Is there any danger in opening spam?

Discussion in 'NZ Computing' started by Matty F, Nov 4, 2010.

  1. Matty F

    Matty F Guest

    I've been told by a helpdesk that we mustn't open spam emails or our
    machines could be infected by malware etc etc.
    Surely if I don't click on any links in the email I'm safe?
    On webmail the images are blocked automatically.
    Or I could allow the email spam into my machine and tell my firewall
    to stop all traffic before I open the email. But surely that is not
    necessary.

    Most of the spam comes from a single Xtra IP address, that is why I
    want to look at the headers.
    Why can't XTRA check who was using that IP address at the time the
    email was sent, and give them a call?
    Matty F, Nov 4, 2010
    #1
    1. Advertising

  2. Matty F

    Dave Doe Guest

    In article <5ffabea0-8375-4be6-880b-473ec5b4b288
    @s12g2000prs.googlegroups.com>, says...
    >
    > I've been told by a helpdesk that we mustn't open spam emails or our
    > machines could be infected by malware etc etc.
    > Surely if I don't click on any links in the email I'm safe?
    > On webmail the images are blocked automatically.
    > Or I could allow the email spam into my machine and tell my firewall
    > to stop all traffic before I open the email. But surely that is not
    > necessary.
    >
    > Most of the spam comes from a single Xtra IP address, that is why I
    > want to look at the headers.
    > Why can't XTRA check who was using that IP address at the time the
    > email was sent, and give them a call?


    I think your helpdesk folk are just trying to play it safe. You can't
    be infected unless you *run* something - and they don't want you (maybe)
    seeing emails that look like the real thing, and users being duped into
    running malicious software from a site (that also looks like the real
    thing).

    --
    Duncan.
    Dave Doe, Nov 4, 2010
    #2
    1. Advertising

  3. In message
    <>, Matty F
    wrote:

    > I've been told by a helpdesk that we mustn't open spam emails or our
    > machines could be infected by malware etc etc.


    In the early days, there were some truly horrible security holes in
    Microsoft MUAs that meant that simply viewing HTML-formatted e-mails could
    execute JavaScript, fetch remote images etc.

    > On webmail the images are blocked automatically.


    Thunderbird/Iceweasel is configured NOT to fetch remote images by default.
    Currently I’m using an MUA (Claws Mail) which won’t even display HTML mail.

    > Most of the spam comes from a single Xtra IP address, that is why I
    > want to look at the headers.


    The View Source function should be pretty safe, because of course the source
    is nothing but plain ASCII text.
    Lawrence D'Oliveiro, Nov 4, 2010
    #3
  4. Matty F

    Matty F Guest

    On Nov 5, 12:27 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > In message
    > <>, Matty F
    > wrote:
    >
    > > I've been told by a helpdesk that we mustn't open spam emails or our
    > > machines could be infected by malware etc etc.

    >
    > In the early days, there were some truly horrible security holes in
    > Microsoft MUAs that meant that simply viewing HTML-formatted e-mails could
    > execute JavaScript, fetch remote images etc.
    >
    > > On webmail the images are blocked automatically.

    >
    > Thunderbird/Iceweasel is configured NOT to fetch remote images by default..
    > Currently I’m using an MUA (Claws Mail) which won’t even display HTML mail.
    >
    > > Most of the spam comes from a single Xtra IP address, that is why I
    > > want to look at the headers.

    >
    > The View Source function should be pretty safe, because of course the source
    > is nothing but plain ASCII text.


    So, maybe there is a small problem. There does seem to be HTML in the
    Yahoo's webmail and what Eudora brings into my machine, even though
    I've tried to turn HTML off.
    I did phone Xtra who say they will chase up the errant Xtra IP
    address.
    I've received another spam email from it
    I really doubt that the help desk understand.that they can't believe
    anything in the email except for the originating IP address, which is
    adynamic Xtra one, but which seldom changes.
    The Xtra address that Ihave been told to forward phishing spam to does
    not exist any more.
    Matty F, Nov 5, 2010
    #4
  5. In message
    <>, Matty F
    wrote:

    > I really doubt that the help desk understand.that they can't believe
    > anything in the email except for the originating IP address, ...


    Many people have trouble appreciating that point. Or why advice like “don’t
    open e-mails from people you don’t know†is completely wrong.
    Lawrence D'Oliveiro, Nov 5, 2010
    #5
  6. Matty F

    Matty F Guest

    On Nov 5, 3:39 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > In message
    > <>, Matty F
    > wrote:
    >
    > > I really doubt that the help desk understand.that they can't believe
    > > anything in the email except for the originating IP address, ...

