Need antispam software - mysterious spam encountered

In particular, is anyone familiar with a program that returns an email with
appropriate headers, messages, etc. to make it look like the address is
nonexistant?

Its for personal use. I bought printer ink on EBay several days ago, but
never did I use my ISP provided email address in any portion of
communication or transaction or payment for the ink. But this morning I
received a piece of spam asking if I want to save on printer ink and
supplies.

I suppose I'll have to install an antispam filter in my email client (or use
its own filter) to delete anything with keywords ink and printer in it. But
this new spam is mystifying. I don't think its coincidence - I've never
received a message like it (referring to buying ANYTHING WHATSOVER) to this
email address. Its a million to one chance of being a coincidence. I paid
for the ink with Paypal, but they don't have this email address. Nor does
Ebay. I seriously doubt that the Yahoo account I used for the transsaction
has any references to this email ID. How could this address possibly have
been mined??? (With reference to mining, I did sweeps of my entire HDs with
at least four different up-to-date antispyware/adware/malware scanners in
the past seven days. And I empty my cookie files almost daily.)

Jeff

"Jeff" <> wrote:

> In particular, is anyone familiar with a program that returns an email
> with appropriate headers, messages, etc. to make it look like the
> address is nonexistant?

That won't work...

a) The From-header is usually faked, so the spammer won't even GET
your fake error message
b) The poor guy who really owns the address abused as a From: will
get tons of error messages - why do you want to harrass him even more?
c) Error messages usually are sent from the Postmaster-account. You
aren't the postmaster at your ISP, so if you send mails pretending to
be postmaster you'll get in trouble
d) If the spammer actually takes the time to read through all the
bounces, he'll notice that there is a considerable delay between
sending his spam and receiving your fake bounce - which shows that
the bounce was generated after receiving the message, which wouldn't
have been possible if it didn't exist, therefore verifying that the
address is correct.

Juergen Nieveler
--
Love thy neighbour, but don't get caught.

Juergen Nieveler

Juergen Nieveler wrote:
> "Jeff" <> wrote:
>
>
>>In particular, is anyone familiar with a program that returns an email
>>with appropriate headers, messages, etc. to make it look like the
>>address is nonexistant?
>
>
> That won't work...
>
> a) The From-header is usually faked, so the spammer won't even GET
> your fake error message
> b) The poor guy who really owns the address abused as a From: will
> get tons of error messages - why do you want to harrass him even more?
> c) Error messages usually are sent from the Postmaster-account. You
> aren't the postmaster at your ISP, so if you send mails pretending to
> be postmaster you'll get in trouble
> d) If the spammer actually takes the time to read through all the
> bounces, he'll notice that there is a considerable delay between
> sending his spam and receiving your fake bounce - which shows that
> the bounce was generated after receiving the message, which wouldn't
> have been possible if it didn't exist, therefore verifying that the
> address is correct.
>
> Juergen Nieveler
Mailwasher is a good antispammer tool that does what your asking, but it
won't work, as spammers expect failed mail. Recently it was discovered
however certain major manufactures were embedding phone home software in
their print driver software. The one manufacture that has commented and
indicated this was to monitor ink usage on their printers, however i
haven't heard if anyone has fully cracked the data stream sent.

Bottom line it could just as easily be spammer got mail addy through
other means such as other spyware on system etc. If you use IE and the
addy is embedded in browser, it is an easy thing to glean using various
methods. Spammer may have "guessed" address with a name dictionary
attack against your mail server. From what I have seen, they are pretty
industrious in gathering addresses, and can gather them using multiple
methodologies. I have even suspected someone is gleaning addresses off
of various mail gateways. There are a number of mail servers located on
BOTNETS. Someone you have sent mail to in the past may have lost your
address for you. Bottom line if addy is used on the net, it seldom
stays virgin long. I would say you can expect more spam in the future.
It is good fried.

Winged

winged

In article <jhhvd.753191$8_6.686917@attbi_s04>, Jeff wrote:

>In particular, is anyone familiar with a program that returns an email with
>appropriate headers, messages, etc. to make it look like the address is
>nonexistant?

Doesn't work that way. See RFC2821

1. A properly configured mail server should know all of the valid addressees
that it should accept mail for, and reject mail to other addressees at the
SMTP stage.

2. While RFC2821 Section 2.4 does say that [quote] Delivery SMTP systems MAY
reject ("bounce") such messages rather than deliver them. [en-quote], most
mail administrators agree that such bounces are nearly always useless,
especially with respect to spam that ALWAYS has fake headers.

>Its for personal use. I bought printer ink on EBay several days ago, but
>never did I use my ISP provided email address in any portion of
>communication or transaction or payment for the ink. But this morning I
>received a piece of spam asking if I want to save on printer ink and
>supplies.

Has your ISP address ever been seen on the Internet ANYWHERE? Is your
address guessable (common name, or combination)? Nearly all spam is
sprayed at any conceivable address - without caring if it's real or not.

You may want to send mail to yourself in the same way you normally
send mail(send it from yahoo to comcast, or vice versa), and then
examine the RAW mail (including the raw headers) to see what hints
your mail tool may be including in your outgoing mail. You may be
unpleasantly surprised.

>I suppose I'll have to install an antispam filter in my email client (or use
>its own filter) to delete anything with keywords ink and printer in it.

Oh, so you don't mind the spam that's flogging various pills, p*n*s
enhancers, mortgage referrals, and so on? Get a filter that deletes
the spam on the ISPs POP server - there are plenty of them, including
those that can run on your windoze box.

>How could this address possibly have been mined??? (With reference to
>mining, I did sweeps of my entire HDs with at least four different
>up-to-date antispyware/adware/malware scanners in the past seven days.

Do you use this address at all? It could be someone who has your address
in their buddy list or address book as well. I've never used the official
username for this ISP, and they allow up to 4 other addresses that I can
replace monthly. As a result, three of my family now only know a temporary
address for me, which indeed changes monthly for some magic reason.

>And I empty my cookie files almost daily.)

But does your computer (nevermind the browser that you are apparently
using as a news reader, and probably a mail tool as well) know that
real address? You're using Outhouse Express under windoze - which isn't
exactly noted as being a secure thing.

Old guy

Moe Trin

Not a thing in the past week. Maybe this was a very weird coincidence.


"Jeff" <> wrote in message
news:jhhvd.753191$8_6.686917@attbi_s04...
> In particular, is anyone familiar with a program that returns an email
with
> appropriate headers, messages, etc. to make it look like the address is
> nonexistant?
>
> Its for personal use. I bought printer ink on EBay several days ago, but
> never did I use my ISP provided email address in any portion of
> communication or transaction or payment for the ink. But this morning I
> received a piece of spam asking if I want to save on printer ink and
> supplies.
>
> I suppose I'll have to install an antispam filter in my email client (or
use
> its own filter) to delete anything with keywords ink and printer in it.
But
> this new spam is mystifying. I don't think its coincidence - I've never
> received a message like it (referring to buying ANYTHING WHATSOVER) to
this
> email address. Its a million to one chance of being a coincidence. I
paid
> for the ink with Paypal, but they don't have this email address. Nor does
> Ebay. I seriously doubt that the Yahoo account I used for the
transsaction
> has any references to this email ID. How could this address possibly have
> been mined??? (With reference to mining, I did sweeps of my entire HDs
with
> at least four different up-to-date antispyware/adware/malware scanners in
> the past seven days. And I empty my cookie files almost daily.)
>
>

Jeff

On 13 Dec 2004 20:54:28 EST, winged <> wrote:

<SNIP>

> From what I have seen, they are pretty
>industrious in gathering addresses, and can gather them using multiple
>methodologies. I have even suspected someone is gleaning addresses off
>of various mail gateways. There are a number of mail servers located on
>BOTNETS. Someone you have sent mail to in the past may have lost your
>address for you. Bottom line if addy is used on the net, it seldom
>stays virgin long. I would say you can expect more spam in the future.

Good point. You would HOPE that anybody who operates ANY server on the internet
would be constantly vigilant (at least more so than the typical AOHell or
ComCrap customer) for ANY unknown activity by their server, but one of the
spammers jobs is to develop new ways to get email addresses. It would take just
one 0wn3d server to get lots of new, valid addresses for one of these assholes.

And this will happen no matter what YOU do about blocking, filtering, or
ignoring their ****.

And this will be a new breed of spammer with your email address, which may mean
that filtering his ****, once he gets your address, will be harder.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Chuck

