any ideas how to stop this

Discussion in 'Computer Security' started by Rich, May 6, 2005.

  1. Rich

    Rich Guest

    I know GetViagraNow.Com is one of the biggest spam clearing houses on the
    net. I have tried to block their unsolicited junk for about 8 months now. I
    don't know if it is related but I have had more virus attacks on my computer
    since their junk email has come in. It feels like it is coming from them. I
    have tried getting my isp to block them but Bellsouth.net has been no help
    at all, for the past months they have been sending me around in circles
    saying send us email-no call tech support-then you call tech support and
    they tell you to email them with the problem. I have sent them emails of the
    spam I am getting and after the first couple of times, they blocked me from
    emailing tech support. Bunch of great guys. You would think they would care
    because obviously these spammers are sending mail to all of bellsouth's
    customers, but it is like they don't care or they are in it with the
    spammers.
    In despiration I even contacted the offender-GetViagraNow.com at their site
    through their communications system but they didn't respond and there has
    been no change. I still get 30 of the exact same email every day.
    Anybody know how to block them?
    Appreciate any help.
    RichMason101(at)hotmail
    Thanks
     
    Rich, May 6, 2005
    #1
    1. Advertising

  2. Rich wrote:

    > I know GetViagraNow.Com is one of the biggest spam clearing houses on the
    > net. I have tried to block their unsolicited junk for about 8 months now.
    > I don't know if it is related but I have had more virus attacks on my
    > computer
    > since their junk email has come in. It feels like it is coming from them.
    > I have tried getting my isp to block them but Bellsouth.net has been no
    > help at all, for the past months they have been sending me around in
    > circles saying send us email-no call tech support-then you call tech
    > support and they tell you to email them with the problem. I have sent them
    > emails of the spam I am getting and after the first couple of times, they
    > blocked me from emailing tech support. Bunch of great guys. You would
    > think they would care because obviously these spammers are sending mail to
    > all of bellsouth's customers, but it is like they don't care or they are
    > in it with the spammers.
    > In despiration I even contacted the offender-GetViagraNow.com at their
    > site through their communications system but they didn't respond and there
    > has been no change. I still get 30 of the exact same email every day.
    > Anybody know how to block them?
    > Appreciate any help.
    > RichMason101(at)hotmail
    > Thanks


    It sound like you are using email from BellSouth? Are you using their email
    servers or do you have your own? Please describe your "setup".

    Michael
    --
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html

    Protect your rights
    http://www.eff.org/
    http://www.publicknowledge.org/
     
    Michael Pelletier, May 6, 2005
    #2
    1. Advertising

  3. Rich

    Jim Watt Guest

    On Fri, 06 May 2005 03:05:50 GMT, "Rich" <>
    wrote:

    >I know GetViagraNow.Com is one of the biggest spam clearing houses on the
    >net. I have tried to block their unsolicited junk for about 8 months now.


    You are on a kicking to nowhere with Bellsouth, I spent a lot of time
    on the phone to them at their expense trying to eliminate a
    particularly nasty daily email originating from their IP block.

    Get an email service that provides filtering.


    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 6, 2005
    #3
  4. Rich

    Moe Trin Guest

    In article <iaBee.3518$>, Rich wrote:

    >I know GetViagraNow.Com is one of the biggest spam clearing houses on the
    >net. I have tried to block their unsolicited junk for about 8 months now.


    http://www.stopspam.org/email/headers.html Most spam is sent by overseas
    systems hired for the task, and zombie computers (computers owned by fools
    who shouldn't be trusted with something as complicated as a hammer, and
    therefore filled with viruses and worms that allow spammers to send mail
    from everywhere). Spam is rarely sent 'direct' from the spammer.

    >I don't know if it is related but I have had more virus attacks on my
    >computer since their junk email has come in.


    Probably a coincidence. But then, what are you using as a browser?

    >It feels like it is coming from them.


    What gives you that indication?

