OT: Spam

[Andy Fish]

I don't know if it's just me, but I have noticed the amount of spam coming
into the email address I use for usenet posting has gotten out of hand in
the last few days

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling up

Decided enough is enough so I have killed the email address. :-(

Andy

 

[Thomas G. Marshall]

I don't know if it's just me, but I have noticed the amount of spam
coming into the email address I use for usenet posting has gotten out
of hand in the last few days

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my
email client running all the time just to stop the mailbox on my
server filling up

Decided enough is enough so I have killed the email address. :-(

Andy

No, don't do that. (!!!!!!!!!!!!!!)

Just set up an email address with the following rule:

emails must have XYZZY in the subject somewhere or will be filtered out
(or bounced back to recip, if you want)

And then make sure that that rule is in the footer of the post, or make it
part of the munged email addr:

(e-mail address removed)

Then it will require a human intevention in the actual construction of the
email, not just the list.

 

[Michael Borgwardt]

I don't know if it's just me, but I have noticed the amount of spam coming
into the email address I use for usenet posting has gotten out of hand in
the last few days

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling up

You got off easy. The virus targeted me in its heyday, when it was on millions
of machines - meaning that I got about TWO HUNDRED copies per hour! I had the
good luck of noticing it early and being able to filter on the mail host.

I'm rather curious how this apparently non-uniformly-distributed targeting
of addresses harvested from Usenet works. Some really bad random number
generator perhaps?

 

[Thomas G. Marshall]

You got off easy. The virus targeted me in its heyday, when it was on
millions of machines - meaning that I got about TWO HUNDRED copies
per hour! I had the good luck of noticing it early and being able to
filter on the mail host.

I'm rather curious how this apparently non-uniformly-distributed
targeting
of addresses harvested from Usenet works. Some really bad random
number generator perhaps?

That, or someone reallllly dislikes you.

 

[Michael Borgwardt]

That, or someone reallllly dislikes you.

I'm not paranoid enough to believe that. Many other people were hit in
the same way, and the only thing I had in common with them was that
I'd also been posting to Usenet.

 

[Hendie Dijkman]

I don't know if it's just me, but I have noticed the amount of spam coming
into the email address I use for usenet posting has gotten out of hand in
the last few days

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling up

Decided enough is enough so I have killed the email address. :-(

Andy

Get yourself an email addy from www.sneakemail.com, that way you can
discard he addy as soon as spam start showing up.

 

[Sudsy]

I'm not paranoid enough to believe that. Many other people were hit in
the same way, and the only thing I had in common with them was that
I'd also been posting to Usenet.

Michael's correct. The account I use to post to Usenet was getting
hit so frequently that I had to select automatic junk mail delete.
If I didn't, the mailbox would fill up within an hour and then I'd
get automatic admonishing messages, telling me that my inbox was
full and that I might not be receiving all messages...
But that's why we use the free mail services, no?
(Although you'd think that Micros**t would at least be able to
filter e-mails which were supposedly Micros**t security patches
and the size was always between 220-240 KB, but what do I know?)
What a pain!

 

[Andreas]

I guess you know that Google publich this group via http at
http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual

The most easy way to get e-mail addresser for SPAM:ing is to just read
webpages.

 

[Wald]

^^^^^^^^^^^^^^^^^^^^^^^

If this literally is your email address, then you're like asking to
get spammed. Try to obfuscate your email address.

Example:
real email:
(e-mail address removed)
usenet email:
john.doe@N-O_S-P-A-M.nonexistantdomain.com
(e-mail address removed) (remove the animal)
john dot doe at nonexistantdomain dot com
...

This will not keep your mailbox spamless for eternity, but at least
the email harvesters won't get your email address directly.

Just my 2 cents,
Wald

 

[Bjorn Brox]

I'm not paranoid enough to believe that. Many other people were hit in
the same way, and the only thing I had in common with them was that
I'd also been posting to Usenet.

Correct. The "Microsoft" Patch spam contains the W32.Swen.A@mm worm

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

This worm connects to news servers and collect and spead itself to email
addsesses it finds there.

 

[Christophe Vanfleteren]

^^^^^^^^^^^^^^^^^^^^^^^

If this literally is your email address, then you're like asking to
get spammed. Try to obfuscate your email address.

Example:
real email:
(e-mail address removed)
usenet email:
john.doe@N-O_S-P-A-M.nonexistantdomain.com
(e-mail address removed) (remove the animal)
john dot doe at nonexistantdomain dot com
...

This will not keep your mailbox spamless for eternity, but at least
the email harvesters won't get your email address directly.

There are some problems with those obfuscations.
If I were a spammer, I'd write a harvesterbot that looks for anything that
looks like an email, and removes all caps and/or the word (no)spam(forme)
(and all the variations) from it.

A lot of those obfuscated addresses would be usable by just doing that.

 

[Michael Borgwardt]

I guess you know that Google publich this group via http at
http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual

Sure I know that. I'm using Google to post this message because I'm firewalled
from news servers right now.

The most easy way to get e-mail addresser for SPAM:ing is to just read
webpages.

This was about a virus, not spam. And the virus definitely accessed news servers
to harves addresses.

 

[Tim Ward]

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling

up

Oh, is that still around? I don't see them, my ISP throws them away on the
server. Why would your ISP want to send you viruses?? - choose one that
doesn't.

 

[brougham5]

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling up

I have a "junk" mail addy at Yahoo that I use just for usenet posting. I
used to think that using an invalid address goes against the intent when
usenet was created. For one, you might inadvertantly cause problems for
somebody else. For all intents, this is now an invalid address. It fills
up with crap faster than I delete it, and then Yahoo bounces all other mail.

I thought maybe it was just because I had used my addy for a while. Most
recently, I was (e-mail address removed). Had been for quite a while. So...now
I'm (e-mail address removed). Within days of my first posting to usenet with
this address, my 5 meg inbox would fill up within an hour or so and stop
accepting new mail. Bummer.

 

[Thomas G. Marshall]

Michael's correct.

Well, me too, and */jeez/* guys, I was joking. The point I was making was
this:

Someone really disliking you
is-the-same-result-as
No one disliking you, and your email address is available.

Clumsy, I know, but heck. Sue me

 

[Thomas G. Marshall]

I guess you know that Google publich this group via http at
http://groups.google.com/groups?dq=...=sv&lr=&ie=UTF-8&group=comp.lang.basic.visual

The most easy way to get e-mail addresser for SPAM:ing is to just read
webpages.

1. Google requires a real address. That is just a disaster.

2. The way around that is to use an address for /just/
newsgroup email. And then require that anyone
sending you something place a special word into
the subject, so that you can set up a filter to huck
the rest.

 

[Andy Fish]

well, my ISP is blueyonder because they're my cable provider, and I'm very
happy with them.

To be honest, I'm quite happy to post with a completely ficticious address.
I've never done anything with the email I got than just delete it all
without reading it, so I don't really see it as a problem

 

[Scott Hightower]

I don't know if it's just me, but I have noticed the amount of spam coming
into the email address I use for usenet posting has gotten out of hand in
the last few days

Recently I have been getting around 10 copies per hour of the trojan
"microsoft security update patch" - at 150kb each. I had to keep my email
client running all the time just to stop the mailbox on my server filling up

Decided enough is enough so I have killed the email address. :-(

Andy

I try not to use my real e-mail address in usenet postings. Recently, my ISP
changed the e-mail domain, and the reduction in spam has been *wonderful*.
Unfortunately, I did make one unprotected posting with the new address, and I
still get a trickle, but it's just one or two every couple of days instead of
over 100 a day--which I could trace to indiscreet posting in 1996!

Take a look at http://www.spamgourmet.com for a nice way to have an invalid
address that does the least amount of harm to bandwidth and such. They also
provide for disposable e-mail addresses, so if you *do* have a reason to post an
address, it will only work for a little while.

