Interesting Spam

Discussion in 'NZ Computing' started by GraB, Aug 13, 2006.

  1. GraB

    GraB Guest

    I just found three e-mails in one of my accounts, none of them
    addressed to me, but to seemingly valid addresses at *******@es.co.nz
    supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    Amazon and customercare from the other two, confirming an order. All
    three give the same order number.

    But how do these seemingly valid e-mails addresesed to someone else
    get into my box?
     
    GraB, Aug 13, 2006
    #1
    1. Advertising

  2. GraB

    Chris Hope Guest

    GraB wrote:

    > I just found three e-mails in one of my accounts, none of them
    > addressed to me, but to seemingly valid addresses at *******@es.co.nz
    > supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    > Amazon and customercare from the other two, confirming an order. All
    > three give the same order number.
    >
    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?


    When an email is sent, the mail server is told who the email is sent
    from and who it is addressed to. After this, the email itself is passed
    through to the mail server, and the headers in this part may not
    necessarily contain the email address of the receiver.

    A valid (ie non spammy) example of this in practise, is when you "bcc"
    someone. When the recipients receive the message there is no way for
    them to see who (or even if) someone was bcc'd the message, including
    the person who was bcc'd. So I could send an email to myself, and bcc
    it to you and it would look like it was addressed to me and not you.

    --
    Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
     
    Chris Hope, Aug 13, 2006
    #2
    1. Advertising

  3. GraB

    aum Guest

    On Sun, 13 Aug 2006 15:46:51 +1200, GraB wrote:

    > I just found three e-mails in one of my accounts, none of them
    > addressed to me, but to seemingly valid addresses at *******@es.co.nz
    > supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    > Amazon and customercare from the other two, confirming an order. All
    > three give the same order number.
    >
    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?


    When email is sent to you, there are 2 layers of addresses:

    1) The addresses given during the SMTP protocol negotiation, typically
    something like:

    HELO mail.emarketing.com
    MAIL From: Aunty Bess <>
    RCPT To: Fred Dagg <>
    DATA
    ...
    .
    QUIT

    2) The addresses given within the data body of the message, which
    typically looks like:

    From: Aunty Bess <>
    To: Fred Dagg <>
    Subject: Build your man-muscle
    Date: Fri August 25, 2007

    Disappoint your lover no more. Try our painless, non-surgical,
    non-drug treatment for increasing the size and girth of your
    manhood.

    Click here for more info

    Email client programs (Thunderbird, mutt, Pegasus, Eudora (yes, even
    Outlook)) only work from the address info in the data body of the message,
    and typically ignore the addresses given during the SMTP protocol
    (although these addresses are often present in the headers of the message).

    So if the SMTP addresses have 'RCPT To: ', but the message
    body has 'To: ', then it will reach you.

    --

    Cheers
    aum
     
    aum, Aug 13, 2006
    #3
  4. GraB

    Chris Hope Guest

    Chris Hope wrote:

    > GraB wrote:
    >
    >> I just found three e-mails in one of my accounts, none of them
    >> addressed to me, but to seemingly valid addresses at *******@es.co.nz
    >> supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    >> Amazon and customercare from the other two, confirming an order. All
    >> three give the same order number.
    >>
    >> But how do these seemingly valid e-mails addresesed to someone else
    >> get into my box?

    >
    > When an email is sent, the mail server is told who the email is sent
    > from and who it is addressed to. After this, the email itself is
    > passed through to the mail server, and the headers in this part may
    > not necessarily contain the email address of the receiver.


    I forgot to mention that at this stage, regardless of the To: header in
    the email, it will be delivered to the recipient originally specified
    when the connection to the server is first established.

    > A valid (ie non spammy) example of this in practise, is when you "bcc"
    > someone. When the recipients receive the message there is no way for
    > them to see who (or even if) someone was bcc'd the message, including
    > the person who was bcc'd. So I could send an email to myself, and bcc
    > it to you and it would look like it was addressed to me and not you.
    >


    --
    Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com
     
    Chris Hope, Aug 13, 2006
    #4
  5. GraB

    Paula Guest

    "GraB" <> wrote in message

    >I just found three e-mails in one of my accounts, none of them
    > addressed to me, but to seemingly valid addresses at *******@es.co.nz
    > supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    > Amazon and customercare from the other two, confirming an order. All
    > three give the same order number.
    >
    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?
    >


    I had Amazon and Circuitcity, hubby had Walmart. I figure I got the better
    orders - but didn't open the zip file attached!

