Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Is there any danger in opening spam?

Reply
Thread Tools

Is there any danger in opening spam?

 
 
Enkidu
Guest
Posts: n/a
 
      11-05-2010
On 05/11/10 11:40, Allistar wrote:
> Matty F wrote:
>
>> I've been told by a helpdesk that we mustn't open spam emails or
>> our machines could be infected by malware etc etc. Surely if I
>> don't click on any links in the email I'm safe?

>
> That would depend on your mail client I suppose. But I would say that
> simply viewing a spam email is perfectly safe.
>

No, it isn't. Some email clients will run the scripts in some emails
when you open them.

Cheers,

Cliff

--

The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

The end excuses any evil - Sophocles
 
Reply With Quote
 
 
 
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 5, 9:11 pm, Allistar <(E-Mail Removed)> wrote:
> Matty F wrote:
> > On Nov 5, 11:40 am, Allistar <(E-Mail Removed)> wrote:
> >> Matty F wrote:

>
> >> > Why can't XTRA check who was using that IP address at the time the
> >> > email was sent, and give them a call?

>
> >> They can, but you'd need to bitch to Xtra first.

>
> > Of course I have done that and not got a satisfactory result.

>
> >> And most likely the person
> >> responsible for the computer at the end of that IP address is not the one
> >> sending the spam - it's more likely that their computer (which is most
> >> like running a Microsoft operating system) is infected by malicious
> >> software.

>
> > Again, that is almost certain to be the case. I get one or more spam
> > emails from the same IP address each day. That IP address is on many
> > blacklists. Anyone unfortunate enough to be allocated that IP address
> > will have trouble sending emails to some ISPs.
> > Note that it is a dynamic IP address, but the user stays logged on for
> > days or weeks at a time.

>
> > "The Project Honey Pot system has detected behavior from the IP
> > address 210.54.141.252 that is consistent with that of a Mail Server
> > and Dictionary Attacker."

>
> > "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
> > of your ISP or corporate mail server is extremely bad.
> > Received: from mta03.xtra.co.nz ([210.54.141.252])'"

>
> > "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
> > blacklists"

>
> Do you use client side spam filtering? If not, I recommend it. Mine hides a
> lot of spam from me fairly effectively. An issue is that spam still appears
> on devices that don't have the ability to filter them out, such as an iPhone
> and an iPad.


I can easily decide on Yahoo's webmail whether something is spam or
not, without opening the email.
Recognising spam is not the problem.The problem is that someone using
IP address 210.54.141.252 has an infected machine,and Xtra should do
something about that because it's one of their customers.
That customer gets a new IP address sometimes and thus a bunch of Xtra
IP addresses are being blacklisted. Sometimes I am allocated one of
them, thus my emails may bounce.
 
Reply With Quote
 
 
 
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 5, 9:13 pm, Enkidu <(E-Mail Removed)> wrote:
> On 05/11/10 11:40, Allistar wrote:> Matty F wrote:
>
> >> I've been told by a helpdesk that we mustn't open spam emails or
> >> our machines could be infected by malware etc etc. Surely if I
> >> don't click on any links in the email I'm safe?

>
> > That would depend on your mail client I suppose. But I would say that
> > simply viewing a spam email is perfectly safe.

>
> No, it isn't. Some email clients will run the scripts in some emails
> when you open them.


So there appears to be no way that I can check the originating IP
address on Yahoo Webmail without opening the email. There is no option
to show plain text instead of HTML.
 
Reply With Quote
 
peter
Guest
Posts: n/a
 
      11-05-2010
Matty F wrote:
> I've been told by a helpdesk that we mustn't open spam emails or our
> machines could be infected by malware etc etc.
> Surely if I don't click on any links in the email I'm safe?


not if you are using Microsoft software


 
Reply With Quote
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 5, 10:13 pm, peter <(E-Mail Removed)> wrote:
> Matty F wrote:
> > I've been told by a helpdesk that we mustn't open spam emails or our
> > machines could be infected by malware etc etc.
> > Surely if I don't click on any links in the email I'm safe?

>
> not if you are using Microsoft software


Well, I'm using Firefox to read Yahoo mail which has images blocked.
I'm using Eudora for pop mail (not using Microsoft's viewer), and have
disallowed "executables in HTML content".
But I only opened some regular spam to see the originating IP address.
 
