topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 12:04 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: I wanna hurt this guy!  (Read 17245 times)

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
I wanna hurt this guy!
« on: August 27, 2007, 06:12 PM »
Right now I am very upset, very indignant: I have just recieved an email from myself!! Damm it, how do you block a spammer who is using your own email address as sender? I have never before been into any kind of contact with www.magicvalleyaeroclub.com or www.leximot.net - Oh, could I get my hands around these people's necks.... Let me be honest with you: I wanna hurt them! Where is the address to some Internet police?

leximot.net_.gif

magicvalleyaeroclub.com.gif
« Last Edit: August 27, 2007, 06:15 PM by Curt »

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #1 on: August 27, 2007, 06:22 PM »
Short answer - no idea... Long answer is that I use SpamBayes  :-* and never see this stuff - it just goes directly into my Junk Mail folder and I check it periodically before emptying it to make sure that no bona fide mail got filed there by mistake. It works with Outlook and other POP3 clients and is open source.

Oh, I *would* run a virus scan and an antispyware scan just to make sure that you haven't been breached!

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #2 on: August 27, 2007, 06:24 PM »
PS googled this and came up with this discussion of e-mail spoofing!

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #3 on: August 27, 2007, 06:25 PM »
Really there is not much to be done.
No mystery, really... they got your email by harvesting some poor sap's outlook address book via some sort of malware or bought it from someone else who did and they use software that changes the From: field to match the To: field so to better trick spam blocking software (very easy to do with a text-modifying script...).
Most people don't have themselves in their "block" list.
The best protection would be to use a mail server or software that digs into the mail headers for suspicious info.

Spam should be added to Death and Taxes as unavoidable events...

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #4 on: August 27, 2007, 06:29 PM »
I remember back when I was using Eudora (an early version - this was 1994/1995) - all I had to do to spoof an e-mail address was type the address into the "From" line of the e-mail message. Later I had to type it into a field in options for outgoing e-mail (this would have been around 1998). Times have most certainly changed!

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #5 on: August 27, 2007, 07:07 PM »
What do you call the "titelbar" (see image) in Outlook / Outlook Express (- and what is it named in Danish...)  :tellme:

I was thinking that it must be posible to block my own email address this way. Understand me right; I do not want to block myself, as I sometimes are mailing myself, but mails from myself have my full name in the titelbar, not my email address, so I was thinking that maybe I can stop it by blocking mails that have my email address in the titelbar?

titelbar.gif

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #6 on: August 27, 2007, 07:22 PM »
This could be done (I'm sure - don't know how though!) But I think you'd still be advised to get some sort of anti-spam application in place. Unfortunately, if your e-mail address is in the wild, the least of your worries are people spoofing your e-mail address - just wait for the avalanche of spam promising to enhance, arouse or subdue you...

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #7 on: August 28, 2007, 06:00 AM »
Curt, I would suggest either moving to a better email client that has proper antispam available (I personally use The Bat, but ThunderBird is closer to Outlook/OE interface, and comes with very nice anti-spam built in).

The alternative is to find a decent spam filter for Outlook/OE; the ones I've tried did cause some instability for OE every now and then, though.

But really, do consider Thunderbird - it's less likely to get exploited than OE, since it doesn't use the IE web control for HTML mail rendering, which OE does.
- carpe noctem

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #8 on: August 28, 2007, 06:09 AM »
SpamBayes (already mentioned) or Robin Keir's excellent K9 would mark the mail as spam because of the content not because of its receipient.

To avoid any infection you can run Outlook Express as a regular user even though you're administrator. See http://Dropmyrights

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #9 on: August 28, 2007, 06:11 AM »
Curt - go get POPfile or SpamBayes and install it.

POPfile 'sees' all your email before it gets to your inbox and inserts a line int he header to flag the content (and can optionally prefix the subject field with anything you want). It is a general filtering system which is useful in its own right and gets very accurate after a surprisingly short time. The only disadvantage is that you use a browser window to alter options and to crrect errors that creep in (esp. early on while it learning your rules). It is particularly effective at SPAM trapping. Just tell it what you consider spam and within a few days I'd guess it is about 95% accurate - and gets progressively better the more you train it. After a month or so it is pretty much 100%.

Go to http://popfile.sourceforge.net/ to download it. If you like it and want to keep using it in the future remember to back up your POPfile database so that you can retain the learning if/when you need to reinstall windows.

Depending on the mail client software you use it will automatically configure your email accounts to work properly. If you use Outlook you can set up a quick link to open the POPfilee config page automatically within Outlook which is very handy (see the help file on the website).

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #10 on: August 28, 2007, 06:17 AM »
justice: dropping rights does help, but there's still local privilege elevation exploits to worry about; I wouldn't recommend anybody to run outlook express (or anything else using the IE rendering engine).