    Paula
     
    Paula, Aug 13, 2006
    #5
  6. GraB

    Peter Guest

    GraB wrote:
    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?


    Is your address BCC on these emails?
     
    Peter, Aug 13, 2006
    #6
  7. GraB

    MaHogany Guest

    On Sun, 13 Aug 2006 15:46:51 +1200, GraB wrote:

    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?


    BCC


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 13, 2006
    #7
  8. GraB

    GraB Guest

    On Sun, 13 Aug 2006 16:15:01 +1200, Peter <>
    wrote:

    >GraB wrote:
    >> But how do these seemingly valid e-mails addresesed to someone else
    >> get into my box?

    >
    >Is your address BCC on these emails?
    >

    I didn't see that as I read them with MailWasher which doesn't
    actually download the e-mail, just gives you a preview.
     
    GraB, Aug 13, 2006
    #8
  9. GraB

    EMB Guest

    Peter wrote:
    > GraB wrote:
    >> But how do these seemingly valid e-mails addresesed to someone else
    >> get into my box?

    >
    > Is your address BCC on these emails?


    bcc..... BLIND carbon copy so your address doesn't show so you'll never
    know.


    --
    EMB
     
    EMB, Aug 13, 2006
    #9
  10. GraB

    ~misfit~ Guest

    Paula wrote:
    > "GraB" <> wrote in message
    >
    > > I just found three e-mails in one of my accounts, none of them
    > > addressed to me, but to seemingly valid addresses at
    > > *******@es.co.nz supposedly from Amazon.com, Walmart.com and
    > > Circuitcity, info at Amazon and customercare from the other two,
    > > confirming an order. All three give the same order number.
    > >
    > > But how do these seemingly valid e-mails addresesed to someone else
    > > get into my box?
    > >

    >
    > I had Amazon and Circuitcity, hubby had Walmart. I figure I got the
    > better orders - but didn't open the zip file attached!


    Good move. PC-cillin gives me this (one of many):

    Notification:

    Incoming Mail Scan
    Incoming Mail Scan detected a virus or other type of malware, and performed
    the action specified.

    ..
    Action taken: Unable to clean infected file. The file was deleted.
    ..
    Subject: SPAM: Order Confirmation number: WC2195136
    Sender: customer support <>
    Malware name: TROJ_SMALL.CJK
    Note: If Search for and clean Trojans is turned on and executed after
    scanning, click Next to view the final action taken.

    Notification:

    Real-time Protection
    Real-time Protection has detected a virus, spyware, or other security risk,
    and performed the action specified.

    ..
    Action taken: Unable to clean infected file. The file was quarantined.
    ..
    Incident name: C:\WINDOWS\TEMP\V2RCDSa03276
    Detection name: TROJ_SMALL.CJK
    User name: misfit
    Note: If Search for and clean Trojans is turned on and executed after
    scanning, click Next to view the final action taken.
    --
    Shaun.
     
    ~misfit~, Aug 13, 2006
    #10
  11. GraB

    Guest

    IHUG told me that they used to be called ES
    Andy

    GraB wrote:
    > I just found three e-mails in one of my accounts, none of them
    > addressed to me, but to seemingly valid addresses at *******@es.co.nz
    > supposedly from Amazon.com, Walmart.com and Circuitcity, info at
    > Amazon and customercare from the other two, confirming an order. All
    > three give the same order number.
    >
    > But how do these seemingly valid e-mails addresesed to someone else
    > get into my box?
     
    , Aug 13, 2006
    #11
  12. GraB

    GraB Guest

    On 13 Aug 2006 15:16:34 -0700, "" <>
    wrote:

    >IHUG told me that they used to be called ES
    >Andy
    >

    Yes, that used to be my address, though it still works.
     
    GraB, Aug 14, 2006
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stefano
    Replies:
    5
    Views:
    4,441
    Moz Champion
    Feb 9, 2005
  2. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    659
    Hywel
    Apr 12, 2004
  3. Clwddncr
    Replies:
    6
    Views:
    739
    Dave - Dave.net.nz
    Feb 7, 2005
  4. Waylon Kenning

    Interesting Spam Statistics

    Waylon Kenning, Oct 14, 2005, in forum: NZ Computing
    Replies:
    18
    Views:
    650
    Waylon Kenning
    Oct 16, 2005
  5. Shane

    Interesting Spam

    Shane, Feb 8, 2007, in forum: NZ Computing
    Replies:
    3
    Views:
    379
    whoisthis
    Feb 9, 2007
Loading...

Share This Page