Reply With Quote
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 6, 12:28 am, EMB <(E-Mail Removed)> wrote:
> On 5/11/2010 5:32 p.m., Matty F wrote:
>
>
>
> > On Nov 5, 11:40 am, Allistar<(E-Mail Removed)> wrote:
> >> Matty F wrote:

>
> >>> Why can't XTRA check who was using that IP address at the time the
> >>> email was sent, and give them a call?

>
> >> They can, but you'd need to bitch to Xtra first.

>
> > Of course I have done that and not got a satisfactory result.

>
> >> And most likely the person
> >> responsible for the computer at the end of that IP address is not the one
> >> sending the spam - it's more likely that their computer (which is most like
> >> running a Microsoft operating system) is infected by malicious software.

>
> > Again, that is almost certain to be the case. I get one or more spam
> > emails from the same IP address each day. That IP address is on many
> > blacklists. Anyone unfortunate enough to be allocated that IP address
> > will have trouble sending emails to some ISPs.
> > Note that it is a dynamic IP address, but the user stays logged on for
> > days or weeks at a time.

>
> > "The Project Honey Pot system has detected behavior from the IP
> > address 210.54.141.252 that is consistent with that of a Mail Server
> > and Dictionary Attacker."

>
> > "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
> > of your ISP or corporate mail server is extremely bad.
> > Received: from mta03.xtra.co.nz ([210.54.141.252])'"

>
> > "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
> > blacklists"

>
> Learn to read email headers Matty - that is NOT a user IP address.


Of course it is. Over the last three years 210.54.141.252 has been
assigned to 58 people who have emailed me.
 
Reply With Quote
 
~misfit~
Guest
Posts: n/a
 
      11-05-2010
Somewhere on teh intarwebs Matty F wrote:
> On Nov 6, 12:28 am, EMB <(E-Mail Removed)> wrote:
>> On 5/11/2010 5:32 p.m., Matty F wrote:
>>
>>
>>
>>> On Nov 5, 11:40 am, Allistar<(E-Mail Removed)> wrote:
>>>> Matty F wrote:

>>
>>>>> Why can't XTRA check who was using that IP address at the time the
>>>>> email was sent, and give them a call?

>>
>>>> They can, but you'd need to bitch to Xtra first.

>>
>>> Of course I have done that and not got a satisfactory result.

>>
>>>> And most likely the person
>>>> responsible for the computer at the end of that IP address is not
>>>> the one sending the spam - it's more likely that their computer
>>>> (which is most like running a Microsoft operating system) is
>>>> infected by malicious software.

>>
>>> Again, that is almost certain to be the case. I get one or more spam
>>> emails from the same IP address each day. That IP address is on many
>>> blacklists. Anyone unfortunate enough to be allocated that IP
>>> address will have trouble sending emails to some ISPs.
>>> Note that it is a dynamic IP address, but the user stays logged on
>>> for days or weeks at a time.

>>
>>> "The Project Honey Pot system has detected behavior from the IP
>>> address 210.54.141.252 that is consistent with that of a Mail Server
>>> and Dictionary Attacker."

>>
>>> "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase
>>> reputation of your ISP or corporate mail server is extremely bad.
>>> Received: from mta03.xtra.co.nz ([210.54.141.252])'"

>>
>>> "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
>>> blacklists"

>>
>> Learn to read email headers Matty - that is NOT a user IP address.

>
> Of course it is. Over the last three years 210.54.141.252 has been
> assigned to 58 people who have emailed me.


.... and you think that all 58 of those people have the same malware running
on their computers? Seriously?

Think about it.....
--
Shaun.

"He who fights with monsters might take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also
into you." Friedrich Wilhelm Nietzsche


 
Reply With Quote
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 5, 11:19 pm, "WorkHard" <(E-Mail Removed)> wrote:

> Use Mailwasher. That way you can see what emails you have before
> downloading and can see the headers etc.


What do you mean by "headers"? To me, headers is rather a lot of data
showing the route the email has taken, and particularly the
originating IP address which is what I want to see.
I can't see anything on the Mailwasher site about seeing full headers.
Mailwasher appears to show the sender name and description and the
ability to have blacklists and whitelists. I get that already on
Yahoo.
And Mailwasher doesn't run on my operating system.
 
