Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   NZ Computing (http://www.velocityreviews.com/forums/f47-nz-computing.html)
-   -   spam levels dropped ? (http://www.velocityreviews.com/forums/t582342-spam-levels-dropped.html)

whoisthis 11-17-2007 06:36 PM

spam levels dropped ?
 
At work I need to check my spam as I can not afford to have any false
positives, however what I have noticed is that my spam levels have
dropped about 90% is the last couple of days......... is this just me
being lucky or is this more wide spread.

Donchano 11-17-2007 06:57 PM

Re: spam levels dropped ?
 
On Sun, 18 Nov 2007 07:36:23 +1300, whoisthis <who@am.i.spammer>
magnanimously proffered:

>At work I need to check my spam as I can not afford to have any false
>positives, however what I have noticed is that my spam levels have
>dropped about 90% is the last couple of days......... is this just me
>being lucky or is this more wide spread.


Over the past three or four days I've noticed that FINALLY for the
first time after ongoing Xtra's Bubble fiasco my inbox wasn't 3/4 full
of obvious (Spamcop blacklisted) spam. And instead of 75 to 100 pieces
of spam in my "bulk" folder, I'm down to maybe ten or twelve,
including several false positives a day.

So ... like you, I have to check my bulk file several times a day to
retrieve perfectly legitimate emails. A pain in the ass, but that's
Xtra's middle name. And POS is Bubble's middle name.


Jonathan Walker 11-17-2007 09:59 PM

Re: spam levels dropped ?
 
On Sun, 18 Nov 2007 07:57:54 +1300, Donchano wrote:

> So ... like you, I have to check my bulk file several times a day to
> retrieve perfectly legitimate emails. A pain in the ass, but that's
> Xtra's middle name. And POS is Bubble's middle name.


And I only rarely get any spam - and it is normally clearly marked spam by
the server if it appears in my second email address on the same server.

It appears to me that there are several key points to being targeted for
SPAM:

1/ the use of a domain name that is widely used by others - such as the
domain name of ISPs like Xtra/Telecom or iHUG,

2/ or the domain name of a large corporation

3/ or the email address can be found on a website or some other Internet
accessible forum that is easily spidered by a spammer's
email-address-harvesting system.

If you arrange to have no email address with your domain name appearing on
any website (note that is not the same as not enabling someone to be able
to email you from your website, nor is it the same as someone not being
able to view your email address on a web page or otherwise click on your
email address and then send you an email if they have Java-script running)
or if you do not use a domain name that is used by others, then you should
expect to get very little spam at all.


--
Jonathan Walker

"The IT industry landscape is littered with the dead
dreams of people who once trusted Microsoft."

Donchano 11-17-2007 10:32 PM

Re: spam levels dropped ?
 
On 18 Nov 2007 10:59:12 +1300, Jonathan Walker <nospam@nospam.invalid>
magnanimously proffered:

>On Sun, 18 Nov 2007 07:57:54 +1300, Donchano wrote:
>
>> So ... like you, I have to check my bulk file several times a day to
>> retrieve perfectly legitimate emails. A pain in the ass, but that's
>> Xtra's middle name. And POS is Bubble's middle name.

>
>And I only rarely get any spam - and it is normally clearly marked spam by
>the server if it appears in my second email address on the same server.
>
>It appears to me that there are several key points to being targeted for
>SPAM:
>
>1/ the use of a domain name that is widely used by others - such as the
>domain name of ISPs like Xtra/Telecom or iHUG,
>
>2/ or the domain name of a large corporation
>
>3/ or the email address can be found on a website or some other Internet
>accessible forum that is easily spidered by a spammer's
>email-address-harvesting system.
>
>If you arrange to have no email address with your domain name appearing on
>any website (note that is not the same as not enabling someone to be able
>to email you from your website, nor is it the same as someone not being
>able to view your email address on a web page or otherwise click on your
>email address and then send you an email if they have Java-script running)
>or if you do not use a domain name that is used by others, then you should
>expect to get very little spam at all.


Good advice. Unfortunately, it doesn't explain either my spam or false
positive problems because:

1. No individual besides me knows my Xtra email address because I
never use it in emails, online forms or purchases, etc, etc.

2. The only organisations that know that address are Xtra and my
secure, password only webhost account which is configured to forward
my domain mail (excluding throwaway addresses) to my Xtra address.

3. The spam and bulk mail I'm getting doesn't come addressed to me at
my Xtra address or any of my domain addresses. For example, It is
addressed to a more generic address such as
"whatever-name-but-mine@xtra.co.nz ."

4. The throwaway "my domain" addresses I use for idiots who might, and
sometimes do, publish those address are forwarded to yet another
throwaway webmail account that is configured to delete any email that
is not from someone already in my address book.

In other words, spammers somehow have access to Xtra data that allows
them to send out spam to Xtra customers. And since I've only this
monumental spam problem since Xtra introduced Yahoo-Xtra Bubble and -
except for all the false positives - that problem seems to have
improved immeasurably over the past few days, I think it's more than
fair to conclude that the problem was entirely due to Yahoo-Xtra
Bubble (or whatever the **** it's called) and not me.


Jonathan Walker 11-17-2007 11:46 PM

Re: spam levels dropped ?
 
On Sun, 18 Nov 2007 11:32:49 +1300, Donchano wrote:

> On 18 Nov 2007 10:59:12 +1300, Jonathan Walker <nospam@nospam.invalid>
> magnanimously proffered:
>
>>On Sun, 18 Nov 2007 07:57:54 +1300, Donchano wrote:
>>
>>> So ... like you, I have to check my bulk file several times a day to
>>> retrieve perfectly legitimate emails. A pain in the ass, but that's
>>> Xtra's middle name. And POS is Bubble's middle name.

>>
>>And I only rarely get any spam - and it is normally clearly marked spam by
>>the server if it appears in my second email address on the same server.
>>
>>It appears to me that there are several key points to being targeted for
>>SPAM:
>>
>>1/ the use of a domain name that is widely used by others - such as the
>>domain name of ISPs like Xtra/Telecom or iHUG,
>>
>>2/ or the domain name of a large corporation
>>
>>3/ or the email address can be found on a website or some other Internet
>>accessible forum that is easily spidered by a spammer's
>>email-address-harvesting system.
>>
>>If you arrange to have no email address with your domain name appearing on
>>any website (note that is not the same as not enabling someone to be able
>>to email you from your website, nor is it the same as someone not being
>>able to view your email address on a web page or otherwise click on your
>>email address and then send you an email if they have Java-script running)
>>or if you do not use a domain name that is used by others, then you should
>>expect to get very little spam at all.

>
> Good advice. Unfortunately, it doesn't explain either my spam or false
> positive problems because:
>
> 1. No individual besides me knows my Xtra email address because I
> never use it in emails, online forms or purchases, etc, etc.


However, it *is* an Xtra email address. See my point 1.


> 2. The only organisations that know that address are Xtra and my
> secure, password only webhost account which is configured to forward
> my domain mail (excluding throwaway addresses) to my Xtra address.


The password does not factor in this. See my point 1.


> 3. The spam and bulk mail I'm getting doesn't come addressed to me at
> my Xtra address or any of my domain addresses. For example, It is
> addressed to a more generic address such as
> "whatever-name-but-mine@xtra.co.nz ."


That means you must be being BCC'd into receiving that spam.

Whether or not you are BCC'd, CC'd, or TO'd does not matter. The question
is what method the spammer is using to get that spam to you.

If your email address is not anywhere on the Internet, or in someone
else's address book, then it is likely the spammer got your email address
by some other method such as a dictionary attack, or even just a random
send. If you read your email with some application that will automatically
download any images from the WWW, then the spammer will instantly know
that it has struck a valid email address - and you will be killed with
spam!


> 4. The throwaway "my domain" addresses I use for idiots who might, and
> sometimes do, publish those address are forwarded to yet another
> throwaway webmail account that is configured to delete any email that
> is not from someone already in my address book.


Does that throwaway webmail a/c use a common domain, such as Hotmail?

Has the domain that you use for your throwaway webmail a/c already had
spam sent to any email address at that domain?

Remember - one of the things that spammers are looking for are not only
valid user names, but valid domain names also.


> In other words, spammers somehow have access to Xtra data that allows
> them to send out spam to Xtra customers. And since I've only this
> monumental spam problem since Xtra introduced Yahoo-Xtra Bubble and -
> except for all the false positives - that problem seems to have
> improved immeasurably over the past few days, I think it's more than
> fair to conclude that the problem was entirely due to Yahoo-Xtra
> Bubble (or whatever the **** it's called) and not me.


What I think you're talking about is the change from Xtra hosting its own
email servers, to Xtra using Yahoo as its email server.

