spam

Discussion in 'Java' started by Roedy Green, Sep 19, 2003.

  1. Roedy Green

    Roedy Green Guest

    A mindless sort of spam is filling my mailbox up with 200+ pieces of
    junk every time I look. Many of these are appear to be bounced
    messages I never sent. What tools do you use to deal with this. I am
    using SpamDetective, but it is overwhelmed by this.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Sep 19, 2003
    #1
    1. Advertising

  2. "Roedy Green" <> wrote in message
    news:...
    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.


    SpamAssassin works like a charm, but it runs server side. We have our
    own colocated mail server (me and a bunch of friends), so I get all my
    email spam filtered and checked for viruses.
    Michiel
    Michiel Konstapel, Sep 19, 2003
    #2
    1. Advertising

  3. Roedy Green

    Harald Hein Guest

    "Roedy Green" wrote:

    > A mindless sort of spam is filling my mailbox up with 200+ pieces
    > of junk every time I look. Many of these are appear to be bounced
    > messages I never sent.


    This sounds like what is called a joe-job. If these are indeed bounces
    someone is using your e-mail address as the return-address in spam.

    > What tools do you use to deal with this.
    > I am using SpamDetective, but it is overwhelmed by this.


    You should talk to your provider for at least three reasons:

    - To make sure your provider understands that this is a joe-job, and
    that you are NOT a spammer, so your account is not in danger.

    - To get sever-side filtering on your provider's server, so you don't
    have to download all the junk all the time. Also make sure that your
    contract with your provider doesn't require you to pay for the
    bandwidth the spam steals.

    - To enlist your provider's help in analysing the bounces. Most bounces
    usually don't contain a lot of data, but if you are lucky, a few might
    come from MTAs who include the full original message in the bounce.
    This will help you to at least understand for what kind of spam your
    name is used. If the spammer is stupid you might even find the origin
    of the spam, but professional spam these days is usually sent via open
    proxies that don't log.

    You can also do the following:

    - If the spam points to your web site, replace the advertised web sites
    with a message explaining the situation. If the spam uses images from
    your web site (img tag in HTML spam), replace these images with images
    that contain some text explaining the problem.

    - If you know the spam, follow the money trail. Maybe you can find out
    who benefits from the spam.

    - If people complain directly to you, including verbal abuse, reply
    with a short, polite, pre-formulated message explaining the situation.
    Point to the real spammer and tell them where they can complain.

    - Your name might have been picked at random, or as some kind or
    revenge. Go through your recent newsgroup posting and look out for
    whiners who didn't like your answers. Try to find links (location,
    business, spelling errors, message style, etc.) between the spam and
    the whiner's posting.

    - Read the various FAQs of news.admin.net-abuse.email to find out more
    about reading headers, joe-jobs, finding spammers, and ripping them
    apart.

    - If this gets over your head ask your provider to temporarly close
    your e-mail account. This will be a small win for the spammer but might
    save you money and you might sleep better.
    Harald Hein, Sep 19, 2003
    #3
  4. Roedy Green

    Nigel Wade Guest

    Roedy Green wrote:

    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.
    >


    It's most likely not spam, but the result of some other [clueless] person
    with your mail address in their addressbook getting infected with the Sobig
    virus/worm. This is one of the symptoms.

    The messages are from [clueless] people who have automatic filtering in
    their email systems which send back delivery failure and/or virus detection
    messages to the wrong person.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail :
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
    Nigel Wade, Sep 19, 2003
    #4
  5. Roedy Green

    Alan Moore Guest

    On Fri, 19 Sep 2003 02:19:00 GMT, Roedy Green <>
    wrote:

    >A mindless sort of spam is filling my mailbox up with 200+ pieces of
    >junk every time I look. Many of these are appear to be bounced
    >messages I never sent. What tools do you use to deal with this. I am
    >using SpamDetective, but it is overwhelmed by this.


    This sounds exactly like what I experienced while the Blaster worm was
    active. I wasn't infected, but someone that I had corresponded with
    was. I got hundreds of virus messages, plus about 1/10 that number of
    bounce-backs, because the infected machine was using my address in
    messages it sent to other people. So maybe someone you know is
    infected with a virus, or unwittingly running an open proxy.