With (the freeware version of) AntiSpam Sniper for The Bat, I've had 8776 identified and 254 unidentified spam messages since March 4... that's less than 3% spam going through, pretty okay imho. With the full version, it offers access to some spam lists etc., which would probably get it close to 100% identified.
- carpe noctem

iphigenie

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,170
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #11 on: August 28, 2007, 07:56 AM »
I have spammers sending spam using one of my domains, and it seems there's nothing I can do. I even set up SPF in DNS, which says which only machines are ever going to send legitimate mail for my domain, but almost nobody checks these :(

I do get swamped with the postmaster notifications and the occasional hate mail or mail bomb back. To which I usually respond as abusively as the sender mailed me (starts at "you muppet, did you really think the spammers are using their own domain? you just insulted another victim and since you are in their database it seems likely they will use yours too. See how you like it when you get the nasty mail" to much much worse depending on what they sent me)

Not fun

Anyway SPF can help you there - technically no matter what domain you are using you should be able to configure (or get the ISP to configure) so it sets all the legitimate mail servers that may send mail from your domain/address. Then you should be able to set your client to check this - thus refusing spam in your name which doesnt come from the right origin.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #12 on: August 28, 2007, 08:16 AM »
Thank you, friends, for all the advices; I really appreciate it.  :up:

However, if you please will forgive me saying so, In my little mind you are all kind of missing the point, because I gave too little informations. I have SPAMfighter installed, and it is so good that less than ONE spam mail per day or even per week will get through the filter (sensitivity: Normal)- I receive some twenty to thirty mails a day + DonationCoder + RSS. You have suggested little improvements, if any. How does one block a mail that has my own email address in the "From" box? I am not going to block my own email address (my email address may of course be blocked, but not ME, if you know what I mean, I still wanna be able to mail myself), and I am not going to have some third party filter decide what kind of content I can send to myself!

Edit: I must admit that I didn't understand what iphigenie told me to do.
What is SPF?
« Last Edit: August 28, 2007, 08:52 AM by Curt »

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #13 on: August 28, 2007, 08:29 AM »
Are you saying that a third party is sending emails out using your address so that it would appear they came from you?

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #14 on: August 28, 2007, 08:36 AM »
I have no garantee if he was sending to me only or to many, but Yes, he is sendning mails to at least me using my email address in the "From" box - see image in initial post.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #15 on: August 28, 2007, 08:54 AM »
Curt: the spam filter should be blocking mails based on the content of the mail body, not just any of the header lines (to/from/subject). I thought SPAMfighter would do that, if not - it's useless.

There's little you can do about that trick anyway, and I can't see how that SPF thing would help even the slightest; all that's being done is using a bogus "From: " field in the mail header... it doesn't involve using your domains SMTP server or whatever.
- carpe noctem

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #16 on: August 28, 2007, 09:32 AM »
As f0dder says you should filter on content of the emails not the email address. If you filter on content you can block emails sent using any email address (even your own) without affecting legitimate mail.

That is one of the reasons I mentioned POPfile. It isn't a spam filter - when it is installed it knows nothing at all about spam. The point is that based on email content (not the header) it can accurately filter mail in any way you choose. One of thos ways is if you tell it which emails you consider spam.

As to overcoming the initial problem of stopping someone using your email in this way I have no idea. I have 5 domain names and I'd guess I get 200+ emails a day that are address to fictitious addresses beased on those domain names and also appearing to be sent from one of my legitmate addresses.

I have come to the conclusion the only solution is to filter them out in whatever way suits you and delete them. Reporting them to anti spam sites doesn't seem to have any effect whatsoever (apart from using up your precious time).

If anyone knows any method of reporting abuse of an email address or domain that works I would like to know. The only way I can see of doing it is forcing hosting servers to validate that every email is actually sent via that server before delivery - but how or by whom that would be implemented I don't know. The only other alternative is to block all but digitally signed email (a bit like SSL websites) - but that would be expensive and rule most people out the email system at the moment.

Yahoo have started using a system called "Domain Keys" which tells you if the email actually originated from the domain it claims. However, they seem to be doing that on some sort of lookup table basis which is far from complete.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #17 on: August 28, 2007, 09:39 AM »
Well, a bunch of internet protocols are extremely lame, and SMTP is one of them. "Yes, but security wasn't a concern once they were created" - sorry, no excuse.
- carpe noctem

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #18 on: August 28, 2007, 10:02 AM »
Curt - do you still have the offending e-mail? If so, have you "told" Spam Fighter that it is Spam? If not, I'd just identifiy it Spam Fighter as spam and move on. As fodder points out, your spam filter should be looking at both the header and the body (text) of the e-mail and shouldn't block legitimate e-mail from you. Try it and then send yourself a legitamite e-mail and see if it gets through - you can always go back to the original spam and tell Spam Fighter that it is not spam.

Also, my ISP and Yahoo both have a feature similar to PopFile built in. I have to access both via webmail to adjust settings, but I can configure both to insert a block of text at the start of the subject, enclosed in [] to identify it as potential spam. It's useful, though SpamBayes is so good it diverts these straight into my Junk Folder. Just a thought... Check out your ISP and webmail (if it's available) - you might find that you've already got this built in, so to speak.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #19 on: August 28, 2007, 10:06 AM »
As to overcoming the initial problem of stopping someone using your email in this way I have no idea...I have come to the conclusion the only solution is to filter them out in whatever way suits you and delete them. Reporting them to anti spam sites doesn't seem to have any effect whatsoever (apart from using up your precious time).

Yes - I'd like to highlight this comment (emphasis is mine). It's been made before but must be made again - don't waste your time trying to stop this at the source as you will be wasting your time (sorry, I realise that this sounds defeatist!) - you're better off taking Carol's advice and filtering the offensive e-mails and getting on with your life! Of course if you do figure out how to stop this completely PLEASE let us know!

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #20 on: August 28, 2007, 10:33 AM »
To classifiy SPAMfighter as "useless", is not being serious.

SPAMfighter is of course just another anti-spam filter -
(and I really don't know or care what technique it is using):

When a new e-mail arrives, it is automatically tested by SPAMfighter. If it's spam, it will be instantly moved to your SPAMfighter folder. ... >

 - but SPAMfighter is firstly and most important a community:
> ... If you receive a spam mail that is not detected, click on a single button, and the spam mail is removed from the rest of the 3.739.694 SPAMfighters in 217 countries in seconds.

- and if the anti-spam filter is saying "this mail is spam" and you think 'not', then it is extremely easy for you to get the mail anyway: just open the SPAMfighter folder and have a look! Many of the apps recommended here will not give the user any chance to evaluate the mail that has been rejected by the filter - and I find such behavior unacceptable.


SPAMfighter also is:

SPAMfighter Exchange Module (SEM), is the easy-to-use anti-spam solution for Microsoft Exchange Server 2000, 2003 and 2007.
Read about SPAMfighter Exchange Spam Filter

SPAMfighter SMTP Anti-Spam Server is the easy-to-use anti-spam solution for SMTP Servers for anyone from small businesses to service-provider.
Read about SPAMfighter SMTP Anti Spam Server

SPAMfighter Hosted Spam Filter, is the easy-to-use anti-spam solution for companies, organizations and individuals that have their own domain name and want a hosted solution.
Read about SPAMfighter Hosted Spam Filter

SPAMfighter SMTP Anti Spam Server, and Hosted Spam Filter support the following mail servers: ArGoSoft, CMailServer, CommuniGate, Courier, DynFX, GroupWise, IMail, Kerio, Domino, MDaemon, Merak, MERCUR, MS SMTP MAIL Service, Netscape Messaging Server, NTMail, Postfix, QMail, Sendmail, Winmail, Winroute, WorkgroupMail, XMail and more.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #21 on: August 28, 2007, 10:47 AM »
One of the things I dislike is the community approach. Every time I have used a similar approach I find loads of email gets classified as SPAM because too many members of the community use the spam sighting engine as a quick way to delete unwanted emails such as newsletters that are not really spam but people are just too idle to unsubscribe properly. Consequently you find yourself wading through hundreds of adverts for "penis extensions" and "viagra" to find the mail you consider legitimate rather than simply pressing delete.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #22 on: August 28, 2007, 10:55 AM »
I don't know what app you are referring to, Carol, but it is not SPAMfighter. Once you have clicked "allow", the sender will never be deleted no matter what others may think of it.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #23 on: August 28, 2007, 11:07 AM »
Actually, there is a way to stop this, though it's painful.  I had the same problem with my domain.  Basically, they are using a legitimate address to lower their spam score in spam filters- that's the major reason they want to use your address.  So, the easy way to make it not worth their time is to switch e-mail addresses (like I said- painful).  I started using a different address on my domain as my primary address and dropped that old one.  When I recreated that e-mail addy a month later, I wasn't getting any of these bounces.  Since it was no longer a valid e-mail address, it no longer helped them reduce their spam score, so they stopped using it!  But yeah, that's the only way.  I even tried tracing the guy's ip and notifying his isp- he's in russia, so they did nothing about it!

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: I wanna hurt this guy!
« Reply #24 on: August 28, 2007, 11:18 AM »
  - don't waste your time trying to stop this at the source as you will be wasting your time (sorry, I realise that this sounds defeatist!) -

I "SPAMfighter-blocked" the spam mail (from the initial post in this thread), and then tried to send a mail from me to me. The first one was blocked by Outlook Express (OE), so I told OE to mark mails from me, and then I send off another mail from me to me. This one went all through. But I will of course have to wait and see if "he" (the guy I wanna hurt) ever sends me another mail (from "me"), before I know if the trick has worked the way I am hoping.

Thank you all for the advices!  :up: