OT: Spam

Discussion in 'XML' started by Andy Fish, Oct 29, 2003.

  1. Andy Fish

    Andy Fish Guest

    I don't know if it's just me, but I have noticed the amount of spam coming
    into the email address I use for usenet posting has gotten out of hand in
    the last few days

    Recently I have been getting around 10 copies per hour of the trojan
    "microsoft security update patch" - at 150kb each. I had to keep my email
    client running all the time just to stop the mailbox on my server filling up

    Decided enough is enough so I have killed the email address. :-(

    Andy
    Andy Fish, Oct 29, 2003
    #1
    1. Advertising

  2. Re: Spam

    Andy Fish <> coughed up the following:

    > I don't know if it's just me, but I have noticed the amount of spam
    > coming into the email address I use for usenet posting has gotten out
    > of hand in the last few days
    >
    > Recently I have been getting around 10 copies per hour of the trojan
    > "microsoft security update patch" - at 150kb each. I had to keep my
    > email client running all the time just to stop the mailbox on my
    > server filling up
    >
    > Decided enough is enough so I have killed the email address. :-(
    >
    > Andy


    No, don't do that. (!!!!!!!!!!!!!!)

    Just set up an email address with the following rule:

    emails must have XYZZY in the subject somewhere or will be filtered out
    (or bounced back to recip, if you want)

    And then make sure that that rule is in the footer of the post, or make it
    part of the munged email addr:



    Then it will require a human intevention in the actual construction of the
    email, not just the list.
    Thomas G. Marshall, Oct 29, 2003
    #2
    1. Advertising

  3. Andy Fish wrote:
    > I don't know if it's just me, but I have noticed the amount of spam coming
    > into the email address I use for usenet posting has gotten out of hand in
    > the last few days
    >
    > Recently I have been getting around 10 copies per hour of the trojan
    > "microsoft security update patch" - at 150kb each. I had to keep my email
    > client running all the time just to stop the mailbox on my server filling up


    You got off easy. The virus targeted me in its heyday, when it was on millions
    of machines - meaning that I got about TWO HUNDRED copies per hour! I had the
    good luck of noticing it early and being able to filter on the mail host.

    I'm rather curious how this apparently non-uniformly-distributed targeting
    of addresses harvested from Usenet works. Some really bad random number
    generator perhaps?
    Michael Borgwardt, Oct 29, 2003
    #3
  4. Michael Borgwardt <> coughed up the following:

    > Andy Fish wrote:
    >> I don't know if it's just me, but I have noticed the amount of spam
    >> coming into the email address I use for usenet posting has gotten
    >> out of hand in the last few days
    >>
    >> Recently I have been getting around 10 copies per hour of the trojan
    >> "microsoft security update patch" - at 150kb each. I had to keep my
    >> email client running all the time just to stop the mailbox on my
    >> server filling up

    >
    > You got off easy. The virus targeted me in its heyday, when it was on
    > millions of machines - meaning that I got about TWO HUNDRED copies
    > per hour! I had the good luck of noticing it early and being able to
    > filter on the mail host.
    >
    > I'm rather curious how this apparently non-uniformly-distributed
    > targeting
    > of addresses harvested from Usenet works. Some really bad random
    > number generator perhaps?


    That, or someone reallllly dislikes you.
    Thomas G. Marshall, Oct 29, 2003
    #4
  5. Thomas G. Marshall wrote:

    >>I'm rather curious how this apparently non-uniformly-distributed
    >>targeting
    >>of addresses harvested from Usenet works. Some really bad random
    >>number generator perhaps?

    >
    >
    > That, or someone reallllly dislikes you.


    I'm not paranoid enough to believe that. Many other people were hit in
    the same way, and the only thing I had in common with them was that
    I'd also been posting to Usenet.
    Michael Borgwardt, Oct 29, 2003
    #5
  6. Andy Fish

    Sudsy Guest

    Michael Borgwardt wrote:
    > Thomas G. Marshall wrote:
    >
    >>> I'm rather curious how this apparently non-uniformly-distributed
    >>> targeting
    >>> of addresses harvested from Usenet works. Some really bad random
    >>> number generator perhaps?

    >>
    >>
    >>
    >> That, or someone reallllly dislikes you.

    >
    >
    > I'm not paranoid enough to believe that. Many other people were hit in
    > the same way, and the only thing I had in common with them was that
    > I'd also been posting to Usenet.
    >


    Michael's correct. The account I use to post to Usenet was getting
    hit so frequently that I had to select automatic junk mail delete.
    If I didn't, the mailbox would fill up within an hour and then I'd
    get automatic admonishing messages, telling me that my inbox was
    full and that I might not be receiving all messages...
    But that's why we use the free mail services, no?
    (Although you'd think that Micros**t would at least be able to
    filter e-mails which were supposedly Micros**t security patches
    and the size was always between 220-240 KB, but what do I know?)
    What a pain!
    Sudsy, Oct 30, 2003
    #6
  7. Andy Fish

    Andreas Guest

    I guess you know that Google publich this group via http at
    http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual

    The most easy way to get e-mail addresser for SPAM:ing is to just read
    webpages. :(

    Michael Borgwardt <> wrote in message news:<bnos5p$149vpg$-berlin.de>...
    > Thomas G. Marshall wrote:
    >
    > >>I'm rather curious how this apparently non-uniformly-distributed
    > >>targeting
    > >>of addresses harvested from Usenet works. Some really bad random
    > >>number generator perhaps?

    > >
    > >
    > > That, or someone reallllly dislikes you.

    >
    > I'm not paranoid enough to believe that. Many other people were hit in
    > the same way, and the only thing I had in common with them was that
    > I'd also been posting to Usenet.
    Andreas, Oct 30, 2003
    #7
  8. Andy Fish

    Wald Guest

    "Andy Fish" <> wrote:
    ^^^^^^^^^^^^^^^^^^^^^^^

    If this literally is your email address, then you're like asking to
    get spammed. Try to obfuscate your email address.

    Example:
    real email:

    usenet email:
    john.doe@N-O_S-P-A-M.nonexistantdomain.com
    (remove the animal)
    john dot doe at nonexistantdomain dot com
    ...

    This will not keep your mailbox spamless for eternity, but at least
    the email harvesters won't get your email address directly.

    Just my 2 cents,
    Wald
    Wald, Oct 30, 2003
    #8
  9. Andy Fish

    Bjorn Brox Guest

    Michael Borgwardt wrote:

    > Thomas G. Marshall wrote:
    >
    >>> I'm rather curious how this apparently non-uniformly-distributed
    >>> targeting
    >>> of addresses harvested from Usenet works. Some really bad random
    >>> number generator perhaps?

    >>
    >>
    >>
    >> That, or someone reallllly dislikes you.

    >
    >
    > I'm not paranoid enough to believe that. Many other people were hit in
    > the same way, and the only thing I had in common with them was that
    > I'd also been posting to Usenet.
    >

    Correct. The "Microsoft" Patch spam contains the W32.Swen.A@mm worm

    http://securityresponse.symantec.com/avcenter/venc/data/

    This worm connects to news servers and collect and spead itself to email
    addsesses it finds there.

    --
    Bjorn Brox, CORENA Norge AS, http://www.corena.no/, ICQ 17872043
    Industritunet, Dyrmyrgt. 35, N-3611 Kongsberg, NORWAY
    Phone: +47 32717210, Fax: +47 32717201, Mobile: +47 92638590
    Bjorn Brox, Oct 30, 2003
    #9
  10. Wald wrote:

    > "Andy Fish" <> wrote:
    > ^^^^^^^^^^^^^^^^^^^^^^^
    >
    > If this literally is your email address, then you're like asking to
    > get spammed. Try to obfuscate your email address.
    >
    > Example:
    > real email:
    >
    > usenet email:
    > john.doe@N-O_S-P-A-M.nonexistantdomain.com
    > (remove the animal)
    > john dot doe at nonexistantdomain dot com
    > ...
    >
    > This will not keep your mailbox spamless for eternity, but at least
    > the email harvesters won't get your email address directly.


    There are some problems with those obfuscations.
    If I were a spammer, I'd write a harvesterbot that looks for anything that
    looks like an email, and removes all caps and/or the word (no)spam(forme)
    (and all the variations) from it.