    BTW, I use SpamAssassin on my own machine by means of SAProxy (
    http://saproxy.bloomba.com/moreinfo.php ), and between it and my mail
    provider's built-in filtering, none of the virus messages made it to
    my inbox, though many of the bounce-backs did. The only problem with
    SAProxy is that it uses a s***load of RAM - it's using 25M right now,
    and I've seen it go as high as 80M.
    Alan Moore, Sep 19, 2003
    #5
  6. Roedy Green

    Gary M Guest

    Harald Hein <> wrote in news:Xns93FB5CFAAFF78hhtoken@
    194.97.5.10:

    > - To enlist your provider's help in analysing the bounces. Most bounces
    > usually don't contain a lot of data, but if you are lucky, a few might
    > come from MTAs who include the full original message in the bounce.
    > This will help you to at least understand for what kind of spam your
    > name is used. If the spammer is stupid you might even find the origin
    > of the spam, but professional spam these days is usually sent via open
    > proxies that don't log.
    >


    Excellent suggestions. Also checkout spamcop.net which has free tools to
    analyze headers and notify correct authorities.
    Gary M, Sep 19, 2003
    #6
  7. Roedy Green

    Sudsy Guest

    Roedy Green wrote:
    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.


    Probably Gibe.F. It spoofs your address (finding it somewhere on the
    infected machine) as the sender so you get the double-whammy: the
    actual worm (usually masquerading as a Micrs**t Security patch) and
    the mail rejection notifications (for e-mails you didn't even send!).
    You'd think that someone at Hotmail would have the smarts to
    quarantine e-mails with a size of 145-160Kb and the word Micros**t
    in the subject, but noooo....
    They happily let your mailbox fill up. When you empty it, it fills
    up again in no time. Sigh.
    Sudsy, Sep 19, 2003
    #7
  8. "Harald Hein" <> wrote in message
    news:Xns93FB5CFAAFF78hhtoken@194.97.5.10...
    > "Roedy Green" wrote:
    >
    > > A mindless sort of spam is filling my mailbox up with 200+ pieces
    > > of junk every time I look. Many of these are appear to be bounced
    > > messages I never sent.

    >
    > This sounds like what is called a joe-job. If these are indeed bounces
    > someone is using your e-mail address as the return-address in spam.
    >
    > > What tools do you use to deal with this.
    > > I am using SpamDetective, but it is overwhelmed by this.

    >
    > You should talk to your provider for at least three reasons:
    >
    > - To make sure your provider understands that this is a joe-job, and
    > that you are NOT a spammer, so your account is not in danger.
    >
    > - To get sever-side filtering on your provider's server, so you don't
    > have to download all the junk all the time. Also make sure that your
    > contract with your provider doesn't require you to pay for the
    > bandwidth the spam steals.
    >


    My ISP uses Postini - it is catching 95 - 100% of the spam and
    virus infected mail. The last 12 hrs caught almost 300 total - I
    hate to think how folks with slow connections are faring.

    WBB
    William Brogden, Sep 19, 2003
    #8
  9. Sudsy wrote:
    > Roedy Green wrote:
    >
    >> A mindless sort of spam is filling my mailbox up with 200+ pieces of
    >> junk every time I look.

    >
    > Probably Gibe.F.


    I found this possibility too

    http://www.f-secure.com/v-descs/swen.shtml
    Shane Petroff, Sep 19, 2003
    #9
  10. Roedy Green

    Brad BARCLAY Guest

    Roedy Green wrote:
    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.


    I've had well over 500 messages this week containing the W32.Swen (aka
    W32.Gibe-F) Windows worm. As I don't run Windows at all, I'm immune --
    but it's still a royal PITA.

    Here's what I'm running, which has been very helpful in dealing with
    this deluge:

    1) My e-mail program, PMMail/2 (http://www.pmmail2000.com -- an OS/2
    program, but a Windows version is also available) has a feature called
    "Remote Control", which downloads just the headers from your mail
    server, and allows you to browse the messages and select the ones you
    want to transfer, and the ones you want to delete. This was _very_
    useful this morning when I had over 330 such messages in my inbox -- I
    was able to delete them all before actually transferring the 4 messages
    I had that were not junk.

    2) bogofilter (http://bogofilter.sourceforge.net/). It's baysian
    filtering mechanism is excellent -- it's caught all of the messages that
    arrive during the day and is shunting them to a Spam folder were I can
    briefly inspect them (to ensure no false-positives are caught -- in the
    month I've been running it, it hasn't had one false-positive, but I
    glance at the list just in case) and delete them.

    (In the time it took to type the above, I got another 12 of these
    ^*^&()^ messages. As if I needed another reason to hate Windows and
    it's mindless masses of minions...:p).

    Brad BARCLAY

    --
    =-=-=-=-=-=-=-=-=
    From the OS/2 WARP v4.5 Desktop of Brad BARCLAY.
    The jSyncManager Project: http://www.jsyncmanager.org
    Brad BARCLAY, Sep 19, 2003
    #10
  11. Roedy Green

    Brad BARCLAY Guest

    Shane Petroff wrote:
    > Sudsy wrote:
    >> Probably Gibe.F.

    >
    >
    > I found this possibility too
    >
    > http://www.f-secure.com/v-descs/swen.shtml


    W32.Swen and W32.Gibe-F are one and the same virus. Different virus
    companies ofter create their own names for virii when they first analyze
    them. From Symantec's website (which calls it W32.Swen.A@mm), the
    following are synomyms:

    Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A

    Brad BARCLAY

    --
    =-=-=-=-=-=-=-=-=
    From the OS/2 WARP v4.5 Desktop of Brad BARCLAY.
    The jSyncManager Project: http://www.jsyncmanager.org
    
    Brad BARCLAY, Sep 19, 2003
    #11
  12. Roedy Green

    Roedy Green Guest

    On Fri, 19 Sep 2003 09:31:11 GMT, Alan Moore <>
    wrote or quoted :

    >This sounds exactly like what I experienced while the Blaster worm was
    >active. I wasn't infected, but someone that I had corresponded with
    >was. I got hundreds of virus messages, plus about 1/10 that number of
    >bounce-backs, because the infected machine was using my address in
    >messages it sent to other people.


    do any of the spam filters deal with this? It annoys me to filter out
    every sort of bounce message, because sometimes messages I send
    bounce, and that I do want to know about.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Sep 19, 2003
    #12
  13. Roedy Green

    Roedy Green Guest

    On Fri, 19 Sep 2003 08:46:02 -0400, Sudsy <>
    wrote or quoted :

    >Micrs**t Security patch


    That sounds like it alright.
    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Sep 19, 2003
    #13
  14. Roedy Green

    Virgil Green Guest

    "Roedy Green" <> wrote in message
    news:...
    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.
    >


    I'm using SpamAssassin on the server side with subject line rewriting and
    encapsulation of identified spam (as an attachment). I use MailWasher
    (www.mailwasher.net) on the client side along with Outlook Express filtering
    rules.

    - Virgil
    Virgil Green, Sep 19, 2003
    #14
  15. Roedy Green wrote:

    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.
    >
    > --
    > Canadian Mind Products, Roedy Green.
    > Coaching, problem solving, economical contract programming.
    > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.



    I am using Netscape or Mozilla (Thunderbird) as mail client. It has a
    wonderful spam detection engine. You have to train it a bit, and it
    works good.


    Mit freundlichem Gruß / Kind regards

    Ralf Bensmann
    Ralf Bensmann, Sep 19, 2003
    #15
  16. Roedy Green wrote:
    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.



    Hi Roedy,

    indeed it's really really bad since yesterday. I think
    I am short of 1000 virus messages in 24 hours.

    I use K9 on my client machine along with Outlook and
    OutlookExpress message rules and I am quite happy
    with it:
    http://keir.net/k9.html

    Since customer mails often tend to look like Spam,
    I am staying away from a more restrictive server-side
    spam-filtering tools.

    Cheers,
    Carl
    Carl Rosenberger, Sep 19, 2003
    #16
  17. Roedy Green wrote:

    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.


    I've recently been using Popfile (http://popfile.sourceforge.net), which
    does a reasonable job but gets a few too many false positives for my
    liking.

    I've also looked at Spambayes (http://spambayes.sourceforge.net). This
    seems to be much more accurate than Popfile, but I've become dispirited
    with it because its IMAP proxy is so buggy. The POP proxy seems OK though.

    Vipul's Razor is quite a good idea, but needs more work to integrate. I'm
    working on an email client that provides built-in support for this (as well
    as others), but I'm not very close to finishing it yet.

    --
    Neil Campbell
    batneil[AT]lineone[DOT]net
    http://www.thebatcave.org.uk
    Neil Campbell, Sep 20, 2003
    #17
  18. Roedy Green

    Roedy Green Guest

    On Fri, 19 Sep 2003 19:19:51 GMT, "Virgil Green" <>
    wrote or quoted :

    >
    >I'm using SpamAssassin on the server side with subject line rewriting and
    >encapsulation of identified spam (as an attachment). I use MailWasher
    >(www.mailwasher.net) on the client side along with Outlook Express filtering
    >rules.


    SpamDetective packed it in. I talked with my ISP who said the
    mailserver is up, but the poor thing did not know what to do with 6000
    spams and timed out.

    Mailwasher is similar, but it has ways of saying "mark everything to
    be deleted" then you mark the execeptions to keep.

    It also has a "Not to me" filter which seems to catch a lot of junk.

    It is really shareware.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Sep 20, 2003
    #18
  19. Roedy Green

    Roedy Green Guest

    On Fri, 19 Sep 2003 22:45:57 +0200, "Carl Rosenberger" <>
    wrote or quoted :

    >I use K9 on my client machine along with Outlook and
    >OutlookExpress message rules and I am quite happy
    >with it:
    >http://keir.net/k9.html


    This one works as a proxy mailserver. You reconfigure your mail
    program to talk to it, and it talks to your ISP.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Sep 20, 2003
    #19
  20. Tutorial (about): spam

    "Roedy Green" <> wrote:

    > A mindless sort of spam is filling my mailbox up with 200+ pieces of
    > junk every time I look. Many of these are appear to be bounced
    > messages I never sent. What tools do you use to deal with this. I am
    > using SpamDetective, but it is overwhelmed by this.


    Roedy, for a guy as talented with computers as you are, you sure have
    some incredible blind spots.

    This isn't "spam" -- unsolicited commercial bulk email sent from a
    limited number of locations in an attempt to make a profit, using a
    predefined address list off a CD-ROM.

    This is a virus storm, sent from literally millions of computers which
    the virus has found vulnerable, infected, and is using as new staging
    areas.

    Every one of them with your email address in an address book of some
    correspondent of yours is cheerfully including you in the recipients of
    the next generation of the virus, who knows how many times.

    Most of the defenses against spam aren't going to work in the first few
    days of a virus storm, because usually the persons whose computers are
    infected (1) don't know it, (2) don't keep their machine up to date with
    the latest patchlevels, and (3) aren't going to be sophisticated enough
    to realize there is a problem about which they can take useful action.

    Also, the anti-virus filter writers need time to catch up and for their
    products to be distributed to help break the chain of forwarding.

    The "bounced messages I never sent" is completely bogus, that is all
    canned wrapper around the virus packets, there just to let the virus
    writer say "made you look".

    That's the part where I'm surprised you are so naive.

    This particular virus exploits a hole that lets your machine get
    infected even if you never open attachments; merely looking at the email
    suffices, so if your computer is of the vulnerable sort and not up to
    date with the patches, you are now helping flood the Net with virus
    copies, merely by opening an email to see what it said inside.

    Everybody, make sure your online software updates are current, and avoid
    opening any email of size 130K and above for a while. If you already
    did, odds are pretty fair your machine is infected, get help cleaning it
    out.

    You should _also_ be receiving a flood of similar virus spawn from ISPs
    who filter the virus in outbound email, but cannot resist the urge to
    tell you so. These messages are usually 1/10th the size of the intact
    virus emails, but just as big a nuisance, and in the 5800 emails I've
    discarded so far, seem to be about 40% of the count.

    Sigh.

    xanthian.

    And by the way, this is an inappropriate thread for this newsgroup, you
    should have put it in clj.advocacy, where it belonged, without even
    having to think about the choice. _Any_ non-programming post is
    off-topic here, and you know better.



    --
    Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
    Kent Paul Dolan, Sep 20, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rene Pijlman
    Replies:
    22
    Views:
    724
    Fredrik Lundh
    Dec 10, 2003
  2. Sergio Correia
    Replies:
    7
    Views:
    290
    Ben Finney
    Sep 18, 2007
  3. Replies:
    3
    Views:
    478
  4. zax75
    Replies:
    1
    Views:
    1,094
  5. David Binnie
    Replies:
    2
    Views:
    447
    Rich Webb
    May 22, 2009
Loading...

Share This Page