    >I have tried getting my isp to block them but Bellsouth.net has been no help
    >at all, for the past months they have been sending me around in circles
    >saying send us email-no call tech support-then you call tech support and
    >they tell you to email them with the problem. I have sent them emails of the
    >spam I am getting and after the first couple of times, they blocked me from
    >emailing tech support. Bunch of great guys. You would think they would care
    >because obviously these spammers are sending mail to all of bellsouth's
    >customers, but it is like they don't care or they are in it with the
    >spammers.


    Actually, a lot of the world blocks mail (or everything) from SBC and it's
    various children (snet.com, bellsouth, swbell, pacbell, pbi, ameritech
    among others) simply because they do absolutely nothing to rein in the
    abuse that comes from their networks. As for 'GetViagraNow.Com', that's
    a domain in the spam capital of the world 'Southern Florida" and is hosted
    by Internap Network - themselves largely blocked by the rest of the world.
    Try reading the newsgroups 'news.admin.net-abuse.blocklisting' to gain an
    insight of who is naughty, and who is nicer.

    >In despiration I even contacted the offender-GetViagraNow.com at their site
    >through their communications system but they didn't respond and there has
    >been no change. I still get 30 of the exact same email every day.


    Congratulations - you did the big no-no, and confirmed to GetViagraNow.com
    that your's is a working address with someone reading the crap. Your address
    will be (if it hasn't already been so) sold to spammers as a live one.

    >Anybody know how to block them?


    1. Close the current account at bellsouth. The address is known to be
    a sucker - and is going to be inundated with spam. You think it was bad,
    you ain't seen nothing yet.

    2. Get a new account, preferably with someone other than bellsouth. If
    you expect to use the account for mail, choose a username that doesn't have
    your real name, but something "close", but unlikely to be found in a phone
    book, or dictionary. If you DON'T plan on using it for mail (or only
    mail from a very limited number of people) choose a username of RANDOM
    letters/numbers. For the public usernames, I send the output of a
    random character generator (in UNIX, it's called /dev/random - microsoft
    hasn't invented that yet) through a binary to printable_character converter
    (uuencode, or mimencode) and use the first 8 characters of that string.
    That gives names like 'muUECA3N', 'wYW0xAJ1' or 'UbXPaOBD'

    3. Don't post a real username ANYWHERE.

    4, Don't EVER respond to SPAM. You are posting with Outhouse Express, and
    really shouldn't be using it at all, because it likes to help you by
    auto-opening (and sometimes auto-installing) every piece of sewage that
    may come through the mail, or appear on the web pages you may visit. The
    spammer sees your mail tool coming to the hidden URL in the mail, and knows
    someone is reading the mail - you. That brings on more spam. OE is also
    the vector used by most viruses and trojans to infect your system.
    ANYTHING ELSE would be a better tool.

    Old guy
     
    Moe Trin, May 7, 2005
    #4
  5. Rich

    Jon Guest

    >...choose a username that doesn't have your real name, but something
    >close", but unlikely to be found in a phone book, or dictionary. If
    >you DON'T plan on using it for mail (or only mail from a very limited
    >number of people) choose a username of RANDOM letters/numbers. For
    >the public usernames, I send the output of a random character
    >generator (in UNIX, it's called /dev/random - microsoft hasn't
    >invented that yet) through a binary to printable_character converter
    >(uuencode, or mimencode) and use the first 8 characters of that
    >string. That gives names like 'muUECA3N', 'wYW0xAJ1' or 'UbXPaOBD'


    What would be the purpose of that? I haven't heard of spammers using
    cracking software.


    Jon
     
    Jon, May 7, 2005
    #5
  6. Rich

    Moe Trin Guest

    In article <>, Jon wrote:

    >>...choose a username that doesn't have your real name, but something
    >>close", but unlikely to be found in a phone book, or dictionary.


    Note the last phrase

    >>If you DON'T plan on using it for mail (or only mail from a very limited
    >>number of people) choose a username of RANDOM letters/numbers. For
    >>the public usernames, I send the output of a random character
    >>generator [...] through a binary to printable_character converter
    >>(uuencode, or mimencode) and use the first 8 characters of that
    >>string. That gives names like 'muUECA3N', 'wYW0xAJ1' or 'UbXPaOBD'

    >
    >What would be the purpose of that? I haven't heard of spammers using
    >cracking software.


    I haven't heard of them doing so either, and even if they did decode
    those eight character names, they'd get the output of /dev/random

    [compton ~]$ whatis random
    random (3) - random number generator
    random (4) - kernel random number source devices
    [compton ~]$

    which is a statistically random string of characters from 0x00 through
    0xFF. The encoding is merely to convert this string, which includes 62%
    unprintable characters into ASCII required by RFC0822/2822.

    To find out why I am using this technique, go to groups.google.com, and
    search the newsgroup 'comp.mail.sendmail' for the words 'dictionary attack'.
    Briefly, spammers (or their support crew) are connecting to mail servers,
    and trying to "send" mail to names apparently taken out of phonebooks,
    often with a single letter prepending, or post-pending. If you understand
    regular expressions, this means (for example) "[a-z]jones" and "jones[a-z]".
    (The names tried may also include 'name' post-pended with 1 to 4 digits.)
    They close the connection after trying 10-50 names, without sending a mail
    body (which shows up in the logs). They are depending on the mail server
    returning a "250" result code for valid names, and a "550" for invalid
    names to harvest a list of valid addresses which can be spammed/sold. See
    section 3.1 (bottom of page 4) of RFC0821 or section 3.3 (middle of page
    17) of RFC2821.

    Old guy
     
    Moe Trin, May 9, 2005
    #6
  7. Rich

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Rich wrote:
    >In despiration I even contacted the offender-GetViagraNow.com at their
    >site through their communications system but they didn't respond and there
    >has
    >been no change. I still get 30 of the exact same email every day.
    >Anybody know how to block them?


    Assuming you're talking about a POP3 based mail account:

    http://keir.net/k9.html
    and
    http://www.spampal.org/

    Spend a few weeks training K9, then make a rule in your mail program to
    auto-move any mail that scores a hit from both of the above to trash. And
    another rule to move the ones that get marked by only one of the above to a
    "suspect" folder.

    Almost 70% of the mail I get every day (roughly 100) is spam, and the
    combination of K9 + Spampal is ridiculously effective in my experience.
    I've seen a single spam in my inbox in the past 400 or so days. And I'm
    getting a quite easy to handle 1-5 in the "suspicious" folder.

    If the mails you're talking about are really identical, K9 will block them
    consistently after your first day, regardless of point of origin.



    - --
    Frode


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQn+uyeXlGBWTt1afEQI88gCg/CTuEEW/inToVhzFgQlBhr/nmZsAoKgK
    wZfMnfRf86a5m11xUL9M/ou5
    =q4LS
    -----END PGP SIGNATURE-----
     
    Frode, May 9, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fokker
    Replies:
    3
    Views:
    3,524
    ┬░Mike┬░
    Sep 20, 2003
  2. Networking Student
    Replies:
    4
    Views:
    1,435
    vreyesii
    Nov 16, 2006
  3. Mike Easter

    Re: Ideas for a signature to stop FWD emails

    Mike Easter, Jan 9, 2010, in forum: Computer Support
    Replies:
    0
    Views:
    405
    Mike Easter
    Jan 9, 2010
  4. richard

    Re: Ideas for a signature to stop FWD emails

    richard, Jan 9, 2010, in forum: Computer Support
    Replies:
    9
    Views:
    493
    Mike Yetto
    Jan 9, 2010
  5. Mara

    Re: Ideas for a signature to stop FWD emails

    Mara, Jan 9, 2010, in forum: Computer Support
    Replies:
    1
    Views:
    403
    Mike Easter
    Jan 9, 2010
Loading...

Share This Page