Moe Trin wrote:
> In article <jhhvd.753191$8_6.686917@attbi_s04>, Jeff wrote:
>
>
>>In particular, is anyone familiar with a program that returns an email with
>>appropriate headers, messages, etc. to make it look like the address is
>>nonexistant?
>
>
> Doesn't work that way. See RFC2821
>
> 1. A properly configured mail server should know all of the valid addressees
> that it should accept mail for, and reject mail to other addressees at the
> SMTP stage.
>
> 2. While RFC2821 Section 2.4 does say that [quote] Delivery SMTP systems MAY
> reject ("bounce") such messages rather than deliver them. [en-quote], most
> mail administrators agree that such bounces are nearly always useless,
> especially with respect to spam that ALWAYS has fake headers.
>
>
>>Its for personal use. I bought printer ink on EBay several days ago, but
>>never did I use my ISP provided email address in any portion of
>>communication or transaction or payment for the ink. But this morning I
>>received a piece of spam asking if I want to save on printer ink and
>>supplies.
>
>
> Has your ISP address ever been seen on the Internet ANYWHERE? Is your
> address guessable (common name, or combination)? Nearly all spam is
> sprayed at any conceivable address - without caring if it's real or not.
>
> You may want to send mail to yourself in the same way you normally
> send mail(send it from yahoo to comcast, or vice versa), and then
> examine the RAW mail (including the raw headers) to see what hints
> your mail tool may be including in your outgoing mail. You may be
> unpleasantly surprised.
>
>
>>I suppose I'll have to install an antispam filter in my email client (or use
>>its own filter) to delete anything with keywords ink and printer in it.
>
>
> Oh, so you don't mind the spam that's flogging various pills, p*n*s
> enhancers, mortgage referrals, and so on? Get a filter that deletes
> the spam on the ISPs POP server - there are plenty of them, including
> those that can run on your windoze box.
>
>
>>How could this address possibly have been mined??? (With reference to
>>mining, I did sweeps of my entire HDs with at least four different
>>up-to-date antispyware/adware/malware scanners in the past seven days.
>
>
> Do you use this address at all? It could be someone who has your address
> in their buddy list or address book as well. I've never used the official
> username for this ISP, and they allow up to 4 other addresses that I can
> replace monthly. As a result, three of my family now only know a temporary
> address for me, which indeed changes monthly for some magic reason.
>
>
>>And I empty my cookie files almost daily.)
>
>
> But does your computer (nevermind the browser that you are apparently
> using as a news reader, and probably a mail tool as well) know that
> real address? You're using Outhouse Express under windoze - which isn't
> exactly noted as being a secure thing.
>
> Old guy


Well, I finally installed Thunderbird and made it my default email
client. I use either MyIE2 or Mozilla as my browser, so the only time I
have to use IE is to check for Windows Updates. I could use one of my
other browsers to do so, but the shortcut placed in my start menu
launches IE to check for updates, and it doesn't seem important enough
to change. Hopefully Microsoft is not so careless as to allow hackers
to redirect users trying to connect to the Windows Update website.

And that ink-toner spam item was an isolated event. Its just a really
bizarre coincidence that I happened to order ink cartridges using one of
my internet accounts just a couple days before that piece of spam arrived.

Jeff G

In article <souzd.239577$5K2.126956@attbi_s03>, Jeff G wrote:

>Well, I finally installed Thunderbird and made it my default email
>client. I use either MyIE2 or Mozilla as my browser, so the only time I
>have to use IE is to check for Windows Updates.

It's a bit of a pity, but the number of dedicated specific tools for
windoze is comparatively limited. Mail (for example) should be read or
created with a tool that does mail, and nothing else. File downloads
should be done with a different tool, as should visiting web sites.
Actually, one of my mail filter rules automatically drops any mail that
contains HTTP.

>I could use one of my other browsers to do so, but the shortcut placed
>in my start menu launches IE to check for updates, and it doesn't seem
>important enough to change. Hopefully Microsoft is not so careless as to
>allow hackers to redirect users trying to connect to the Windows Update
>website.

I'm told that IE is required to get the updates - I wouldn't know, having
stopped using windoze in 1992. Actually, while you access microsoft, you
may be getting the downloads from an Internet content provider like
Akamai (which has servers located in many cities of the world, to provide
faster service). But you don't go there direct - it's a redirect from
microsoft.

>And that ink-toner spam item was an isolated event. Its just a really
>bizarre coincidence that I happened to order ink cartridges using one of
>my internet accounts just a couple days before that piece of spam arrived.

That happens. There are a number of products and services that are a
natural for spam artists. Ink/toner is grossly overpriced (that's how
the printer manufacturers make the money - the printers are often sold
well below cost), so selling a shoddy product at a merely excessive price
will find a huge market. As they spamming entities are pretty difficult
to trace, and they change names and "locations" as often as you change
your shorts, they can make their money, and move on almost before the
product has been delivered to you. Also, many of them launder their
services through overseas locations, making criminal complaints difficult
to pursue. Paying by credit card may offer a very tiny possibility of
combating fraud, but the real solution is to never purchase anything
from an email offer or pop-up ad. It's NEVER a good deal.

Old guy

Moe Trin