Results 1 to 8 of 8

Thread: Spam Question

  1. #1
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Spam Question

    After I e-mailed a requested file to LoungeAdmin, I discovered that a message with obscene content was sent with the sender address spoofed as my work e-mail address and directed to the same actual LoungeAdmin address. In other words, I appeared to send a very obscene message to <img src=/S/eileen.gif border=0 alt=eileen width=17 height=15>. Lounge spam filters caught the message and deleted it. Quoting <img src=/S/claude.gif border=0 alt=claude width=21 height=21>, with permission,

    "There's a recent and ugly trend for spammers to set senders email addresses to an email address known to both parties."

    My ignorant question is; how do these addresses get intercepted for such abuse? It was my naiive understanding that spammers develop lists by test trolling free e-mail source addresses and submissions of chat room subscribers, etc., but how do they get addresses from a message "en passage"?

    Can someone enlighten me as to the devious methods spammers use?
    -John ... I float in liquid gardens
    UTC -7ąDS

  2. #2
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spam Question

    Did you see the actual post that was sent? (i.e. was it in your Sent Items?)
    Sounds more like a virus to me...

  3. #3
    5 Star Lounger
    Join Date
    Mar 2001
    Location
    Lorain, Ohio, USA
    Posts
    953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spam Question

    Maybe that nasty Klez virus?

  4. #4
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Spam Question

    I don't think so as I have a resident checker on every machine I use. Nothing in my outbox. (I post from three different machines, but the file was sent from Work. One home PC has AVG, updated very recently and scanned Sunday, the other Norton, updated a couple weeks back and last run Friday, the work machine Trend, just finished scanning, no viruses reported, plus we have incoming and throughput virus filters for the corporate WAN.)
    -John ... I float in liquid gardens
    UTC -7ąDS

  5. #5
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spam Question

    I guess it could have been Kletz, although I don't think that it would have inserted the obscenities in question.
    Cheers, Claude.

  6. #6
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spam Question

    Heaps of ways to harvest email addresses, but, 'en passage' email grabbing is not possible for mere mortals. You would need to intercept said email. In order to do that, you would need access to the mail server, in this case it would be the outgoing mail server at your work, or the incoming mail server at wopr.

    There are a lot of email grabbing spiders out there which walk over sites and grab any address they can find. Then there are the spamming programs which make up random addresses to known sites, like say aabx3s@wopr.com. It is pointless to bounce those emails with a 'user unknown' message as in 99.9% of cases, the email headers are forged anyway, all that would achieve is put further strain on the email system.

    Most of the mail going through wopr is indeed intercepted by the spam filter I wrote a while ago. It analyses incoming email and searches for signs of spam. If it decides it is spam, it kills the email and logs it. BTW, all emails coming from hotmail, mailexcite, lycos etc. get killed off automatically at wopr.com as well as calmer.com. Unless they are in the authorised sender list that is.

    Finally, don't forget that if it was a virus that caused your email to be sent, that virus doesn't have to be on your computer. Even without a virus, I can send out emails from my place and set the sender details to be your info. <img src=/S/devil.gif border=0 alt=devil width=15 height=15>
    Cheers, Claude.

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spam Question

    We have had a spate of "same domain" forged sender addresses, where you can't filter the sender because it's your partner's or even your own. However, I assumed (!) that this technique was only used within the same domain. How would anyone know my address would pass through anyone else's filters?? I don't see how, other than pure chance, or a very evil ISP, that could happen.

  8. #8
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spam Question

    The way it works is thus: Your email address is picked up somewhere on the net. The program dissects the email address into name and domain. It then checks for the same domain in its list of goodies. If it finds some, it'll send the spam to all the others, disguised as you being the spammer. I delete those emails in my spam filter not due to the sender name, but, due to the IP address, the subject, or the message body content. It makes it somewhat more difficult because I can't have myself as an 'authorised sender', but then again, any emails I send to someone in my own domain never leave this place, they get distributed internally.
    Cheers, Claude.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •