Need antispam software - mysterious spam encountered

Discussion in 'Computer Security' started by Jeff, Dec 13, 2004.

  1. Jeff

    Jeff Guest

    In particular, is anyone familiar with a program that returns an email with
    appropriate headers, messages, etc. to make it look like the address is
    nonexistant?

    Its for personal use. I bought printer ink on EBay several days ago, but
    never did I use my ISP provided email address in any portion of
    communication or transaction or payment for the ink. But this morning I
    received a piece of spam asking if I want to save on printer ink and
    supplies.

    I suppose I'll have to install an antispam filter in my email client (or use
    its own filter) to delete anything with keywords ink and printer in it. But
    this new spam is mystifying. I don't think its coincidence - I've never
    received a message like it (referring to buying ANYTHING WHATSOVER) to this
    email address. Its a million to one chance of being a coincidence. I paid
    for the ink with Paypal, but they don't have this email address. Nor does
    Ebay. I seriously doubt that the Yahoo account I used for the transsaction
    has any references to this email ID. How could this address possibly have
    been mined??? (With reference to mining, I did sweeps of my entire HDs with
    at least four different up-to-date antispyware/adware/malware scanners in
    the past seven days. And I empty my cookie files almost daily.)
    Jeff, Dec 13, 2004
    #1
    1. Advertising

  2. "Jeff" <> wrote:

    > In particular, is anyone familiar with a program that returns an email
    > with appropriate headers, messages, etc. to make it look like the
    > address is nonexistant?


    That won't work...

    a) The From-header is usually faked, so the spammer won't even GET
    your fake error message
    b) The poor guy who really owns the address abused as a From: will
    get tons of error messages - why do you want to harrass him even more?
    c) Error messages usually are sent from the Postmaster-account. You
    aren't the postmaster at your ISP, so if you send mails pretending to
    be postmaster you'll get in trouble
    d) If the spammer actually takes the time to read through all the
    bounces, he'll notice that there is a considerable delay between
    sending his spam and receiving your fake bounce - which shows that
    the bounce was generated after receiving the message, which wouldn't
    have been possible if it didn't exist, therefore verifying that the
    address is correct.

    Juergen Nieveler
    --
    Love thy neighbour, but don't get caught.
    Juergen Nieveler, Dec 13, 2004
    #2
    1. Advertising

  3. Jeff

    winged Guest

    Juergen Nieveler wrote:
    > "Jeff" <> wrote:
    >
    >
    >>In particular, is anyone familiar with a program that returns an email
    >>with appropriate headers, messages, etc. to make it look like the
    >>address is nonexistant?

    >
    >
    > That won't work...
    >
    > a) The From-header is usually faked, so the spammer won't even GET
    > your fake error message
    > b) The poor guy who really owns the address abused as a From: will
    > get tons of error messages - why do you want to harrass him even more?
    > c) Error messages usually are sent from the Postmaster-account. You
    > aren't the postmaster at your ISP, so if you send mails pretending to
    > be postmaster you'll get in trouble
    > d) If the spammer actually takes the time to read through all the
    > bounces, he'll notice that there is a considerable delay between
    > sending his spam and receiving your fake bounce - which shows that
    > the bounce was generated after receiving the message, which wouldn't
    > have been possible if it didn't exist, therefore verifying that the
    > address is correct.
    >
    > Juergen Nieveler

    Mailwasher is a good antispammer tool that does what your asking, but it
    won't work, as spammers expect failed mail. Recently it was discovered
    however certain major manufactures were embedding phone home software in
    their print driver software. The one manufacture that has commented and
    indicated this was to monitor ink usage on their printers, however i
    haven't heard if anyone has fully cracked the data stream sent.

    Bottom line it could just as easily be spammer got mail addy through
    other means such as other spyware on system etc. If you use IE and the
    addy is embedded in browser, it is an easy thing to glean using various
    methods. Spammer may have "guessed" address with a name dictionary
    attack against your mail server. From what I have seen, they are pretty
    industrious in gathering addresses, and can gather them using multiple
    methodologies. I have even suspected someone is gleaning addresses off
    of various mail gateways. There are a number of mail servers located on
    BOTNETS. Someone you have sent mail to in the past may have lost your
    address for you. Bottom line if addy is used on the net, it seldom
    stays virgin long. I would say you can expect more spam in the future.
    It is good fried.

    Winged
    winged, Dec 14, 2004
    #3
  4. Jeff

    Moe Trin Guest

    In article <jhhvd.753191$8_6.686917@attbi_s04>, Jeff wrote:

    >In particular, is anyone familiar with a program that returns an email with
    >appropriate headers, messages, etc. to make it look like the address is
    >nonexistant?


    Doesn't work that way. See RFC2821

    1. A properly configured mail server should know all of the valid addressees
    that it should accept mail for, and reject mail to other addressees at the
    SMTP stage.

    2. While RFC2821 Section 2.4 does say that
    Moe Trin, Dec 15, 2004
    #4
  5. Jeff

    Jeff Guest

    Not a thing in the past week. Maybe this was a very weird coincidence.


    "Jeff" <> wrote in message
    news:jhhvd.753191$8_6.686917@attbi_s04...
    > In particular, is anyone familiar with a program that returns an email

    with
    > appropriate headers, messages, etc. to make it look like the address is
    > nonexistant?
    >
    > Its for personal use. I bought printer ink on EBay several days ago, but
    > never did I use my ISP provided email address in any portion of
    > communication or transaction or payment for the ink. But this morning I
    > received a piece of spam asking if I want to save on printer ink and
    > supplies.
    >
    > I suppose I'll have to install an antispam filter in my email client (or

    use
    > its own filter) to delete anything with keywords ink and printer in it.

    But
    > this new spam is mystifying. I don't think its coincidence - I've never
    > received a message like it (referring to buying ANYTHING WHATSOVER) to

    this
    > email address. Its a million to one chance of being a coincidence. I

    paid
    > for the ink with Paypal, but they don't have this email address. Nor does
    > Ebay. I seriously doubt that the Yahoo account I used for the

    transsaction
    > has any references to this email ID. How could this address possibly have
    > been mined??? (With reference to mining, I did sweeps of my entire HDs

    with
    > at least four different up-to-date antispyware/adware/malware scanners in
    > the past seven days. And I empty my cookie files almost daily.)
    >
    >
    Jeff, Dec 19, 2004
    #5
  6. Jeff

    Chuck Guest

    On 13 Dec 2004 20:54:28 EST, winged <> wrote:

    <SNIP>

    > From what I have seen, they are pretty
    >industrious in gathering addresses, and can gather them using multiple
    >methodologies. I have even suspected someone is gleaning addresses off
    >of various mail gateways. There are a number of mail servers located on
    >BOTNETS. Someone you have sent mail to in the past may have lost your
    >address for you. Bottom line if addy is used on the net, it seldom
    >stays virgin long. I would say you can expect more spam in the future.


    Good point. You would HOPE that anybody who operates ANY server on the internet
    would be constantly vigilant (at least more so than the typical AOHell or
    ComCrap customer) for ANY unknown activity by their server, but one of the
    spammers jobs is to develop new ways to get email addresses. It would take just
    one 0wn3d server to get lots of new, valid addresses for one of these assholes.

    And this will happen no matter what YOU do about blocking, filtering, or
    ignoring their shit.

    And this will be a new breed of spammer with your email address, which may mean
    that filtering his shit, once he gets your address, will be harder.

    --
    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Dec 21, 2004
    #6
  7. Jeff

    Jeff G Guest

    Moe Trin wrote:
    > In article <jhhvd.753191$8_6.686917@attbi_s04>, Jeff wrote:
    >
    >
    >>In particular, is anyone familiar with a program that returns an email with
    >>appropriate headers, messages, etc. to make it look like the address is
    >>nonexistant?

    >
    >
    > Doesn't work that way. See RFC2821
    >
    > 1. A properly configured mail server should know all of the valid addressees
    > that it should accept mail for, and reject mail to other addressees at the
    > SMTP stage.
    >
    > 2. While RFC2821 Section 2.4 does say that
    Jeff G, Dec 26, 2004
    #7
  8. Jeff

    Moe Trin Guest

    In article <souzd.239577$5K2.126956@attbi_s03>, Jeff G wrote:

    >Well, I finally installed Thunderbird and made it my default email
    >client. I use either MyIE2 or Mozilla as my browser, so the only time I
    >have to use IE is to check for Windows Updates.


    It's a bit of a pity, but the number of dedicated specific tools for
    windoze is comparatively limited. Mail (for example) should be read or
    created with a tool that does mail, and nothing else. File downloads
    should be done with a different tool, as should visiting web sites.
    Actually, one of my mail filter rules automatically drops any mail that
    contains HTTP.

    >I could use one of my other browsers to do so, but the shortcut placed
    >in my start menu launches IE to check for updates, and it doesn't seem
    >important enough to change. Hopefully Microsoft is not so careless as to
    >allow hackers to redirect users trying to connect to the Windows Update
    >website.


    I'm told that IE is required to get the updates - I wouldn't know, having
    stopped using windoze in 1992. Actually, while you access microsoft, you
    may be getting the downloads from an Internet content provider like
    Akamai (which has servers located in many cities of the world, to provide
    faster service). But you don't go there direct - it's a redirect from
    microsoft.

    >And that ink-toner spam item was an isolated event. Its just a really
    >bizarre coincidence that I happened to order ink cartridges using one of
    >my internet accounts just a couple days before that piece of spam arrived.


    That happens. There are a number of products and services that are a
    natural for spam artists. Ink/toner is grossly overpriced (that's how
    the printer manufacturers make the money - the printers are often sold
    well below cost), so selling a shoddy product at a merely excessive price
    will find a huge market. As they spamming entities are pretty difficult
    to trace, and they change names and "locations" as often as you change
    your shorts, they can make their money, and move on almost before the
    product has been delivered to you. Also, many of them launder their
    services through overseas locations, making criminal complaints difficult
    to pursue. Paying by credit card may offer a very tiny possibility of
    combating fraud, but the real solution is to never purchase anything
    from an email offer or pop-up ad. It's NEVER a good deal.

    Old guy
    Moe Trin, Dec 26, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    5
    Views:
    5,967
    pickel
    Jul 31, 2006
  2. John D

    Norton AntiSpam 2004 Software ?

    John D, Jan 27, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    489
    Lord Haw-Haw
    Jan 27, 2004
  3. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    565
    Hywel
    Apr 12, 2004
  4. Replies:
    2
    Views:
    410
    PeeCee
    Aug 5, 2006
  5. Clwddncr
    Replies:
    6
    Views:
    668
    Dave - Dave.net.nz
    Feb 7, 2005
Loading...

Share This Page