    A lot of those obfuscated addresses would be usable by just doing that.

    --
    Regards,
    Christophe Vanfleteren
    Christophe Vanfleteren, Oct 30, 2003
    #10
  11. (Andreas) wrote in message news:<>...
    > I guess you know that Google publich this group via http at
    > http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual


    Sure I know that. I'm using Google to post this message because I'm firewalled
    from news servers right now.

    > The most easy way to get e-mail addresser for SPAM:ing is to just read
    > webpages. :(


    This was about a virus, not spam. And the virus definitely accessed news servers
    to harves addresses.
    Michael Borgwardt, Oct 30, 2003
    #11
  12. Andy Fish

    Tim Ward Guest

    Re: Spam

    "Andy Fish" <> wrote in message
    news:%YQnb.4943$...
    >
    > Recently I have been getting around 10 copies per hour of the trojan
    > "microsoft security update patch" - at 150kb each. I had to keep my email
    > client running all the time just to stop the mailbox on my server filling

    up

    Oh, is that still around? I don't see them, my ISP throws them away on the
    server. Why would your ISP want to send you viruses?? - choose one that
    doesn't.

    --
    Tim Ward
    Brett Ward Limited - www.brettward.co.uk
    Tim Ward, Oct 30, 2003
    #12
  13. Andy Fish

    Guest

    "Andy Fish" <> wrote:

    >Recently I have been getting around 10 copies per hour of the trojan
    >"microsoft security update patch" - at 150kb each. I had to keep my email
    >client running all the time just to stop the mailbox on my server filling up


    I have a "junk" mail addy at Yahoo that I use just for usenet posting. I
    used to think that using an invalid address goes against the intent when
    usenet was created. For one, you might inadvertantly cause problems for
    somebody else. For all intents, this is now an invalid address. It fills
    up with crap faster than I delete it, and then Yahoo bounces all other mail.

    I thought maybe it was just because I had used my addy for a while. Most
    recently, I was . Had been for quite a while. So...now
    I'm . Within days of my first posting to usenet with
    this address, my 5 meg inbox would fill up within an hour or so and stop
    accepting new mail. Bummer.
    , Oct 30, 2003
    #13
  14. Sudsy <> coughed up the following:

    > Michael Borgwardt wrote:
    >> Thomas G. Marshall wrote:
    >>
    >>>> I'm rather curious how this apparently non-uniformly-distributed
    >>>> targeting
    >>>> of addresses harvested from Usenet works. Some really bad random
    >>>> number generator perhaps?
    >>>
    >>>
    >>>
    >>> That, or someone reallllly dislikes you.

    >>
    >>
    >> I'm not paranoid enough to believe that. Many other people were hit
    >> in the same way, and the only thing I had in common with them was
    >> that I'd also been posting to Usenet.
    >>

    >
    > Michael's correct.


    Well, me too, and */jeez/* guys, I was joking. The point I was making was
    this:

    Someone really disliking you
    is-the-same-result-as
    No one disliking you, and your email address is available.

    Clumsy, I know, but heck. Sue me :)
    Thomas G. Marshall, Oct 30, 2003
    #14
  15. Andreas <> coughed up the following:

    > I guess you know that Google publich this group via http at
    >

    http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual
    >
    > The most easy way to get e-mail addresser for SPAM:ing is to just read
    > webpages. :(


    1. Google requires a real address. That is just a disaster.

    2. The way around that is to use an address for /just/
    newsgroup email. And then require that anyone
    sending you something place a special word into
    the subject, so that you can set up a filter to huck
    the rest.
    Thomas G. Marshall, Oct 30, 2003
    #15
  16. Andy Fish

    Andy Fish Guest

    Re: Spam

    well, my ISP is blueyonder because they're my cable provider, and I'm very
    happy with them.

    To be honest, I'm quite happy to post with a completely ficticious address.
    I've never done anything with the email I got than just delete it all
    without reading it, so I don't really see it as a problem


    "Tim Ward" <> wrote in message
    news:bnqq4j$1424q4$-berlin.de...
    > "Andy Fish" <> wrote in message
    > news:%YQnb.4943$...
    > >
    > > Recently I have been getting around 10 copies per hour of the trojan
    > > "microsoft security update patch" - at 150kb each. I had to keep my

    email
    > > client running all the time just to stop the mailbox on my server

    filling
    > up
    >
    > Oh, is that still around? I don't see them, my ISP throws them away on the
    > server. Why would your ISP want to send you viruses?? - choose one that
    > doesn't.
    >
    > --
    > Tim Ward
    > Brett Ward Limited - www.brettward.co.uk
    >
    >
    Andy Fish, Oct 30, 2003
    #16
  17. Andy Fish wrote:

    > I don't know if it's just me, but I have noticed the amount of spam coming
    > into the email address I use for usenet posting has gotten out of hand in
    > the last few days
    >
    > Recently I have been getting around 10 copies per hour of the trojan
    > "microsoft security update patch" - at 150kb each. I had to keep my email
    > client running all the time just to stop the mailbox on my server filling up
    >
    > Decided enough is enough so I have killed the email address. :-(
    >
    > Andy


    I try not to use my real e-mail address in usenet postings. Recently, my ISP
    changed the e-mail domain, and the reduction in spam has been *wonderful*.
    Unfortunately, I did make one unprotected posting with the new address, and I
    still get a trickle, but it's just one or two every couple of days instead of
    over 100 a day--which I could trace to indiscreet posting in 1996!

    Take a look at http://www.spamgourmet.com for a nice way to have an invalid
    address that does the least amount of harm to bandwidth and such. They also
    provide for disposable e-mail addresses, so if you *do* have a reason to post an
    address, it will only work for a little while.

    Roedy Green posted something (last year, I think) on this subject. IIRC, here
    are the points he made:

    1. Obfuscation techniques are not very nice. If someone, in all innocence,
    tries to e-mail you, and just click rather than actually looking at the address,
    they don't find out for awhile. And their ISP, the backbone servers, and
    possibly your ISP have to deal with dead mail. There is an old standard, not
    very well known, that says you should add ".invalid" to the end of an invalid
    e-mail address. Not all e-mail clients know about that standard, but for those
    that do, the sender finds out immediately as soon as they click, so you do not
    cause any addition to the glut on the Internet.

    2. Obfuscation techniques do not work 100%. The simpler techniques are easy to
    crack automatically, and (Roedy claimed in the posting), the spammers pay little
    old ladies to scan manually and collect e-mail addresses, so they will figure
    out the more elaborate schemes.

    3. Invalid e-mail sent to spamgourmet.com is quietly sent to the bit bucket. Of
    course, the innocent who tried to send you e-mail will never know, but you did
    try to help them by adding ".invalid" to your bogus address. It's not your
    fault if their e-mail client was thrown together in a hurry by someone who did
    not take the time to understand e-mail in all its glory.

    4. If you set up a disposable address through spamgourmet.com, folks have a
    chance to send you e-mail that you will actually recieve. You might get a
    couple of spam messages, but then they stop and never bother you again.

    There are lots of other uses for disposable addresses, including your first
    exchanges with an organization that you don't know and do not yet trust. Yes, I
    have had the bad experience of giving my e-mail address to a company who
    promised that they respected my privacy--and was immediately buried with spam
    using that address. (You can probably demonstrate this for yourself if you want
    to. Many ISPs will deliver mail with bogus subdomains. For example, if your
    address is , you can give out and
    it will still be delivered. So you make such a change when dealing with someone
    new and watch the junk roll in using that address.)

    Scott
    Scott Hightower, Oct 31, 2003
    #17
  18. Scott Hightower <> coughed up the following:

    > Andy Fish wrote:
    >
    >> I don't know if it's just me, but I have noticed the amount of spam
    >> coming into the email address I use for usenet posting has gotten
    >> out of hand in
    >> the last few days
    >>
    >> Recently I have been getting around 10 copies per hour of the trojan
    >> "microsoft security update patch" - at 150kb each. I had to keep my
    >> email client running all the time just to stop the mailbox on my
    >> server filling up
    >>
    >> Decided enough is enough so I have killed the email address. :-(
    >>
    >> Andy

    >
    > I try not to use my real e-mail address in usenet postings.
    > Recently, my ISP changed the e-mail domain, and the reduction in spam
    > has been *wonderful*. Unfortunately, I did make one unprotected
    > posting with the new address, and I still get a trickle, but it's
    > just one or two every couple of days instead of over 100 a day--which
    > I could trace to indiscreet posting in 1996!
    >
    > Take a look at http://www.spamgourmet.com for a nice way to have an
    > invalid address that does the least amount of harm to bandwidth and
    > such. They also provide for disposable e-mail addresses, so if you
    > *do* have a reason to post an address, it will only work for a little
    > while.
    >
    > Roedy Green posted something (last year, I think) on this subject.
    > IIRC, here are the points he made:
    >
    > 1. Obfuscation techniques are not very nice. If someone, in all
    > innocence, tries to e-mail you, and just click rather than actually
    > looking at the address, they don't find out for awhile. And their
    > ISP, the backbone servers, and possibly your ISP have to deal with
    > dead mail. There is an old standard, not very well known, that says
    > you should add ".invalid" to the end of an invalid e-mail address.
    > Not all e-mail clients know about that standard, but for those that
    > do, the sender finds out immediately as soon as they click, so you do
    > not cause any addition to the glut on the Internet.


    Bah. The worry of getting to me is the burden of the sender, not me.


    > 2. Obfuscation techniques do not work 100%. The simpler techniques
    > are easy to crack automatically, and (Roedy claimed in the posting),
    > the spammers pay little old ladies to scan manually and collect
    > e-mail addresses, so they will figure out the more elaborate schemes.


    The little old ladies are rarely able to handle obfuscation techniques that
    have mathematical equations in them. Far too much effort. Far too much
    education required.

    3.com

    for

    etc.

    Besides, the even better technique is to (as I've hollared to no avail here
    evidentally) require a magic word to appear on the subject line. Everything
    else ariving at your address gets thrown out by a filter, often at the
    server level.

    This technique is for when you have an email dedicated to usenet postings.
    Thomas G. Marshall, Oct 31, 2003
    #18
  19. Scott Hightower <> coughed up the following:

    > Andy Fish wrote:
    >
    >> I don't know if it's just me, but I have noticed the amount of spam
    >> coming into the email address I use for usenet posting has gotten
    >> out of hand in
    >> the last few days
    >>
    >> Recently I have been getting around 10 copies per hour of the trojan
    >> "microsoft security update patch" - at 150kb each. I had to keep my
    >> email client running all the time just to stop the mailbox on my
    >> server filling up
    >>
    >> Decided enough is enough so I have killed the email address. :-(
    >>
    >> Andy

    >
    > I try not to use my real e-mail address in usenet postings.


    Actually my favorite technique, which is not possible on all but the best
    filters, would be to have the following:



    And grant the emails a +- 5 day window or similar.

    But that requires that you have procmail (?) or something else mondo
    powerful.
    Thomas G. Marshall, Oct 31, 2003
    #19
  20. Andy Fish

    Roedy Green Guest

    On Fri, 31 Oct 2003 16:40:47 GMT, "Thomas G. Marshall"
    <> wrote or quoted
    :

    > 3.com


    the problem with this is SOMEBODY has to decode it for use, (and may
    not bother). If they do, then it is lying around in plaintext just
    waiting for Sven to harvest in anyone's mailbox who communicates with
    you.

    One of the great charms of email addresses is they could be permanent,
    even if you moved or changed ISPs. Now the spam brats have destroyed
    that. Your main defense it to change your email address and then only
    tell selected people.

    I think the solution is to charge 50 cents to send an email, the money
    going to the receiver's account. For most people, it would balance
    out. If you were clever, you could get spammers to pay your rent for
    you by spamming to an account you never read. Fitting revenge.



    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Oct 31, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rene Pijlman
    Replies:
    22
    Views:
    723
    Fredrik Lundh
    Dec 10, 2003
  2. Sergio Correia
    Replies:
    7
    Views:
    285
    Ben Finney
    Sep 18, 2007
  3. Replies:
    3
    Views:
    475
  4. zax75
    Replies:
    1
    Views:
    1,092
  5. David Binnie
    Replies:
    2
    Views:
    445
    Rich Webb
    May 22, 2009
Loading...

Share This Page