Roedy Green posted something (last year, I think) on this subject. IIRC, here
are the points he made:

1. Obfuscation techniques are not very nice. If someone, in all innocence,
tries to e-mail you, and just click rather than actually looking at the address,
they don't find out for awhile. And their ISP, the backbone servers, and
possibly your ISP have to deal with dead mail. There is an old standard, not
very well known, that says you should add ".invalid" to the end of an invalid
e-mail address. Not all e-mail clients know about that standard, but for those
that do, the sender finds out immediately as soon as they click, so you do not
cause any addition to the glut on the Internet.

2. Obfuscation techniques do not work 100%. The simpler techniques are easy to
crack automatically, and (Roedy claimed in the posting), the spammers pay little
old ladies to scan manually and collect e-mail addresses, so they will figure
out the more elaborate schemes.

3. Invalid e-mail sent to spamgourmet.com is quietly sent to the bit bucket. Of
course, the innocent who tried to send you e-mail will never know, but you did
try to help them by adding ".invalid" to your bogus address. It's not your
fault if their e-mail client was thrown together in a hurry by someone who did
not take the time to understand e-mail in all its glory.

4. If you set up a disposable address through spamgourmet.com, folks have a
chance to send you e-mail that you will actually recieve. You might get a
couple of spam messages, but then they stop and never bother you again.

There are lots of other uses for disposable addresses, including your first
exchanges with an organization that you don't know and do not yet trust. Yes, I
have had the bad experience of giving my e-mail address to a company who
promised that they respected my privacy--and was immediately buried with spam
using that address. (You can probably demonstrate this for yourself if you want
to. Many ISPs will deliver mail with bogus subdomains. For example, if your
address is (e-mail address removed), you can give out (e-mail address removed) and
it will still be delivered. So you make such a change when dealing with someone
new and watch the junk roll in using that address.)

Scott

 

[Thomas G. Marshall]

I try not to use my real e-mail address in usenet postings.
Recently, my ISP changed the e-mail domain, and the reduction in spam
has been *wonderful*. Unfortunately, I did make one unprotected
posting with the new address, and I still get a trickle, but it's
just one or two every couple of days instead of over 100 a day--which
I could trace to indiscreet posting in 1996!

Take a look at http://www.spamgourmet.com for a nice way to have an
invalid address that does the least amount of harm to bandwidth and
such. They also provide for disposable e-mail addresses, so if you
*do* have a reason to post an address, it will only work for a little
while.

Roedy Green posted something (last year, I think) on this subject.
IIRC, here are the points he made:

1. Obfuscation techniques are not very nice. If someone, in all
innocence, tries to e-mail you, and just click rather than actually
looking at the address, they don't find out for awhile. And their
ISP, the backbone servers, and possibly your ISP have to deal with
dead mail. There is an old standard, not very well known, that says
you should add ".invalid" to the end of an invalid e-mail address.
Not all e-mail clients know about that standard, but for those that
do, the sender finds out immediately as soon as they click, so you do
not cause any addition to the glut on the Internet.

Bah. The worry of getting to me is the burden of the sender, not me.

2. Obfuscation techniques do not work 100%. The simpler techniques
are easy to crack automatically, and (Roedy claimed in the posting),
the spammers pay little old ladies to scan manually and collect
e-mail addresses, so they will figure out the more elaborate schemes.

The little old ladies are rarely able to handle obfuscation techniques that
have mathematical equations in them. Far too much effort. Far too much
education required.

(e-mail address removed)3.com

for (e-mail address removed)

etc.

Besides, the even better technique is to (as I've hollared to no avail here
evidentally) require a magic word to appear on the subject line. Everything
else ariving at your address gets thrown out by a filter, often at the
server level.

This technique is for when you have an email dedicated to usenet postings.

 

[Thomas G. Marshall]

I try not to use my real e-mail address in usenet postings.

Actually my favorite technique, which is not possible on all but the best
filters, would be to have the following:

(e-mail address removed)

And grant the emails a +- 5 day window or similar.

But that requires that you have procmail (?) or something else mondo
powerful.