That's called outsourcing your email a/c to someone in the USA in order to
reduce costs while at the same time charging you the same for it.


--
Jonathan Walker

"The IT industry landscape is littered with the dead
dreams of people who once trusted Microsoft."

Donchano 11-18-2007 01:32 AM

Re: spam levels dropped ?
 
On 18 Nov 2007 12:46:36 +1300, Jonathan Walker <nospam@nospam.invalid>
magnanimously proffered:

>On Sun, 18 Nov 2007 11:32:49 +1300, Donchano wrote:
>
>> On 18 Nov 2007 10:59:12 +1300, Jonathan Walker <nospam@nospam.invalid>
>> magnanimously proffered:
>>
>>>On Sun, 18 Nov 2007 07:57:54 +1300, Donchano wrote:
>>>
>>>> So ... like you, I have to check my bulk file several times a day to
>>>> retrieve perfectly legitimate emails. A pain in the ass, but that's
>>>> Xtra's middle name. And POS is Bubble's middle name.
>>>
>>>And I only rarely get any spam - and it is normally clearly marked spam by
>>>the server if it appears in my second email address on the same server.
>>>
>>>It appears to me that there are several key points to being targeted for
>>>SPAM:
>>>
>>>1/ the use of a domain name that is widely used by others - such as the
>>>domain name of ISPs like Xtra/Telecom or iHUG,
>>>
>>>2/ or the domain name of a large corporation
>>>
>>>3/ or the email address can be found on a website or some other Internet
>>>accessible forum that is easily spidered by a spammer's
>>>email-address-harvesting system.
>>>
>>>If you arrange to have no email address with your domain name appearing on
>>>any website (note that is not the same as not enabling someone to be able
>>>to email you from your website, nor is it the same as someone not being
>>>able to view your email address on a web page or otherwise click on your
>>>email address and then send you an email if they have Java-script running)
>>>or if you do not use a domain name that is used by others, then you should
>>>expect to get very little spam at all.

>>
>> Good advice. Unfortunately, it doesn't explain either my spam or false
>> positive problems because:
>>
>> 1. No individual besides me knows my Xtra email address because I
>> never use it in emails, online forms or purchases, etc, etc.

>
>However, it *is* an Xtra email address. See my point 1.


Which only indicates that the spammers either have access to Xtra's
database and/or using random addresses in the extra domain. The reason
I find the later to be unlikely, is that my username address is not
easily duplicated or guessed at. Then again, I'm sure there's software
that can throw out combinations that would eventually come up with my
username.
>
>
>> 2. The only organisations that know that address are Xtra and my
>> secure, password only webhost account which is configured to forward
>> my domain mail (excluding throwaway addresses) to my Xtra address.

>
>The password does not factor in this. See my point 1.


Ditto.

>
>> 3. The spam and bulk mail I'm getting doesn't come addressed to me at
>> my Xtra address or any of my domain addresses. For example, It is
>> addressed to a more generic address such as
>> "whatever-name-but-mine@xtra.co.nz ."

>
>That means you must be being BCC'd into receiving that spam.
>
>Whether or not you are BCC'd, CC'd, or TO'd does not matter. The question
>is what method the spammer is using to get that spam to you.
>
>If your email address is not anywhere on the Internet, or in someone
>else's address book, then it is likely the spammer got your email address
>by some other method such as a dictionary attack, or even just a random
>send. If you read your email with some application that will automatically
>download any images from the WWW, then the spammer will instantly know
>that it has struck a valid email address - and you will be killed with
>spam!


My email client (Thunderbird) is configured NOT to download any images
or html message bodies unless the sender is already in my address
book.

>
>> 4. The throwaway "my domain" addresses I use for idiots who might, and
>> sometimes do, publish those address are forwarded to yet another
>> throwaway webmail account that is configured to delete any email that
>> is not from someone already in my address book.

>
>Does that throwaway webmail a/c use a common domain, such as Hotmail?


Yes. They use my domain.

>Has the domain that you use for your throwaway webmail a/c already had
>spam sent to any email address at that domain?


Yes, but unless I've configured it otherwise, all those go to the
throwaway webmail address and never make it to that inbox (because
they're not in that address book).

>Remember - one of the things that spammers are looking for are not only
>valid user names, but valid domain names also.
>
>
>> In other words, spammers somehow have access to Xtra data that allows
>> them to send out spam to Xtra customers. And since I've only this
>> monumental spam problem since Xtra introduced Yahoo-Xtra Bubble and -
>> except for all the false positives - that problem seems to have
>> improved immeasurably over the past few days, I think it's more than
>> fair to conclude that the problem was entirely due to Yahoo-Xtra
>> Bubble (or whatever the **** it's called) and not me.

>
>What I think you're talking about is the change from Xtra hosting its own
>email servers, to Xtra using Yahoo as its email server.
>
>That's called outsourcing your email a/c to someone in the USA in order to
>reduce costs while at the same time charging you the same for it.


Right. And, as I stated previously, I had no major spam problems (eg:
I had only two or three pieces of spam per week), until Xtra
outsourced it's email service.

Since then I have experienced huge problems with both spam and false
positives (eg: Yahoo's filters treating legitimate email as spam.).

This situation has only improved over the past few days, suggesting
rather strongly that the problem is with Yahoo-Xtra's filters and not
the way I've dealt with my email account.

For example, by the time the idiots at Xtra informed me (and everyone
else) about Yahoo Bubble and I was finally able to actually access my
Xtra webmail account with the new Bubble software, I discovered
something like 80 or 90 legitimate emails amongst the 300+emails in
the bulk (spam) folder. Which explained why I hadn't been receiving
emails I should have.

Xtra's outsourced "helpdesk" told me to import my email client address
book into my new Yahoo Bubble interface and that would solve most of
the false negative problems. What the idiots didn't tell me - because
they didn't know - is that the new default Yahoo Bubble interface
wasn't set up so that I - or anyone else - could import an address
book. So another week went by until one tech finally twigged to the
problem and suggested I revert back to the "basic" interface.

That was a couple of months ago. Since then my account has been
inundated with spam - a problem I didn't have before the migration -
and the false positive problem continued, though not at the same
volume. Even emails from Xtra ended up in the bulk (spam) folder.
That's how inaccurate the new filter was.

So, as I stated in my original post, even though Xtra-Yahoo-Whatever
appears to have solved the spam problem (fingers crossed), I still
have to check my webmail several times a day to catch the legitimate
email the idiots are still tagging as spam.

I repeat: that's Xtra-Yahoo's fault. Not mine.


Jonathan Walker 11-18-2007 05:13 AM

Re: spam levels dropped ?
 
On Sun, 18 Nov 2007 14:32:09 +1300, Donchano wrote:

> My email client (Thunderbird) is configured NOT to download any images
> or html message bodies unless the sender is already in my address
> book.


And what if the sender's Windows box was compromised and it started
sending out SPAM to the planet - including to those in that poor person's
email address book?


--
Jonathan Walker

"The IT industry landscape is littered with the dead
dreams of people who once trusted Microsoft."

Jonathan Walker 11-18-2007 05:18 AM

Re: spam levels dropped ?
 
On Sun, 18 Nov 2007 14:32:09 +1300, Donchano wrote:

> I repeat: that's Xtra-Yahoo's fault. Not mine.


Nobody is suggesting that anything is "your fault".

If you have an issue with the QOS you're getting from Telecom/Xtra, then
tell it, get another ISP, and show the mono-finger to Telecom/Xtra by
closing your a/c with that monopolistic corporation.


--
Jonathan Walker

"The IT industry landscape is littered with the dead
dreams of people who once trusted Microsoft."

peter 11-18-2007 06:20 AM

Re: spam levels dropped ?
 
whoisthis wrote:
> At work I need to check my spam as I can not afford to have any false
> positives, however what I have noticed is that my spam levels have
> dropped about 90% is the last couple of days......... is this just me
> being lucky or is this more wide spread.


yes, it does seem to have reduced in volume recently.


Peter


Donchano 11-18-2007 12:16 PM

Re: spam levels dropped ?
 
On 18 Nov 2007 18:13:20 +1300, Jonathan Walker <nospam@nospam.invalid>
magnanimously proffered:

>On Sun, 18 Nov 2007 14:32:09 +1300, Donchano wrote:
>
>> My email client (Thunderbird) is configured NOT to download any images
>> or html message bodies unless the sender is already in my address
>> book.

>
>And what if the sender's Windows box was compromised and it started
>sending out SPAM to the planet - including to those in that poor person's
>email address book?


And suddenly - and only - all this happens when Xtra migrates its
email server to Yahoo? And just as suddenly it stops happening? Give
me a break ...




All times are GMT. The time now is 06:27 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.