OT: Spam

Discussion in 'Java' started by Andy Fish, Oct 29, 2003.

  1. Andy Fish

    Andy Fish Guest

    I don't know if it's just me, but I have noticed the amount of spam coming
    into the email address I use for usenet posting has gotten out of hand in
    the last few days

    Recently I have been getting around 10 copies per hour of the trojan
    "microsoft security update patch" - at 150kb each. I had to keep my email
    client running all the time just to stop the mailbox on my server filling up

    Decided enough is enough so I have killed the email address. :-(

    Andy
     
    Andy Fish, Oct 29, 2003
    #1
    1. Advertisements

  2. No, don't do that. (!!!!!!!!!!!!!!)

    Just set up an email address with the following rule:

    emails must have XYZZY in the subject somewhere or will be filtered out
    (or bounced back to recip, if you want)

    And then make sure that that rule is in the footer of the post, or make it
    part of the munged email addr:



    Then it will require a human intevention in the actual construction of the
    email, not just the list.
     
    Thomas G. Marshall, Oct 29, 2003
    #2
    1. Advertisements

  3. You got off easy. The virus targeted me in its heyday, when it was on millions
    of machines - meaning that I got about TWO HUNDRED copies per hour! I had the
    good luck of noticing it early and being able to filter on the mail host.

    I'm rather curious how this apparently non-uniformly-distributed targeting
    of addresses harvested from Usenet works. Some really bad random number
    generator perhaps?
     
    Michael Borgwardt, Oct 29, 2003
    #3
  4. That, or someone reallllly dislikes you.
     
    Thomas G. Marshall, Oct 29, 2003
    #4
  5. I'm not paranoid enough to believe that. Many other people were hit in
    the same way, and the only thing I had in common with them was that
    I'd also been posting to Usenet.
     
    Michael Borgwardt, Oct 29, 2003
    #5
  6. Get yourself an email addy from www.sneakemail.com, that way you can
    discard he addy as soon as spam start showing up.
     
    Hendie Dijkman, Oct 29, 2003
    #6
  7. Andy Fish

    Sudsy Guest

    Michael's correct. The account I use to post to Usenet was getting
    hit so frequently that I had to select automatic junk mail delete.
    If I didn't, the mailbox would fill up within an hour and then I'd
    get automatic admonishing messages, telling me that my inbox was
    full and that I might not be receiving all messages...
    But that's why we use the free mail services, no?
    (Although you'd think that Micros**t would at least be able to
    filter e-mails which were supposedly Micros**t security patches
    and the size was always between 220-240 KB, but what do I know?)
    What a pain!
     
    Sudsy, Oct 30, 2003
    #7
  8. Andy Fish

    Andreas Guest

    Andreas, Oct 30, 2003
    #8
  9. Andy Fish

    Wald Guest

    ^^^^^^^^^^^^^^^^^^^^^^^

    If this literally is your email address, then you're like asking to
    get spammed. Try to obfuscate your email address.

    Example:
    real email:

    usenet email:
    [email protected]_S-P-A-M.nonexistantdomain.com
    (remove the animal)
    john dot doe at nonexistantdomain dot com
    ...

    This will not keep your mailbox spamless for eternity, but at least
    the email harvesters won't get your email address directly.

    Just my 2 cents,
    Wald
     
    Wald, Oct 30, 2003
    #9
  10. Andy Fish

    Bjorn Brox Guest

    Correct. The "Microsoft" Patch spam contains the [email protected] worm

    http://securityresponse.symantec.com/avcenter/venc/data/

    This worm connects to news servers and collect and spead itself to email
    addsesses it finds there.
     
    Bjorn Brox, Oct 30, 2003
    #10
  11. There are some problems with those obfuscations.
    If I were a spammer, I'd write a harvesterbot that looks for anything that
    looks like an email, and removes all caps and/or the word (no)spam(forme)
    (and all the variations) from it.

    A lot of those obfuscated addresses would be usable by just doing that.
     
    Christophe Vanfleteren, Oct 30, 2003
    #11
  12. Sure I know that. I'm using Google to post this message because I'm firewalled
    from news servers right now.
    This was about a virus, not spam. And the virus definitely accessed news servers
    to harves addresses.
     
    Michael Borgwardt, Oct 30, 2003
    #12
  13. Andy Fish

    Tim Ward Guest

    up

    Oh, is that still around? I don't see them, my ISP throws them away on the
    server. Why would your ISP want to send you viruses?? - choose one that
    doesn't.
     
    Tim Ward, Oct 30, 2003
    #13
  14. Andy Fish

    brougham5 Guest

    I have a "junk" mail addy at Yahoo that I use just for usenet posting. I
    used to think that using an invalid address goes against the intent when
    usenet was created. For one, you might inadvertantly cause problems for
    somebody else. For all intents, this is now an invalid address. It fills
    up with crap faster than I delete it, and then Yahoo bounces all other mail.

    I thought maybe it was just because I had used my addy for a while. Most
    recently, I was . Had been for quite a while. So...now
    I'm . Within days of my first posting to usenet with
    this address, my 5 meg inbox would fill up within an hour or so and stop
    accepting new mail. Bummer.
     
    brougham5, Oct 30, 2003
    #14
  15. Well, me too, and */jeez/* guys, I was joking. The point I was making was
    this:

    Someone really disliking you
    is-the-same-result-as
    No one disliking you, and your email address is available.

    Clumsy, I know, but heck. Sue me :)
     
    Thomas G. Marshall, Oct 30, 2003
    #15
  16. 1. Google requires a real address. That is just a disaster.

    2. The way around that is to use an address for /just/
    newsgroup email. And then require that anyone
    sending you something place a special word into
    the subject, so that you can set up a filter to huck
    the rest.
     
    Thomas G. Marshall, Oct 30, 2003
    #16
  17. Andy Fish

    Andy Fish Guest

    well, my ISP is blueyonder because they're my cable provider, and I'm very
    happy with them.

    To be honest, I'm quite happy to post with a completely ficticious address.
    I've never done anything with the email I got than just delete it all
    without reading it, so I don't really see it as a problem
     
    Andy Fish, Oct 30, 2003
    #17
  18. I try not to use my real e-mail address in usenet postings. Recently, my ISP
    changed the e-mail domain, and the reduction in spam has been *wonderful*.
    Unfortunately, I did make one unprotected posting with the new address, and I
    still get a trickle, but it's just one or two every couple of days instead of
    over 100 a day--which I could trace to indiscreet posting in 1996!

    Take a look at http://www.spamgourmet.com for a nice way to have an invalid
    address that does the least amount of harm to bandwidth and such. They also
    provide for disposable e-mail addresses, so if you *do* have a reason to post an
    address, it will only work for a little while.

    Roedy Green posted something (last year, I think) on this subject. IIRC, here
    are the points he made:

    1. Obfuscation techniques are not very nice. If someone, in all innocence,
    tries to e-mail you, and just click rather than actually looking at the address,
    they don't find out for awhile. And their ISP, the backbone servers, and
    possibly your ISP have to deal with dead mail. There is an old standard, not
    very well known, that says you should add ".invalid" to the end of an invalid
    e-mail address. Not all e-mail clients know about that standard, but for those
    that do, the sender finds out immediately as soon as they click, so you do not
    cause any addition to the glut on the Internet.

    2. Obfuscation techniques do not work 100%. The simpler techniques are easy to
    crack automatically, and (Roedy claimed in the posting), the spammers pay little
    old ladies to scan manually and collect e-mail addresses, so they will figure
    out the more elaborate schemes.

    3. Invalid e-mail sent to spamgourmet.com is quietly sent to the bit bucket. Of
    course, the innocent who tried to send you e-mail will never know, but you did
    try to help them by adding ".invalid" to your bogus address. It's not your
    fault if their e-mail client was thrown together in a hurry by someone who did
    not take the time to understand e-mail in all its glory.

    4. If you set up a disposable address through spamgourmet.com, folks have a
    chance to send you e-mail that you will actually recieve. You might get a
    couple of spam messages, but then they stop and never bother you again.

    There are lots of other uses for disposable addresses, including your first
    exchanges with an organization that you don't know and do not yet trust. Yes, I
    have had the bad experience of giving my e-mail address to a company who
    promised that they respected my privacy--and was immediately buried with spam
    using that address. (You can probably demonstrate this for yourself if you want
    to. Many ISPs will deliver mail with bogus subdomains. For example, if your
    address is , you can give out and
    it will still be delivered. So you make such a change when dealing with someone
    new and watch the junk roll in using that address.)

    Scott
     
    Scott Hightower, Oct 31, 2003
    #18
  19. Bah. The worry of getting to me is the burden of the sender, not me.

    The little old ladies are rarely able to handle obfuscation techniques that
    have mathematical equations in them. Far too much effort. Far too much
    education required.

    3.com

    for

    etc.

    Besides, the even better technique is to (as I've hollared to no avail here
    evidentally) require a magic word to appear on the subject line. Everything
    else ariving at your address gets thrown out by a filter, often at the
    server level.

    This technique is for when you have an email dedicated to usenet postings.
     
    Thomas G. Marshall, Oct 31, 2003
    #19
  20. Actually my favorite technique, which is not possible on all but the best
    filters, would be to have the following:



    And grant the emails a +- 5 day window or similar.

    But that requires that you have procmail (?) or something else mondo
    powerful.
     
    Thomas G. Marshall, Oct 31, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.