Reply With Quote
 
Matty F
Guest
Posts: n/a
 
      11-05-2010
On Nov 6, 1:25 am, "~misfit~" <(E-Mail Removed)> wrote:
> Somewhere on teh intarwebs Matty F wrote:
>
>
>
> > On Nov 6, 12:28 am, EMB <(E-Mail Removed)> wrote:
> >> On 5/11/2010 5:32 p.m., Matty F wrote:

>
> >>> On Nov 5, 11:40 am, Allistar<(E-Mail Removed)> wrote:
> >>>> Matty F wrote:

>
> >>>>> Why can't XTRA check who was using that IP address at the time the
> >>>>> email was sent, and give them a call?

>
> >>>> They can, but you'd need to bitch to Xtra first.

>
> >>> Of course I have done that and not got a satisfactory result.

>
> >>>> And most likely the person
> >>>> responsible for the computer at the end of that IP address is not
> >>>> the one sending the spam - it's more likely that their computer
> >>>> (which is most like running a Microsoft operating system) is
> >>>> infected by malicious software.

>
> >>> Again, that is almost certain to be the case. I get one or more spam
> >>> emails from the same IP address each day. That IP address is on many
> >>> blacklists. Anyone unfortunate enough to be allocated that IP
> >>> address will have trouble sending emails to some ISPs.
> >>> Note that it is a dynamic IP address, but the user stays logged on
> >>> for days or weeks at a time.

>
> >>> "The Project Honey Pot system has detected behavior from the IP
> >>> address 210.54.141.252 that is consistent with that of a Mail Server
> >>> and Dictionary Attacker."

>
> >>> "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase
> >>> reputation of your ISP or corporate mail server is extremely bad.
> >>> Received: from mta03.xtra.co.nz ([210.54.141.252])'"

>
> >>> "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
> >>> blacklists"

>
> >> Learn to read email headers Matty - that is NOT a user IP address.

>
> > Of course it is. Over the last three years 210.54.141.252 has been
> > assigned to 58 people who have emailed me.

>
> ... and you think that all 58 of those people have the same malware running
> on their computers? Seriously?
>
> Think about it.....


No, of course none of them has the malware. I never said they did.
 
Reply With Quote
 
Squiggle
Guest
Posts: n/a
 
      11-05-2010
On Nov 5, 5:32*pm, Matty F <(E-Mail Removed)> wrote:

> Again, that is almost certain to be the case. I get one or more spam
> emails from the same IP address each day. That IP address is on many
> blacklists. Anyone unfortunate enough to be allocated that IP address
> will have trouble sending emails to some ISPs.
> Note that it is a dynamic IP address, but the user stays logged on for
> days or weeks at a time.


How on earth did you manage to jump to that incorrect conclusion?

>
> "The Project Honey Pot system has detected behavior from the IP
> address 210.54.141.252 that is consistent with that of a Mail Server
> and Dictionary Attacker."
>
> "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
> of your ISP or corporate mail server is extremely bad.
> Received: from mta03.xtra.co.nz ([210.54.141.252])'"
>
> "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
> blacklists"


Its a mail server Matty, probably a poorly configured one. Plenty of
hints to that fact in the preceeding three sentences you posted.
The fact the reverse dns lookup calls it mta03.xtra.co.nz is a bit of
a give away, a dynamically allocated dialup or adsl connection has a
more generic format like 219-89-55-1.dialup.xtra.co.nz or
122-60-1-25.jetstream.xtra.co.nz.
Its a static allocation, and mta is a common abbreviation for mail
transport agent (ie.mail server)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DANGER DANGER THIRD DAY CPU FAN FAILURE DANGER DANGER Skybuck Flying Windows 64bit 9 04-01-2010 10:33 PM
Danger Danger Will Robinson Vista SP1 Lloyd Sheen ASP .Net 2 03-19-2008 05:58 PM
501 PIX "deny any any" "allow any any" Any Anybody? Networking Student Cisco 4 11-16-2006 10:40 PM
Is there a danger opening WMV files in XP? Andy Computer Security 167 05-30-2006 04:55 AM
C++ danger to break due to its weight, fragmentation danger - C++0x Ioannis Vranos C++ 14 04-21-2004 12:19 AM



Advertisments