makes it easy to divert into a separate folder for later examination
(so far nothing has gone in there by mistake). I'm down to about 5 or 6
spams leaking through per day, and currently there are 19 in the spam folder
since I cleared it out about an hour ago.


I had heard that Cox was going to offer that service. I presume it'll
make it to Phoenix soon (I'm a Cox subscriber also).

...Jim Thompson

My ISP, LMI.net, runs SpamAssassin for me, and I can call them and ask
them to tweak the parameters; their personal support is very good.
They put **SPAM** in the header of anything suspect, and I have
Netscape route that into the Trash folder. But I get maybe 10% that
don't get detected, and an occasional false positive, sometimes for no
apparent reason. So I peruse my Trash folder before emptying it, just
to make sure I don't toss something good. But it still helps a lot.

They also run MimeDefang, which is supposed to keep worms and stuff
out. That seems to work, and I can't receive an unzipped executable
any more.

John
 
In news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com,
Jim Thompson typed:
So spammers are scanning domain registrations :-(
I got one (only) about 5 years ago just because I was listed as the
technical contact in a Network Solutions listing.


--
-Reply in group, but if emailing add 2 more zeros-
-and remove the obvious-
 
"Jim Thompson" <thegreatone@example.com> wrote in message
news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com...
As many of you know I have been finagling my E-mail addresses so that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

snip

They scan virtually all sources... I registerd an enterprise number for my
company (MIBs 'n' stuff). I used an alias in the list to mak my email
address more formal and I get spam on that too. It's the only place I have
ever used it.
 
"UncleWobbly" <hendy@talk21.com> wrote in message news:40a468c4$0$28301$db0fefd9@news.zen.co.uk...

They scan virtually all sources... I registerd an enterprise number for my
company (MIBs 'n' stuff). I used an alias in the list to mak my email
address more formal and I get spam on that too. It's the only place I have
ever used it.
They will send fake emails with random userid to see which bounces and which don't.
I bet they catch quite a few since userid is often quite easy to guess (sales, info,
john, mary, feedback, admin etc etc). So they don't even have to scan.

Its getting really really bad lately. I have seen a solution where anyone who wants
to send you an email for the first time needs to follow a link, read a random generated
number (it appears as a picture so software can't grab it) and type it into a provided
field. This gets you whitelisted and you can send email to that address.

SioL
 
"SioL" <spam@spam.com> wrote in message
news:po_oc.2702$37.363078@news.siol.net...
Its getting really really bad lately. I have seen a solution where anyone
who wants
to send you an email for the first time needs to follow a link, read a
random generated
number (it appears as a picture so software can't grab it) ...
I've seen server-side Java pages which have a few fields and a send button.
No actual address *anywhere*, completely undetectable by a bot.

Nothing's going to help if they start spamming incremental addresses
though... I'm suprised it's not more widespread actually. Then again my
accounts are relatively long in name (my hotmail account is 10 characters
long, less the @.com part).

Tim

--
"I have misplaced my pants." - Homer Simpson | Electronics,
- - - - - - - - - - - - - - - - - - - - - - --+ Metalcasting
and Games: http://webpages.charter.net/dawill/tmoranwms
 
(Why are you crossposting to alt.binaries.schematics.electronic?)

Tom Del Rosso <tdnews01@att.net.invalid> says...

Jim Thompson typed:

So spammers are scanning domain registrations :-(

I got one (only) about 5 years ago just because I was listed as the
technical contact in a Network Solutions listing.
Get a spamcop account and use the "plus technique" to create a unique
email address just for domain registry listings. When you get the
first spam, change the address and set a filter to autoreport anything
sent to the old email address as being spam.

RFC 2822 (which replaces section 6 of RFC 822) says that "+" is legal
when used on the left side of the "@" character in email addresses.
See sections 3.4.1 and 3.2.4 at http://www.ietf.org/rfc/rfc2822.txt or
http://www.faqs.org/rfcs/rfc2822.html for details.

Newer versions of Sendmail accept such "plussed" email addresses,
discarding everything from the "+" to just before the "@".
This can help you to track who sells your email address and in
spam filtering. Many ISPs accept plussed email addresses.
Virtually all ISPs allow you to send plussed email addresses.

spamcop [ http://spamcop.net ] offers email accounts that allow
you to use plussed addresses.
 
I've seen server-side Java pages which have a few fields and a send
button.
No actual address *anywhere*, completely undetectable by a bot.
This is exactly how we do it for the sites we host, no mailto: anywhere on
the site.