    >
    > Many people have trouble appreciating that point. Or why advice like “don’t
    > open e-mails from people you don’t know” is completely wrong.


    I believe that xtra are now going to block secure.com because that is
    mentioned in the spam email.
    Rather than simply looking up which xtra customer was using the
    originating IP address.
    Matty F, Nov 5, 2010
    #6
  7. Matty F

    Matty F Guest

    On Nov 5, 11:40 am, Allistar <> wrote:
    > Matty F wrote:


    > > Why can't XTRA check who was using that IP address at the time the
    > > email was sent, and give them a call?

    >
    > They can, but you'd need to bitch to Xtra first.


    Of course I have done that and not got a satisfactory result.

    > And most likely the person
    > responsible for the computer at the end of that IP address is not the one
    > sending the spam - it's more likely that their computer (which is most like
    > running a Microsoft operating system) is infected by malicious software.


    Again, that is almost certain to be the case. I get one or more spam
    emails from the same IP address each day. That IP address is on many
    blacklists. Anyone unfortunate enough to be allocated that IP address
    will have trouble sending emails to some ISPs.
    Note that it is a dynamic IP address, but the user stays logged on for
    days or weeks at a time.


    "The Project Honey Pot system has detected behavior from the IP
    address 210.54.141.252 that is consistent with that of a Mail Server
    and Dictionary Attacker."

    "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
    of your ISP or corporate mail server is extremely bad.
    Received: from mta03.xtra.co.nz ([210.54.141.252])'"

    "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    blacklists"
    Matty F, Nov 5, 2010
    #7
  8. On Thu, 4 Nov 2010 15:06:55 -0700 (PDT), Matty F
    <> wrote:

    >I've been told by a helpdesk that we mustn't open spam emails or our
    >machines could be infected by malware etc etc.
    >Surely if I don't click on any links in the email I'm safe?
    >On webmail the images are blocked automatically.
    >Or I could allow the email spam into my machine and tell my firewall
    >to stop all traffic before I open the email. But surely that is not
    >necessary.
    >
    >Most of the spam comes from a single Xtra IP address, that is why I
    >want to look at the headers.
    >Why can't XTRA check who was using that IP address at the time the
    >email was sent, and give them a call?




    No Spam is nice to eat..

    But may be not good for you.
    William Brown, Nov 5, 2010
    #8
  9. On Thu, 4 Nov 2010 15:06:55 -0700 (PDT), Matty F
    <> wrote:

    >I've been told by a helpdesk that we mustn't open spam emails or our
    >machines could be infected by malware etc etc.
    >Surely if I don't click on any links in the email I'm safe?
    >On webmail the images are blocked automatically.
    >Or I could allow the email spam into my machine and tell my firewall
    >to stop all traffic before I open the email. But surely that is not
    >necessary.
    >
    >Most of the spam comes from a single Xtra IP address, that is why I
    >want to look at the headers.
    >Why can't XTRA check who was using that IP address at the time the
    >email was sent, and give them a call?



    Not at all Only if its got a Attachment..

    Set up you email client so it does not Run Attachments..
    William Brown, Nov 5, 2010
    #9
  10. Matty F

    Enkidu Guest

    On 05/11/10 11:36, Dave Doe wrote:
    > In article<5ffabea0-8375-4be6-880b-473ec5b4b288
    > @s12g2000prs.googlegroups.com>, says...
    >>
    >> I've been told by a helpdesk that we mustn't open spam emails or our
    >> machines could be infected by malware etc etc.
    >> Surely if I don't click on any links in the email I'm safe?
    >> On webmail the images are blocked automatically.
    >> Or I could allow the email spam into my machine and tell my firewall
    >> to stop all traffic before I open the email. But surely that is not
    >> necessary.
    >>
    >> Most of the spam comes from a single Xtra IP address, that is why I
    >> want to look at the headers.
    >> Why can't XTRA check who was using that IP address at the time the
    >> email was sent, and give them a call?

    >
    > I think your helpdesk folk are just trying to play it safe. You can't
    > be infected unless you *run* something - and they don't want you (maybe)
    > seeing emails that look like the real thing, and users being duped into
    > running malicious software from a site (that also looks like the real
    > thing).
    >

    That's not true. Opening some emails in some email client *will* run
    scripts.

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
    Enkidu, Nov 5, 2010
    #10
  11. Matty F

    Enkidu Guest

    On 05/11/10 11:40, Allistar wrote:
    > Matty F wrote:
    >
    >> I've been told by a helpdesk that we mustn't open spam emails or
    >> our machines could be infected by malware etc etc. Surely if I
    >> don't click on any links in the email I'm safe?

    >
    > That would depend on your mail client I suppose. But I would say that
    > simply viewing a spam email is perfectly safe.
    >

    No, it isn't. Some email clients will run the scripts in some emails
    when you open them.

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
    Enkidu, Nov 5, 2010
    #11
  12. Matty F

    Matty F Guest

    On Nov 5, 9:11 pm, Allistar <> wrote:
    > Matty F wrote:
    > > On Nov 5, 11:40 am, Allistar <> wrote:
    > >> Matty F wrote:

    >
    > >> > Why can't XTRA check who was using that IP address at the time the
    > >> > email was sent, and give them a call?

    >
    > >> They can, but you'd need to bitch to Xtra first.

    >
    > > Of course I have done that and not got a satisfactory result.

    >
    > >> And most likely the person
    > >> responsible for the computer at the end of that IP address is not the one
    > >> sending the spam - it's more likely that their computer (which is most
    > >> like running a Microsoft operating system) is infected by malicious
    > >> software.

    >
    > > Again, that is almost certain to be the case. I get one or more spam
    > > emails from the same IP address each day. That IP address is on many
    > > blacklists. Anyone unfortunate enough to be allocated that IP address
    > > will have trouble sending emails to some ISPs.
    > > Note that it is a dynamic IP address, but the user stays logged on for
    > > days or weeks at a time.

    >
    > > "The Project Honey Pot system has detected behavior from the IP
    > > address 210.54.141.252 that is consistent with that of a Mail Server
    > > and Dictionary Attacker."

    >
    > > "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
    > > of your ISP or corporate mail server is extremely bad.
    > > Received: from mta03.xtra.co.nz ([210.54.141.252])'"

    >
    > > "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    > > blacklists"

    >
    > Do you use client side spam filtering? If not, I recommend it. Mine hides a
    > lot of spam from me fairly effectively. An issue is that spam still appears
    > on devices that don't have the ability to filter them out, such as an iPhone
    > and an iPad.


    I can easily decide on Yahoo's webmail whether something is spam or
    not, without opening the email.
    Recognising spam is not the problem.The problem is that someone using
    IP address 210.54.141.252 has an infected machine,and Xtra should do
    something about that because it's one of their customers.
    That customer gets a new IP address sometimes and thus a bunch of Xtra
    IP addresses are being blacklisted. Sometimes I am allocated one of
    them, thus my emails may bounce.
    Matty F, Nov 5, 2010
    #12
  13. Matty F

    Matty F Guest

    On Nov 5, 9:13 pm, Enkidu <> wrote:
    > On 05/11/10 11:40, Allistar wrote:> Matty F wrote:
    >
    > >> I've been told by a helpdesk that we mustn't open spam emails or
    > >> our machines could be infected by malware etc etc. Surely if I
    > >> don't click on any links in the email I'm safe?

    >
    > > That would depend on your mail client I suppose. But I would say that
    > > simply viewing a spam email is perfectly safe.

    >
    > No, it isn't. Some email clients will run the scripts in some emails
    > when you open them.


    So there appears to be no way that I can check the originating IP
    address on Yahoo Webmail without opening the email. There is no option
    to show plain text instead of HTML.
    Matty F, Nov 5, 2010
    #13
  14. Matty F

    peter Guest

    Matty F wrote:
    > I've been told by a helpdesk that we mustn't open spam emails or our
    > machines could be infected by malware etc etc.
    > Surely if I don't click on any links in the email I'm safe?


    not if you are using Microsoft software
    peter, Nov 5, 2010
    #14
  15. Matty F

    Matty F Guest

    On Nov 5, 10:13 pm, peter <> wrote:
    > Matty F wrote:
    > > I've been told by a helpdesk that we mustn't open spam emails or our
    > > machines could be infected by malware etc etc.
    > > Surely if I don't click on any links in the email I'm safe?

    >
    > not if you are using Microsoft software


    Well, I'm using Firefox to read Yahoo mail which has images blocked.
    I'm using Eudora for pop mail (not using Microsoft's viewer), and have
    disallowed "executables in HTML content".
    But I only opened some regular spam to see the originating IP address.
    Matty F, Nov 5, 2010
    #15
  16. Matty F

    Matty F Guest

    On Nov 6, 12:28 am, EMB <> wrote:
    > On 5/11/2010 5:32 p.m., Matty F wrote:
    >
    >
    >
    > > On Nov 5, 11:40 am, Allistar<> wrote:
    > >> Matty F wrote:

    >
    > >>> Why can't XTRA check who was using that IP address at the time the
    > >>> email was sent, and give them a call?

    >
    > >> They can, but you'd need to bitch to Xtra first.

    >
    > > Of course I have done that and not got a satisfactory result.

    >
    > >> And most likely the person
    > >> responsible for the computer at the end of that IP address is not the one
    > >> sending the spam - it's more likely that their computer (which is most like
    > >> running a Microsoft operating system) is infected by malicious software.

    >
    > > Again, that is almost certain to be the case. I get one or more spam
    > > emails from the same IP address each day. That IP address is on many
    > > blacklists. Anyone unfortunate enough to be allocated that IP address
    > > will have trouble sending emails to some ISPs.
    > > Note that it is a dynamic IP address, but the user stays logged on for
    > > days or weeks at a time.

    >
    > > "The Project Honey Pot system has detected behavior from the IP
    > > address 210.54.141.252 that is consistent with that of a Mail Server
    > > and Dictionary Attacker."

    >
    > > "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
    > > of your ISP or corporate mail server is extremely bad.
    > > Received: from mta03.xtra.co.nz ([210.54.141.252])'"

    >
    > > "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    > > blacklists"

    >
    > Learn to read email headers Matty - that is NOT a user IP address.


    Of course it is. Over the last three years 210.54.141.252 has been
    assigned to 58 people who have emailed me.
    Matty F, Nov 5, 2010
    #16
  17. Matty F

    ~misfit~ Guest

    Somewhere on teh intarwebs Matty F wrote:
    > On Nov 6, 12:28 am, EMB <> wrote:
    >> On 5/11/2010 5:32 p.m., Matty F wrote:
    >>
    >>
    >>
    >>> On Nov 5, 11:40 am, Allistar<> wrote:
    >>>> Matty F wrote:

    >>
    >>>>> Why can't XTRA check who was using that IP address at the time the
    >>>>> email was sent, and give them a call?

    >>
    >>>> They can, but you'd need to bitch to Xtra first.

    >>
    >>> Of course I have done that and not got a satisfactory result.

    >>
    >>>> And most likely the person
    >>>> responsible for the computer at the end of that IP address is not
    >>>> the one sending the spam - it's more likely that their computer
    >>>> (which is most like running a Microsoft operating system) is
    >>>> infected by malicious software.

    >>
    >>> Again, that is almost certain to be the case. I get one or more spam
    >>> emails from the same IP address each day. That IP address is on many
    >>> blacklists. Anyone unfortunate enough to be allocated that IP
    >>> address will have trouble sending emails to some ISPs.
    >>> Note that it is a dynamic IP address, but the user stays logged on
    >>> for days or weeks at a time.

    >>
    >>> "The Project Honey Pot system has detected behavior from the IP
    >>> address 210.54.141.252 that is consistent with that of a Mail Server
    >>> and Dictionary Attacker."

    >>
    >>> "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase
    >>> reputation of your ISP or corporate mail server is extremely bad.
    >>> Received: from mta03.xtra.co.nz ([210.54.141.252])'"

    >>
    >>> "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    >>> blacklists"

    >>
    >> Learn to read email headers Matty - that is NOT a user IP address.

    >
    > Of course it is. Over the last three years 210.54.141.252 has been
    > assigned to 58 people who have emailed me.


    .... and you think that all 58 of those people have the same malware running
    on their computers? Seriously?

    Think about it.....
    --
    Shaun.

    "He who fights with monsters might take care lest he thereby become a
    monster. And if you gaze for long into an abyss, the abyss gazes also
    into you." Friedrich Wilhelm Nietzsche
    ~misfit~, Nov 5, 2010
    #17
  18. Matty F

    Matty F Guest

    On Nov 5, 11:19 pm, "WorkHard" <> wrote:

    > Use Mailwasher. That way you can see what emails you have before
    > downloading and can see the headers etc.


    What do you mean by "headers"? To me, headers is rather a lot of data
    showing the route the email has taken, and particularly the
    originating IP address which is what I want to see.
    I can't see anything on the Mailwasher site about seeing full headers.
    Mailwasher appears to show the sender name and description and the
    ability to have blacklists and whitelists. I get that already on
    Yahoo.
    And Mailwasher doesn't run on my operating system.
    Matty F, Nov 5, 2010
    #18
  19. Matty F

    Matty F Guest

    On Nov 6, 1:25 am, "~misfit~" <> wrote:
    > Somewhere on teh intarwebs Matty F wrote:
    >
    >
    >
    > > On Nov 6, 12:28 am, EMB <> wrote:
    > >> On 5/11/2010 5:32 p.m., Matty F wrote:

    >
    > >>> On Nov 5, 11:40 am, Allistar<> wrote:
    > >>>> Matty F wrote:

    >
    > >>>>> Why can't XTRA check who was using that IP address at the time the
    > >>>>> email was sent, and give them a call?

    >
    > >>>> They can, but you'd need to bitch to Xtra first.

    >
    > >>> Of course I have done that and not got a satisfactory result.

    >
    > >>>> And most likely the person
    > >>>> responsible for the computer at the end of that IP address is not
    > >>>> the one sending the spam - it's more likely that their computer
    > >>>> (which is most like running a Microsoft operating system) is
    > >>>> infected by malicious software.

    >
    > >>> Again, that is almost certain to be the case. I get one or more spam
    > >>> emails from the same IP address each day. That IP address is on many
    > >>> blacklists. Anyone unfortunate enough to be allocated that IP
    > >>> address will have trouble sending emails to some ISPs.
    > >>> Note that it is a dynamic IP address, but the user stays logged on
    > >>> for days or weeks at a time.

    >
    > >>> "The Project Honey Pot system has detected behavior from the IP
    > >>> address 210.54.141.252 that is consistent with that of a Mail Server
    > >>> and Dictionary Attacker."

    >
    > >>> "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase
    > >>> reputation of your ISP or corporate mail server is extremely bad.
    > >>> Received: from mta03.xtra.co.nz ([210.54.141.252])'"

    >
    > >>> "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    > >>> blacklists"

    >
    > >> Learn to read email headers Matty - that is NOT a user IP address.

    >
    > > Of course it is. Over the last three years 210.54.141.252 has been
    > > assigned to 58 people who have emailed me.

    >
    > ... and you think that all 58 of those people have the same malware running
    > on their computers? Seriously?
    >
    > Think about it.....


    No, of course none of them has the malware. I never said they did.
    Matty F, Nov 5, 2010
    #19
  20. Matty F

    Squiggle Guest

    On Nov 5, 5:32 pm, Matty F <> wrote:

    > Again, that is almost certain to be the case. I get one or more spam
    > emails from the same IP address each day. That IP address is on many
    > blacklists. Anyone unfortunate enough to be allocated that IP address
    > will have trouble sending emails to some ISPs.
    > Note that it is a dynamic IP address, but the user stays logged on for
    > days or weeks at a time.


    How on earth did you manage to jump to that incorrect conclusion?

    >
    > "The Project Honey Pot system has detected behavior from the IP
    > address 210.54.141.252 that is consistent with that of a Mail Server
    > and Dictionary Attacker."
    >
    > "554-mx.mailfilter6.ihug.co.nz 554 BLOCKED: The SenderBase reputation
    > of your ISP or corporate mail server is extremely bad.
    > Received: from mta03.xtra.co.nz ([210.54.141.252])'"
    >
    > "210.54.141.252 is listed in cblless.anti-spam.org.cn and four other
    > blacklists"


    Its a mail server Matty, probably a poorly configured one. Plenty of
    hints to that fact in the preceeding three sentences you posted.
    The fact the reverse dns lookup calls it mta03.xtra.co.nz is a bit of
    a give away, a dynamically allocated dialup or adsl connection has a
    more generic format like 219-89-55-1.dialup.xtra.co.nz or
    122-60-1-25.jetstream.xtra.co.nz.
    Its a static allocation, and mta is a common abbreviation for mail
    transport agent (ie.mail server)
    Squiggle, Nov 5, 2010
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    564
    Hywel
    Apr 12, 2004
  2. Andy

    Is there a danger opening WMV files in XP?

    Andy, May 11, 2006, in forum: Computer Security
    Replies:
    167
    Views:
    10,089
    Dustin Cook
    May 30, 2006
  3. Networking Student
    Replies:
    4
    Views:
    1,284
    vreyesii
    Nov 16, 2006
  4. Clwddncr
    Replies:
    6
    Views:
    667
    Dave - Dave.net.nz
    Feb 7, 2005
  5. Skybuck Flying

    DANGER DANGER THIRD DAY CPU FAN FAILURE DANGER DANGER

    Skybuck Flying, Mar 22, 2010, in forum: Windows 64bit
    Replies:
    9
    Views:
    1,011
    Skybuck Flying
    Apr 1, 2010
Loading...

Share This Page