Saw a really nice skim-trap that fills email listers with shite based on the
mailto: principal, it even generates links back to itself so skimmers get
locked into a loop filling up their lists with crap... where was it now...
<RUMMAGE>
Ah yes... here we are
http://psacake.com/spam.asp
</RUMMAGE>
a link to this from the front page...quite a nice idea I thought to "salt
the ground" for spammers
 
"UncleWobbly" <hendy@talk21.com> wrote in message news:40a4e082$0$4590$db0fefd9@news.zen.co.uk...

Saw a really nice skim-trap that fills email listers with shite based on the
mailto: principal, it even generates links back to itself so skimmers get
locked into a loop filling up their lists with crap... where was it now...
RUMMAGE
Ah yes... here we are
http://psacake.com/spam.asp
/RUMMAGE
a link to this from the front page...quite a nice idea I thought to "salt
the ground" for spammers
What if they get pissed off and fake their "From:" field to reflect your email?
Its happened before. Usually they just use a random email from their spam email database,
but sometimes they pick on a person who tries to report them and use their email longer.

Siol
 
"SioL" <spam@spam.com> wrote in message
news:Gn9pc.2784$37.368151@news.siol.net...
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40a4e082$0$4590$db0fefd9@news.zen.co.uk...

Saw a really nice skim-trap that fills email listers with shite based on
the
mailto: principal, it even generates links back to itself so skimmers
get
locked into a loop filling up their lists with crap... where was it
now...
RUMMAGE
Ah yes... here we are
http://psacake.com/spam.asp
/RUMMAGE
a link to this from the front page...quite a nice idea I thought to
"salt
the ground" for spammers

What if they get pissed off and fake their "From:" field to reflect your
email?
Its happened before. Usually they just use a random email from their spam
email database,
but sometimes they pick on a person who tries to report them and use their
email longer.

How do they know who reports them?
 
SioL wrote:

"UncleWobbly" <hendy@talk21.com> wrote in message news:40a4e082$0$4590$db0fefd9@news.zen.co.uk...


Saw a really nice skim-trap that fills email listers with shite based on the
mailto: principal, it even generates links back to itself so skimmers get
locked into a loop filling up their lists with crap... where was it now...
RUMMAGE
Ah yes... here we are
http://psacake.com/spam.asp
/RUMMAGE
a link to this from the front page...quite a nice idea I thought to "salt
the ground" for spammers


What if they get pissed off and fake their "From:" field to reflect your email?
Its happened before. Usually they just use a random email from their spam email database,
but sometimes they pick on a person who tries to report them and use their email longer.

Siol


Yeah, I wish they would change it more often! I have spent the last 4
months dealing with hundreds of "Your spam message has been rejected.
Please try again..." messages from all these ISPs who don't know what a
forged FROM address is. Finally, when COX gave us spam filtering, just
turned it on to full reject to get rid of it. So, if you send me a
message, and don't give a reply, it is because I didn't care! :cool:

--
Charlie
--
Edmondson Engineering
Unique Solutions to Unusual Problems
 
"SioL" <spam@spam.com> wrote in message
news:Gn9pc.2784$37.368151@news.siol.net...
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40a4e082$0$4590$db0fefd9@news.zen.co.uk...

Saw a really nice skim-trap that fills email listers with shite based on
the
mailto: principal, it even generates links back to itself so skimmers
get
locked into a loop filling up their lists with crap... where was it
now...
RUMMAGE
Ah yes... here we are
http://psacake.com/spam.asp
/RUMMAGE
a link to this from the front page...quite a nice idea I thought to
"salt
the ground" for spammers

What if they get pissed off and fake their "From:" field to reflect your
email?
Its happened before. Usually they just use a random email from their spam
email database,
but sometimes they pick on a person who tries to report them and use their
email longer.

Siol

don't fully understand here... are you saying they send mail from the web
form using my email address? or send mail from anywhere using my email
address (which is already happening as I get bounces for mail I never sent)
 
"UncleWobbly" <hendy@talk21.com> wrote in message news:40a53579$0$4591$db0fefd9@news.zen.co.uk...
"SioL" <spam@spam.com> wrote in message
What if they get pissed off and fake their "From:" field to reflect your
email?
Its happened before. Usually they just use a random email from their spam
email database,
but sometimes they pick on a person who tries to report them and use their
email longer.

Siol

don't fully understand here... are you saying they send mail from the web
form using my email address? or send mail from anywhere using my email
address (which is already happening as I get bounces for mail I never sent)
They fake the E-mail header in such a way that it appears as if you've sent
the spam. Nothing to do with webforms or your computer/ISP.

Siol
 
"Richard Henry" <rphenry@home.com> wrote in message news:S%9pc.7282$Yg.1480@fed1read05...
"SioL" <spam@spam.com> wrote in message
news:Gn9pc.2784$37.368151@news.siol.net...
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40a4e082$0$4590$db0fefd9@news.zen.co.uk...

Saw a really nice skim-trap that fills email listers with shite based on
the
mailto: principal, it even generates links back to itself so skimmers
get
locked into a loop filling up their lists with crap... where was it
now...
RUMMAGE
Ah yes... here we are
http://psacake.com/spam.asp
/RUMMAGE
a link to this from the front page...quite a nice idea I thought to
"salt
the ground" for spammers

What if they get pissed off and fake their "From:" field to reflect your
email?
Its happened before. Usually they just use a random email from their spam
email database,
but sometimes they pick on a person who tries to report them and use their
email longer.

How do they know who reports them?
Let's say there's a bad ISP in Brazil. They have an agreement with a spammer.
Someone complains, they tell the spammer. $ is all it takes.

They used my domain/email in their "From:" field in the past. I noticed due to bounced
spam, it appeared as if I had sent it. So I researched this particular problem and found
a company who had complained and got burned. They did not just use their email
occasionally, but most of the time. It seems from their website that
they're dedicating a large percent of their activity to fighting this problem, there's
a special notice on their website (fairly large one with multiple links, explanations etc),
they've created a special newsletter to figth this with other victims etc etc. Obviously
they got hurt badly by this episode.

I decided not to try to fight them, I disabled the catch-all tag for my domain and shortly
they stopped using my email.

The spammers were selling medicine. The usual crap.

SioL
 
SioL <spam@spam.com> says...

What if they get pissed off and fake their "From:" field to reflect your
email? Its happened before. Usually they just use a random email from
their spam email database, but sometimes they pick on a person who tries
to report them and use their email longer.
....
They fake the E-mail header in such a way that it appears as if you've
sent the spam.
Spamcop does not reveal who did the reporting, and replaces all
instances of your email address in the quoted spam with "x."

Why are you crossposting to alt.binaries.schematics.electronic???
 
On Thu, 13 May 2004 17:05:47 -0700, Jim Thompson
<thegreatone@example.com> wrote:

On Thu, 13 May 2004 17:01:53 -0700, "Richard Henry" <rphenry@home.com
wrote:
[snip]
My ISP (Cox Communications in San Diego) jut started offering SPAM filtering
as a free service. All suspected Spam is modified so that the header
includes

-- Spam --

which makes it easy to divert into a separate folder for later examination
(so far nothing has gone in there by mistake). I'm down to about 5 or 6
spams leaking through per day, and currently there are 19 in the spam folder
since I cleared it out about an hour ago.


I had heard that Cox was going to offer that service. I presume it'll
make it to Phoenix soon (I'm a Cox subscriber also).

...Jim Thompson
I just checked the local Cox website... the spam control was
introduced here on 4/27. Since I currently route thru spamcop I
hadn't noticed that the change had actually occurred.

Does anyone happen to know what method they're using, SpamAssassin
perhaps? If so I'll drop out of spamcop when my paid-up period ends.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.
 
"Jim Thompson" <thegreatone@example.com> wrote in message
news:npmaa0psbnvr9rsd1l3pvk2d8t4jg69v76@4ax.com...
I just checked the local Cox website... the spam control was
introduced here on 4/27. Since I currently route thru spamcop I
hadn't noticed that the change had actually occurred.

Does anyone happen to know what method they're using, SpamAssassin
perhaps? If so I'll drop out of spamcop when my paid-up period ends.

...Jim Thompson
I'm using SpamAssasin, it works well, but misses some 5% of the spam messages.
If I set it to a more aggresive mode, it marks some of the valid email. So I prefer
to set it to a non-aggresive level and avoid having to verify emails marked as spam.
There are just too many and I don't bother anymore, I just delete them.

Those leftover 5% of spam that don't get detected can be dealt with manually.

SioL
 
don't fully understand here... are you saying they send mail from the
web
form using my email address? or send mail from anywhere using my email
address (which is already happening as I get bounces for mail I never
sent)

They fake the E-mail header in such a way that it appears as if you've
sent
the spam. Nothing to do with webforms or your computer/ISP.

Siol


already hapening *sigh*
 

Welcome to EDABoard.com

Sponsor

Back
Top